Most specification languages express only qualitative constraints. However, among two implementations that satisfy a given specification, one may be preferred to another. For example, if a specification asks that every request is followed by a response, one may prefer an implementation that generates responses quickly but does not generate unnecessary responses. We use quantitative properties to measure the "goodness" of an implementation. Using games with corresponding quantitative objectives, we can synthesize "optimal" implementations, which are preferred among the set of possible implementations that satisfy a given specification. In particular, we show how automata with lexicographic mean-payoff conditions can be used to express many interesting quantitative properties for reactive systems. In this framework, the synthesis of optimal implementations requires the solution of lexicographic mean-payoff games (for safety requirements), and the solution of games with both lexicographic mean-payoff and parity objectives (for liveness requirements). We present algorithms for solving both kinds of novel graph games.
The synthesis problem asks to construct a reactive finite-state system from an ω-regular specification. Initial specifications are often unrealizable, which means that there is no system that implements the specification. A common reason for unrealizability is that assumptions on the environment of the system are incomplete. We study the problem of correcting an unrealizable specification ϕ by computing an environment assumption ψ such that the new specification ψ → ϕ is realizable. Our aim is to construct an assumption ψ that constrains only the environment and is as weak as possible. We present a two-step algorithm for computing assumptions. The algorithm operates on the game graph that is used to answer the realizability question. First, we compute a safety assumption that removes a minimal set of environment edges from the graph. Second, we compute a liveness assumption that puts fairness conditions on some of the remaining environment edges. We show that the problem of finding a minimal set of fair edges is computationally hard, and we use probabilistic games to compute a locally minimal fairness assumption.without constraining the inputs. The key idea of our approach is that given a specification, if it is not realizable, cannot be complete and has to be weakened by introducing assumptions on the environment of the system. Formally, given an ω-regular specification ϕ which is not realizable, we compute a condition ψ such that the new specification ψ → ϕ is realizable. Our aim is to construct a condition ψ that does not constrain the system and is as weak as possible. The notion that ψ must constrain only the environment can be captured by requiring that ψ itself is realizable for the environment -i.e., there exists an environment that satisfies ψ without constraining the outputs of the system (in general, in a closed loop around system and environment -or controller and plant-both ψ and ϕ refer to inputs as well as outputs).The notion that ψ be as weak as possible is more difficult to capture. We will show that in certain situations, there is no unique weakest environment-realizable assumption ψ, and in other situations, it is NP-hard to compute such an assumption.Example. During our efforts of formally specifying certain hardware designs [4,5], several unrealizable specifications were produced. One specification was particular difficult to analyze. Its structure can be simplified to the following example. Consider a reactive system with the signals req, cancel, and grant, where grant is the only output signal. The specification requires that (i) every request is eventually granted starting from the next time step, written in linear temporal logic as G(req → X F grant); and (ii) whenever the input cancel is received or grant is high, then grant has to stay low in the next time step, written G((cancel∨grant) → X ¬grant). This specification is not realizable because the environment can force, by sending cancel all the time, that the grant signal has to stay low forever (Part (ii)). If grant has to stay low, t...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.