Counterexample-Guided Control

A major hurdle in the algorithmic verification and control of systems is the need to find suitable abstract models, which omit enough details to overcome the state-explosion problem, but retain enough details to exhibit satisfaction or controllability with respect to the specification. The paradigm of counterexample-guided abstraction refinement suggests a fully automatic way of finding suitable abstract models: one starts with a coarse abstraction, attempts to verify or control the abstract model, and if this attempt fails and the abstract counterexample does not correspond to a concrete counterexample, then one uses the spurious counterexample to guide the refinement of the abstract model. We present a counterexample-guided refinement algorithm for solving ω-regular control objectives. The main difficulty is that in control, unlike in verification, counterexamples are strategies in a game between system and controller. In the case that the controller has no choices, our scheme subsumes known counterexample-guided refinement algorithms for the verification of ω-regular specifications. Our algorithm is useful in all situations where ω-regular games need to be solved, such as supervisory control, sequential and program synthesis, and modular verification. The algorithm is fully symbolic, and therefore applicable also to infinite-state systems.

[1]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[2]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[3]  Alon Itai,et al.  Timing Verification by Successive Approximation , 1992, CAV.

[4]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[5]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[6]  T. Henzinger,et al.  Symbolic Algorithms for In nite-State Games ? , 2001 .

[7]  David L. Dill,et al.  Trace theory for automatic hierarchical verification of speed-independent circuits , 1989, ACM distinguished dissertations.

[8]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[9]  T. Bell,et al.  Timing Veri cation by Successive Approximation 1 , 1995 .

[10]  Joseph Sifakis,et al.  A framework for scheduler synthesis , 1999, Proceedings 20th IEEE Real-Time Systems Symposium (Cat. No.99CB37054).

[11]  Thomas A. Henzinger,et al.  Automating Modular Verification , 1999, CONCUR.

[12]  Alonzo Church,et al.  Logic, arithmetic, and automata , 1962 .

[13]  Thomas A. Henzinger,et al.  Symbolic Algorithms for Infinite-State Games , 2001, CONCUR.

[14]  Yuri Gurevich,et al.  Trees, automata, and games , 1982, STOC '82.

[15]  Nellie Clarke Brown Trees , 1896, Savage Dreams.

[16]  P. Dangerfield Logic , 1996, Aristotle and the Stoics.

[17]  Thomas A. Henzinger,et al.  Abstract Interpretation of Game Properties , 2000, SAS.

[18]  Moshe Y. Vardi,et al.  Alternating Re nement Relations ? ? ? , 1998 .

[19]  A. Prasad Sistla,et al.  On Model-Checking for Fragments of µ-Calculus , 1993, CAV.

[20]  Helmut Veith,et al.  Tree-like counterexamples in model checking , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[21]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[22]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[23]  Thomas A. Henzinger,et al.  Detecting Errors Before Reaching Them , 2000, CAV.

[24]  Thomas A. Henzinger,et al.  Modularity for Timed and Hybrid Systems , 1997, CONCUR.

[25]  J. R. Büchi,et al.  Solving sequential conditions by finite-state strategies , 1969 .

[26]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1999 .

[27]  Joseph Sifakis,et al.  On the Synthesis of Discrete Controllers for Timed Systems (An Extended Abstract) , 1995, STACS.

[28]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[29]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[30]  David L. Dill,et al.  Counterexample-guided choice of projections in approximate symbolic model checking , 2000, IEEE/ACM International Conference on Computer Aided Design. ICCAD - 2000. IEEE/ACM Digest of Technical Papers (Cat. No.00CH37140).