Mechanizing the Minimization of Deterministic Generalized B uchi - - PowerPoint PPT Presentation

Mechanizing the Minimization of Deterministic Generalized B¨ uchi Automata

Souheib Baarir1,2 Alexandre Duret-Lutz3

1Universit´

e Paris Ouest Nanterre la D´ efense, Nanterre, France

2Sorbonne Universit´

es, UPMC Univ. Paris 6, UMR 7606, LIP6, Paris, France souheib.baarir@lip6.fr

3LRDE, EPITA, Le Kremlin-Bicˆ

etre, France adl@lrde.epita.fr

FORTE’14, 3–5 June 2014

1 / 14

Context

LTL→BA prop. sys. y/n Model checking LTL→DBA prop. sys. prob.

• Prob. model checking

LTL→DBA prop. sys. ctrl. Synthesis

◮ B¨

uchi Automata are used in many formal methods, but with different requirements.

2 / 14

Context

LTL→BA prop. sys. y/n Model checking LTL→DBA prop. sys. prob.

• Prob. model checking

LTL→DBA prop. sys. ctrl. Synthesis

◮ B¨

uchi Automata are used in many formal methods, but with different requirements.

◮ Small [D]BA helps

◮ Minimization (NP-comp.), ◮ Simulation-based

algorithms,

◮ generalized acceptance, ◮ transition-based

acceptance.

2 / 14

Transion-based Generalized Acceptance

Minimal B¨ uchi automaton for GFa ∧ GFb: s2 s0 s1 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a BA

3 / 14

Transion-based Generalized Acceptance

Minimal automata for GFa ∧ GFb: s2 s0 s1 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a BA s1 s0

¯

a a

¯

b b TBA Using Transition-based and Generalized acceptance allows more compact automata.

3 / 14

Transion-based Generalized Acceptance

Minimal automata for GFa ∧ GFb: s2 s0 s1 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a BA s1 s0

¯

a a

¯

b b TBA s0 ab a¯ b

¯

ab

¯

a¯ b TGBA with F = { , } Using Transition-based and Generalized acceptance allows more compact automata.

3 / 14

Objective

LTL→BA prop. sys. y/n Model checking LTL→DBA prop. sys. prob.

• Prob. model checking

LTL→DBA prop. sys. ctrl. Synthesis

◮ Small [D]BA helps

◮ Minimization (NP-comp.), ◮ Simulation-based

algorithms,

◮ generalized acceptance, ◮ transition-based

acceptance.

◮ Our objective: building

minimal DTGBA

4 / 14

Objective

LTL→BA prop. sys. y/n Model checking LTL→DBA prop. sys. prob.

• Prob. model checking

LTL→DBA prop. sys. ctrl. Synthesis

◮ Small [D]BA helps

◮ Minimization (NP-comp.), ◮ Simulation-based

algorithms,

◮ generalized acceptance, ◮ transition-based

acceptance.

◮ Our objective: building

minimal DTGBA LTL→mDTGBA

4 / 14

Objective

LTL→BA prop. sys. y/n Model checking LTL→DBA prop. sys. prob.

• Prob. model checking

LTL→DBA prop. sys. ctrl. Synthesis

◮ Small [D]BA helps

◮ Minimization (NP-comp.), ◮ Simulation-based

algorithms,

◮ generalized acceptance, ◮ transition-based

acceptance.

◮ Our objective: building

minimal DTGBA LTL→mDTGBA

◮ We tackle NP-completeness

via SAT solving

4 / 14

General Framework

1 Introduction 2 General Framework

LTL Hierarchy: Determinization & Minimization Our Proposed Framework

3 SAT-based Minimization

Equivalence Check of Two DTGBA SAT-Based Synthesis of Equivalent DTGBA Minimization by Iterative Synthesis

4 Conclusion

5 / 14

LTL Hierarchy: Determinization & Minimization

Reactivity GFpi ∨ FGqi Recurrence GFp Persistence FGp Obligation Gpi ∨ Fqi Safety Gp Guarantee Fp BA

• Z. Manna and A. Pnueli. A hierarchy of temporal properties. PODC’90

6 / 14

LTL Hierarchy: Determinization & Minimization

Reactivity GFpi ∨ FGqi Recurrence GFp Persistence FGp Obligation Gpi ∨ Fqi Safety Gp Guarantee Fp DBA BA

◮ Recurrence properties are

DBA-realizable. (E.g. via Rabin)

• Z. Manna and A. Pnueli. A hierarchy of temporal properties. PODC’90

6 / 14

LTL Hierarchy: Determinization & Minimization

Reactivity GFpi ∨ FGqi Recurrence GFp Persistence FGp Obligation Gpi ∨ Fqi Safety Gp Guarantee Fp DBA Weak BA BA

◮ Recurrence properties are

DBA-realizable. (E.g. via Rabin)

• Z. Manna and A. Pnueli. A hierarchy of temporal properties. PODC’90

6 / 14

LTL Hierarchy: Determinization & Minimization

Reactivity GFpi ∨ FGqi Recurrence GFp Persistence FGp Obligation Gpi ∨ Fqi Safety Gp Guarantee Fp DBA Weak DBA BA

◮ Recurrence properties are

DBA-realizable. (E.g. via Rabin)

◮ WDBA can be minimized in

polynomial time.

• C. Dax, J. Eisinger, and F. Klaedtke. Mechanizing the powerset construction

for restricted classes of ω-automata. ATVA’07

6 / 14

LTL Hierarchy: Determinization & Minimization

TCONG Reactivity GFpi ∨ FGqi Recurrence GFp Persistence FGp Obligation Gpi ∨ Fqi Safety Gp Guarantee Fp DBA Weak DBA BA

◮ Recurrence properties are

DBA-realizable. (E.g. via Rabin)

◮ WDBA can be minimized in

polynomial time.

◮ Some recurrences (the TCONG

class) can always be determininized to DTBA by powerset construction.

• C. Dax, J. Eisinger, and F. Klaedtke. Mechanizing the powerset construction

for restricted classes of ω-automata. ATVA’07

6 / 14

LTL Hierarchy: Determinization & Minimization

Reactivity GFpi ∨ FGqi Recurrence GFp Persistence FGp Obligation Gpi ∨ Fqi Safety Gp Guarantee Fp DBA Weak DBA BA

◮ Recurrence properties are

DBA-realizable. (E.g. via Rabin)

◮ WDBA can be minimized in

polynomial time.

◮ Some recurrences (the TCONG

class) can always be determininized to DTBA by powerset construction.

◮ So far, no technique for:

◮ Determinization of TGBA, ◮ Minimization of DTGBA.

• C. Dax, J. Eisinger, and F. Klaedtke. Mechanizing the powerset construction

for restricted classes of ω-automata. ATVA’07

6 / 14

From LTL to Minimal D[T][G]BA

Output: DBA. (Ehlers’ setup.)

LTL formula DBA SAT minimization minimal DBA ltl2dstar (DRA) attempt conversion to DBA simplify DBA success not a recurrence fail

• R. Ehlers. Minimising DBA precisely using SAT solving. SAT’10
• S. C. Krishnan et al. Deterministic ω-automata vis-a-vis DBA. ISAAC’94

7 / 14

From LTL to Minimal D[T][G]BA

Output: DBA.

LTL formula DBA SAT minimization minimal DBA minimal WDBA ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail not a recurrence fail success

8 / 14

From LTL to Minimal D[T][G]BA

Output: DTBA.

LTL formula DTBA SAT minimization minimal DTBA minimal WDBA ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail not a recurrence fail success

8 / 14

From LTL to Minimal D[T][G]BA

Output: DTBA.

translate to TGBA simplify TGBA LTL formula degen to TBA |F | > 1 else DTBA SAT minimization minimal DTBA minimal WDBA ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail not a recurrence fail success

8 / 14

From LTL to Minimal D[T][G]BA

Output: DTBA.

translate to TGBA attempt WDBA minim. simplify TGBA fail LTL formula degen to TBA |F | > 1 else DTBA SAT minimization minimal DTBA minimal WDBA success ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail not a recurrence fail success

8 / 14

From LTL to Minimal D[T][G]BA

Output: DTBA.

translate to TGBA attempt WDBA minim. simplify TGBA fail LTL formula degen to TBA |F | > 1 else attempt powerset to DTBA not in TCONG fail success nondet. det. DTBA SAT minimization minimal DTBA minimal WDBA success ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail not a recurrence fail success

8 / 14

From LTL to Minimal D[T][G]BA

Output: DTGBA (m > 1) or DTBA (m = 1).

translate to TGBA attempt WDBA minim. simplify TGBA fail LTL formula degen to TBA

• nondet. or

|F | > m = 1 else attempt powerset to DTBA not in TCONG fail success nondet. det. DTBA SAT minimization DTGBA SAT minimization minimal DTGBA minimal DTBA minimal WDBA success ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail m = 1 m > 1 not a recurrence fail success

8 / 14

From LTL to Minimal D[T][G]BA

Output: DTGBA (m > 1) or DTBA (m = 1). Our setup.

ltl2tgba dstar2tgba translate to TGBA attempt WDBA minim. simplify TGBA fail LTL formula degen to TBA

• nondet. or

|F | > m = 1 else attempt powerset to DTBA not in TCONG fail success nondet. det. DTBA SAT minimization DTGBA SAT minimization minimal DTGBA minimal DTBA minimal WDBA success ltl2dstar (DRA) attempt conversion to DBA attempt WDBA minim. simplify DBA success fail m = 1 m > 1 not a recurrence fail success

8 / 14

SAT-based Minimization

1 Introduction 2 General Framework

LTL Hierarchy: Determinization & Minimization Our Proposed Framework

3 SAT-based Minimization

Equivalence Check of Two DTGBA SAT-Based Synthesis of Equivalent DTGBA Minimization by Iterative Synthesis

4 Conclusion

9 / 14

Equivalence Check of Two DTGBA

¯

a a

¯

b b

A

ab a¯ b

¯

ab

¯

a¯ b

B

10 / 14

Equivalence Check of Two DTGBA

Two complete DTGBA A and B are equivalent iff: for each elementary cycle c of A ⊗ B, c|A is accepting ⇐⇒ c|B is accepting.

¯

a a

¯

b b

A

ab a¯ b

¯

ab

¯

a¯ b

B ¯

ab

¯

a¯ b a¯ b ab a¯ b

¯

a¯ b ab ¯ ab

A ⊗ B

(acceptance marks omitted)

10 / 14

Equivalence Check of Two DTGBA

Two complete DTGBA A and B are equivalent iff: for each elementary cycle c of A ⊗ B, c|A is accepting ⇐⇒ c|B is accepting.

¯

a a

¯

b b

A

ab a¯ b

¯

ab

¯

a¯ b

B ¯

ab

¯

a¯ b a¯ b ab a¯ b

¯

a¯ b ab ¯ ab

A ⊗ B

(acceptance marks omitted)

10 / 14

Equivalence Check of Two DTGBA

Two complete DTGBA A and B are equivalent iff: for each elementary cycle c of A ⊗ B, c|A is accepting ⇐⇒ c|B is accepting.

¯

a a

¯

b b

A

ab a¯ b

¯

ab

¯

a¯ b

B ¯

ab

¯

a¯ b a¯ b ab a¯ b

¯

a¯ b ab ¯ ab

A ⊗ B

(acceptance marks omitted)

10 / 14

Equivalence Check of Two DTGBA

Two complete DTGBA A and B are equivalent iff: for each elementary cycle c of A ⊗ B, c|A is accepting ⇐⇒ c|B is accepting.

¯

a a

¯

b b

A

ab a¯ b

¯

ab

¯

a¯ b

B ¯

ab

¯

a¯ b a¯ b ab a¯ b

¯

a¯ b ab ¯ ab

A ⊗ B

(acceptance marks omitted)

10 / 14

Equivalence Check of Two DTGBA

Two complete DTGBA A and B are equivalent iff: for each elementary cycle c of A ⊗ B, c|A is accepting ⇐⇒ c|B is accepting.

¯

a a

¯

b b

A

ab a¯ b

¯

ab

¯

a¯ b

B ¯

ab

¯

a¯ b a¯ b ab a¯ b

¯

a¯ b ab ¯ ab

A ⊗ B

(acceptance marks omitted)

Now, given a reference A, does a smaller equivalent B exist?

10 / 14

SAT-Based Synthesis of Equivalent DTGBA

We look for an automaton B equivalent to A, but with |A| − 1 states and m acceptance sets.

1 Encode as a SAT problem:

◮ Some Boolean variables represent all possible transitions in B. ◮ More Boolean variables represent all possible cycles in the

product A ⊗ B.

◮ Constraints ensure that transitions in the product are

letter-compatible, and the elementary cycle acceptance condition is fulfilled.

2 Run a SAT solver:

◮ If the problem is UNSAT, then a smaller DTGBA does not exist. ◮ Otherwise the solution contains an encoding of B. 11 / 14

SAT-Based Synthesis of Equivalent DTGBA

We look for an automaton B equivalent to A, but with |A| − 1 states and m acceptance sets.

1 Encode as a SAT problem:

◮ Some Boolean variables represent all possible transitions in B. ◮ More Boolean variables represent all possible cycles in the

product A ⊗ B.

◮ Constraints ensure that transitions in the product are

letter-compatible, and the elementary cycle acceptance condition is fulfilled.

Differs from Ehlers’ approach in the support for generalized acceptance, and some SCC-based encoding optimizations.

2 Run a SAT solver:

◮ If the problem is UNSAT, then a smaller DTGBA does not exist. ◮ Otherwise the solution contains an encoding of B.

• R. Ehlers. Minimising DBA precisely using SAT solving. SAT’10

11 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

Input automaton has 24

• states. Encode synthesis
• f a 23-state automaton

with m = 2 .

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

Output automaton has 22 reachable states instead

• f 23.

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

Encode synthesis of a 21-state automaton. Etc.

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

Synthesis of a 6-state DTGBA failed, the mini- mal one has 7 states.

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

DBA DTBA DTGBA

12 / 14

Minimization by Iterative Synthesis

Minimize(A, m = A.nb acc()): repeat: n ← A.nb states()

B ← Synthesize(A, n−1, m)

if B does not exists: return A

A ← B

6 10 14 18 22 10 20 30

time (minutes) states

DBA DTBA DTGBA

11-state DBA found instanta- neously, but it takes >30min to prove the 10-state problem UNSAT.

12 / 14

Contributions

◮ We extended Ehlers’ approach with:

◮ support generalized and transition-based acceptance, ◮ SCC-based optimizations of the encoding (not discussed here)

◮ We integrated this minimization procedure in a more general

framework supporting different determinization procedures, and a faster minimization procedure for weak automata.

◮ Our tool is integrated in Spot 1.2.3, available from

http://spot.lip6.fr/

◮ Instructions for building minimal D[T][G]BA are at

http://spot.lip6.fr/userdoc/satmin.html

◮ We ran a large benchmark exploring the effects of this

minimization on many DTGBA generated from LTL formulas.

13 / 14

Future Work

◮ Comparing the minimal automata computed in our benchmark

with automata produced by LTL→TGBA or LTL→BA translators suggests that these tools could be improved in many cases.

◮ We can create minimal DTGBA with m acceptance conditions,

but it is not clear how to select the right m.

◮ We believe the technique can easily be extended to deal with

Rabin or Streett acceptance.

14 / 14