Reactive Synthesis - Hands-on Exercise

(1)

Reactive Synthesis - Hands-on Exercise

Lectures: Moshe Vardi

Hands-on exercise: R ¨udiger Ehlers

Expeditions in Computer Augmented Program Engineering

E CAPE

x

(2)

Overview

1

Available Tools for LTL Synthesis

2

An overview of Acacia+

3

Traffic Light Example

4

Rotation Sorter Exercise

(3)

Some tools for Linear-time Temporal Logic Synthesis

Full LTL

Lily (Jobstmann and Bloem, 2006) Unbeast (Ehlers, 2011)

Acacia+ (Bohy et al., 2012)

Subset of LTL

Marduk/Ratsy (Bloem et al., 2010) JTLV synthesizer (Pnueli et al., 2010) Bassist (Ehlers, 2012)

(4)

Acacia+ (Bohy et al., 2012)

Features

Support for full LTL

Optimized algorithms for specifications of the form

φ

1

∧

φ

2

∧

. . . φ

n

Can also optimize the solution towards mean-payoff objectives

Techniques

Is based on bounded synthesis (Schewe and Finkbeiner, 2007; Filiot et al., 2009), which in turn builds on Safraless synthesis (Kupferman and Vardi, 2005)

Written in Python and C

Interfaces with external LTL-to-automata translators

(5)

Example

An intersection

Interface

AP_I

= {

t_n

,

t_e

,

t_w

,

t_s

}

APO

= {

gn

,

ge

,

gw

,

gs

}

Specification

G

(

g_s

→

(¬

g_e

∧ ¬

g_w

))

G

(

ts

→

F gs

)

. . .

(6)

Extending the Example

Improving the quality of service

Idea: green light may only be given if car is detected. New conjuncts:

G

(

gn

→

tn

) ∧

G

(

gs

→

ts

) ∧

G

(

ge

→

te

) ∧

G

(

gw

→

tw

)

The setting is unrealizable now!

Reason: Trigger signal might be released before green light is given. So we cannot avoid a conflict of:

G

(

ts

→

F gs

) ∧

G

(

tw

→

F gw

)

G

(

g_s

→

(¬

g_w

∧ ¬

g_e

)) ∧

G

(

g_w

→

(¬

g_n

∧ ¬

g_s

))

G

(

g_s

→

t_s

) ∧

G

(

g_w

→

t_w

)

Fixing unrealizability: adding assumptions

(

G

((

ts

∧ ¬

gs

) →

X ts

) ∧

. . . ∧

G

((

tw

∧ ¬

gw

) →

X tw

)) →

ψ

(7)

Extending the Example

Improving the quality of service

G

(

gn

→

tn

) ∧

G

(

gs

→

ts

) ∧

G

(

ge

→

te

) ∧

G

(

gw

→

tw

)

The setting is unrealizable now!

G

(

ts

→

F gs

) ∧

G

(

tw

→

F gw

)

G

(

g_s

→

(¬

g_w

∧ ¬

g_e

)) ∧

G

(

g_w

→

(¬

g_n

∧ ¬

g_s

))

G

(

g_s

→

t_s

) ∧

G

(

g_w

→

t_w

)

Fixing unrealizability: adding assumptions

(8)

Extending the Example

Improving the quality of service

G

(

gn

→

tn

) ∧

G

(

gs

→

ts

) ∧

G

(

ge

→

te

) ∧

G

(

gw

→

tw

)

The setting is unrealizable now!

G

(

ts

→

F gs

) ∧

G

(

tw

→

F gw

)

G

(

g_s

→

(¬

g_w

∧ ¬

g_e

)) ∧

G

(

g_w

→

(¬

g_n

∧ ¬

g_s

))

G

(

g_s

→

t_s

) ∧

G

(

g_w

→

t_w

)

Fixing unrealizability: adding assumptions

(

G

((

ts

∧ ¬

gs

) →

X ts

) ∧

. . . ∧

G

((

tw

∧ ¬

gw

) →

X tw

)) →

ψ

th

(9)

Rotation Sorter

p2 x1,y1 b1,p1 x0,y0 b0,p0

Input/Output per direction

Inputs x and y encode packet destinations Output p pushes packets off the rotating table Output b triggers the in-belt

(10)

Timing

Example (transport packet by 240

◦

)

x₀ 0 1 1 0 0 y0 0 0 0 0 0 p0 0 0 0 0 0 p1 0 0 0 0 0 p₂ 0 0 0 0 1 b0 0 0 1 0 0

Semantics

Meaning x y No packet 0 0 Transport by 120◦ 0 1 Transport by 240◦ 1 0 Transport by 360◦ 1 1

(Almost) a possible part of the specification

(

x0

∧

y0

) → (

b0

∧

X

¬

p1

∧

XX

¬

p2

∧

XXX p0

)

(11)

Exercise

Your turn!

Link

(12)

More on the practical side of synthesis

Suggestion

Try out a synthesizer for generalized reactivity(1) specifications, such as, e.g., Marduk/Ratsya, Gr1cb, or Slugsc.

a_{http://rat.fbk.eu/ratsy/}

b_{https://github.com/slivingston/gr1c} c_{https://github.com/LTLMoP/slugs}

Some light reading material

R.E.: Experimental Aspects of Synthesis, International Workshop on Interactions, Games and Protocols (iWiGP) 2011

(13)

References I

Roderick Bloem, Alessandro Cimatti, Karin Greimel, Georg Hofferek, Robert K ¨onighofer, Marco Roveri, Viktor Schuppan, and Richard Seeber. Ratsy - a new requirements analysis tool with synthesis. In Touili et al. (2010), pages 425–429. ISBN 978-3-642-14294-9.

Aaron Bohy, V ´eronique Bruy `ere, Emmanuel Filiot, Naiyong Jin, and

Jean-Franc¸ois Raskin. Acacia+, a tool for LTL synthesis. In Madhusudan and Seshia (2012), pages 652–657. ISBN 978-3-642-31423-0.

R ¨udiger Ehlers. Unbeast: Symbolic bounded synthesis. In Parosh Aziz Abdulla and K. Rustan M. Leino, editors, TACAS, volume 6605 of Lecture Notes in Computer Science, pages 272–275. Springer, 2011. ISBN 978-3-642-19834-2. R ¨udiger Ehlers. ACTL ∩ LTL synthesis. In Madhusudan and Seshia (2012),

pages 39–54. ISBN 978-3-642-31423-0.

Emmanuel Filiot, Naiyong Jin, and Jean-Franc¸ois Raskin. An antichain algorithm for LTL realizability. In Ahmed Bouajjani and Oded Maler, editors, CAV, volume 5643 of Lecture Notes in Computer Science, pages 263–277. Springer, 2009.

(14)

References II

Barbara Jobstmann and Roderick Bloem. Optimizations for LTL synthesis. In FMCAD, pages 117–124. IEEE Computer Society, 2006. ISBN 0-7695-2707-8. Orna Kupferman and Moshe Y. Vardi. Safraless decision procedures. In FOCS,

pages 531–542. IEEE Computer Society, 2005. ISBN 0-7695-2468-0. P. Madhusudan and Sanjit A. Seshia, editors. Computer Aided Verification - 24th

International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings, volume 7358 of Lecture Notes in Computer Science, 2012. Springer. ISBN 978-3-642-31423-0.

Amir Pnueli, Yaniv Sa’ar, and Lenore D. Zuck. Jtlv: A framework for developing verification algorithms. In Touili et al. (2010), pages 171–174. ISBN

978-3-642-14294-9.

Sven Schewe and Bernd Finkbeiner. Bounded synthesis. In Kedar S. Namjoshi, Tomohiro Yoneda, Teruo Higashino, and Yoshio Okamura, editors, ATVA, volume 4762 of Lecture Notes in Computer Science, pages 474–488. Springer, 2007. ISBN 978-3-540-75595-1.

(15)

References III

Tayssir Touili, Byron Cook, and Paul Jackson, editors. Computer Aided Verification, 22nd International Conference, CAV 2010, Edinburgh, UK, July 15-19, 2010. Proceedings, volume 6174 of Lecture Notes in Computer Science, 2010. Springer. ISBN 978-3-642-14294-9.