Tools for Controller Synthesis of Timed Systems

Verification is the problem of checking whether the behavior of a closed system satisfies a given property. The system is closed in the sense that its behavior is fully specified. Synthesis is the problem of finding a way to “close” an open system, so that the behavior of the closed system satisfies a given property. The system is open in the sense that its behavior is under-specified: it can be modified (restricted) during the synthesis process. Closing a system usually means coupling it with a controller which observes the behavior of the system so far and restricts it by disabling or forcing some actions. The controller is state-feedback when its decisions depend solely on the current state of the system. In this paper, we present two tools for (state-feedback) controller synthesis of timed systems. Our model is based on timed automata [4] with discrete actions annotated as controllable or uncontrollable. Controllable actions can be restricted, while uncontrollable cannot. Following the approaches of [23, 7, 3] we associate urgency with actions rather than states. We are interested in controllers ensuring two types of properties, namely, invariance or inevitability. Invariance means that all behaviors of the closed system remain within a given set of states. Inevitability means that all behaviors of the closed system reach a given set of states. We present our model and define the synthesis problems in Section 2. The first tool we present is called SynthKro. It is a module of the tool suite Kronos [12, 8]. SynthKro is based on the notion of controllable states, which are computed using a backward fixpoint iteration of special symbolic predecessor operators [29, 16, 19, 5]. The tool SynthKro, its algorithms and experimental results are presented in Section 3. The second tool we present is called FlySynth. It is based on an on-the-fly synthesis algorithm [25] which works on finite graphs with edges marked controllable or uncontrollable. The algorithm is on-the-fly in the sense that it can find a controller (or say that none exists) without necessarily exploring the entire state space. FlySynth can also be used also for controller synthesis of timed systems, in two ways: either by interpreting the timed automaton model in discrete time and using an appropriate abstraction to make the resulting semantic graph finite, or by interpreting the timed automaton in dense time and using the timeabstracting bisimulation quotient graph [26]. In both cases, we show how timed transitions are interpreted as controllable or uncontrollable. The tool FlySynth, its algorithms and experimental results are presented in Section 4.