Symbolic controller synthesis for LTL specifications

It is an old dream in computer science to automatically generate a system from a formal specification or at least to automatically check whether a system is guaranteed to satisfy a specification. The second problem is known as the verification problem and powerful tools exist that automatically check the correctness of a system with respect to a given declarative specification. In this thesis we consider the first problem with respect to a given declarative specification in linear temporal logic LTL. We refer to this problem as the controller synthesis problem. The controller synthesis problem is to check whether an (incomplete) implementation of a system can be refined by a controller such that a given property holds, and if so, to automatically construct this controller. Although the idea to automatically synthesize an implementation from a formal declaration is nearly 50 years old, it has not yet made its way to practice. A major breakthrough in verification has been achieved by considering symbolic representations of states and transitions by propositional formulas which lead to the invention of symbolic model checking. With the advent of succinct data structures and efficient decision procedures for propositional formulas, which are the heart of almost all approaches to hardware verification, it has become possible to verify complex systems. This thesis considers the Controller Synthesis Problem for full LTL and concentrates on decision procedures that are amenable to a symbolic implementation so that the available decision procedures like BDDs or SAT solvers can be employed.

[1]  Roderick Bloem,et al.  Finding and fixing faults , 2005, J. Comput. Syst. Sci..

[2]  Moshe Y. Vardi Branching vs. Linear Time: Final Showdown , 2001, TACAS.

[3]  Alan J. Hu,et al.  Reducing BDD Size by Exploiting Functional Dependencies , 1993, 30th ACM/IEEE Design Automation Conference.

[4]  Satoru Miyano,et al.  Alternating Finite Automata on omega-Words , 1984, CAAP.

[5]  Amir Pnueli,et al.  Algorithmic Verification of Linear Temporal Logic Specifications , 1998, ICALP.

[6]  K. Schneider,et al.  Generating Deterministic ω-Automata for most LTL Formulas by the Breakpoint Construction , 2008 .

[7]  Ludwig Staiger,et al.  Automatentheoretische und automatenfreie Charakterisierungen topologischer Klassen regulärer Folgenmengen , 1974, J. Inf. Process. Cybern..

[8]  Yuri Gurevich,et al.  Trees, automata, and games , 1982, STOC '82.

[9]  R. McNaughton,et al.  Counter-Free Automata , 1971 .

[10]  Thomas A. Henzinger,et al.  Fair Simulation , 1997, Inf. Comput..

[11]  Klaus Schneider,et al.  Relationship between Alternating omega-Automata and Symbolically Represented Nondeterministic omega-Automata , 2005 .

[12]  Wolfgang Thomas,et al.  On the Synthesis of Strategies in Infinite Games , 1995, STACS.

[13]  Fabio Somenzi,et al.  Efficient Büchi Automata from LTL Formulae , 2000, CAV.

[14]  Klaus Schneider,et al.  Abstraction of Systems with Counters for Symbolic Model Checking , 1999, MBMV.

[15]  M. Maidi The common fragment of CTL and LTL , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[16]  Amir Pnueli,et al.  Synthesis of Reactive(1) designs , 2006, J. Comput. Syst. Sci..

[17]  Edward Y. Chang,et al.  Characterization of Temporal Property Classes , 1992, ICALP.

[18]  Bruce W. Watson Directly constructing minimal DFAs : combining two algorithms by Brzozowski , 2002, South Afr. Comput. J..

[19]  M. Rabin Automata on Infinite Objects and Church's Problem , 1972 .

[20]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[21]  Thomas Wilke,et al.  State Space Reductions for Alternating Büchi Automata , 2002, FSTTCS.

[22]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[23]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[24]  Fabio Somenzi,et al.  Safety first: A two-stage algorithm for LTL games , 2009, 2009 Formal Methods in Computer-Aided Design.

[25]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[26]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[27]  Marcin Jurdzinski,et al.  A Discrete Strategy Improvement Algorithm for Solving Parity Games , 2000, CAV.

[28]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[29]  Marco Roveri,et al.  Symbolic Implementation of Alternating Automata , 2006, CIAA.

[30]  Dana S. Scott,et al.  Finite Automata and Their Decision Problems , 1959, IBM J. Res. Dev..

[31]  Klaus Schneider,et al.  Generating Deterministic $\omega$-Automata for most LTL Formulas by the Breakpoint Construction , 2008, MBMV.

[32]  János Komlós,et al.  An 0(n log n) sorting network , 1983, STOC.

[33]  Radek Pelánek,et al.  Deeper Connections Between LTL and Alternating Automata , 2005, CIAA.

[34]  Thomas Wilke,et al.  Simulation Relations for Alternating Parity Automata and Parity Games , 2006, Developments in Language Theory.

[35]  Carsten Fritz,et al.  Concepts of Automata Construction from LTL , 2005, LPAR.

[36]  Roberto Sebastiani,et al.  "More Deterministic" vs. "Smaller" Büchi Automata for Efficient LTL Model Checking , 2003, CHARME.

[37]  Xiaoyu Song,et al.  Model Checking for a First-Order Temporal Logic Using Multiway Decision Graphs , 1998, CAV.

[38]  Orna Kupferman,et al.  Avoiding Determinization , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[39]  Sofiène Tahar,et al.  Formal Verification of the Island Tunnel Controller Using Multiway Decision Graphs , 1996, FMCAD.

[40]  C. Baier,et al.  Experiments with Deterministic ω-Automata for Formulas of Linear Temporal Logic , 2005 .

[41]  Stephen A. Edwards,et al.  The synchronous languages 12 years later , 2003, Proc. IEEE.

[42]  Krishnendu Chatterjee,et al.  Generalized Parity Games , 2007, FoSSaCS.

[43]  Moshe Y. Vardi,et al.  LTL Satisfiability Checking , 2007, SPIN.

[44]  Ch. Andre,et al.  Synccharts: A visual representation of reactive behaviors , 1995 .

[45]  Zohar Manna,et al.  Specification and Verification of Concurrent Programs by forall-Automata , 1987, Temporal Logic in Specification.

[46]  Stephan Merz,et al.  Emptiness of Linear Weak Alternating Automata , 2003 .

[47]  Klaus W. Wagner,et al.  On omega-Regular Sets , 1979, Inf. Control..

[48]  Orna Kupferman,et al.  Freedom, weakness, and determinism: from linear-time to branching-time , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[49]  Klaus Schneider,et al.  Verification of Reactive Systems: Formal Methods and Algorithms , 2003 .

[50]  Zohar Manna,et al.  Specification and verification of concurrent programs by A∀automata , 1987, POPL '87.

[51]  Edmund M. Clarke,et al.  Using Branching Time Temporal Logic to Synthesize Synchronization Skeletons , 1982, Sci. Comput. Program..

[52]  Robert S. Streett,et al.  Propositional Dynamic Logic of Looping and Converse Is Elementarily Decidable , 1982, Inf. Control..

[53]  Kavita Ravi,et al.  A Hybrid Algorithm for LTL Games , 2008, VMCAI.

[54]  Fabio Somenzi,et al.  Fair Simulation Minimization , 2002, CAV.

[55]  Thomas Kropf Formal Hardware Verification: Methods and Systems in Comparison , 1997 .

[56]  Wolfgang Thomas,et al.  Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[57]  Orna Kupferman,et al.  On Complementing Nondeterministic Büchi Automata , 2003, CHARME.

[58]  Nir Piterman,et al.  From Nondeterministic Buchi and Streett Automata to Deterministic Parity Automata , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[59]  S. Safra,et al.  On the complexity of omega -automata , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[60]  Cyril Allauzen,et al.  An Efficient Pre-determinization Algorithm , 2003, CIAA.

[61]  Klaus Schneider,et al.  From LTL to Symbolically Represented Deterministic Automata , 2008, VMCAI.

[62]  Jan Maluszy¿ski Verification, Model Checking, and Abstract Interpretation , 2009, Lecture Notes in Computer Science.

[63]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[64]  Kousha Etessami,et al.  Fair Simulation Relations, Parity Games, and State Space Reduction for Büchi Automata , 2001, ICALP.

[65]  Thomas Kropf,et al.  The C@S System , 1997, Formal Hardware Verification.

[66]  Rajeev Alur,et al.  Deterministic generators and games for Ltl fragments , 2004, TOCL.

[67]  J. R. Büchi,et al.  Solving sequential conditions by finite-state strategies , 1969 .

[68]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[69]  Andrzej Wlodzimierz Mostowski,et al.  Regular expressions for infinite trees and a standard form of automata , 1984, Symposium on Computation Theory.

[70]  Wolfgang Thomas,et al.  Symbolic Synthesis of Finite-State Controllers for Request-Response Specifications , 2003, CIAA.

[71]  Monika Maidl,et al.  The Common Fragment of CTL and LTL , 2000, FOCS.

[72]  A. Prasad Sistla,et al.  The complexity of propositional linear temporal logics , 1982, STOC '82.

[73]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[74]  J. Büchi Weak Second‐Order Arithmetic and Finite Automata , 1960 .

[75]  Klaus Schneider,et al.  Improving Automata Generation for Linear Temporal Logic by Considering the Automaton Hierarchy , 2001, LPAR.

[76]  M. Rabin Decidability of second-order theories and automata on infinite trees , 1968 .

[77]  Amir Pnueli,et al.  Automatic Hardware Synthesis from Specifications: A Case Study , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[78]  Olivier Carton,et al.  Unambiguous Büchi Automata , 2000, LATIN.

[79]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[80]  Pierre Wolper,et al.  Synthesis of Communicating Processes from Temporal Logic Specifications , 1981, TOPL.

[81]  Sven Schewe Solving Parity Games in Big Steps , 2007, FSTTCS.

[82]  Lawrence H. Landweber,et al.  Decision problems forω-automata , 1969, Mathematical systems theory.

[83]  Heribert Vollmer,et al.  The tractability of model checking for LTL: The good, the bad, and the ugly fragments , 2008, TOCL.

[84]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[85]  Stephen A. Edwards,et al.  The Synchronous Languages Twelve Years Later , 1997 .

[86]  Dimitar P. Guelev A Syntactical Proof of the Canonical Reactivity Form for Past Linear Temporal Logic , 2008, J. Log. Comput..

[87]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[88]  Alan J. Hu,et al.  Checking for Language Inclusion Using Simulation Preorders , 1991, CAV.

[89]  Orna Kupferman,et al.  Safraless Compositional Synthesis , 2006, CAV.

[90]  Carsten Fritz,et al.  Constructing Büchi Automata from Linear Temporal Logic Using Simulation Relations for Alternating Büchi Automata , 2003, CIAA.

[91]  Moshe Y. Vardi,et al.  Efficient LTL compilation for SAT-based model checking , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[92]  Wolfgang Thomas,et al.  Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics , 1990 .

[93]  Igor Walukiewicz,et al.  Permissive strategies: from parity games to safety games , 2002, RAIRO Theor. Informatics Appl..

[94]  Roderick Bloem,et al.  Optimizations for LTL Synthesis , 2006, 2006 Formal Methods in Computer Aided Design.

[95]  A. Prasad Sistla,et al.  Deciding branching time logic , 1984, STOC '84.

[96]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[97]  Thomas A. Henzinger,et al.  Solving Games Without Determinization , 2006, CSL.

[98]  Roderick Bloem,et al.  Program Repair as a Game , 2005, CAV.

[99]  Roderick Bloem,et al.  Anzu: A Tool for Property Synthesis , 2007, CAV.

[100]  David E. Muller,et al.  Alternating Automata. The Weak Monadic Theory of the Tree, and its Complexity , 1986, ICALP.

[101]  Alonzo Church,et al.  Logic, arithmetic, and automata , 1962 .

[102]  Thomas A. Henzinger,et al.  From verification to control: dynamic programs for omega-regular objectives , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[103]  Ian Parberry A computer assisted optimal depth lower bound for sorting networks with nine inputs , 1989, Proceedings of the 1989 ACM/IEEE Conference on Supercomputing (Supercomputing '89).

[104]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[105]  E. Allen Emerson,et al.  Tree automata, mu-calculus and determinacy , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[106]  Orna Kupferman,et al.  Safraless decision procedures , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[107]  Carsten Fritz,et al.  Simulation-based simplification of omega-automata , 2013 .

[108]  Amir Pnueli,et al.  Specify, Compile, Run: Hardware from PSL , 2007, COCV@ETAPS.

[109]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[110]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[111]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[112]  David E. Muller,et al.  Simulating Alternating Tree Automata by Nondeterministic Automata: New Results and New Proofs of the Theorems of Rabin, McNaughton and Safra , 1995, Theor. Comput. Sci..

[113]  Kathi Fisler,et al.  Integrating design and verification environments through a logic supporting hardware diagrams , 1995, Proceedings of ASP-DAC'95/CHDL'95/VLSI'95 with EDA Technofair.

[114]  Klaus Schneider,et al.  The Synchronous Programming Language Quartz , 2009 .