Exploiting the Temporal Logic Hierarchy and the Non-Confluence - - PowerPoint PPT Presentation
Problem Det. via Automata Hierarchy Det. Non-Confluent Automata Conclusion Exploiting the Temporal Logic Hierarchy and the Non-Confluence Property for Efficient LTL Synthesis Andreas Morgenstern GandALF 2010 Andreas Morgenstern Symbolic
Problem
Conclusion
Andreas Morgenstern GandALF 2010
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 1
Problem
Conclusion
1
Motivation: What is LTL Synthesis
2
Symbolic Determinisation via the Automata Hierarchy
3
Symbolic Determinisation via Non-Confluent Automata
4
Experiments and Conclusion
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 2
Problem
Conclusion
System S I O
? LTL formula Φ Specification: Formula Φ in Temporal-Logic LTL Question: S | = Φ ?
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 3
Problem
Conclusion
I O
LTL formula Φ Specification: Formula Φ in Temporal-Logic LTL Question: ∃ System S. S | = Φ ?
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 3
Problem
Conclusion
System I O
? LTL formula Φ Question: S | = Φ ?
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 4
Problem
Conclusion
System I O
? LTL formula ¬Φ (S | = Φ) ↔ (S | = ¬Φ) ?
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 4
Problem
Conclusion
ξ1 ξ3 ξ2 a b c d a b c
1 2 3 a a b b b c Non-terminating systems ! B¨ uchi-Automata Automata read infinite words Automata accept, whenever a F state is visited ∞ often ! Graphsearch for one Non-Accepting run ! (S | = Φ) ↔ (S | = ¬Φ) ↔ L(S × A¬Φ) = ∅) ?
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 4
Problem
Conclusion
R = p0 ∧ a ∨ p1 ∧ ¬b . . .
R = r0 ↔ (a ∨ ¬b) ∧ r1 ↔ (c ∨ d) ∧ . . . Using propositional logic to represent
System and B¨ uchi Automata
Advantages:
Represent large state spaces Efficient methods like BDD / SAT
Industry-sized problems managable:
Verification at Intel
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 4
Problem
Conclusion
I O |
1 2 3 a ¬a b b b ¬c (∃S. S | = Φ) ↔ ∃S. L(S) ⊆ L(AΦ) Idea: Search for valid sub-automaton for each input on B¨ uchi automaton! Infinite Game between Environment and System !
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 5
Problem
Conclusion
p1 p2 p3 a a b c Idea: Search for satisfying automaton for each input on specification automaton! Problem: nondeterminism intuitively: a priori not known whether b or c comes deterministic system from nondeterministic B¨ uchi automaton
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 5
Problem
Conclusion
Rabin-Scott Subset construction not sufficient ! Safra (1988): Determinisation of B¨ uchi automata First Implementation : 2006 State space: Trees of sets of states No fully symbolic implementation known Only small examples managable
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 6
Problem
Conclusion
LTL NDet Det symbolic: exists Determinisation : symbolic Minimizing Minimizing symbolic translation LTL → NDet √ symbolic Algorithms for infinite games √ minimizing automata symbolically √ symbolic determinization (shown in [MoSc08,MoSc08a])
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 7
Problem
Conclusion
1
Motivation: What is LTL Synthesis
2
Symbolic Determinisation via the Automata Hierarchy
3
Symbolic Determinisation via Non-Confluent Automata
4
Experiments and Conclusion
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 8
Problem
Conclusion
1 2 3 a a b b b c ω-Automata ω-Automata read infinite Worte. Different acceptance conditions:
B¨ uchi : visit F states infinitely often
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 9
Problem
Conclusion
1 2 3 a a b b b c ω-Automata ω-Automata read infinite Worte. Different acceptance conditions:
B¨ uchi : visit F states infinitely often Co-B¨ uchi: visit ¬F states finitely often
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 9
Problem
Conclusion
1 2 3 a a b b b c ω-Automata ω-Automata read infinite Worte. Different acceptance conditions:
B¨ uchi : visit F states infinitely often Co-B¨ uchi: visit ¬F states finitely often Streett: boolean combination of (co)-B¨ uchi (in Normalform)
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 9
Problem
Conclusion
1 2 3 a a b b b c ω-Automata ω-Automata read infinite Worte. Different acceptance conditions:
B¨ uchi : visit F states infinitely often Co-B¨ uchi: visit ¬F states finitely often Streett: boolean combination of (co)-B¨ uchi (in Normalform) Safety : visit only F states Liveness : visit F states at least once Prefix : boolean combination of Safety und Liveness (in Normalform)
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 9
Problem
Conclusion
(N)DetSafety NDettotal
Liveness
DetLiveness NDetPrefix DetPrefix DetB¨
uchi
(N)DetCo-B¨
uchi
NDetB¨
uchi
(N)DetStreett
C1 C2 := automaton from C1 can be translated to one from C2
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 10
Problem
Conclusion
(N)DetSafety NDettotal
Liveness
DetLiveness NDetPrefix DetPrefix DetB¨
uchi
(N)DetCo-B¨
uchi
NDetB¨
uchi
(N)DetStreett
TLLiveness TLPrefix TLStreett TLB¨
uchi
TLCo-B¨
uchi
C1 C2 := automaton from C1 can be translated to one from C2
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 10
Problem
Conclusion
(N)DetSafety NDettotal
Liveness
DetLiveness NDetPrefix DetPrefix DetB¨
uchi
(N)DetCo-B¨
uchi
NDetB¨
uchi
(N)DetStreett TLSafety TLLiveness TLPrefix TLStreett TLB¨
uchi
TLCo-B¨
uchi
Safra Breakpoint BDD-represented Automata for TLSafety and TLCo-B¨
uchi
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 11
Problem
Conclusion
(N)DetSafety NDettotal
Liveness
DetLiveness NDetPrefix DetPrefix DetB¨
uchi
(N)DetCo-B¨
uchi
NDetB¨
uchi
(N)DetStreett TLSafety TLLiveness TLPrefix TLStreett TLB¨
uchi
TLCo-B¨
uchi
Dual Dual
BDD-represented Automata for TLLiveness, TLPrefix TLB¨
uchi und
TLStreett
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 11
Problem
Conclusion
Main Idea Locate formula syntactically in Hierarchy Subset (Breakpoint) construction symbolically boolean combination of Formulas / Automata Advantages Deterministic automata never explicitely represented Efficient: due to boolean combination subautomata very small (less than < 20 ndet states) Nearly all formula belong to TLStreett Disadvantages Not every formula is in TLStreett!
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 12
Problem
Conclusion
1
Motivation: What is LTL Synthesis
2
Symbolic Determinisation via the Automata Hierarchy
3
Symbolic Determinisation via Non-Confluent Automata
4
Experiments and Conclusion
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 13
Problem
Conclusion
Determinism q0 q1 q2 a ¬a Backwards Determinism q3 q1 q2 a ¬a every B¨ uchi automaton from LTL is backwards deterministic !
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 14
Problem
Conclusion
q q q q q q q q q q q q a a a a ba ba ba ba ba ba ba Backwards determinism implies non-confluence Non-Confluence: two different runs never merge Therefore: Every run uniquely determined by last visited state No Need for Tree Structure in Deterministic Automaton !
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 15
Problem
Conclusion
NDet 1 2 3 a a b b b c Deterministic Automaton {1}, ∅, ∅ {1, 2}, ∅, {2} a a {1, 2, 3}, ∅, ∅ b a {1, 2, 3}, ∅, ∅ ∅, ∅, ∅ {3}, ∅, ∅ b b c c a, b, c a c c a, b Accept, whenever some set ( ¬∞ often red) and ( ∞ blue) !
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 16
Problem
Conclusion
1
Motivation: What is LTL Synthesis
2
Symbolic Determinisation via the Automata Hierarchy
3
Symbolic Determinisation via Non-Confluent Automata
4
Experiments and Conclusion
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 17
Problem
Conclusion
Opal [Morgenstern] Symbolic determinisation for full LTL Symbolic minimization for different ω-automata Symbolic synthesis algorithm for generalized Parity Games[Chatterjee et al, 2007]
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 18
Problem
Conclusion
Opal [Morgenstern] Symbolic determinisation for full LTL Symbolic minimization for different ω-automata Symbolic synthesis algorithm for generalized Parity Games[Chatterjee et al, 2007] Lily[Jobstmann et al.] Based on Safraless approach of Vardi and Kupferman replace determinisim by universal tree automata explicit implementation first Tool for full LTL
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 18
Problem
Conclusion
5 10 15 2 4 6 8 10 Running times in seconds Lily Opal Nonconfluent Opal Hierarchy
Example Nr.
23 Medium-Sized Spezifications: Arbiter, Mutex Temporal operators: 4 − 40, boolean operators: 3 − 38
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 19
Problem
Conclusion
Opal [Morgenstern] Symbolic determinisation for full LTL Symbolic minimization for different ω-automata Symbolic synthesis algorithm for generalized Parity Games[Chatterjee et al, 2007] Anzu[Jobstmann et al.] Symbolic implementation of Generalised Streett (1) Approach (Piterman et al.) Limited set of specifications (implication of B¨ uchi-conditions) Possible: determinise B¨ uchi automata manually nevertheless: much more restricted than TLStreett
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 20
Problem
Conclusion
2 4 6 8 10 12 14 1 2 3 4 5 ·104 # Clients Running time in 10000 Seconds Anzu Opal NonConfluent
Arbiter for AMBA Bus: connects Caches, CPUs, . . . Each Client 10 Safety / 1 Streett Condition Total: 40 Temporal operators / Client
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 21
Problem
Conclusion
Summary Presented a tool for LTL Synthesis starting with plain formula Running time competitive to anzu (where deterministic automata are generated manually)
Future ?
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 22
Problem
Conclusion
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 23
PG ::= VΣ | ¬PF | PG ∧ PG | PG ∨ PG | XPG | GPG | [PG U PG] + Past PF ::= VΣ | ¬PG | PF ∧ PF | PF ∨ PF | XPF | FPF | [PF U PF] + Past PPrefix ::= PG | PF | ¬PPrefix | PPrefix ∧ PPrefix | PPrefix ∨ PPrefix+ Past PGF ::= PPrefix | ¬PFG | PGF ∧ PGF | PGF ∨ PGF | XPGF | GPGF | [PGF U PGF] | [PGF U PF] + Past PFG ::= PPrefix | ¬PGF | PFG ∧ PFG | PFG ∨ PFG | XPFG | FPFG | [PFG U PFG] | [PG U PFG] + Past PStreett ::= PGF | PFG | ¬PStreett | PStreett ∧ PStreett | PStreett ∨ PStreett+ Past Example for LTL, not TLStreett : GF [ϕ U ψ] ≡ FG [ϕ U ψ] ∧ GFψ
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 24
Nondeterministic automaton
q0q1 q1q0 q0q1 q0q1 ¬b ¬b b b ¬(a ∨ b) ¬(a ∨ b) a ∨ b
R = (q0 ↔ b ∨ a ∧ q0′)∧ (q1 ↔ q0′) 4 Onehot encoded automaton
p0 p1 p2 p3 ¬b ¬b b b ¬(a ∨ b) ¬(a ∨ b) a ∨ b
R = (p0 ∧ ¬b ∨ p2 ∧ b) → p′
1∨
(p1 ∧ (¬(a ∨ b))) → p′
3∨
. . .
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 25
Onehot-kodierter Automat
p0 p1 p2 p3 ¬b ¬b b b ¬(a ∨ b) ¬(a ∨ b) a ∨ b
R = (p0 ∧ ¬b ∨ p2 ∧ b) → p′
1∨
(p1 ∧ (¬(a ∨ b))) → p′
3∨
. . . Deterministic automaton
p0p1p2p3 p0p1p2p3} p0p1p2p3 p0p1p2p3} 1 ¬(a ∨ b) b 1 a ∧ ¬b 1
R = (p0 ∧ ¬b ∨ p2 ∧ b)↔p′
1∨
(p1 ∧ (¬(a ∨ b)))↔p′
3∨
. . .
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 26
Definition (Symbolic Subset Construction) H :≡
n
pj ∧ mtQdet(ϑj) Idet :≡
n
pi ↔ ∃q1 . . . qm. mtQdet(ϑi) ∧ I Fdet :≡ ∃q1 . . . qm. H ∧ F Rdet :≡
n
pi ′ ↔ ηi, mit ηi :≡ ∃q1 . . . qmq1′ . . . qm′. H ∧ R ∧ [mtQdet(ϑi)]q1,...,qm
q′
1,...,q′ m
nicht-symbolischer Schritt: Aufz¨ ahlen der n nichtdeterministischen Zust¨ ande
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 27
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ Parallel Subset-Construktionen in sets S0 . . . Sn−1
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ a Dead-Ends → red marking
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a F states → new Subset-Construktion rightt
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a {1, 2}, ∅, ∅ a Dead-Ends → red marking
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a split off F states → same state !
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a a same state!
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a a {1, 2, 3}, ∅, {1, 2, 3} b parallel Subset-Construktion!
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, ∅ {1, 2}, ∅, {2} a a a {1, 2, 3}, ∅, {1, 2, 3} b {1, 2, 3}, ∅, ∅ b runs unique → blue marking and removal right
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28
NDet 1 2 3 a a b b b c Deterministic automaton {1}, ∅, ∅ {1, 2}, ∅, {2} a a {1, 2, 3}, ∅, ∅ b a {1, 2, 3}, ∅, ∅ ∅, ∅, ∅ {3}, ∅, ∅ b b c c a, b, c a c c a, b Accept, whenever some set ( ¬∞ often red) and ( ∞ blue) !
Andreas Morgenstern Symbolic LTL Synthesis via Hierarchy and Non-Confluence 28