On the verification of parametric and real-time systems

2009 - 2010Parametric and Real-Time Systems play a central role in the theory underlying the Verification and Synthesis problems. Real-time systems are present everywhere and are used in safety critical applications, such as flight controllers. Failures in such systems can be very expensive and even life threatening and, moreover, they are quite hard to design and verify. For these reasons, the development of formal methods for the modeling and analysis of safety-critical systems is an active area of computer science research. The standard formalism used to specify the wished behaviour of a realtime system is temporal logic. Traditional temporal logics, such as linear temporal logic (LTL), allow only qualitative assertions about the temporal ordering of events. However, in several circumstances, for assessing the efficiency of the system being modeled, it may be useful to have additional quantitative guarantees. An extension of LTL with a real-time semantics is given by the Metric Interval Temporal Logic (MITL), where changes of truth values happen according to a splitting of the line of non-negative reals into intervals. However, even with quantitative temporal logics, we would actually like to find out what quantitative bounds can be placed on the logic operators. In this thesis we face with the above problem proposing a parametric extension of MITL, that is the parametric metric interval temporal logic (PMITL), which allows to introduce parameters within intervals . For this logic, we study decision problems which are the analogous of satisfiability, validity and model-checking problems for non-parametric temporal logic. PMITL turns out to be decidable and we show that, when parameter valuations give only non-singular sets, the considered problems are all decidable, EXPSPACE-complete, and have the same complexity as in MITL. Moreover, we investigate the computational complexity of these problems for natural fragments of PMITL, and show that in meaningful fragments of the logic they are PSPACE-complete. We also consider a remarkable problem expressed by queries where the values that each parameter may assume are either existentially or universally quantified. We solve this problem in several cases and we propose an algorithm in EXPSPACE. Another interesting application of the temporal logic is when it is used to express specification of concurrent programs, where programs and properties are formalized as regular languages of infinite words. In this case, the verification problem (whether the program satisfies the specification) corresponds to solve the language inclusion problem. In the second part of this thesis we consider the Synthesis problem for realtime systems, investigating the applicability of automata constructions that avoid determinization for solving the language inclusion problem and the realizability problem for real-time logics. Since Safra’s determinization procedure is difficult to implement, we present Safraless algorithms for automata on infinite timed words. [edited by author]IX n.s

Approximating Optimal Bounds in Prompt-LTL Realizability in Doubly-exponential Time

We consider the optimization variant of the realizability problem for Prompt Linear Temporal Logic, an extension of Linear Temporal Logic (LTL) by the prompt eventually operator whose scope is bounded by some parameter. In the realizability optimization problem, one is interested in computing the minimal such bound that allows to realize a given specification. It is known that this problem is solvable in triply-exponential time, but not whether it can be done in doubly-exponential time, i.e., whether it is just as hard as solving LTL realizability. We take a step towards resolving this problem by showing that the optimum can be approximated within a factor of two in doubly-exponential time. Also, we report on a proof-of-concept implementation of the algorithm based on bounded LTL synthesis, which computes the smallest implementation of a given specification. In our experiments, we observe a tradeoff between the size of the implementation and the bound it realizes. We investigate this tradeoff in the general case and prove upper bounds, which reduce the search space for the algorithm, and matching lower bounds.Comment: In Proceedings GandALF 2016, arXiv:1609.0364

Experimental Aspects of Synthesis

We discuss the problem of experimentally evaluating linear-time temporal logic (LTL) synthesis tools for reactive systems. We first survey previous such work for the currently publicly available synthesis tools, and then draw conclusions by deriving useful schemes for future such evaluations. In particular, we explain why previous tools have incompatible scopes and semantics and provide a framework that reduces the impact of this problem for future experimental comparisons of such tools. Furthermore, we discuss which difficulties the complex workflows that begin to appear in modern synthesis tools induce on experimental evaluations and give answers to the question how convincing such evaluations can still be performed in such a setting.Comment: In Proceedings iWIGP 2011, arXiv:1102.374

Near-Optimal Scheduling for LTL with Future Discounting

We study the search problem for optimal schedulers for the linear temporal logic (LTL) with future discounting. The logic, introduced by Almagor, Boker and Kupferman, is a quantitative variant of LTL in which an event in the far future has only discounted contribution to a truth value (that is a real number in the unit interval [0, 1]). The precise problem we study---it naturally arises e.g. in search for a scheduler that recovers from an internal error state as soon as possible---is the following: given a Kripke frame, a formula and a number in [0, 1] called a margin, find a path of the Kripke frame that is optimal with respect to the formula up to the prescribed margin (a truly optimal path may not exist). We present an algorithm for the problem; it works even in the extended setting with propositional quality operators, a setting where (threshold) model-checking is known to be undecidable

Reactive Synthesis from Extended Bounded Response LTL Specifications

Reactive synthesis is a key technique for the design of correct-by-construction systems and has been thoroughly investigated in the last decades. It consists in the synthesis of a controller that reacts to environment's inputs satisfying a given temporal logic specification. Common approaches are based on the explicit construction of automata and on their determinization, which limit their scalability. In this paper, we introduce a new fragment of Linear Temporal Logic, called Extended Bounded Response LTL (\LTLEBR), that allows one to combine bounded and universal unbounded temporal operators (thus covering a large set of practical cases), and we show that reactive synthesis from \LTLEBR specifications can be reduced to solving a safety game over a deterministic symbolic automaton built directly from the specification. We prove the correctness of the proposed approach and we successfully evaluate it on various benchmarks.Comment: Extended Versio

Specification Decomposition for Reactive Synthesis

Reactive synthesis is the task of automatically deriving an implementation from a specification. It is a promising technique for the development of verified programs and hardware. Despite recent advances, reactive synthesis is still not practical when the specified systems reach a certain bound in size and complexity. In this paper, we present a modular synthesis algorithm that decomposes the specification into smaller subspecifications. For them, independent synthesis tasks are performed, and the composition of the resulting implementations is guaranteed to satisfy the full specification. Our algorithm is a preprocessing technique that can be applied to a wide range of synthesis tools. We evaluate our approach with state-of-the-art synthesis tools on established benchmarks and obtain encouraging results: The overall runtime decreases significantly when synthesizing implementations modularly