Sequential Synthesis with Co-Büchi Specifications

Computations are developed for the synthesis of a finite state machine (FSM) embedded in a known FSM such that their combined behavior satisfies a co-Büchi specification (the solution must finally enter an acceptable set of states and stay there forever). The procedures for this are shown to be very similar to those used for regular (non-omega) automata, except for a final step in which a set of FSM solutions is represented as a SAT instance of which each satisfying assignment corresponds to an FSM solution. The computations have been implemented and we discuss some results.. Introduction We consider sequential synthesis problems where the objective is to find a strategy, implementable as a finite state machine (FSM), which guides a system to a given subset of states (e.g. a winning state for a game, or a set of states with some desirable property), called the accepting states. Examples are games, control problems, protocol synthesis, etc. Such situations need omega automata to capture these specifications, since regular automata would require that the initial state is already an accepting state. The problems we consider are concerned with steering a system into an accepting set of states and then keeping it there. Such requirements are what can be expressed by co-Büchi automata. We present a synthesis flow for co-Büchi specifications. The FSM synthesis problem for this is stated as: find the most general FSM X such that F X S • ⊆ , where S is a co-Büchi automaton, F is a known FSM, and • represents the usual synchronous composition of two FSMs. The most general automaton solution is given by X F S = • where the outside complementation is usually non-deterministic [13]. Therefore, in general, Büchi and co-Büchi automata complementation would be required, which are super-exponential in complexity [8]. Instead, we aim for a slightly less general but more efficient solution and propose a synthesis flow, very similar to that used for regular (finite-word) automata. This uses a subset construction to obtain a deterministic Büchi overapproximation of an ND Büchi automaton. Therefore, the final complementation, done by simply complementing the acceptance conditions to obtain a co-Büchi automaton, yields a subset1 of the most general solution automaton. Until the last step, our flow does not use the co-Büchi acceptance condition for constructing the transition relations on automata structures; it merely keeps track of the resulting acceptance conditions. To derive the final FSM implementations, the acceptance condition is applied to trim the most general solution automaton by formulating a SAT [7], [8] instance, each of whose solutions corresponds to a particular FSM solution. The SAT instance contains clauses, which en1 An important subclass of co-Büchi automata is “co-looping” automata. For this class of specifications, our procedure is exact and thus obtains the most general solution automaton. sure the input-progressiveness property required for FSMs (i.e. for each input there must exist a next state and output response). Other clauses enforce the co-Büchi condition by requiring the elimination of all simple cycles that contain a nonaccepting state. The SAT instance represents all FSM solutions that can be associated with sub-graphs of the automaton solution; solutions with non-simple cycles are not represented, but we argue that such solutions are impractical anyway. To simplify the SAT instance, a graph pre-processing step derives a partial order based on input-progressiveness. In this, an edge is classified as essential if its removal causes a state to become non-progressive. Thus removing such an edge would imply that the corresponding state must be removed, recursively implying the removal of other states. The resulting smaller graph becomes the basis for the SAT formulation. The algorithm was implemented and we discuss some results on a few simple examples. The contribution of this paper is a synthesis flow for coBüchi specifications, which follows the flow for regular automata; hence it is simpler than for general omega-automata (ω-automata) and can make use of recent efficient algorithms for regular automata [9]. Only in a final step, which extracts an FSM implementation using a SAT formulation, does the flow differ substantially from that for regular automata specifications. The paper is structured with Section 1 giving some preliminaries on ω-automata. The topology used for the unknown component problem is presented in Section 2. The proposed ω-property synthesis techniques are addressed in Section 3, including the SAT formulation. The solutions computed for two representative example problems are discussed in Section 4. Section 5 discusses the complexity of complementing nondeterministic Büchi automata in general and contrasts this with the construction in the present paper. Section 6 concludes. Appendix A considers synthesizing to Büchi specifications. 1 Preliminaries ω-Automata An Ω-automaton is a finite state automaton that accepts infinite strings [2], [3], [4], [5]. Although there are many different types, here we discuss only Büchi, looping, co-Büchi, colooping and Muller automata here. A non-deterministic (ND) Büchi automaton has the following form: ( ) 0 , , , , M Q q Acc = Σ ∆ , where Q is the finite state space, Σ is the finite input alphabet, 0 q Q ∈ is the initial state, Q Q ∆ ⊆ ×Σ× is the transition relation, Acc Q ⊆ represents the acceptance condition. A run of M on the input word π α ∈Σ , ( ) q α , is successful if it starts at the initial state and the set of states that occur infinitely often intersects Acc. For a Muller automaton, 2 Acc ⊆ and a run is successful if it starts at the initial state and the set of states which appear infinitely often is a member of Acc. A co-Büchi automaton has also a single set (stable region) in its acceptance condition; but the meaning is that a run should eventually enter the stable region and stay there forever. It is a Muller-type automaton where the Muller acceptance condition consists of all subsets of the states in the stable region. Deterministic Büchi and co-Büchi automata are limited in the set of properties that can be expressed, while deterministic Muller automata, ND Büchi, and ND co-Büchi automata can express any π-regular property. For an ND Büchi automaton with acceptance condition Acc, an input sequence is accepted if there exists a run that intersects Acc infinitely often. A co-looping automaton is a co-Büchi automaton with the additional restriction that the set of final states (stable region) must be a sink, i.e. there is no edge from any final state to a non-final state. A looping automaton is the dual of a colooping automaton; its non-final states are a sink. Thus an accepting run is one that always avoids a non-final state. Looping automata are useful for expressing safety properties. Looping and co-looping automata have the property that they can be determinized by the subset construction [11], which is simpler that for the general case. Thus the difference between co-looping and co-Büchi is that the latter can have a final set from which it is possible to exit. It seems possible that in many cases with a general co-Büchi specification, the synthesis problem can be divided into two phases, the problem of steering the state of the system into a state of the final set (a co-looping problem), and the problem of keeping it there (a looping problem). These could be solved separately. We will see that the procedure used for finding the most general solution with a co-looping specification is exact, while for the general co-Büchi case, it is an approximation. 2 Problem Statement The synthesis problems considered have a topology as shown in Figure 1.2 An unknown component, X, is embedded in a larger known system, F, where the / i o behavior of the combined system, X F • , should satisfy a given external specification S. The components communicate synchronously via the channels labeled with the (multi-valued) variables, i, v, u, o. This kind of synthesis problem has been studied extensively when S is either a regular finite automaton or an FSM [13]. In particular, efficient procedures and a program have been implemented for computing the most general solution automaton and the most general FSM solution [9]. In this paper, we investigate the situation where S is a co-Büchi automaton. Figure 1. Topological Setup 2 The particular topology of communication is not important. Our results can be adapted easily to other topologies. Let S be a co-Büchi automaton with multi-valued input signal o whose values are taken from the alphabet o Σ . S is represented by 0 ( , , , , ) S S o S S Q q A = Σ ∆ , where A is the stable set. The fixed part F (or context) is assumed to be an FSM with multi-valued inputs i and v and multi-valued outputs o and u. F (although an FSM) can be interpreted as a special deterministic Büchi automaton, represented by