Distributed Synthesis for LTL Fragments Krishnendu Chatterjee, Thomas A. Henzinger, Jan Otop , Andreas Pavlogiannis 21 October 2013 1 / 26
Reactive Distributed Systems An architecture is a directed graph describing topology of the system. p e Communication is done through variables V . x 1 x 2 Communication is instantaneous . y 1 p 1 p 2 Process p has I(p) , O(p) , its input and y 3 output variables. y 1 , y 2 y 4 p 3 Process p behaves according to its local 2 I ( p ) � ∗ → 2 O ( p ) . � strategy σ p : y 5 p e is the environment . Local strategies give the collective strategy 2 O ( p e ) � ∗ → 2 V \ O ( p e ) . � σ : Reactive system as a function: The execution of σ on 2 O ( p e ) � ω is Γ σ ( π ) = σ ( a 1 ) σ ( a 1 a 2 ) . . . ∈ 2 V \ O ( p e ) � ω π = a 1 a 2 . . . ∈ � � 2 / 26
Reactive Distributed Systems An architecture is a directed graph describing topology of the system. p e Communication is done through variables V . x 1 x 2 Communication is instantaneous . y 1 p 1 p 2 Process p has I(p) , O(p) , its input and y 3 output variables. y 1 , y 2 y 4 p 3 Process p behaves according to its local 2 I ( p ) � ∗ → 2 O ( p ) . � strategy σ p : y 5 p e is the environment . Local strategies give the collective strategy 2 O ( p e ) � ∗ → 2 V \ O ( p e ) . � σ : Reactive system as a function: The execution of σ on 2 O ( p e ) � ω is Γ σ ( π ) = σ ( a 1 ) σ ( a 1 a 2 ) . . . ∈ 2 V \ O ( p e ) � ω π = a 1 a 2 . . . ∈ � � 3 / 26
Realizability A computation of σ is the convolution of the environment output π and the execution of σ , i.e., for π = a 1 a 2 . . . and Γ σ ( π ) = b 1 b 2 . . . 2 V � ω the computation is: π ⊗ Γ σ ( π ) = ( a 1 , b 2 )( a 2 , b 2 ) . . . ∈ � Satisfaction A collective strategy σ satisfies an LTL specification ϕ iff its every 2 O ( p e ) � ω , π ⊗ Γ σ ( π ) | computation satisfies ϕ , i.e., for every π ∈ � = ϕ . Realizability Given an architecture A and an LTL specification ϕ , decide whether there exist local strategies σ p for all processes p , that generate the collective strategy σ that satisfy ϕ . If so, synthesize them. 4 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 5 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . 6 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . Suppose it is realizable. x 1 1 0 1 0 1 0 1 y 1 x 2 0 1 0 1 0 1 0 y 2 7 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . Suppose it is realizable. x 1 1 0 1 0 1 0 1 y 1 1 0 0 0 1 0 1 x 2 0 1 0 1 0 1 0 y 2 0 1 0 1 0 1 0 8 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . Suppose it is realizable. x 1 1 0 1 0 1 0 1 y 1 1 0 0 0 1 0 1 x 2 y 2 9 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . Suppose it is realizable. x 1 1 0 1 0 1 0 1 y 1 1 0 0 0 1 0 1 x 2 y 2 10 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . Suppose it is realizable. x 1 1 0 1 0 1 0 1 y 1 1 0 0 0 1 0 1 x 2 1 0 0 0 1 0 1 y 2 11 / 26
Example Consider a specification ϕ 1 ≡ � ( x 1 = ⇒ ♦ y 1 ) ∧ � ( x 2 = ⇒ ♦ y 2 ) ∧ � ¬ ( y 1 ∧ y 2 ) in the architecture: p e It is realized by σ 1 , σ 2 such that: x 1 x 2 σ 1 ( w ) = { y 1 } if | w | is even and ∅ otherwise, and p 1 p 2 σ 2 ( w ) = { y 2 } if | w | is odd and ∅ otherwise. y 1 y 2 The following specification is not realizable ϕ 2 ≡ ( �♦ x 1 = ⇒ �♦ ( x 1 ∧ y 1 )) ∧ ( �♦ x 2 = ⇒ �♦ ( x 2 ∧ y 2 )) ∧ � ¬ ( y 1 ∧ y 2 ) . Suppose it is realizable. x 1 1 0 1 0 1 0 1 y 1 1 0 0 0 1 0 1 x 2 1 0 0 0 1 0 1 y 2 x 2 holds infinitely often, but only when y 1 holds! 12 / 26
Undecidability Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture A λ is undecidable. A λ p e x 1 x 2 p 1 p 2 y 1 y 2 For every Turing Machine M , there is a specification τ M , that forces p 1 , p 2 to output the sequence of consecutive configurations of M ( ǫ ) terminated by the final configuration. 13 / 26
Undecidability Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture A λ is undecidable. A λ p e x 1 x 2 p 1 p 2 y 1 y 2 . For every Turing Machine M , there is a . . # . . specification τ M , that forces p 1 , p 2 to output the . 0 # 1 0 sequence of consecutive configurations of M ( ǫ ) q 3 1 0 q 3 terminated by the final configuration. # 0 0 # q 4 0 0 q 4 0 0 # 0 0 # . . . 0 . . . 14 / 26
Undecidability Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture A λ is undecidable. A λ p e x 1 x 2 p 1 p 2 y 1 y 2 . For every Turing Machine M , there is a . . # specification τ M , that forces p 1 , p 2 to output the . 0 . . 1 # sequence of consecutive configurations of M ( ǫ ) q 3 0 0 1 terminated by the final configuration. # q 3 0 0 q 4 # 0 0 0 q 4 # 0 0 0 . . . # 0 . . . 15 / 26
Undecidability Theorem (Pnueli, Rosner) Realizability of LTL specifications on the following architecture A λ is undecidable. A λ p e x 1 x 2 p 1 p 2 y 1 y 2 For every Turing Machine M , there is a specification τ M , that forces p 1 , p 2 to output the . . . . . . # # sequence of consecutive configurations of M ( ǫ ) 0 0 1 1 terminated by the final configuration. q 3 q 3 0 0 # # 0 0 q 4 q 4 0 0 0 0 # # 0 0 . . . . . . 16 / 26
Parametric on the Architecture For which classes of architectures is realizability decidable? Complete characterization base on the information fork criterion. Processes p 1 , p 2 form an information fork in architecture A if there exist paths p e � p i in A such that do not traverse edges in I ( p − i ) . p e p 1 p 2 Theorem(Finkbeiner,Schewe) Every architecture either: Has an information fork (undecidable). Can be reduced to a pipeline (decidable). 17 / 26
Our approach LTL formulae that appear in the undecidability proof are complicated. Question What are the LTL fragments for which the realizability problem is decidable? That question can be approached from two directions: Prove that realizability is undecidable in weak LTL fragments. Find LTL fragments for which the realizability problem is decidable. 18 / 26
Recommend
More recommend