Title: true T s Zs' hai true T Zs s atrueT Zs s if Zs 2 T
1Quotienting-based Control Synthesis for
Non-Deterministic Plants with Mu-Calculus
Specifications
Samik Basu (Computer Science) and Ratnesh Kumar
(Electrical and Computer Engineering), Iowa State
University, Ames
Problem Statement
Satisfiability and Controller Synthesis
Existence Theorem
Given plant P and specification in temporal
formula ?, find controller C with
controllability constraint such that P C
satisfies ? 9 C P C ² ?
For plant state s and controller state q,
controlled-plant state (s,q) satisfies ? iff q
satisfies (? / s)
- Satisfiability of a formula depends on its
subformulas - Tableau to explore satisfiability of
subformulas and to synthesize a witnessing model -
Synthesis Theorem
Model, Specification, Controllability Constraint
A formula ? satisfiable iff exists a tableau
with root node ?, ?, ? M such that M is a
non-false model
(true, X, N) CH M CH M
(false, X, N) CH MMfalse
H MMtrue
- Plant/Controller models Labeled Transition
System - State-transition diagram with transitions
labeled with actions (events) - Specification mu-calculus formula (more general
than CTL, LTL, CTL) - ? ! true false p ?1 Æ ?2 ?1 Ç ?2 hai
? a? X ? X.? ? X.? -
- Controllability Constraint Uncontrollable
actions must not be disabled - Captured as part of quotienting rules
Example
Recursive Quotient
(p, X, N) CH MsB CH MsB
(?1Æ?2, X, N) CH M (?1,X,N),(?2,X,N
) CH M
(?1Ç?2, X, N) CH M (?1,X,N) CH
M
p2 L(s)
exists an a-successor satisfying ?
all a-successors satisfying ?
Least fixed point formula
Greatest fixed point formula
(?1Ç?2, X, N) CH M (?2,X,N) CH
M
(? X.?, X, N) CH M (?,X,N) CH
M
(X, X, N) CH M (?, (X.X), N)
CH M
Specification ? X.(p Æ - X)
All reachabable states satisfy the
proposition p. Proposition
p is satisfied if the cat and the mouse
are not in same states.
Quotienting-based Approach
(X, X, N) CH M CH M
X is a free Variable
- P C ² ? iff C ² ? / P
- ? / P Formula satisfied by environment of P
(controller C) iff P C ² ? - Controller exists iff ? / P satisfiable
witnessing model a candidate controller - Controller existence and synthesis reduced to
satisfiability of mu-calculus
Plant
(a?, X, N) CH M (a? Æ hai
true, X, N) CH M
(a?, X, N) CH M CH M
Quotienting Rules and Controller Existence
(i) C (haii?i, Xi, Ni) (ii) (h ai ?, X,
N) 2 C (iii) ( ( a?, X, N) (haii?,
Xi, Ni) , s) 2 H where C is obtained
from C by removing all modal formula on action
a
Recursion Violating paths in Plant Loops in
Controllers
(true /T s) ? Zs.( Æ hai (true /T Zs
s) Æ a(true/T Zs s) if Zs 2 T
Zs
otherwise (false/T s) false (p/T s)
(true /T s) Æ p
if p 2 L(s)
false (?1Æ?2 /T s) (?1 /T s) Æ (?2 /T s)
(?2Ç?2/T s) (?1/T s) Ç (?2/T
s) (hai? /T s) (true/T s) Æ hai Ç (?
/Ts) if 9 s s ! s
false otherwise (a?
/T s) (true/T s) Æ a Æ (?/Ts)
if 9 s s ! s
true otherwise (? X.? /T s)
? X(s,k1). (?/T s) if
X(s,k)2T where T TX(s,k)/X(s,k1)
? X(s,1). (?/T s)
otherwise where T T X(s,1) (X/T s)
X(s)
if X is a free variable
X(s,k) if
X(s,k) 2 T (? X.? /T s)
otherwise
a
s ! s a 2 Ac(s)
a
s ! s a 2 Au(s)
CH M Ca,1H Ma,1 Ca,2H Ma,2
Ca,nH Ma,n
(i) C (haii?i, Xi, Ni) (ii) ( ( a?, X
, N ) (haii?, X i, Ni) , s) 2
H (iii) 8 (a?, X, cN) 2 C. 9 (h ai?, X , N) 2
C
Controller
Implementation
where M sC Æa,j a Ma,j Ca,j (?i,
Xi, i.Ni) (a?i, Xi, Ni) 2 C (?j, Xj,
j.Nj)
such that (hai?j, Xj, Nj) 2 C H
H Cnew, sC where Cnew (hai?i, Xi,
i.Ni) (hai?i, Xi, Ni) 2 C
- Implemented in XSB logic
- Plant and specification represented as
predicates. - (1) s ! t represented as trans(s,a,t).
- (2) p 2 L(s) represented as label(s, p).
- (3) start state represented as start(s).
- (4) ? X.? represented as fDef(x, nu, phi).
- (5) quotienting and satisfiability rules
represented as clauses -
- Available http//www.cs.iastate.edu/sbasu/contro
l-quot/
a
a
s ! s
a
CH M
(i) C (haii?i, Xi, Ni) (ii) ( ( a?, X
, N ) (haii?, X i, N i) , s) 2 H
a
a
s ! s
M Mfalse if lfp(C, C) s
otherwise
where lfp(C, C) is a boolean expression
which holds iff 9 i(0), , i(n) i(0) (8
j 2 0,n-1 N i(j) 2 suff(N i(j1)),
maxid(X) X 2 X i(j1)/X i(j), j2
0,n-1 is odd
On-going Research
Features
- Nondet. plant, mu-calculus spec., general
control-constraints - Verification/synthesis reduced to mu-calculus
satisfiability - Exponential in plant/spec (poly. in plant if
constraint not state-based)
- Handling Partial observation Constraint
- Generation of Maximal Controller
- Decentralization
Research is supported in part by National Science
Foundation under the grants NSF-ECS-0218207,
NSF-ECS-0244732, NSF-EPNES-0323379,
NSF-ECS-0424048, and NSF-ECS-0601570