Controller Synthesis as a Two-Player Game

As already outlined in the introduction, the controller synthesis problem solves a more general problem than the model checking problem. Instead of giving a yes/no answer or a counterexample to show how a specification is violated, the controller synthesis problem asks how the system can be modified to fulfill the specification, i. e. to construct a controller C such that M × C |= Φ. To this end, we assume that our original semi-automaton has some input variables that are termed controllable. Those controllable input variables represent choices of the controller whereas the other input variables are chosen by the environment. In this thesis, the controller synthesis problem is reduced to the decision of the winner in an infinite two player game between the controller and the environment of the system. To this end, the so called Moore game is defined. While solving the game, i. e. deciding whether the controller or the environment wins, a strategy C in the form of a Moore machine for the controller can be synthesized such that M × C |= Φ.

Intuitively, a Moore game is an incompletely specified finite state machine together with a specification, thus an ω-automaton over the alphabet Σ = 2Vu∪Vc_{. The environ-}

ment chooses the uncontrollable inputs whereas the controller chooses the controllable inputs. To ease notation, let Σc = 2Vc and Σu = 2Vu be the controllable and uncon- trollable input alphabet. Formally, the Moore game is introduced in the following: Definition 16 (Moore Game ). A Moore game G = (Vc, Vu, S, sI, δ, Λ, Φ) over a set of state variables VS consists of the following components:

2.5 Infinite Games

• a finite set of uncontrollable input variables Vu that are determined by the envi- ronment

• a finite set of controllable input variables Vc that are determined by the Con- troller

• a finite set of states S • an initial state sI ∈ S,

• a (deterministic) transition function δ : S × Σc× Σu → S • a labeling function Λ : S → 2VS

• a winning condition Φ given by an acceptance component over VS.

The challenge of the controller is to find proper values for the input variables Vcsuch that the specification Φ is satisfied, while the environment tries to force a violation of Φ. We look at Moore games from the view of the controller, however, the definitions of plays and strategies can be dually given for the environment, too.

Given a game G = (Vc, Vu, S, sI, δ, Λ, Φ), a (finite state) strategy is a tuple γ = (S, tI, τ ) where Q is a finite set of states, qI ∈ Q is the initial state and τ : S × Q → 2(Σc×Q) _{is the move function. Intuitively, a strategy automaton is a Moore machine}

that fixes a set of possible responses to an environment input, and its response may depend on a finite memory of the past. Note that strategies are nondeterministic, but we can easily extract a deterministic strategy by fixing the strategy to one of the possible responses. The strategy is nondeterministic because this simplifies the symbolic calculation 8.

A play on G respecting γ is an infinite sequence π = (s(0), q(0))c

(0)_,u(0)

−−−−−→_(s(1)_{, q}(1)₎c

(1)_,u(1)

−−−−−→_..

such that s(0) _{= s}

I, q(0) = qI, (c(i), q(i+1)) ∈ τ (s(i), q(i)) and s(i+1) = δ(s(i), c(i), u(i)). A

play is winning if π is infinite and s(0)_{, s}(1)_{. . . |= Φ. Notice that if τ (q}(i)_{, s}(i)_{) = ∅ the} strategy does not suggest a proper choice of the input variables and the game is lost. A strategy γ is winning if all plays according to γ are winning. The set of all winning states is the winning region. A game G is winning (or won) if the initial state sI is in the winning region. A memoryless strategy is a finite state strategy with only one state. A memoryless strategy will be written as a function γ : S → 2Σc _{and a play of}

a memoryless strategy as a sequence π = s(0)c_{−−−−−→}(0),u(0)_s(1)c_{−−−−−→}(1),u(1)_{. . . .}

We say that G is controllable if the controller has a winning strategy. Otherwise we say that G is uncontrollable. The type of winning condition defines the name of the game. Thus we speak e. g. of a B¨uchi game when dealing with a Moore game whose acceptance condition is a B¨uchi condition.

8_{Although possible in theory, we do not consider Mealy games here, since the product of two Mealy}

Solving Simple Moore Games

There are already algorithms for the solution of simple Moore games like B¨uchi games. Whenever those algorithms are symbolically implemented, they rely on some form of predecessor function. For example, the algorithms presented in [49, 110] use a predecessor function _♦cF := {s | ∃c ∈ Σc∀u ∈ Σu. δ(s, c, u) ∈ F } to calculate the set of states from which the controller can force a visit to a target set F in one step.

This pre-operator gives correct results for simpler games like B¨uchi or co-B¨uchi games where the calculation of the winner of the game depends only on one player and where the winner is always decided on the whole game graph. However, in a parity game, the winner of the game is determined by successively calculating attractors to the minimal color that occurs in a subgame S0. Thus, we need predecessor functions for both the controller and the environment. A possible definition that also considers the subgame would be:

♦c0F := {s | ∃c ∈ Σ_c.∀u ∈ Σ_u. (δ(q, c, u) ∈ S0 → δ(q, u, c) ∈ F )} (2.1)

whereas the corresponding function for the Environment would be:

♦u0F :=s | ∀c ∈ Σ_c. (∃u ∈ Σ_u. δ(s, c, u) ∈ S0) → (∃u0 ∈ Σ_u. δ(s, c, u0) ∈ S0)

To see that these predecessor functions give not the correct results for every parity game, consider the parity game in Figure 2.8 together with the coloring function Ω(q0) = 0, Ω(q1) = 1 and Ω(q2) = 2. Clearly, the controller can win this game by always choosing c. However, the predecessor function _♦c0 and ♦_u0 give the wrong

result that q1 is winning for the environment. The problem is that after q0 has been removed by the Attractor to the states with the minimal color 0, the remaining sub- game contains only the states {q1} and {q2}. In the iterative step of the (generalized) parity games in which the subgame {q1, q2} is considered, the information that choos- ing c in {q1} is winning is lost. And no matter how we define a predecessor function that is solely based on states (and not on tuples (q, c) that store the move chosen by controller), we can find a game that gives a wrong result.

Another alternative algorithm for the solution of Moore games is given in [22] where a game µ-calculus is introduced. This game µ-calculus is the ordinary µ-calculus where the predecessor functions are replaced by predecessor functions similar as in equation (2.1). Then it is shown that the same µ-calculus formula can be used for both model-checking and for game-solving provided some syntactic criterion on the µ-calculus formula is satisfied. It is moreover shown how parity conditions can be translated to the game µ-calculus so that a solution of parity games is possible. This game µ-calculus formula describes a symbolic algorithm for the solution of parity games that suffers not from the above sketched problem with subgames. However

2.5 Infinite Games q1 q2 q0 u u ∧ c u ∧ c 1 1

Figure 2.8: A Parity Game for which simple Pre-Operators fail

one particular drawback of this syntactic criterion is that arbitrary conjunctions are not possible. Therefore a straightforward solution of Streett games or generalized conjunctive parity games can not be obtained using the approach of [22].

Hence, instead of providing a specialized pre-operator, we use a reduction to turn- based games to solve Moore games. This reduction is straightforwardly obtained from related constructions given in [28].

Reducing Moore Games to Turn-Based Games

In the following, we show how every Moore game can be transformed to a turn-based game.

Definition 17 (Turn-Based Moore Game).

For every Moore game G = (Vc, Vu, S, sI, δ, L, Φ) we define the turn-based controller Game Gt = (V, V0, V1, R, L0, Φ) as follows: • V1 = 2VS • V0 = {(s, c) | s ∈ S ∧ c ∈ Σc} • V = V1∪ V0 • R = {(s, (s, c))} ∪ {((s, c), s0_{) | ∃c ∈ Σ} c.δ(s, c, u) = s0}  • L0_{(s) = L(s) and L}0_{(s, c) = L(q)}

Thus, the positions of Player 0, the controller are the states of the Moore game and environment starts from vertices (s, c) so that the controllable event chosen by the controller is memorized. The following is easily seen:

Proposition 2. Given a Moore game and its corresponding turn-based game. Then Controller wins the Moore game from position sI if and only if Player 0 wins from position sI in the turn-based game.

Thus we can use the large arsenal of algorithms for infinite turn-based games [37, 108, 89] also to solve Moore games9_.