Controller Synthesis for Golog Programs over Finite Domains with Metric Temporal Constraints
aa r X i v : . [ c s . A I] F e b Controller Synthesis for Golog Programs over Finite Domainswith Metric Temporal Constraints
Till Hofmann , Gerhard Lakemeyer
Knowledge-Based Systems Group, RWTH Aachen University { hofmann, gerhard } @kbsg.rwth-aachen.de Abstract
Executing a Golog program on an actual robot typically re-quires additional steps to account for hardware or softwaredetails of the robot platform, which can be formulated asconstraints on the program. Such constraints are often tem-poral, refer to metric time, and require modifications to theabstract Golog program. We describe how to formulate suchconstraints based on a modal variant of the Situation Calcu-lus. These constraints connect the abstract program with theplatform models, which we describe using timed automata.We show that for programs over finite domains and with fullyknown initial state, the problem of synthesizing a controllerthat satisfies the constraints while preserving the effects of theoriginal program can be reduced to MTL synthesis. We dothis by constructing a timed automaton from the abstract pro-gram and synthesizing an MTL controller from this automa-ton, the platform models, and the constraints. We prove thatthe synthesized controller results in execution traces whichare the same as those of the original program, possibly inter-leaved with platform-dependent actions, that they satisfy allconstraints, and that they have the same effects as the tracesof the original program. By doing so, we obtain a decidableprocedure to synthesize a controller that satisfies the specifi-cation while preserving the original program.
While G
OLOG (Levesque et al. 1997), an agent pro-gramming language based on the Situation Calculus(McCarthy 1963; Reiter 2001), allows a clear and abstractspecification of an agent’s behavior, executing a G
OLOG program on a real robot often creates additional issues. Typ-ically, the robot’s platform requires additional constraintsthat are ignored when designing a G
OLOG program. As anexample, a robot may need to calibrate its arm before it canuse it. One way to deal with such platform constraints isto split the reasoning into two parts (Hofmann et al. 2018):First, an abstract G
OLOG program specifies the intended be-havior of the robot, without taking the robot platform intoaccount. In a second step, the platform is considered bytransforming the abstract program into a program that is exe-cutable on the particular platform, given a model of the plat-form and temporal constraints that connect the platform withthe plan.In this paper, we propose a method for such atransformation: We model the robot platform with a timed automaton (TA) and formulate constraints with t - ESG (Hofmann and Lakemeyer 2018), a modal variant ofthe Situation Calculus extended with temporal operatorsand metric time. We then synthesize a controller that ex-ecutes the abstract program, but also inserts additionalplatform actions to satisfy the platform constraints. Todo so, we restrict the G
OLOG program to a finite do-main, finite traces, and a fully known initial state. This al-lows us to reduce the controller synthesis problem to theMTL control problem, which has been shown to be decid-able (Bouyer, Bozzelli, and Chevalier 2006). Furthermore,for the purpose of this paper, we only use time to formulatetemporal constraints on the robot platform and we restrictprograms to untimed programs, i.e., in contrast to programsin (Hofmann and Lakemeyer 2018), a program may not re-fer to time and action preconditions and effects are time-independent. We will revisit these restrictions in the con-cluding section.In the following, we first give an overview on the Situ-ation Calculus and G
OLOG and related work in Section 2and summarize t - ESG in Section 3. In Section 4, we de-scribe timed automata and Metric Temporal Logic (MTL),before we summarize the MTL synthesis problem. We ex-plain how to transform a G
OLOG program over a finite do-main with a complete initial state into a TA in Section 5 andhow to model a robot platform with a TA and temporal con-straints in Section 6. Both TA and the constraints are thenused in Section 7 to synthesize a controller that executesthe program while satisfying all constraints. We concludein Section 8.
The Situation Calculus (McCarthy 1963; Reiter 2001) isa first-order logic for representing and reasoning aboutactions. Following Reiter, action preconditions and ef-fects as well as information about the initial situa-tion are then encoded as so-called
Basic Action Theo-ries (BATs) . The action programming language G
OLOG (Levesque et al. 1997) and its concurrent variant C ON -G OLOG (De Giacomo, Lesp´erance, and Levesque 2000) arebased on the Situation Calculus and offer imperative pro-gramming constructs such as sequences of actions and it-eration as well as non-deterministic branching and non-deterministic choice. The semantics of G
OLOG and itsn-line variant I
NDI G OLOG can be specified in termsof transitions (De Giacomo et al. 2009). The logic ES (Lakemeyer and Levesque 2011) is a modal variant of theSituation Calculus which gets rid of explicit situationterms and uses modal operators instead. The logic ESG (Claßen and Lakemeyer 2008; Claßen 2013) is a temporalextension of ES and used for the verification of G OLOG programs. It specifies program transition semantics similarto the transition semantics of I
NDI G OLOG and extends ES with the temporal operators X ( next ) and U ( until ). Thelogic t - ESG (Hofmann and Lakemeyer 2018) extends
ESG with metric time and timing constraints on the until oper-ator.MTL (Koymans 1990) is an extension of Linear TimeLogic (LTL) with metric time, which allows expres-sions such as F ≤ c , meaning eventually within time c .In MTL, formulas are interpreted over timed words or timed state sequences , where each state specifies whichpropositions are true, and each state has an associ-ated time value. Depending on the choice of the stateand time theory, the satisfiability problem for MTL be-comes undecidable (Alur and Henzinger 1993). However,both for finite words and for a pointwise semantics, it hasbeen shown to be decidable (Ouaknine and Worrell 2005;Ouaknine and Worrell 2008).Similar to the proposed approach,Schiffer, Wortmann, and Lakemeyer (2010) extend G OLOG for self-maintenance by allowing temporal constraints usingAllen’s Interval Algebra (Allen 1983). Those constraints areresolved on-line by interleaving the original program withmaintenance actions. Closely related is also the work byFinzi and Pirri (2005), who propose a hybrid approach oftemporal constraint reasoning and reasoning about actionsbased on the Situation Calculus. They also allow constraintsbased on Allen’s Interval Algebra, which are translatedinto a temporal constraint network. De Giacomo and Vardidescribe a synthesis method for LTL and LDL specifi-cations over finite traces (De Giacomo and Vardi 2015).Similar to MTL synthesis, they partition the propositionsin controllable and uncontrollable symbols and use gamesto synthesize a controller. Based on
LTL f synthesis,He et al. describe a synthesis method that controls a robotagainst uncontrollable environment actions under resourceconstraints (He et al. 2017). They model the underlyingplanning problem as a graph, where each vertex describesthe state of the world and each edge corresponds to anaction, either by the agent or by the environment. In contrastto this work, they do not allow metric temporal constraints. ESG
In this section, we summarize the syntax and se-mantics of t - ESG (Hofmann and Lakemeyer 2018),which is based on
ESG (Claßen and Lakemeyer 2008)and ES (Lakemeyer and Levesque 2011), modalvariants of the Situation Calculus. We refer to(Hofmann and Lakemeyer 2018) for a more completedescription.The language has two sorts: object and action. A specialfeature inherited from ES is the use of countably infinite sets of standard names for both sorts. Standard object namessyntactically look like constants, but are intended to be iso-morphic with the set of all objects of the domain. In otherwords, standard object names can be thought of as constantsthat satisfy the unique name assumption and domain clo-sure for objects. We assume that object standard names in-clude the rational numbers (including ∞ ) as a subsort. Ac-tion standard names are function symbols of any arity whosearguments are standard object names. Examples are pick ( o ) and goto ( l , l ) for picking up an object and going fromone location to another, respectively. Again, standard actionnames range over all actions and satisfy the unique name as-sumption and domain closure for actions. One advantage ofusing standard names is that quantifiers can be understoodsubstitutionally when defining the semantics. For simplic-ity, we do not consider function symbols other than actions.Formally the language is defined as follows: Definition 1 (Symbols of t - ESG ) . The symbols of the lan-guage are from the following vocabulary:1. object variables x , x , x , . . . , y , . . . ,2. action variables a, a , a , a , . . . ,3. object standard names N O = { o , o , o , . . . } ,4. action standard names N A = { p , p , p , . . . } ,5. fluent predicates of arity k : F k : { F k , F k , . . . } , e.g., Holding ( o ) ; we assume this list contains the distin-guished predicate Poss
6. rigid predicates of arity k : G k = { G k , G k , . . . } ,7. open, closed, and half-closed intervals, e.g., [1 , , withrational numbers as interval endpoints,8. connectives and other symbols: = , ∧ , ∨ , ¬ , ∀ , (cid:3) , [ · ] , J · K , U I (with interval I ). We denote the set of standard names as N = N O ∪ N A . Definition 2 (Terms of t - ESG ) . The set of terms of t - ESG is the least set such that (1) every variable is a term of thecorresponding sort, (2) every standard name is a term.
Definition 3 (Formulas) . The formulas of t - ESG , consistingof situation formulas and trace formulas , are the least setsuch that1. if t , . . . , t k are terms and P is a k -ary predicate symbol,then P ( t , . . . , t k ) is a situation formula,2. if t and t are terms, then ( t = t ) is a situation for-mula,3. if α and β are situation formulas, x is a variable, δ is aprogram (defined below), and φ is a trace formula, then α ∧ β , ¬ α , ∀ x. α , (cid:3) α , [ δ ] α , and J δ K φ are situation formu-las,4. if α is a situation formula, it is also a trace formula,5. if φ and ψ are trace formulas, x is a variable, and I is aninterval, then φ ∧ ψ , ¬ φ , ∀ x. φ , and φ U I ψ are also traceformulas. A predicate symbol with standard names as arguments iscalled a primitive formula , and we denote the set of primitiveformulas as P F . We read (cid:3) α as “ α holds after executing anyequence of actions”, [ δ ] α as “ α holds after the executionof program δ ”, J δ K α as “ α holds during the execution ofprogram δ ”, φ U I ψ as “ φ holds until ψ holds, and ψ holdswithin interval I ”.A formula is called static if it contains no [ · ] , (cid:3) , or J · K operators. It is called fluent if it is static and does not mention Poss .We also write < c , ≤ c , = c , > c , and ≥ c for the re-spective intervals [0 , c ) , [0 , c ] , [ c, c ] , ( c, ∞ ) , and [ c, ∞ ) . Weuse the short-hand notations F I φ def = ( ⊤ U I φ ) ( future ) and G I φ def = ¬ F I ¬ φ ( globally ). For intervals, c + [ s, e ] denotesthe interval [ s + c, e + c ] , similarly for c + ( s, e ) , c + [ s, e ) ,and c + ( s, e ] . We also omit the interval I if I = [0 , ∞ ) , e.g., φ U ψ is short for φ U [0 , ∞ ) ψ .Finally we define the syntax of G OLOG programs referredto by the operators [ δ ] and J δ K : Definition 4 (Programs) . δ ::= t | α ? | δ ; δ | δ | δ | πx. δ | δ k δ | δ ∗ where t is an action term and α is a static situation formula.A program consists of actions t , tests α ? , sequences δ ; δ ,nondeterministic branching δ | δ , nondeterministic choiceof argument πx. δ , interleaved concurrency δ k δ , and non-deterministic iteration δ ∗ . We also use the abbreviation nil def = ⊤ ? for the emptyprogram that always succeeds. We remark that the aboveprogram constructs are a proper subset of the original C ON -G OLOG (De Giacomo, Lesp´erance, and Levesque 2000).We have left out other constructs such as prioritized con-currency for simplicity.
Definition 5 (Timed Traces) . A timed trace is a finite timedsequence of action standard names with monotonically non-decreasing time. Formally, a trace π is a mapping π : N →P A × Q , and for any i, j ∈ N with π ( i ) = ( σ i , t i ) , π ( j ) =( σ j , t j ) : If i < j , then t i ≤ t j . We denote the set of timed traces as Z . For a timed trace z = ( a , t ) . . . ( a k , t k ) , we define time ( z ) def = t k for k > and time ( hi ) def = 0 , i.e., time ( z ) is the time value of the lastaction in z . We define the timed trace z where all actionsoccur at time as z = ( a ,
0) ( a , . . . ( a n , . Definition 6 (World) . Intuitively, a world w determines thetruth of fluent predicates, not just initially, but after any(timed) sequence of actions. Formally, a world w is a map-ping P F × Z → { , } . If G is a rigid predicate sym-bol, then for all z and z ′ in Z , w [ G ( n , . . . , n k ) , z ] = w [ G ( n , . . . , n k ) , z ′ ] . Similar to ES and ESG , the truth of a fluent after any se-quence of actions is determined by a world w . Different from ES and ESG , we require all traces referred to by a world tocontain time values for each action. This also means that inthe same world, a fluent predicate F ( ~n ) may have a differentvalue after the same sequence of actions if the actions wereexecuted at different times, i.e., w [ F ( ~n, h ( a , i ] may have a different value than w [ F ( ~n, h ( a , i ] . However, for sim-plicity the actions considered in basic action theories (seeSection 3.3) do not make use of this feature.Next we define the transitions programs may take in agiven world w . In two places these refer to the satisfactionof situation formulas (see Definition 9 below). Definition 7 (Program Transition Semantics) . The transi-tion relation w → among configurations, given a world w , isthe least set satisfying1. h z, a i w → h z · ( p, t ) , nil i , if t ≥ time ( z ) , and w, z | = Poss ( p ) h z, δ ; δ i w → h z · p, γ ; δ i , if h z, δ i w → h z · p, γ i ,3. h z, δ ; δ i w → h z · p, δ ′ i if h z, δ i ∈ F w and h z, δ i w →h z · p, δ ′ i h z, δ | δ i w → h z · p, δ ′ i if h z, δ i w → h z · p, δ ′ i or h z, δ i w →h z · p, δ ′ i h z, πx. δ i w → h z · p, δ ′ i , if h z, δ xn i w → h z · p, δ ′ i for some n ∈ N x h z, δ ∗ i w → h z · p, γ ; δ ∗ i if h z, δ i w → h z · p, γ i h z, δ k δ i w → h z · p, δ ′ k δ i if z, δ w → h z · p, δ ′ i h z, δ k δ i w → h z · p, δ k δ ′ i if z, δ w → h z · p, δ ′ i The set of final configurations F w is the smallest set suchthat1. h z, α ? i ∈ F w if w, z | = α ,2. h z, δ ; δ i ∈ F w if h z, δ i ∈ F w and h z, δ i ∈ F w h z, δ | δ i ∈ F w if h z, δ i ∈ F w , or h z, δ i ∈ F w h z, πx. δ i ∈ F w if h z, δ xn i ∈ F w for some n ∈ N x h z, δ ∗ i ∈ F w h z, δ k δ i ∈ F w if h z, δ i ∈ F w and h z, δ i ∈ F w The program transition semantics is very similar to thesemantics of
ESG . The only difference is in Rule 1, whichhas an additional constraint on the time, and which requiresthe action to be executable.
Definition 8 (Program Traces) . Given a world w and a finitesequence of action standard names z , the set k δ k zw of finitetimed traces of a program δ is k δ k zw = { z ′ ∈ Z | h z, δ i w → ∗ h z · z ′ , δ ′ i and h z · z ′ , δ ′ i ∈ F w } Definition 9 (Truth of Situation and Trace Formulas) . Givena world w ∈ W and a situation formula α , we define w | = α as w, hi | = α , where for any z ∈ Z :1. w, z | = F ( n , . . . , n k ) iff w [ F ( n , . . . , n k ) , z ] = 1 ;2. w, z | = ( n = n ) iff n and n are identical;3. w, z | = α ∧ β iff w, z | = α and w, z | = β ;4. w, z | = ¬ α iff w, z = α ;5. w, z | = ∀ x. α iff w, z | = α xn for every standard name ofthe right sort;6. w, z | = (cid:3) α iff w, z · z ′ | = α for all z ′ ∈ Z ;7. w, z | = [ δ ] α iff for all finite z ′ ∈ k δ k zw , w, z · z ′ | = α ;. w, z | = J δ K φ iff for all τ ∈ k δ k zw , w, z, τ | = φ .Intuitively, [ δ ] α means that after every execution of δ , thesituation formula α is true. J δ K φ means that during everyexecution of δ , the trace formula φ is true.The truth of trace formulas φ is defined as follows for w ∈W , z, τ ∈ Z :1. w, z, τ | = α iff w, z | = α and α is a situation formula;2. w, z, τ | = φ ∧ ψ iff w, z, τ | = φ and w, z, τ | = ψ ;3. w, z, τ | = ¬ φ iff w, z, τ = φ ;4. w, z, τ | = ∀ x. φ iff w, z, τ | = φ xn for all n ∈ N x ;5. w, z, τ | = φ U I ψ iff there is a z = hi such that(a) τ = z · τ ′ ,(b) time ( z ) ∈ time ( z ) + I ,(c) w, z · z , τ ′ | = ψ ,(d) for all z = z with z = z · z : w, z · z , z · τ ′ | = φ . Definition 10 (Validity) . A situation formula α is valid (written | = α ) iff for every world w, w | = α . A trace for-mula φ is valid ( | = φ ) iff for every world w and every trace τ , w, hi , τ | = φ . A basic action theory (BAT) defines the preconditions andeffects of all actions of the domain, as well as the initialstate:
Definition 11 (basic action theory) . Given a finite set of flu-ent predicates F , a set Σ ⊆ t - ESG of sentences is called abasic action theory (BAT) over F iff Σ = Σ ∪ Σ pre ∪ Σ post ,where Σ mentions only fluents in F and1. Σ is any set of fluent sentences,2. Σ pre consists of a single sentence of the form (cid:3) Poss ( a ) ≡ π , where π is a fluent formula with freevariable a . Σ post is a set of sentences, one for each fluent predicate F ∈ F , of the form (cid:3) [ a ] F ( ~x ) ≡ γ F . The set Σ describes the initial state, Σ pre defines the pre-conditions of all actions of the domain, and Σ post definesaction effects by specifying for each fluent of the domainwhether the fluent is true after doing some action a .We will also consider BATs restricted to a finite domainof actions and objects: Definition 12 (Finite-domain BAT) . We call a BAT Σ a finite-domain basic action theory (fd-BAT) iff1. each ∀ quantifier in Σ occurs as ∀ x. τ i ( x ) ⊃ φ ( x ) , where τ i is a rigid predicate, i = o if x is of sort object, and i = a if x is of sort action;2. Σ contains axioms • τ o ( x ) ≡ ( x = n ∨ x = n ∨ . . . ∨ x = n k ) and • τ a ( a ) ≡ ( a = m ∨ a = m ∨ . . . ∨ a = m l ) where the n i and m j are object and action standardnames, respectively. Also each m j may only mention ob-ject standard names n i . Free variables are implicitly universal quantified from the out-side. The modality (cid:3) has lower syntactic precedence than the con-nectives, and [ · ] has the highest priority. We call a formula α that only mentions symbols and stan-dard names from Σ restricted to Σ and we denote the set ofprimitive formulas restricted to Σ as P Σ and the action stan-dard names mentioned in Σ as A Σ . We also write ∃ x : i. φ for ∃ x. τ i ( x ) ∧ φ and ∀ x : i. φ for ∀ x. τ i ( x ) ⊃ φ . Since anfd-BAT essentially restricts the domain to be finite, quanti-fiers of type object can be understood as abbreviations: ∃ x : τ o .φ def = k _ i =1 φ xn i , ∀ x : τ o .φ def = k ^ i =1 φ xn i , and similarly for quantifiers of type action.In addition to a finite domain, we also restrict a BAT suchthat it completely determines the initial situation: Definition 13 (determinate BAT) . A fd-BAT Σ is determi-nate iff every for atomic formula α restricted to Σ , either Σ | = α or Σ | = ¬ α . Next, given a world w , we define a world w Σ that is con-sistent with Σ : Definition 14.
For any world w and basic action theory Σ ,we define a world w Σ which is like w except that it satisfiesthe Σ pre and Σ post sentences of Σ . Lemma 1 ((Lakemeyer and Levesque 2011)) . For any w , w Σ exists and is uniquely defined. For a determinate BAT over a set of fluent predicates F ,we can show that Σ fully determines the truth of every fluent f ∈ F , not only initially, but after any sequence of actions: Lemma 2.
Let Σ be a determinate BAT over F , δ a programover Σ and w, w ′ two worlds, and z ∈ Z a finite trace suchthat hhi , δ i w Σ −→ ∗ h z, δ ′ i . Then1. hhi , δ i w ′ Σ −→ ∗ h z, δ ′ i ,2. for every primitive formula F (cid:0) ~t (cid:1) with F ∈ F : w Σ [ F ( ~t ) , z ] = w ′ Σ [ F ( ~t ) , z ] Proof.
By induction over the length of z .• Let z = hi . By definition of a determinate BAT, we knowthat w Σ [ F ( ~t ) , hi ] = 1 ⇔ w ′ Σ [ F ( ~t ) , hi ] = 1 .• Let z = z ′ · ( p, t ) . By induction, for each atomic formula α , w Σ [ α, z ′ ] = w ′ Σ [ α, z ′ ] , and thus, for each fluent situa-tion formula γ , w Σ , z ′ | = γ iff w ′ Σ , z ′ | = γ . Furthermore,we know from hhi , δ i w Σ −→ ∗ h z, δ ′ i that for some z ′ , δ ′′ , h z ′ , δ ′′ i w Σ −→ h z, δ ′ i and thus w Σ , z ′ | = Poss ( p ) . As both w Σ and w ′ Σ satisfy Σ pre , it follows that w ′ Σ , z ′ | = Poss ( p ) and therefore hhi , δ i w ′ Σ −→ ∗ h z, δ ′ i . As both w Σ and w ′ Σ satisfy Σ post and there is a successor state axiom for each F , it follows that w Σ [ F ( ~t ) , z ] = 1 iff w Σ , z ′ | = γ F ( ~t ) and w ′ Σ [ F ( ~t ) , z ] = 1 iff w ′ Σ , z ′ | = γ F ( ~t ) and thus w Σ [ F ( ~t ) , z ] = 1 ⇔ w ′ Σ [ F ( ~t ) , z ] = 1 .n fact, we can show that Σ fully determines possibletraces of δ , as well as the truth of any formula restricted to Σ : Theorem 1.
Let Σ be a determinate BAT, δ a program over Σ and w, w ′ two worlds, and z ∈ k δ k w Σ , α a situation for-mula and φ a trace formula, both restricted to Σ . Then:1. z ∈ k δ k w ′ Σ w Σ | = [ δ ] α ⇔ w ′ Σ | = [ δ ] α w Σ | = J δ K φ ⇔ w ′ Σ | = J δ K φ Proof.
Follows from Lemma 2.For the purpose of this paper and in contrast to(Hofmann et al. 2018), we do not have distinguished func-tion symbols now and time that allow referring to time ina situation formula. In particular, this means that we can-not define time-dependent preconditions or effects in a BAT.Thus, time is only relevant for the truth of trace formulas.Also, a program’s traces are not restricted with respect totime:
Proposition 1.
Given a BAT Σ , a program δ , and a world w .Let τ , τ be two traces with τ ( i ) = ( a i , t i ) , τ ( i ) = ( a i , t ′ i ) for every i (i.e., they contain the same action symbols butdifferent time points). Then τ ∈ k δ k w Σ iff τ ∈ k δ k w Σ . A Simple Carrier Bot
With the following determinatefd-BAT, we describe a simple carrier bot that is able to moveto locations and pick up objects: (cid:3)
Poss ( a ) ≡∃ s : o ∃ g : o. a = s goto ( s, g ) ∧ ¬∃ a ′ : a. Perf ( a ′ ) (1) ∨ ∃ s : o ∃ g : o. a = e goto ( s, g ) ∧ Perf ( goto ( s, g )) (2) ∨ ∃ o : o, l : o. a = s pick ( o ) ∧ ¬∃ a ′ : a. Perf ( a ′ ) (3) ∧ RAt ( l ) ∧ At ( o, l ) ∨ ∃ o : o. a = e pick ( o ) ∧ Perf ( pick ( o )) (4)The precondition axioms state that it is possible to start the goto action ( s goto ) if the robot is not performing any ac-tion (Equation 1), it can stop the goto action if it is cur-rently performing it (Equation 2). Furthermore, it can startpicking up an object if it is not performing any other actionand it is at the same position as the object (Equation 3). Fi-nally, it can stop picking if it is currently performing a pick action (Equation 4).By splitting actions into start and stop actions, we can ex-ecute multiple actions concurrently. We will later insert plat-form actions that are executed in addition and concurrent tothe program’s actions. Also, splitting actions into start andstop actions allows us to model that only the start but not theend of an action is under the robot’s control. In Section 7,we will let the environment control all end actions, i.e., theenvironment will decide when an action ends.In addition to the precondition axioms, we also define suc- πl r . RAt ( l r )?; πo. πl o . At ( o, l o )? ; s goto ( l r , l o ); e goto ( l r , l o ); s pick ( o ); e pick ( o ); Listing 1: An abstract program to fetch an object.cessor state axioms for all fluents of the domain: (cid:3) [ a ] RAt ( l ) ≡ ∃ s : o. a = e goto ( s, l )) (5) ∨ RAt ( l ) ∧ ¬∃ s ′ : o ∃ g ′ : o. a = s goto ( s ′ , g ′ ) (cid:3) [ a ] At ( p, l ) ≡ At ( p, l ) ∧ a = s pick ( p ) (6) (cid:3) [ a ] Holding ( p ) ≡ a = e pick ( p ) ∨ Holding ( p ) (7) (cid:3) [ a ] Perf ( a ′ ) ≡ (8) ∃ s : o ∃ g : o. [ a = s goto ( s, g )] ∨ ∃ o [ a = s pick ( o )] ∨ Perf ( a ′ ) ∧ ¬∃ s : o ∃ g : o [ a = e goto ( s, g )] ∧ ¬∃ p : o [ a = e pick ( p )] Initially, the robot is at m and object o is at m . Only m is Spacious , which we will use in Section 6 as a require-ment for arm calibration: Σ = {∀ x : o. RAt ( x ) ≡ ( x = m ) , (9) ∀ x : o ∀ y : o. At ( x, y ) ≡ ( x = o ∧ y = m ) , ∀ x : o. Spacious ( x ) ≡ ( x = m ) ,τ o ( x ) ≡ ( x = m ∨ x = m ∨ x = o ) ,τ a ( a ) ≡ ( a = s goto ( m , m ) ∨ . . . ∨ a = e pick ( o )) } Listing 1 shows a simple program that picks up one object.
Timed automata (TA) (Alur and Dill 1994;Alur 1999) are a widely used model for representingreal-timed systems. Their properties are often de-scribed with MTL (Koymans 1990), a temporal logicthat extends LTL with metric time. We first summa-rize timed automata and MTL, and then define theproblem of controlling a TA against an MTL specifica-tion, following (Bouyer, Bozzelli, and Chevalier 2006;Ouaknine and Worrell 2008).
MTL
MTL extends LTL with timing constraints on the
Until modality. One commonly used semantics for MTL is a pointwise semantics , in which formulas are interpreted overtimed words.
Definition 15 (Timed Words) . A timed word ρ over a finiteset of atomic propositions P is a finite or infinite sequence ( σ , τ ) ( σ , τ ) . . . where σ i ⊆ P and τ i ∈ Q + such thatthe sequence ( τ i ) is monotonically non-decreasing and non-Zeno. The set of timed words over P is denoted as T P ∗ . For a timed word ρ = ( σ , t ) ( σ , t ) . . . and every k ∈ N with k ≤ | ρ | , we also write ρ k for the prefix ( σ , t ) . . . ( σ k , t k ) . Definition 16 (Formulas of MTL) . Given a set P of atomicpropositions, the formulas of MTL are built as follows: φ ::= p | ¬ φ | φ ∧ φ | φ U I φ e use the same abbreviations as for t - ESG , i.e., F I φ def =( ⊤ U I φ ) ( future ) and G I φ def = ¬ F I ¬ φ ( globally ). As in t - ESG , we may omit the interval I if I = [0 , ∞ ) . For agiven set of atomic propositions P , we denote the languageof MTL formulas over P as L MTL ( P ) . Definition 17 (Pointwise semantics of MTL) . Given a timedword ρ = ( σ , τ ) ( σ , τ ) . . . over alphabet P and an MTLformula φ , ρ, i | = φ is defined as follows:1. ρ, i | = p iff p ∈ σ i ρ, i | = ¬ φ iff ρ, i = φ ρ, i | = φ ∧ φ iff ρ i | = φ and ρ i | = φ ρ, i | = φ U I φ iff there exists j such that(a) i < j < | ρ | ,(b) ρ, j | = φ ,(c) τ j − τ i ∈ I ,(d) and ρ, k | = φ for all k with i < k < j . For an MTL formula φ , we also write ρ | = φ for ρ, | = φ and we define the language of φ as L ( φ ) = { ρ | ρ | = φ } . Alternative definition of MTL
A commonly used alter-native definition of MTL, especially in the context of timedautomata, requires the symbols in timed words to be from P instead of P , i.e., for a timed word ρ = ( σ , τ ) ( σ , τ ) . . . over P, we require σ i ∈ P (instead of σ i ⊆ P ). Also, truthof an atomic formula p is defined as:1’. ρ, i | = p iff σ i = p .Intuitively, a timed automaton describes a transition systemwith actions leading from one state to the other, where for-mulas describe the occurrence of actions, e.g., G [ a ⊃ F a ] says that whenever action a occurs, a will occur after-wards eventually. Here, the set of atomic propositions P isthe set of possible actions. At most one action may occur atany point in time. Thus, each σ i ∈ P defines the action thatoccurs at time τ i .In our context, formulas describe states of the world, e.g., RAt ( m ) ∧ Holding ( o ) says that the robot is at m andcurrently holding o . Here, the set of atomic propositions isthe set of primitive formulas describing possible world statesand multiple predicates may be true at the same time. Thus,each σ i ⊆ P describes the primitive formulas that are trueat time τ i .Let MTL ∈ and denote MTL with the alternative seman-tics and | = ∈ satisfiability in MTL ∈ . We can define mappingsbetween MTL and MTL ∈ . The mapping · ∗ : L MTL ( P ) →L MTL ∈ (2 P ) maps a formula of MTL into MTL ∈ , where: p ∗ = _ { Q ⊆ P | p ∈ Q } Q ( ¬ φ ) ∗ = ¬ φ ∗ ( φ ∧ ψ ) ∗ = φ ∗ ∧ ψ ∗ ( φ U I ψ ) ∗ = φ ∗ U I ψ ∗ Note that if φ is a formula over P , then φ ∗ isa formula over P , i.e., the atomic propositions in φ ∗ are sub-sets of P . As an example, for P = { a, b, c } : ( a ∧ b ) ∗ = ( { a } ∨ { a, b } ∨ { a, b, c } ∨ { a, c } ) ∧ ( { b } ∨ { a, b } ∨ { a, b, c } ∨ { b, c } ) .The mapping · + : L MTL ∈ ( P ) → L MTL ( P ) maps a for-mula of MTL ∈ into MTL by enforcing that each σ i containsexactly one symbol from P : φ + = φ ∧ G _ p ∈ P p ∧ ^ q ∈ P \{ p } ¬ q Theorem 2.
For every φ ∈ L MTL ( P ) and ψ ∈ L MTL ∈ ( P ) : | = φ ⇔ | = ∈ φ ∗ | = ψ + ⇔ | = ∈ ψ In the following, we will use the semantics fromDefinition 17. However, related work on MTL synthesisuses the other formalism. In particular, Theorem 4 uses thethe alternative MTL semantics from above. With Theorem 2,we can apply those results while using the semantics fromDefinition 17.
MTL and t - ESG
Timed words in MTL are similar totraces in t - ESG . In fact, t - ESG subsumes MTL:
Theorem 3 (Hofmann and Lakemeyer (2018)) . Let φ be asentence of MTL. Then | = t - ESG φ iff | = MTL φ . Symbolic transition systems and timed automata
Intu-itively, a timed automaton is a finite automaton extendedwith time. More specifically, a timed automaton has a finiteset of clocks; time may pass in the vertices of the graph,which are also called locations . Transitions, also calledswitches, are the edges of the graph. They are always instan-taneous, may have clock constraints, and may reset someclocks to zero. Formally, we first define symbolic transitionsystems (STSs):
Definition 18 (Symbolic Transition Systems and Timed Au-tomata (Bouyer, Bozzelli, and Chevalier 2006)) . Let X be afinite set of variables (called clocks ). The set G ( X ) of clockconstraints g over X is defined by the grammar g ::= g ∧ g | x ⊲⊳ c , where ⊲⊳ ∈ { <, ≤ , = , ≥ , > } , x ∈ X , and c ∈ Q ≥ .A valuation over X is a mapping ν : X → R ≥ . The setof valuations satisfying a constraint g is denoted as J g K . Agranularity is defined by a triple µ = ( X, m, K ) , where X is a finite set of clocks, m ∈ N > , and K ∈ N . A constraint g is µ -granular if it only uses clocks from X and each constantin g is αm with α ≤ K and α ∈ N .For alphabet P and clocks X , a symbolic alphabet Γ is afinite subset of P × G ( X ) × X , where a symbolic action ( p, g, Y ) ∈ Γ is interpreted as action p can happen if theconstraint g is satisfied, with the clocks in Y being reset afterthe action. A symbolic word γ = ( a , g , Y ) ( a , g , Y ) . . . over Γ gives rise to a set of timed words tw ( γ ) over P .A symbolic transition system (STS) over a symbolic al-phabet Γ based on ( P, X ) is a tuple T = ( S, s , → , F ) ,where S is a possibly infinite set of states, s ∈ S is theinitial state, → ⊆ S × Γ × S is the transition relation, and ⊆ S is a set of accepting state. The timed language ac-cepted by an STS T is denoted as L ( T ) .A STS is called deterministic if there are no distinct tran-sitions q a,g ,Y −→ q and q a,g ,Y −→ q with J g K ∩ J g K = ∅ .A timed automaton (TA) is an STS with finitely manystates. We also want to compose STSs:
Definition 19 (STS Compositions) . For two STS T = h Q , q , → , F i over Γ based on ( P , X ) and T = h Q , q , → , F i over Γ based on ( P , X ) , the parallelcomposition T k T of T and T is the STS h Q, q , → , F i where Q = Q × Q , q = (cid:0) q , q (cid:1) , F = F × F and ( p , p ) a,g,Y −→ ( q , q ) iff p a,g ,Y −→ q and p a,g ,Y −→ q with g = g ∧ g and Y = Y ∪ Y .If P ∩ P = ∅ , then the product STS T × T is theSTS h Q, q , → , F i where Q = Q × Q , q = (cid:0) q , q (cid:1) , F = F × F and ( p , p ) a,g,Y −→ ( q , q ) iff p a ,g ,Y −→ q , p a ,g ,Y −→ q , and a = a ∪ a , g = g ∧ g , and Y = Y ∪ Y . In the parallel composition T k T , both T and T takea transition for the same input simultaneously. The product T × T takes a transition on a symbol a if a is the union a = a ∪ a of two input symbols a and a , such that T ( T ) can take a transition on a ( a ). MTL Control Problem
Finally, we define the MTL con-trol problem. Intuitively, the goal is to synthesize a controller C that controls a plant P against a specification of desiredbehaviors Φ such that all resulting traces satisfy the specifi-cation Φ without blocking the plant P . In this context, con-trol means that C has control over some actions, while theenvironment controls the remaining actions. Formally: Definition 20 (MTL Control Problem(Bouyer, Bozzelli, and Chevalier 2006)) . Let P = P C ∪ P E be an alphabet partitioned into a set of controllable actions P C and a set of environment actions P E . A plant P over P is a deterministic TA. Let the clocks used in P be X P and µ = ( X P ∪ X C , m, K ) be a granularity finer than that ofthe plant. Then, a µ -controller for P is a deterministic STS C over a symbolic alphabet based on ( P, X P ∪ X C ) havinggranularity µ and satisfying:1. C does not reset the clocks of the plant: q C a,g,Y −→ q ′C im-plies Y ⊂ X C ,2. C does not restrict environment actions: if σ ∈ L ( P k C ) and σ ( e, t ) ∈ L ( P ) with e ∈ P E , then σ · ( e, t ) ∈ L ( P kC ) C is non-blocking: if σ ∈ L ( P k C ) and σ ( a, t ) ∈ L ( P ) and σ · ( a, t ) ∈ L ( P ) , then σ · ( b, t ′ ) ∈ L ∗ ( P k C ) forsome b ∈ P and t ′ ∈ Q
4. all states of C are accepting.For a timed language L ⊆
T P ∗ , we say that a µ -controller C controls P against the specification of desired behaviors Φ iff L ( P k C ) ⊆ L (Φ) . The control problem with fixed re-sources against desired behaviors is to decide, given a plant P , a set of formulas Φ , and a granularity µ finer than thatof P , whether there exists a µ -controller C which controls P against the specification of desired behaviors Φ . Bouyer, Bozzelli, and Chevalier showed that the synthe-sis problem is decidable, with some restrictions:
Theorem 4 (Bouyer, Bozzelli, and Chevalier (2006)) . Thecontrol problem for fixed resources against MTL specifica-tions over finite words representing desired behaviors is de-cidable. Moreover, if there exists a controller, then one caneffectively construct a finite-state one.
We will use this result by constructing a TA
PTA (Σ , δ ) from a determinate fd-BAT Σ and program δ , modelling theplatform as another TA R , and synthesizing a controller C that controls the TA T = PTA (Σ , δ ) × R against the plat-form constraints Φ . We describe how to construct a TA from a program δ over adeterminate fd-BAT Σ . We do this by using P = P Σ ∪ A Σ asalphabet for the TA PTA (Σ , δ ) , i.e., the alphabet P consistsof all primitive formulas and action standard names from Σ .In each transition, we encode the occurring action and the re-sulting situation, such that p σ, ∅ , ∅ → q for σ = { f , . . . , f k , a } if after doing action a ∈ A Σ in the corresponding situation,exactly the primitive formulas { f , . . . , f k } ⊆ P Σ are true.By doing so, we obtain a correspondence of traces of theprogram δ with traces in the TA.We assume that Σ is a determinate finite-domain basic ac-tion theory and δ is a program over Σ . We need to restrict Σ to be a determinate BAT as in the resulting timed automaton,each transition encodes which primitive formulas are true inthe respective situation. In particular, the transition q → S will encode the primitive formulas that are true in the initialsituation. As we cannot encode disjunctions in such a tran-sition, we need Σ to determine the truth for each primitiveformula f i . Also, as each transition can only contain finitelymany symbols, Σ needs to be restricted to a finite domain.Furthermore, we assume that δ is terminating, i.e., it onlyinduces finite traces, which is necessary to guarantee thatthe resulting transition system indeed has a finite number ofstates. We will further discuss those restrictions in Section 8. Definition 21 (Program Timed Automata) . Given a pro-gram δ over a determinate fd-BAT Σ . We define the timedautomaton PTA (Σ , δ ) = ( S, q , → , F ) as follows:1. q P, ∅ , ∅ −→ ( hi , δ ) with P = { f i ∈ P Σ | w Σ [ f i , hi ] = 1 } ( z, δ ) P ∪{ a } , ∅ , ∅ −→ ( z · a, δ ′ ) iff (cid:0) z , δ (cid:1) w Σ → (cid:16) ( z · a ) , δ ′ (cid:17) and P = { f i ∈ P Σ | w Σ [ f i , ( z · a ) ] = 1 } ( z, δ ) P, ∅ , ∅ −→ ( z, δ ) with P = { f i ∈ P Σ | w Σ [ f i , z ] = 1 } ( z, δ ) ∈ F iff h z , δ i ∈ F w Σ A word ρ of the TA PTA (Σ , δ ) corresponds to a trace τ ∈ k δ k w Σ . We can map ρ to τ : Definition 22 (Induced action trace) . Given a word ρ ∈ PTA (Σ , δ ) , we define the (action) trace µ ( ρ ) induced by ρ inductively: S ( RAt ( m ) At ( o , m ) )( RAt ( m ) At ( o , m ) ) S ( At ( o , m )] Perf ( goto ( m , m )) ) At ( o , m ) Perf ( goto ( m , m )) s goto ( m , m ) S ( RAt ( m ) At ( o , m ) ) RAt ( m ) At ( o , m ) e goto ( m , m ) S ( RAt ( m ) Perf ( pick ( o )) ) RAt ( m ) Perf ( pick ( o )) s pick ( o ) S ( RAt ( m ) Holding ( o ) ) RAt ( m ) Holding ( o ) e pick ( o ) Figure 1: The TA for the program from Listing 1 and theinitial situation from Equation 9. The dashed edges are con-trolled by the environment.• If ρ = hi , then µ ( ρ ) = hi • If ρ = ( { . . . , a i } , t i ) · ρ ′ for some action standard name a i ∈ A Σ , then µ ( ρ ) = ( a i , t i ) · µ ( ρ ′ ) • Otherwise, if ρ = ( σ i , t i ) · ρ ′ and σ i ∩ A Σ = ∅ (i.e., σ i contains no action from Σ ), then µ ( ρ ) = µ ( ρ ′ ) The trace µ ( ρ ) induced by an MTL word ρ ∈ PTA (Σ , δ ) is indeed a trace of the program: Lemma 3.
Given a program δ over a determinate fd-BAT Σ . Then:1. For every ρ ∈ L ( PTA (Σ , δ )) : µ ( ρ ) ∈ k δ k w Σ .2. For every τ ∈ k δ k w Σ , there is a ρ ∈ L ( PTA (Σ , δ )) suchthat µ ( ρ ) = τ .Proof. Follows directly from the construction of
PTA (Σ , δ ) and Proposition 1.Furthermore, we can show that the MTL word ρ and thetrace µ ( ρ ) entail the same fluent state formulas at every pointin time: Theorem 5.
Given a program δ over a determinate fd-BAT Σ . Then:1. For every ρ ∈ L ( PTA (Σ , δ )) and every k ≤ | ρ | , there isa τ = z · τ ′ ∈ k δ k w Σ such that µ ( ρ k ) = z and w Σ , z | = α ⇔ ρ k | = α
2. For every τ ∈ k δ k w Σ and every z with τ = z · τ ′ , there is a ρ ∈ L ( PTA (Σ , δ )) such that for some i ≤ | ρ | , µ ( ρ k ) = z and w Σ , z | = α ⇔ ρ k | = α Proof.
1. Let ρ ∈ L ( PTA (Σ , δ )) . By Lemma 3, we know that τ ( ρ ) ∈ k δ k w Σ . It remains to be shown that for every k ≤ | ρ | , there is a z, τ ′ such that τ = z · τ ′ and µ ( ρ k ) = z .We show the existence of z, τ ′ by induction over k : Init { Ready } Calibrating { Calibrating } Calibrated { Calibrated } ( Calibratings calibrate ) t p := 0 ( Calibratede calibrate ) t p = 5 ( Calibratings calibrate ) t p := 0 Figure 2: The platform model of a robot arm.(a) Let k = 0 . Thus ρ k = ( σ , t ) . By definition of PTA (Σ , δ ) , we know that σ = Σ . For z = hi , itfollows that µ ( ρ k ) = z and w Σ , z | = α ⇔ w Σ | = α ⇔ Σ | = α ⇔ ρ ′ | = α .(b) Let k = l + 1 . By induction, there is a z ′ such that τ = z ′ · τ ′ , z ′ = µ ( ρ l ) , and w Σ , z ′ | = α ⇔ ρ l | = α .Now, we have two cases:i. There is some action symbol a ∈ σ k . Then, by def-inition of PTA (Σ , δ ) , for z = z ′ · ( a, t k ) , w Σ , z | = α ⇔ ρ k | = α .ii. There is no action symbol in σ k . Then, by definitionof PTA (Σ , δ ) , σ k = { f i | w Σ [ f i , z ′ ] = 1 } and thus,for z = z ′ , it follows that w Σ , z | = α ⇔ ρ k | = α .2. Let τ ∈ k δ k w Σ . By Lemma 3, we know that there is a ρ ∈ L ( PTA (Σ , δ )) . It remains to be shown that for every z with τ = z · τ ′ , µ ( ρ k ) = z and w Σ , z | = α ⇔ ρ k | = α .By induction over the length i of z :(a) Let i = 0 , i.e., z = hi , and thus w Σ , z | = α iff Σ | = α . By definition of PTA (Σ , δ ) , ρ = (Σ , t ) for some t . Thus, µ ( ρ ) = hi and ρ | = α iff Σ | = α .(b) Let i = j + 1 , i.e., z = z ′ · ( a i , t i ) . By induction, z ′ = µ ( ρ l ) for some l and w Σ , z ′ | = α ⇔ ρ l | = α . Bydefinition of PTA (Σ , δ ) : ρ = ρ k z }| { ( σ , t ) . . . ( σ l , t l ) | {z } ρ l ( σ l +1 , t l +1 ) . . . ( { . . . , a i } | {z } σ k , t k } ) where none of σ l +1 , . . . , σ k − contains any actionsymbol. Then, by definition of PTA (Σ , δ ) , σ k = { f | w Σ [ f, z ] = 1 } , and thus w Σ , z | = α ⇔ ρ k | = α . We model the robot platform with timed automata, an ex-ample is shown in Figure 2. Similar to PTAs, we expect aplatform model to use an alphabet with symbols of the form { f , . . . f k , a } , where a ∈ N A \ A Σ is a platform action and f i ∈ P F \ P Σ are exactly those primitive formulas that aretrue after executing the action. We expect f i and a to be froma different alphabet than the BAT, i.e., the platform does nothave any effects on the abstract program and vice versa. Fur-ther, to guarantee that the platform model does not block thePTA, we expect it to contain self loops, similar to the selfloops of a PTA, and as shown in Figure 2. latform Constraints Given a determinate fd-BAT Σ anda platform model R , we can formulate constraints over Σ and R : G ¬ Calibrated ⊃ ¬ F ≤ ∃ p : o. Perf ( pick ( p )) (10) G Calibrating ⊃ ∃ l : o. RAt ( l ) ∧ Spacious ( l ) (11)The first constraint states that if the robot’s arm is not cali-brated, it must not perform a pick action in the next 10 sec-onds, i.e., it must calibrate the arm before doing pick . Thesecond constraint says that if the robot is calibrating its arm,it must be at a location that provides enough space for doingso, i.e., a Spacious location.
RAt ( m ) At ( o , m ) Calibratings calibrate
RAt ( m ) At ( o , m ) Calibratede calibrate t c := 0 At ( o , m ) s goto ( m , m ) Calibrated
RAt ( m ) At ( o , m ) e goto ( m , m ) Calibrated * RAt ( m ) At ( o , m ) Perf ( pick ( o )) s pick ( o ) Calibrated t c > Figure 3: A possible controller that controls the programfrom Figure 1 and the platform from Figure 2 against theconstraints from Equations 10 and 11. The dashed edges arecontrolled by the environment.Using the TA
PTA (Σ , δ ) that represents the program δ ,the TA R for the platform, and constraints Φ , we can useMTL synthesis to synthesize a controller that executes δ while satisfying the platform constraints. Specifically, weuse1. the plant P = PTA (Σ , δ ) × R ,2. as controllable actions P C all symbols that contain startactions of the program or the platform model, i.e., P C = { S | S ∈ P, s a ( ~t ) ∈ S for some a ( ~t ) } ,3. as environment actions P E all symbols that contain endactions of the program or the platform model, i.e., P E = { E | E ∈ P, e a ( ~t ) ∈ E } for some a ( ~t ) ,4. a fixed granularity µ , e.g., based on the robot platform’stime resolution5. the set of MTL formulas Φ as specification of desiredbehaviors.Figure 3 shows a possible controller for our example pro-gram from Listing 1, the platform from Figure 2, and theconstraints from Section 6.We can show that (1) the resulting controller indeed sat-isfies the constraints and (2) each of its traces is equivalent to some trace of the original program, i.e., the resulting con-troller satisfies the same situation formulas as the originalprogram at any point of the execution: Theorem 6.
Let Σ be a determinate fd-BAT, δ a programover Σ that only induces finite traces, R a platform modelwith symbols disjunct with the symbols from Σ , and let theconstraints Φ be a set of MTL formulas. Let C be the synthe-sized MTL controller with L = L (( PTA (Σ , δ ) × R ) k C ) .Then:1. L ⊆ L (Φ) , i.e., all constraints are satisfied.2. For every ρ = ρ ′ · ρ ′′ ∈ L , µ ( ρ ) ∈ k δ k w Σ , and for everyfluent state formula restricted to Σ : ρ ′ | = α ⇔ w Σ , µ ( ρ ′ ) | = α Proof.
1. Follows directly from Theorem 4.2. First, note that
L ⊆ L ( PTA (Σ , δ ) × R ) . Second, as R does not contain any action standard name from Σ , forevery ρ ∈ L , there is a ρ ′ ∈ PTA (Σ , δ ) such that µ ( ρ ) = µ ( ρ ′ ) . By Theorem 5, for every ρ ′ ∈ PTA (Σ , δ ) , µ ( ρ ′ ) ∈k δ k w Σ and ρ ′ | = α iff w Σ , µ ( ρ ′ ) | = α .Thus, the resulting controller preserves the program’soriginal effects while satisfying all platform constraints. In this paper, we have described how to synthesize a con-troller that controls a G
OLOG program over a finite domainagainst a robot platform with metric temporal constraints.We did so by reducing the problem to the MTL synthesisproblem, assuming that the initial state is completely known,the original program does not refer to time and only inducesfinite traces. For this reduction, we generated a timed au-tomaton (TA) from the initial situation Σ , the program δ and the platform model R , where each transition describesall the fluents that are true in the respective situation. Wethen synthesized an MTL controller that controls the gener-ated TA against a set of MTL constraints Φ . By doing so, weobtain a decidable procedure to control an abstract programagainst a platform model with metric temporal constraints.For future work, we plan to implementthe proposed synthesis method based on(Bouyer, Bozzelli, and Chevalier 2006).While the restriction to a finite domain is fundamentalfor the described synthesis method, in future work, we maywant to allow programs that allow infinite traces. This is pos-sible if we restrict the constraints to Safety MTL but requiresmodifications to the TA representation of the program, as theresulting TA must not have infinitely many states. Further-more, we may want to allow programs that refer to time,e.g., by defining equivalence classes of traces that may re-fer to different points in time but imply the same situationformulas. Lastly, it would be interesting to go beyond de-terminate BATs to allow some form of incompleteness, forexample, by considering sets of literals under the open worldassumption (Levesque 1998). eferences Allen, J. F. 1983. Maintaining Knowledge about TemporalIntervals.
Communications of the ACM
Theoretical Computer Science
Information and Computation
Computer Aided Verifi-cation , 8–22. Springer.Bouyer, P.; Bozzelli, L.; and Chevalier, F. 2006. Con-troller Synthesis for MTL Specifications. In
Proceedings ofthe 17th International Conference on Concurrency Theory(CONCUR) , 450–464. Springer Berlin Heidelberg.Claßen, J., and Lakemeyer, G. 2008. A Logic for Non-Terminating Golog Programs. In
Proceedings of the 11thInternational Conference on Principles of Knowledge Rep-resentation and Reasoning (KR) , 589–599.Claßen, J. 2013.
Planning and Verification in the AgentLanguage Golog . Ph.D. Dissertation, RWTH Aachen Uni-versity.De Giacomo, G., and Vardi, M. Y. 2015. Synthesis for LTLand LDL on Finite Traces. In
Proceedings of the 24th Inter-national Joint Conference on Artificial Intelligence (IJCAI) ,1558–1564. AAAI Press.De Giacomo, G.; Lesp´erance, Y.; Levesque, H. J.; and Sar-dina, S. 2009. IndiGolog: A high-level programming lan-guage for embedded reasoning agents. In
Multi-Agent Pro-gramming . Springer.De Giacomo, G.; Lesp´erance, Y.; and Levesque, H. J. 2000.ConGolog, a concurrent programming language based onthe situation calculus.
Artificial Intelligence
Proceedings ofthe International Joint Conference on Artificial Intelligence(IJCAI) , 436–441.He, K.; Lahijanian, M.; Kavraki, L. E.; and Vardi, M. Y.2017. Reactive synthesis for finite tasks under resource con-straints. In , 5326–5332.Hofmann, T., and Lakemeyer, G. 2018. A logic for spec-ifying metric temporal constraints for Golog programs. In
Proceedings of the 11th Cognitive Robotics Workshop 2018(CogRob) .Hofmann, T.; Matar´e, V.; Schiffer, S.; Ferrein, A.; and Lake-meyer, G. 2018. Constraint-based online transformation ofabstract plans into executable robot actions. In
AAAI SpringSymposium: Integrating Representation, Reasoning, Learn-ing, and Execution for Goal Directed Autonomy .Koymans, R. 1990. Specifying real-time properties withmetric temporal logic.
Real-Time Systems
Artificial Intelligence
Journal of Logic Programming
Proceed-ings of the Sixth International Conference on Principles ofKnowledge Representation and Reasoning , 14–23. MorganKaufmann Publishers Inc.McCarthy, J. 1963. Situations, actions, and causal laws.Technical report, Stanford University.Ouaknine, J., and Worrell, J. 2005. On the decidability ofmetric temporal logic. In , 188–197.Ouaknine, J., and Worrell, J. 2008. Some recent results inmetric temporal logic.
Lecture Notes in Computer Science
Knowledge in Action: Logical Foundationsfor Specifying and Implementing Dynamical Systems . MITPress.Schiffer, S.; Wortmann, A.; and Lakemeyer, G. 2010. Self-Maintenance for Autonomous Robots controlled by Ready-Log. In