Symmetric Synthesis
Rüdiger Ehlers
University of Bremen & DFKI GmbH
Based on joint work with Bernd Finkbeiner
Towards Scalable Formal Synthesis of Complex Systems
workshop, CDC 2015
1
(Monolithic) Synthesis of Reactive Systems
Input
GF(u ∧ v )
→
G(u ↔ X v )
+
⇒
Not realizable
Output
Input = {u, . . .}
Output = {v , . . .}
Realizable
2
Distributed Synthesis
u
y
v
z
The specification for synthesis ranges over u, v, y, and z.
3
Monolithic Reactive Synthesis vs. Distributed Synthesis
Monolithic Synthesis
Complexity for CTL: EXPTIME
[Emerson and Clarke, 1982]
Complexity for GR(1): EXPTIME
Complexity for LTL: 2EXPTIME [Pnueli and Rosner, 1989a,b]
Complexity for CTL*: 2EXPTIME [Kupferman and Vardi, 1997,
Vardi and Wolper, 1986]
4
Monolithic Reactive Synthesis vs. Distributed Synthesis
Distributed Synthesis [Finkbeiner and Schewe, 2005]
Complexity for LTL & architectures without information fork:
decidable
u
v
y
z
Complexity for LTL & architectures with an information fork:
undecidable
u
v
y
z
4
Symmetric Synthesis – An Example Architecture
u
a
v
b
c
d
One
a
s1
w
b
c
d
Two
z
5
Example Application
6
Why Symmetric Systems?
They are easier to maintain and easier to implement
They can often be smaller
They are often easier to understand.
Their existence/inexistence tells us something about the
application
They are a big step towards synthesis of arbitrarily scalable
systems
They are somewhat robust to failure of individual processes
7
Central Question
Central question:
In which cases is
symmetric synthesis
decidable and how efficiently
can it be performed?
8
Results in This Talk
Undecidable Symmetric Synthesis
All architectures that contain the S0 architecture have an
undecidable symmetric synthesis problem.
→ These are pretty much all architectures that have internal
communication
Decidable Symmetric Synthesis
All rotation-symmetric architectures have a decidable
synthesis problem
→ For GR(1)-like specifications, it can be solved by GR(1)
synthesis
9
Undecidable Symmetric
Synthesis
10
A Simple Undecidable Symmetric Architecture
x
a
b
a
b
z
y
The S0 Architecture
11
Another Undecidable Symmetric Architecture (S2)
u
v
w
o
p
q
x
y
z
12
Another Undecidable Symmetric Architecture (S2)
u
v
w
TM
o
p
q
TM
x
y
z
12
Compressing an Input/Output Stream
x0
x1
x2
x3
...
CSS 0
1
0
1 CSS 1
1
0
0
x
13
Undecidability of the Example Architecture
u
a
v
b
c
d
One
a
s1
w
b
c
d
Two
z
14
Undecidability of the Example Architecture
u
a
v
b
c
d
One
a
s1
w
b
c
d
Two
z
14
Decidable Symmetric
Synthesis
15
A Decidable Symmetric Architecture
x0
x1
x2
P0
P1
P2
(P0 , y )
(P1 , y )
(P2 , y )
16
Computation Trees of Rotation-symmetric Systems
a
b
P0
P1
(0,0)
(0,0)
(0,0)
(0,1)
(1,1)
(0,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
17
Characterisation of Rotation-symmetric Computation
Trees
(0,0)
(0,0)
(0,0)
(0,1)
(1,1)
(0,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
18
Characterisation of Rotation-symmetric Computation
Trees
(0,0)
(0,0)
(0,0)
(0,1)
(1,1)
(0,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
18
Characterisation of Rotation-symmetric Computation
Trees
(0,0)
(0,0)
(0,0)
(0,1)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry
18
Characterisation of Rotation-symmetric Computation
Trees
(0,0)
(0,0)
(0,0)
(0,1)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry
18
Characterisation of Rotation-symmetric Computation
Trees
(0,0)
(0,0)
(0,0)
(0,0)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry
Normalization of the system behaviour along different
rotations of the input
18
Enforcing the Symmetry Property
(0,0)
(0,0)
(0,0)
(0,0)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry
Normalization of the system behaviour along different
rotations of the input
19
Enforcing the Symmetry Property
(0,0)
(0,0)
(0,0)
(0,0)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry ⇒ Regular
Property
Normalization of the system behaviour along different
rotations of the input
19
Enforcing the Symmetry Property
(0,0)
(0,0)
(0,0)
(0,0)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry ⇒ Regular
Property
Normalization of the system behaviour along different
rotations of the input ⇒ Non-regular Property!
19
Enforcing the Symmetry Property
(0,0)
(0,0)
(0,0)
(0,0)
(1,1)
(1,1) (1,0) (0,1) (1,1)
(1,1) (0,0) (1,1) (0,1)
(1,1) (1,1) (0,0) (1,0)
(0,0) (1,0) (0,1) (1,1)
Necessary and Sufficient Conditions
No spontaneous introduction of asymmetry ⇒ Regular
Property
Normalization of the system behaviour along different
rotations of the input ⇒ Non-regular Property!
19
Symmetrizing the specification
Idea
Starting with a specification ψ, we modify it to:
ψ ∧ rot (ψ, 1) ∧ . . . ∧ rot (ψ, n − 1)
20
Symmetrizing the specification
Idea
Starting with a specification ψ, we modify it to:
ψ ∧ rot (ψ, 1) ∧ . . . ∧ rot (ψ, n − 1)
Example with Three Processes
Starting with G(a1 ↔ Xb2 ), we obtain
G(a1 ↔ Xb2 ) ∧ G(a2 ↔ Xb0 ) ∧ G(a0 ↔ Xb1 )
20
Rotation-symmetric Synthesis Algorithm (LTL)
Steps
1
Symmetrize the specification
2
Translate to word automaton A
3
Compose A with a word automaton to reject words with
asymmetry introduction
4
Spread the word automaton to a tree automaton AT .
5
Check emptiness of L(AT ).
6
(Not empty:) Symmetrize tree and chop off outputs of other
processes
21
Complexity
Complexity of the Symmetric Synthesis Algorithms
LTL and CTL*:
EXPTIME in # of processes,
2EXPTIME in size of the specification
22
Complexity
Complexity of the Symmetric Synthesis Algorithms
LTL and CTL*:
EXPTIME in # of processes,
2EXPTIME in size of the specification
Hardness of the Symmetric Synthesis Problem
LTL and CTL*:
EXPTIME in # of processes,
2EXPTIME in size of the specification
22
More Complex Rotation-Symmetric Architectures
x0
x3
x1 x2
P0,0
P1,0
P0,1
P1,1
(P0,0 , y ) (P0,1 , y )
(P1,0 , y ) (P1,1 , y )
23
Symmetric GR(1) Synthesis
Main Steps for Symmetric Synthesis
Symmetrizing the specification
→ not quite possible, but we can approximate that well
Adding system guarantees that require the system not to
introduce asymmetry in the output
→ easy to encode in GR(1)
24
Benchmarks Considered (1/2) – Traffic Light
25
Benchmarks Considered (2/2) – Rotation Sorter
26
Benchmarks
Setting
BDD-based game solver
AMD E-450 1.6GHz, x86-Linux, 4GB RAM
Symmetric Traffic Light
Basic setting: unrealizable (1.1s)
With simple symmetry breaking assumption:
F((carSensed 0 ∨ carSensed 1 ∨ carSensed 2 ∨ carSensed 3 )
↔ ¬(carSensed 0 ∧ carSensed 1 ∧ carSensed 2 ∧ carSensed 3 ))
realizable (1.2)
With additional exclusiveness guarantee:
G(¬green0 ∨ ¬green2 ) ∧ G(¬green1 ∨ ¬green3 )
unrealizable (1.25s)
27
Benchmarks
Setting
BDD-based game solver
AMD E-450 1.6GHz, x86-Linux, 4GB RAM
Symmetric Rotation Sorter
Basic setting: unrealizable (130s)
With packet consistency assumption: realizable (16 31 min)
27
Conclusion
Symmetric Synthesis
Many architectures have an undecidable
synthesis probem
However, rotation-symmetric architectures
have a decidable synthesis problem
Efficiency
Symmetric synthesis for rotation-symmetric
architectures can be performed relatively
efficiently
→ time complexity is exponential in the
number of processes
28
References I
E. Allen Emerson and Edmund M. Clarke. Using branching time temporal logic to synthesize synchronization skeletons.
Sci. Comput. Program., 2(3):241–266, 1982.
Bernd Finkbeiner and Sven Schewe. Uniform distributed synthesis. In LICS, pages 321–330, 2005. doi:
10.1109/LICS.2005.53.
O. Kupferman and M.Y. Vardi. Synthesis with incomplete informatio. In 2nd International Conference on Temporal Logic,
pages 91–106, Manchester, July 1997.
Amir Pnueli and Roni Rosner. On the synthesis of an asynchronous reactive module. In ICALP, pages 652–671, 1989a.
Amir Pnueli and Roni Rosner. On the synthesis of a reactive module. In POPL, pages 179–190, 1989b.
Moshe Y. Vardi and Pierre Wolper. Automata-theoretic techniques for modal logics of programs. J. Comput. Syst. Sci., 32
(2):183–221, 1986.
29