Synthesizing a Lego Forklift Controller in GR(1): A Case Study

Reactive synthesis is an automated procedure to obtain a correct-by-construction reactive system from a given specification. GR(1) is a well-known fragment of linear temporal logic (LTL) where synthesis is possible using a polynomial symbolic algorithm. We conducted a case study to learn about the challenges that software engineers may face when using GR(1) synthesis for the development of a reactive robotic system. In the case study we developed two variants of a forklift controller, deployed on a Lego robot. The case study employs LTL specification patterns as an extension of the GR(1) specification language, an examination of two specification variants for execution scheduling, traceability from the synthesized controller to constraints in the specification, and generated counter strategies to support understanding reasons for unrealizability. We present the specifications we developed, our observations, and challenges faced during the case study.Comment: In Proceedings SYNT 2015, arXiv:1602.0078

Temporal Stream Logic: Synthesis beyond the Bools

Reactive systems that operate in environments with complex data, such as mobile apps or embedded controllers with many sensors, are difficult to synthesize. Synthesis tools usually fail for such systems because the state space resulting from the discretization of the data is too large. We introduce TSL, a new temporal logic that separates control and data. We provide a CEGAR-based synthesis approach for the construction of implementations that are guaranteed to satisfy a TSL specification for all possible instantiations of the data processing functions. TSL provides an attractive trade-off for synthesis. On the one hand, synthesis from TSL, unlike synthesis from standard temporal logics, is undecidable in general. On the other hand, however, synthesis from TSL is scalable, because it is independent of the complexity of the handled data. Among other benchmarks, we have successfully synthesized a music player Android app and a controller for an autonomous vehicle in the Open Race Car Simulator (TORCS.

A multi-paradigm language for reactive synthesis

This paper proposes a language for describing reactive synthesis problems that integrates imperative and declarative elements. The semantics is defined in terms of two-player turn-based infinite games with full information. Currently, synthesis tools accept linear temporal logic (LTL) as input, but this description is less structured and does not facilitate the expression of sequential constraints. This motivates the use of a structured programming language to specify synthesis problems. Transition systems and guarded commands serve as imperative constructs, expressed in a syntax based on that of the modeling language Promela. The syntax allows defining which player controls data and control flow, and separating a program into assumptions and guarantees. These notions are necessary for input to game solvers. The integration of imperative and declarative paradigms allows using the paradigm that is most appropriate for expressing each requirement. The declarative part is expressed in the LTL fragment of generalized reactivity(1), which admits efficient synthesis algorithms, extended with past LTL. The implementation translates Promela to input for the Slugs synthesizer and is written in Python. The AMBA AHB bus case study is revisited and synthesized efficiently, identifying the need to reorder binary decision diagrams during strategy construction, in order to prevent the exponential blowup observed in previous work.Comment: In Proceedings SYNT 2015, arXiv:1602.0078

Specification and Synthesis of Reactive Protocols for Aircraft Electric Power Distribution

The increasing complexity of electric power systems leads to challenges in integration and verification. We consider the problem of designing a control protocol for an aircraft electric power system that meets a set of requirements describing the correct behaviors of the system and reacts dynamically to changes in internal system states. We formalize the requirements by translating them into a temporal logic specification language and apply game-based, temporal logic formal methods to automatically synthesize a controller protocol that satisfies these overall properties and requirements. Through a case study, we perform a design exploration to show the benefits and tradeoffs between centralized and distributed control architectures

Compositional Reactive Synthesis for Multi-Agent Systems

With growing complexity of systems and guarantees they are required to provide, the need for automated and formal design approaches that can guarantee safety and correctness of the designed system is becoming more evident. To this end, an ambitious goal in system design and control is to automatically synthesize the system from a high-level specification given in a formal language such as linear temporal logic. The goal of this dissertation is to investigate and develop the necessary tools and methods for automated synthesis of controllers from high-level specifications for multi-agent systems. We consider systems where a set of controlled agents react to their environment that includes other uncontrolled, dynamic and potentially adversarial agents. We are particularly interested in studying how the existing structure in systems can be exploited to achieve more efficient synthesis algorithms through compositional reasoning. We explore three different frameworks for compositional synthesis of controllers for multi-agent systems. In the first framework, we decompose the global specification into local ones, we then refine the local specifications until they become realizable, and we show that under certain conditions, the strategies synthesized for the local specifications guarantee the satisfaction of the global specification. In the second framework, we show how parametric and reactive controllers can be specified and synthesized, and how they can be automatically composed to enforce a high-level objective. Finally, in the third framework, we focus on a special but practically useful class of multi-agent systems, and show how by taking advantage of the structure in the system and its objective we can achieve significantly better scalability and can solve problems where the centralized synthesis algorithm is infeasible

Heuristics for the refinement of assumptions in generalized reactivity formulae

Reactive synthesis is concerned with automatically generating implementations from formal specifications. These specifications are typically written in the language of generalized reactivity (GR(1)), a subset of linear temporal logic capable of expressing the most common industrial specification patterns, and describe the requirements about the behavior of a system under assumptions about the environment where the system is to be deployed. Oftentimes no implementation exists which guarantees the required behavior under all possible environments, typically due to missing assumptions (this is usually referred to as unrealizability). To address this issue, new assumptions need to be added to complete the specification, a problem known as assumptions refinement. Since the space of candidate assumptions is intractably large, searching for the best solutions is inherently hard. In particular, new methods are needed to (i) increase the effectiveness of the search procedures, measured as the ratio between the number of solutions found and of refinements explored; and (ii) improve the results' quality, defined as the weakness of the solutions. In this thesis we propose a set of heuristics to meet these goals, and a methodology to assess and compare assumptions refinement methods based on quantitative metrics. The heuristics are in the form of algorithms to generate candidate refinements during the search, and quantitative measures to assess the quality of the candidates. We first discuss a heuristic method to generate assumptions that target the cause of unrealizability. This is done by selecting candidate refinement formulas based on Craig's interpolation. We provide a formal underpinning of the technique and evaluate it in terms of our new metric of effectiveness, as defined above, whose value is improved with respect to the state of the art. We demonstrate this on a set of popular benchmarks of embedded software. We then provide a formal, quantitative characterization of the permissiveness of environment assumptions in the form of a weakness measure. We prove that the partial order induced by this measure is consistent with the one induced by implication. The key advantage of this measure is that it allows for prioritizing candidate solutions, as we show experimentally. Lastly, we propose a notion of minimal refinements with respect to the observed counterstrategies. We demonstrate that exploring minimal refinements produces weaker solutions, and reduces the amount of computations needed to explore each refinement. However, this may come at the cost of reducing the effectiveness of the search. To counteract this effect, we propose a hybrid search approach in which both minimal and non-minimal refinements are explored.Open Acces