A symbolic justice violations transition system for unrealizable GR(1) specifications

One of the main challenges of reactive synthesis, an automated procedure to obtain a correct-by-construction reactive system, is to deal with unrealizable specifications. Existing approaches to deal with unrealizability, in the context of GR(1), an expressive assume-guarantee fragment of LTL that enables efficient synthesis, include the generation of concrete counter-strategies and the computation of an unrealizable core. Although correct, such approaches produce large and complicated counter-strategies, often containing thousands of states. This hinders their use by engineers. In this work we present the Justice Violations Transition System (JVTS), a novel symbolic representation of counter-strategies for GR(1). The JVTS is much smaller and simpler than its corresponding concrete counter-strategy. Moreover, it is annotated with invariants that explain how the counter-strategy forces the system to violate the specification. We compute the JVTS symbolically, and thus more efficiently, without the expensive enumeration of concrete states. Finally, we provide the JVTS with an on-demand interactive concrete and symbolic play. We implemented our work, validated its correctness, and evaluated it on 14 unrealizable specifications of autonomous Lego robots as well as on benchmarks from the literature. The evaluation shows not only that the JVTS is in most cases much smaller than the corresponding concrete counter-strategy, but also that its computation is faster.

[1]  Richard M. Murray,et al.  Control design for hybrid systems with TuLiP: The Temporal Logic Planning toolbox , 2016, 2016 IEEE Conference on Control Applications (CCA).

[2]  Shahar Maoz,et al.  AspectLTL: an aspect language for LTL specifications , 2011, AOSD '11.

[3]  Shahar Maoz,et al.  Two-way traceability and conflict debugging for AspectLTL programs , 2012, AOSD '12.

[4]  Roderick Bloem,et al.  Debugging formal specifications: a practical approach using model-based diagnosis and counterstrategies , 2011, International Journal on Software Tools for Technology Transfer.

[5]  Ufuk Topcu,et al.  Counter-strategy guided refinement of GR(1) temporal logic specifications , 2013, 2013 Formal Methods in Computer-Aided Design.

[6]  Hadas Kress-Gazit,et al.  Temporal-Logic-Based Reactive Mission and Motion Planning , 2009, IEEE Transactions on Robotics.

[7]  Sebastián Uchitel,et al.  Synthesizing nonanomalous event-based controllers for liveness goals , 2013, TSEM.

[8]  Ufuk Topcu,et al.  TuLiP: a software toolbox for receding horizon temporal logic planning , 2011, HSCC '11.

[9]  Sebastián Uchitel,et al.  Synthesis of live behaviour models for fallible domains , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[10]  Jan Oliver Ringert,et al.  On well-separation of GR(1) specifications , 2016, SIGSOFT FSE.

[11]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[12]  Jan Oliver Ringert,et al.  GR(1) synthesis for LTL specification patterns , 2015, ESEC/SIGSOFT FSE.

[13]  Amir Pnueli,et al.  Synthesis of Reactive(1) designs , 2006, J. Comput. Syst. Sci..

[14]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[15]  Viktor Schuppan,et al.  Diagnostic Information for Realizability , 2008, VMCAI.

[16]  Vasumathi Raman,et al.  Slugs: Extensible GR(1) Synthesis , 2016, CAV.

[17]  Hadas Kress-Gazit,et al.  Explaining Impossible High-Level Robot Behaviors , 2013, IEEE Transactions on Robotics.

[18]  Viktor Schuppan,et al.  RATSY - A New Requirements Analysis Tool with Synthesis , 2010, CAV.

[19]  Shahar Maoz,et al.  Assume-guarantee scenarios: semantics and synthesis , 2012, MODELS'12.

[20]  Leonid Ryzhyk,et al.  Predicate abstraction for reactive synthesis , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[21]  Shahar Maoz,et al.  Counter play-out: Executing unrealizable scenario-based specifications , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[22]  Hadas Kress-Gazit,et al.  Reactive high-level behavior synthesis for an Atlas humanoid robot , 2016, 2016 IEEE International Conference on Robotics and Automation (ICRA).