Ayrat Khalimov

Parameterized Model Checking of Token-Passing Systems

We revisit the parameterized model checking problem for token-passing systems and specifications in indexed CTL i?ź\X. Emerson and Namjoshi 1995, 2003 have shown that parameterized model checking of indexed CTL i?ź\X in uni-directional token rings can be reduced to checking rings up to some cutoff size. Clarke et al. 2004 have shown a similar result for general topologies and indexed LTL \X, provided processes cannot choose the directions for sending or receiving the token. We unify and substantially extend these results by systematically exploring fragments of indexed CTL i?ź\X with respect to general topologies. For each fragment we establish whether a cutoff exists, and for some concrete topologies, such as rings, cliques and stars, we infer small cutoffs. Finally, we show that the problem becomes undecidable, and thus no cutoffs exist, if processes are allowed to choose the directions in which they send or from which they receive the token.

PARTY Parameterized Synthesis of Token Rings

Synthesis is the process of automatically constructing an implementation from a specification. In parameterized synthesis, we construct a single process such that the distributed system consisting of an arbitratry number of copies of the process satisfies a parameterized specification. In this paper, we present Party, a tool for parameterized synthesis from specifications in indexed linear temporal logic. Our approach extends SMT-based bounded synthesis, a flexible method for distributed synthesis, to parameterized specifications. In the current version, Party can be used to solve the parameterized synthesis problem for token-ring architectures. The tool can also synthesize monolithic systems, for which we provide a comparison to other state-of-the-art synthesis tools.

Towards Efficient Parameterized Synthesis

Parameterized synthesis was recently proposed as a way to circumvent the poor scalability of current synthesis tools. The method uses cut-off results in token rings to reduce the problem to bounded distributed synthesis, and thus ultimately to a sequence of SMT problems. This solves the problem of scalability in the size of the architecture, but experiments show that the size of the specification is still a major issue. In this paper we propose several optimizations of the approach. First, we tailor the SMT encoding to systems with isomorphic processes and token-ring architecture. Second, we extend the cut-off results for token rings and refine the reduction, using modularity and abstraction techniques. Some of our optimizations also apply to isomorphic or distributed synthesis in arbitrary architectures. To evaluate these optimizations, we developed the first completely automatic implementation of parameterized synthesis. Experiments show a speed-up of several orders of magnitude, compared to the original method.

Parameterized Synthesis Case Study: AMBA AHB

We revisit the AMBA AHB case study that has been used as a benchmark for several reactive syn- thesis tools. Synthesizing AMBA AHB implementations that can serve a large number of masters is still a difficult problem. We demonstrate how to use parameterized synthesis in token rings to obtain an implementation for a component that serves a single master, and can be arranged in a ring of arbitrarily many components. We describe new tricks -- property decompositional synthesis, and direct encoding of simple GR(1) -- that together with previously described optimizations allowed us to synthesize the model with 14 states in 30 minutes.

Tight Cutoffs for Guarded Protocols with Fairness

Guarded protocols were introduced in a seminal paper by Emerson and Kahlon 2000, and describe systems of processes whose transitions are enabled or disabled depending on the existence of other processes in certain local states. We study parameterized model checking and synthesis of guarded protocols, both aiming at formal correctness arguments for systems with any number of processes. Cutoff results reduce reasoning about systems with an arbitrary number of processes to systems of a determined, fixed size. Our work stems from the observation that existing cutoff results for guarded protocols i are restricted to closed systems, and ii are of limited use for liveness properties because reductions do not preserve fairness. We close these gaps and obtain new cutoff results for open systems with liveness properties under fairness assumptions. Furthermore, we obtain cutoffs for the detection of global and local deadlocks, which are of paramount importance in synthesis. Finally, we prove tightness or asymptotic tightness for the new cutoffs.

Specification Format for Reactive Synthesis Problems.

Automatic synthesis from a given specification automatically constructs correct implementation. This frees the user from the mundane implementation work, but still requires the specification. But is specifying easier than implementing? In this paper, we propose a user-friendly format to ease the specification work, in particularly, that of specifying partial implementations. Also, we provide scripts to convert specifications in the new format into the SYNTCOMP format, thus benefiting from state of the art synthesizers.

The 4th reactive synthesis competition (SYNTCOMP 2017): Benchmarks, participants & results

We report on the fourth reactive synthesis competition (SYNTCOMP 2017). We introduce two new benchmark classes that have been added to the SYNTCOMP library, and briefly describe the benchmark selection, evaluation scheme and the experimental setup of SYNTCOMP 2017. We present the participants of SYNTCOMP 2017, with a focus on changes with respect to the previous years and on the two completely new tools that have entered the competition. Finally, we present and analyze the results of our experimental evaluation, including a ranking of tools with respect to quantity and quality of solutions.

Bounded Synthesis for Streett, Rabin, and \(\text {CTL}^{*}\)

SMT-based bounded synthesis uses an SMT solver to synthesize systems from LTL properties by going through co-Buchi automata. In this paper, we show how to extend the ranking functions used in Bounded Synthesis, and thus the bounded synthesis approach, to Buchi, Parity, Rabin, and Streett conditions. We show that we can handle both existential and universal properties this way, and therefore, that we can extend Bounded Synthesis to \(\text {CTL}^{*}\). Thus, we obtain the first Safraless synthesis approach and the first synthesis tool for (conjunctions of) the acceptance conditions mentioned above, and for \(\text {CTL}^{*}\).

CTL* synthesis via LTL synthesis.

We reduce synthesis for CTL* properties to synthesis for LTL. In the context of model checking this is impossible - CTL* is more expressive than LTL. Yet, in synthesis we have knowledge of the system structure and we can add new outputs. These outputs can be used to encode witnesses of the satisfaction of CTL* subformulas directly into the system. This way, we construct an LTL formula, over old and new outputs and original inputs, which is realisable if, and only if, the original CTL* formula is realisable. The CTL*-via-LTL synthesis approach preserves the problem complexity, although it might increase the minimal system size. We implemented the reduction, and evaluated the CTL*-via-LTL synthesiser on several examples.