Distributed Synthesis for LTL Fragments Krishnendu Chatterjee, Thomas - - PowerPoint PPT Presentation

distributed synthesis for ltl fragments
SMART_READER_LITE
LIVE PREVIEW

Distributed Synthesis for LTL Fragments Krishnendu Chatterjee, Thomas - - PowerPoint PPT Presentation

Aug 07, 2023 240 likes •521 views

Distributed Synthesis for LTL Fragments Krishnendu Chatterjee, Thomas A. Henzinger, Jan Otop , Andreas Pavlogiannis 21 October 2013 1 / 26 Reactive Distributed Systems An architecture is a directed graph describing topology of the system. p e

slide-1
SLIDE 1

Distributed Synthesis for LTL Fragments

Krishnendu Chatterjee, Thomas A. Henzinger, Jan Otop, Andreas Pavlogiannis 21 October 2013

1 / 26

slide-2
SLIDE 2

Reactive Distributed Systems

An architecture is a directed graph describing topology of the system. pe p1 p2 p3 x1 x2 y1 y1, y2 y4 y3 y5 Communication is done through variables V . Communication is instantaneous. Process p has I(p), O(p), its input and

  • utput variables.

Process p behaves according to its local strategy σp :

  • 2I(p)∗ → 2O(p).

pe is the environment. Local strategies give the collective strategy σ :

  • 2O(pe)∗ → 2V \O(pe).

Reactive system as a function: The execution of σ on π = a1a2 . . . ∈

  • 2O(pe)ω is Γσ(π) = σ(a1)σ(a1a2) . . . ∈
  • 2V \O(pe)ω

2 / 26

slide-3
SLIDE 3

Reactive Distributed Systems

An architecture is a directed graph describing topology of the system. pe p1 p2 p3 x1 x2 y4 y3 y5 y1 y1, y2 Communication is done through variables V . Communication is instantaneous. Process p has I(p), O(p), its input and

  • utput variables.

Process p behaves according to its local strategy σp :

  • 2I(p)∗ → 2O(p).

pe is the environment. Local strategies give the collective strategy σ :

  • 2O(pe)∗ → 2V \O(pe).

Reactive system as a function: The execution of σ on π = a1a2 . . . ∈

  • 2O(pe)ω is Γσ(π) = σ(a1)σ(a1a2) . . . ∈
  • 2V \O(pe)ω

3 / 26

slide-4
SLIDE 4

Realizability

A computation of σ is the convolution of the environment output π and the execution of σ, i.e., for π = a1a2 . . . and Γσ(π) = b1b2 . . . the computation is: π ⊗ Γσ(π) = (a1, b2)(a2, b2) . . . ∈

  • 2V ω

Satisfaction A collective strategy σ satisfies an LTL specification ϕ iff its every computation satisfies ϕ, i.e., for every π ∈

  • 2O(pe)ω, π ⊗ Γσ(π) |

= ϕ. Realizability Given an architecture A and an LTL specification ϕ, decide whether there exist local strategies σp for all processes p, that generate the collective strategy σ that satisfy ϕ. If so, synthesize them.

4 / 26

slide-5
SLIDE 5

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise.

5 / 26

slide-6
SLIDE 6

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2).

6 / 26

slide-7
SLIDE 7

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2). Suppose it is realizable. x1 x2 y1 y2 1 1 1 1 1 1 1

7 / 26

slide-8
SLIDE 8

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2). Suppose it is realizable. x1 x2 y1 y2 1 1 1 1 1 1 1 1 1 1 1 1 1

8 / 26

slide-9
SLIDE 9

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2). Suppose it is realizable. x1 x2 y1 y2 1 1 1 1 1 1 1

9 / 26

slide-10
SLIDE 10

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2). Suppose it is realizable. x1 x2 y1 y2 1 1 1 1 1 1 1

10 / 26

slide-11
SLIDE 11

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2). Suppose it is realizable. x1 x2 y1 y2 1 1 1 1 1 1 1 1 1 1

11 / 26

slide-12
SLIDE 12

Example

Consider a specification ϕ1 ≡ (x1 = ⇒ ♦y1) ∧ (x2 = ⇒ ♦y2) ∧ ¬(y1 ∧ y2) in the architecture: pe p1 p2 x1 x2 y1 y2 It is realized by σ1, σ2 such that: σ1(w) = {y1} if |w| is even and ∅ otherwise, and σ2(w) = {y2} if |w| is odd and ∅ otherwise. The following specification is not realizable ϕ2 ≡ (♦x1 = ⇒ ♦(x1 ∧ y1))∧(♦x2 = ⇒ ♦(x2 ∧ y2))∧¬(y1∧y2). Suppose it is realizable. x1 x2 y1 y2 1 1 1 1 1 1 1 1 1 1 x2 holds infinitely often, but only when y1 holds!

12 / 26

slide-13
SLIDE 13

Undecidability

Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture Aλ is undecidable. Aλ pe p1 p2 x1 x2 y1 y2 For every Turing Machine M, there is a specification τM, that forces p1, p2 to output the sequence of consecutive configurations of M(ǫ) terminated by the final configuration.

13 / 26

slide-14
SLIDE 14

Undecidability

Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture Aλ is undecidable. Aλ pe p1 p2 x1 x2 y1 y2

# # 1 1 q3 q3 # # q4 q4 # # . . . . . . . . . . . .

For every Turing Machine M, there is a specification τM, that forces p1, p2 to output the sequence of consecutive configurations of M(ǫ) terminated by the final configuration.

14 / 26

slide-15
SLIDE 15

Undecidability

Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture Aλ is undecidable. Aλ pe p1 p2 x1 x2 y1 y2

# # 1 1 q3 q3 # # q4 q4 # # . . . . . . . . . . . .

For every Turing Machine M, there is a specification τM, that forces p1, p2 to output the sequence of consecutive configurations of M(ǫ) terminated by the final configuration.

15 / 26

slide-16
SLIDE 16

Undecidability

Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture Aλ is undecidable. Aλ pe p1 p2 x1 x2 y1 y2

# # 1 1 q3 q3 # # q4 q4 # # . . . . . . . . . . . .

For every Turing Machine M, there is a specification τM, that forces p1, p2 to output the sequence of consecutive configurations of M(ǫ) terminated by the final configuration.

16 / 26

slide-17
SLIDE 17

Parametric on the Architecture

For which classes of architectures is realizability decidable? Complete characterization base on the information fork criterion. Processes p1, p2 form an information fork in architecture A if there exist paths pe pi in A such that do not traverse edges in I(p−i). pe p1 p2 Theorem(Finkbeiner,Schewe) Every architecture either: Has an information fork (undecidable). Can be reduced to a pipeline (decidable).

17 / 26

slide-18
SLIDE 18

Our approach

LTL formulae that appear in the undecidability proof are complicated. Question What are the LTL fragments for which the realizability problem is decidable? That question can be approached from two directions:

Prove that realizability is undecidable in weak LTL fragments. Find LTL fragments for which the realizability problem is decidable.

18 / 26

slide-19
SLIDE 19

Reachability specifications LTL♦

LTL♦ ψ ∈ LTL1 iff it is a Boolean combination of P and XP, where P is

  • propositional. (only non-nested X)

ϕ ∈ LTL♦ iff ϕ ≡ Q → ♦ψ, where ψ ∈ LTL1 and Q is propositional. Theorem The realizability of specifications from LTL♦ in architectures containing information fork is undecidable.

19 / 26

slide-20
SLIDE 20

Reachability specifications LTL♦

LTL♦ ψ ∈ LTL1 iff it is a Boolean combination of P and XP, where P is

  • propositional. (only non-nested X)

ϕ ∈ LTL♦ iff ϕ ≡ Q → ♦ψ, where ψ ∈ LTL1 and Q is propositional. Theorem The realizability of specifications from LTL♦ in architectures containing information fork is undecidable. pe p1 p2 x1 x2 q1, . . . , qm y1 y2 τM is a (variant of) formula that forces p1, p2 to output a computation of a TM M. A safety automaton Asafe recognizes LτM. Specification γ ∈ LTL♦ states that eventually

pe (does not) simulate Asafe with q1, . . . , qk, p1 outputs the final configuration.

20 / 26

slide-21
SLIDE 21

Safety specifications LTL over Overlapping Inputs

LTL ψ ∈ LTL1 iff it is a Boolean combination of P and XP, where P is

  • propositional. (only non-nested X)

ϕ ∈ LTL iff ϕ ≡ Q ∧ ψ, where ψ ∈ LTL1 and Q is propositional. Theorem The realizability of specifications from LTL in an architecture A containing an information fork-meet is undecidable. pe p2 x2 y2 p1 x1 y1 p3 x1 x2 q1, . . . , qm The proof is as for LTL♦, but p3 simulates Asafe instead of pe, i.e.: A safety automaton Asafe recognizes LτM. Specification γ ∈ LTL ensures that p3 simulates Asafe.

21 / 26

slide-22
SLIDE 22

Safety specifications over Disjoint Inputs

Consider a class of star architectures with disjoint inputs: pe p1 I(p1) O(p1) p2 I(p2) O(p2) pn I(pn) O(pn) Lemma A formula φ = Q ∧ ψ is realizable iff it is realizable by strategies with double exponential memory. Sufficiently long plays can be repeated. Theorem Realizability of LTL specifications on star architectures with disjoint inputs is in EXPSPACE.

22 / 26

slide-23
SLIDE 23

Fragments of LTL without X

LTLAG ϕ ∈ LTLAG if for propositional formulae P, Q, Ri, Fi, ϕ is of the form ϕ = P → Q ∧

  • i

♦Ri ∧

  • i

♦Fi Theorem Realizability of LTLAG specifications is NEXPTIME-complete.

23 / 26

slide-24
SLIDE 24

Fragments of LTL without X

LTLAG ϕ ∈ LTLAG if for propositional formulae P, Q, Ri, Fi, ϕ is of the form ϕ = P → Q ∧

  • i

♦Ri ∧

  • i

♦Fi Theorem Realizability of LTLAG specifications is NEXPTIME-complete. ϕ ∈ LTLAG is realizable iff every formula (P → Q ∧ Ri) and every (P → Q ∧ Fi) are realizable. Q is realizable iff it is realizable by memoryless strategies. Realizability of LTLAG is in NEXPTIME.

24 / 26

slide-25
SLIDE 25

Fragments of LTL without X

LTLAG ϕ ∈ LTLAG if for propositional formulae P, Q, Ri, Fi, ϕ is of the form ϕ = P → Q ∧

  • i

♦Ri ∧

  • i

♦Fi Theorem Realizability of LTLAG specifications is NEXPTIME-complete. Dependency Quantified Boolean Formulas(DQBF) are propositional formulae with Henkin quatifiers. pe p1 p2 x1 x2 y1 y2 ∀x1∀x2∃y1(x1)∃y2(x2).Q(x1, x2, y1, y2) Validity of DQBF is NEXPTIME-complete. DQBF reduces to realizability of LTLAG

25 / 26

slide-26
SLIDE 26

Conclusions

Our contributions: Distributed synthesis is undecidable, even restricted to simple LTL fragments: LTL♦, LTL. LTL is decidable in NEXPSPACE on the class of star architecutes with disjoint inputs. LTLAG is NEXPTIME-complete. LTLAG reduces to DQBF and vice versa. Thank you!

26 / 26