Swen Jacobs | Saarland University (original) (raw)

Papers by Swen Jacobs

arXiv: Logic in Computer Science, Apr 8, 2016

We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis ... more We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis problems via Linear Temporal Logic (LTL). The format builds upon standard LTL, but additionally allows to use high-level constructs, such as sets and functions, to provide a compact and human-readable representation. Furthermore, the format allows to identify parameters of a specification such that a single description can be used to define a family of problems. Additionally, we present a tool to automatically translate the format into plain LTL, which then can be used for synthesis by a solver. The tool also allows to adjust parameters of the specification and to apply standard transformations on the resulting formula.

This is a virtual machine (VM) with a GNU/Linux installation to be used for evaluation of artifac... more This is a virtual machine (VM) with a GNU/Linux installation to be used for evaluation of artifacts accompanying papers at computer science conferences or journals. It is based on Ubuntu 20.04 with the following additional packages installed: build-essential, cmake, clang, mono-complete, openjdk-8-jdk, python3.8, pip3, ruby, and a 32-bit libc. Moreover, VirtualBox guest additions are installed on the VM, it is therefore possible to easily connect a shared folder from a host computer running VirtualBox. The login and password of the default user are: "tacas22" / "tacas22". The VM is intended to be used with artifacts that are self-contained, i.e., they contain the presented software, plus all necessary dependencies, so that they can be evaluated without an Internet connection (to protect the anonymity of the reviewers and also to be reproducible even after several years when some web pages have been taken down). This text and VM setup is heavily based on the previ...

AIGEN is an open source tool for the generation of transition systems in a symbolic representatio... more AIGEN is an open source tool for the generation of transition systems in a symbolic representation. To ensure diversity, it employs a uniform random sampling over the space of all Boolean functions with a given number of variables. AIGEN relies on reduced ordered binary decision diagrams (ROBDDs) and canonical disjunctive normal form (CDNF) as canonical representations that allow us to enumerate Boolean functions, in the former case with an encoding that is inspired by data structures used to implement ROBDDs.<br>

Abstract. We present an automatic method for the synthesis of pro-cesses in a reactive system fro... more Abstract. We present an automatic method for the synthesis of pro-cesses in a reactive system from specifications in linear-time temporal logic (LTL). The synthesis algorithm executes a loop consisting of three phases: Solve, Check, and Refine. In the Solve phase, a candidate solu-tion is obtained as a model of a Boolean constraint system; in the Check phase, the candidate solution is checked for reachable error states; in the Refine phase, the constraint system is refined to eliminate any errors found in the Check phase. The algorithm terminates when an imple-mentation without errors is found. We call our approach “lazy, ” because constraints on possible process implementations are only considered in-crementally, as needed to rule out incorrect candidate solutions. This contrasts with the standard “eager ” approach, where the full specifica-tion is considered right away. We report on experience in the arbiter synthesis for the AMBA bus protocol, where lazy synthesis leads to sig-ni...

Automated Technology for Verification and Analysis, 2019

We study the formal verification of information-flow properties in the presence of speculative ex... more We study the formal verification of information-flow properties in the presence of speculative execution and side-channels. First, we present a formal model of speculative execution semantics. This model can be parameterized by the depth of speculative execution and is amenable to a range of verification techniques. Second, we introduce a novel notion of information leakage under speculation, which is parameterized by the information that is available to an attacker through side-channels. Finally, we present one verification technique that uses our formalism and can be used to detect information leaks under speculation through cache side-channels, and can decide whether these are only possible under speculative execution. We implemented an instance of this verification technique that combines taint analysis and safety model checking. We evaluated this approach on a range of examples that have been proposed as benchmarks for mitigations of the Spectre vulnerability, and show that our approach correctly identifies all information leaks.

Computer Aided Verification, 2021

AIGEN is an open source tool for the generation of transition systems in a symbolic representatio... more AIGEN is an open source tool for the generation of transition systems in a symbolic representation. To ensure diversity, it employs a uniform random sampling over the space of all Boolean functions with a given number of variables. AIGEN relies on reduced ordered binary decision diagrams (ROBDDs) and canonical disjunctive normal form (CDNF) as canonical representations that allow us to enumerate Boolean functions, in the former case with an encoding that is inspired by data structures used to implement ROBDDs. Several parameters allow the user to restrict generation to Boolean functions or transition systems with certain properties, which are then output in AIGER format. We report on the use of AIGEN to generate random benchmark problems for the reactive synthesis competition SYNTCOMP 2019, and present a comparison of the two encodings with respect to time and memory efficiency in practice.

Computer Aided Verification, 2020

Inspired by distributed applications that use consensus or other agreement protocols for global c... more Inspired by distributed applications that use consensus or other agreement protocols for global coordination, we define a new computational model for parameterized systems that is based on a general global synchronization primitive and allows for global transition guards. Our model generalizes many existing models in the literature, including broadcast protocols and guarded protocols. We show that reachability properties are decidable for systems without guards, and give sufficient conditions under which they remain decidable in the presence of guards. Furthermore, we investigate cutoffs for reachability properties and provide sufficient conditions for small cutoffs in a number of cases that are inspired by our target applications.

Electronic Proceedings in Theoretical Computer Science, 2017

The SYNT workshop aims to bring together researchers interested in the broad area of synthesis of... more The SYNT workshop aims to bring together researchers interested in the broad area of synthesis of computing systems. The goal is to foster the development of frontier techniques in automating the development of computing system. Contributions of interest include algorithms, complexity and decidability analysis, as well as reproducible heuristics, implemented tools, and experimental evaluation. Application domains include software, hardware, embedded, and cyber-physical systems. Computation models include functional, reactive, hybrid and timed systems. Identifying, formalizing, and evaluating synthesis in particular application domains is encouraged. The sixth iteration of the workshop took place in Heidelberg, Germany. It was co-located with the 29th International Conference on Computer Aided Verification. The workshop included four contributed talks, four invited talks, and reports on the Syntax-Guided Synthesis Competition (SyGuS) and the Reactive Synthesis Competition (SYNTCOMP).

arXiv: Logic in Computer Science, 2015

We consider the synthesis of distributed implementations for specifications in Parametric Linear ... more We consider the synthesis of distributed implementations for specifications in Parametric Linear Temporal Logic (PLTL). PLTL extends LTL by temporal operators equipped with parameters that bound their scope. For single process synthesis it is well-established that such parametric extensions do not increase worst-case complexities. For synchronous systems, we show that, despite being more powerful, the distributed realizability problem for PLTL is not harder than its LTL counterpart. The case of asynchronous systems requires assumptions on the scheduler beyond fairness to ensure that bounds can be met at all, i.e., even fair schedulers can delay processes arbitrary long and thereby prevent the system from satisfying its PLTL specification. Thus, we employ the concept of bounded fair scheduling, where every process is guaranteed to be scheduled in bounded intervals and give a semi-decision procedure for the resulting distributed assume-guarantee realizability problem.

Guarded protocols were introduced in a seminal paper by Emerson and Kahlon (2000), and describe s... more Guarded protocols were introduced in a seminal paper by Emerson and Kahlon (2000), and describe systems of processes whose transitions are enabled or disabled depending on the existence of other processes in certain local states. We study parameterized model check- ing and synthesis of guarded protocols, both aiming at formal correctness arguments for systems with any number of processes. Cuto results re- duce reasoning about systems with an arbitrary number of processes to systems of a determined, xed size. Our work stems from the observa- tion that existing cuto results for guarded protocols i) are restricted to closed systems, and ii) are of limited use for liveness properties because reductions do not preserve fairness. We close these gaps and obtain new cuto results for open systems with liveness properties under fairness assumptions. Furthermore, we obtain cutos for the detection of global and local deadlocks, which are of paramount importance in synthesis. Finally, we prove t...

2018 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), 2018

We present an outline of the field of Design Understanding and summarize state-of-the-art researc... more We present an outline of the field of Design Understanding and summarize state-of-the-art research in deriving human-understandable knowledge in form of logic properties from an unknown design.

Lecture Notes in Computer Science, 2017

We study cutoff results for parameterized verification and synthesis of guarded protocols, as int... more We study cutoff results for parameterized verification and synthesis of guarded protocols, as introduced by Emerson and Kahlon (2000). Guarded protocols describe systems of processes whose transitions are enabled or disabled depending on the existence of other processes in certain local states. Cutoff results reduce reasoning about systems with an arbitrary number of processes to systems of a determined, fixed size. Our work is based on the observation that existing cutoff results for guarded protocols are often impractical, since they scale linearly in the number of local states of processes in the system. We provide new cutoffs that scale not with the number of local states, but with the number of guards in the system, which is in many cases much smaller. Furthermore, we consider natural extensions of the classes of systems and specifications under consideration, and present results for problems that have not been known to admit cutoffs before.

Proceedings of the ACM on Programming Languages, 2021

The last decade has sparked several valiant efforts in deductive verification of distributed agre... more The last decade has sparked several valiant efforts in deductive verification of distributed agreement protocols such as consensus and leader election. Oddly, there have been far fewer verification efforts that go beyond the core protocols and target applications that are built on top of agreement protocols. This is unfortunate, as agreement-based distributed services such as data stores, locks, and ledgers are ubiquitous and potentially permit modular, scalable verification approaches that mimic their modular design. We address this need for verification of distributed agreement-based systems through our novel modeling and verification framework, QuickSilver, that is not only modular, but also fully automated. The key enabling feature of QuickSilver is our encoding of abstractions of verified agreement protocols that facilitates modular, decidable, and scalable automated verification. We demonstrate the potential of QuickSilver by modeling and efficiently verifying a series of tric...

Verification, Model Checking, and Abstract Interpretation, 2020

We investigate the satisfaction of specifications in Prompt Linear Temporal Logic (Prompt-LTL) by... more We investigate the satisfaction of specifications in Prompt Linear Temporal Logic (Prompt-LTL) by concurrent systems. Prompt-LTL is an extension of LTL that allows to specify parametric bounds on the satisfaction of eventualities, thus adding a quantitative aspect to the specification language. We establish a connection between bounded fairness, bounded stutter equivalence, and the satisfaction of Prompt-LTL\X formulas. Based on this connection, we prove the first cutoff results for different classes of systems with a parametric number of components and quantitative specifications, thereby identifying previously unknown decidable fragments of the parameterized model checking problem.

Information and Computation, 2018

We consider the synthesis of distributed implementations for specifications in parameterized temp... more We consider the synthesis of distributed implementations for specifications in parameterized temporal logics such as PROMPT-LTL, which extends LTL by temporal operators equipped with parameters that bound their scope. For single process synthesis, it is well-established that such parametric extensions do not increase worst-case complexities. For synchronous distributed systems, we show that, despite being more powerful, the realizability problem for PROMPT-LTL is not harder than its LTL counterpart. For asynchronous systems, we have to express scheduling assumptions and therefore consider an assume-guarantee synthesis problem. As asynchronous distributed synthesis is already undecidable for LTL, we give a semi-decision procedure for the PROMPT-LTL assume-guarantee synthesis problem based on bounded synthesis. Finally, we show that our results extend to the stronger logics PLTL and PLDL.

Acta Informatica, 2019

Self-stabilization in distributed systems is a technique to guarantee convergence to a set of leg... more Self-stabilization in distributed systems is a technique to guarantee convergence to a set of legitimate states without external intervention when a transient fault or bad initialization occurs. Recently, there has been a surge of efforts in designing techniques for automated synthesis of self-stabilizing algorithms that are correct by construction. Most of these techniques, however, are not parameterized, meaning that they can only synthesize a solution for a fixed and predetermined number of processes. In this paper, we report a breakthrough in parameterized synthesis of self-stabilizing algorithms in symmetric networks, including ring, line, mesh, and torus. First, we develop cutoffs that guarantee (1) closure in legitimate states, and (2) deadlock-freedom outside the legitimate states. We also develop a sufficient condition for convergence in self-stabilizing systems. Since some of our cutoffs grow with the size of the local state space of processes, scalability of the synthesis procedure is still a problem. We address this problem by introducing a novel SMT-based technique for counterexample-guided synthesis of self-stabilizing algorithms in symmetric networks. We have fully implemented our technique and successfully synthesized solutions to maximal matching, three coloring, and maximal independent set problems for ring and line topologies.

Acta Informatica, 2019

We present an algorithm for solving two-player safety games that combines a mixed forward/backwar... more We present an algorithm for solving two-player safety games that combines a mixed forward/backward search strategy with a symbolic representation of the state space. By combining forward and backward exploration, our algorithm can synthesize strategies that are eager in the sense that they try to prevent progress towards the error states as soon as possible, whereas standard backwards algorithms often produce permissive solutions that only react when absolutely necessary. We provide experimental results for two classes of crafted benchmarks, the benchmark set of the Reactive Synthesis Competition (SYNTCOMP) 2017, as well as a set of randomly generated benchmarks. The results show that our algorithm in many cases produces more eager strategies than a standard backwards algorithm, and solves a number of benchmarks that are intractable for existing tools. Finally, we observe a connection between our algorithm and a recently proposed algorithm for the synthesis of controllers that are robust against disturbances, pointing to possible future applications.

Electronic Proceedings in Theoretical Computer Science, 2017

Electronic Proceedings in Theoretical Computer Science, 2016

We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis ... more We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis problems via Linear Temporal Logic (LTL). The format builds upon standard LTL, but additionally allows to use high-level constructs, such as sets and functions, to provide a compact and human-readable representation. Furthermore, the format allows to identify parameters of a specification such that a single description can be used to define a family of problems. Additionally, we present a tool to automatically translate the format into plain LTL, which then can be used for synthesis by a solver. The tool also allows to adjust parameters of the specification and to apply standard transformations on the resulting formula.

Electronic Proceedings in Theoretical Computer Science, 2016

We report on the design of the third reactive synthesis competition (SYNTCOMP 2016), including a ... more We report on the design of the third reactive synthesis competition (SYNTCOMP 2016), including a major extension of the competition to specifications in full linear temporal logic. We give a brief overview of the synthesis problem as considered in SYNTCOMP, and present the rules of the competition in 2016, as well as the ideas behind our design choices. Furthermore, we evaluate the recent changes to the competition based on the experiences with SYNTCOMP 2016. Finally, we give an outlook on further changes and extensions of the competition that are planned for the future.

arXiv: Logic in Computer Science, Apr 8, 2016

We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis ... more We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis problems via Linear Temporal Logic (LTL). The format builds upon standard LTL, but additionally allows to use high-level constructs, such as sets and functions, to provide a compact and human-readable representation. Furthermore, the format allows to identify parameters of a specification such that a single description can be used to define a family of problems. Additionally, we present a tool to automatically translate the format into plain LTL, which then can be used for synthesis by a solver. The tool also allows to adjust parameters of the specification and to apply standard transformations on the resulting formula.

This is a virtual machine (VM) with a GNU/Linux installation to be used for evaluation of artifac... more This is a virtual machine (VM) with a GNU/Linux installation to be used for evaluation of artifacts accompanying papers at computer science conferences or journals. It is based on Ubuntu 20.04 with the following additional packages installed: build-essential, cmake, clang, mono-complete, openjdk-8-jdk, python3.8, pip3, ruby, and a 32-bit libc. Moreover, VirtualBox guest additions are installed on the VM, it is therefore possible to easily connect a shared folder from a host computer running VirtualBox. The login and password of the default user are: "tacas22" / "tacas22". The VM is intended to be used with artifacts that are self-contained, i.e., they contain the presented software, plus all necessary dependencies, so that they can be evaluated without an Internet connection (to protect the anonymity of the reviewers and also to be reproducible even after several years when some web pages have been taken down). This text and VM setup is heavily based on the previ...

AIGEN is an open source tool for the generation of transition systems in a symbolic representatio... more AIGEN is an open source tool for the generation of transition systems in a symbolic representation. To ensure diversity, it employs a uniform random sampling over the space of all Boolean functions with a given number of variables. AIGEN relies on reduced ordered binary decision diagrams (ROBDDs) and canonical disjunctive normal form (CDNF) as canonical representations that allow us to enumerate Boolean functions, in the former case with an encoding that is inspired by data structures used to implement ROBDDs.<br>

Abstract. We present an automatic method for the synthesis of pro-cesses in a reactive system fro... more Abstract. We present an automatic method for the synthesis of pro-cesses in a reactive system from specifications in linear-time temporal logic (LTL). The synthesis algorithm executes a loop consisting of three phases: Solve, Check, and Refine. In the Solve phase, a candidate solu-tion is obtained as a model of a Boolean constraint system; in the Check phase, the candidate solution is checked for reachable error states; in the Refine phase, the constraint system is refined to eliminate any errors found in the Check phase. The algorithm terminates when an imple-mentation without errors is found. We call our approach “lazy, ” because constraints on possible process implementations are only considered in-crementally, as needed to rule out incorrect candidate solutions. This contrasts with the standard “eager ” approach, where the full specifica-tion is considered right away. We report on experience in the arbiter synthesis for the AMBA bus protocol, where lazy synthesis leads to sig-ni...

Automated Technology for Verification and Analysis, 2019

We study the formal verification of information-flow properties in the presence of speculative ex... more We study the formal verification of information-flow properties in the presence of speculative execution and side-channels. First, we present a formal model of speculative execution semantics. This model can be parameterized by the depth of speculative execution and is amenable to a range of verification techniques. Second, we introduce a novel notion of information leakage under speculation, which is parameterized by the information that is available to an attacker through side-channels. Finally, we present one verification technique that uses our formalism and can be used to detect information leaks under speculation through cache side-channels, and can decide whether these are only possible under speculative execution. We implemented an instance of this verification technique that combines taint analysis and safety model checking. We evaluated this approach on a range of examples that have been proposed as benchmarks for mitigations of the Spectre vulnerability, and show that our approach correctly identifies all information leaks.

Computer Aided Verification, 2021

AIGEN is an open source tool for the generation of transition systems in a symbolic representatio... more AIGEN is an open source tool for the generation of transition systems in a symbolic representation. To ensure diversity, it employs a uniform random sampling over the space of all Boolean functions with a given number of variables. AIGEN relies on reduced ordered binary decision diagrams (ROBDDs) and canonical disjunctive normal form (CDNF) as canonical representations that allow us to enumerate Boolean functions, in the former case with an encoding that is inspired by data structures used to implement ROBDDs. Several parameters allow the user to restrict generation to Boolean functions or transition systems with certain properties, which are then output in AIGER format. We report on the use of AIGEN to generate random benchmark problems for the reactive synthesis competition SYNTCOMP 2019, and present a comparison of the two encodings with respect to time and memory efficiency in practice.

Computer Aided Verification, 2020

Inspired by distributed applications that use consensus or other agreement protocols for global c... more Inspired by distributed applications that use consensus or other agreement protocols for global coordination, we define a new computational model for parameterized systems that is based on a general global synchronization primitive and allows for global transition guards. Our model generalizes many existing models in the literature, including broadcast protocols and guarded protocols. We show that reachability properties are decidable for systems without guards, and give sufficient conditions under which they remain decidable in the presence of guards. Furthermore, we investigate cutoffs for reachability properties and provide sufficient conditions for small cutoffs in a number of cases that are inspired by our target applications.

Electronic Proceedings in Theoretical Computer Science, 2017

The SYNT workshop aims to bring together researchers interested in the broad area of synthesis of... more The SYNT workshop aims to bring together researchers interested in the broad area of synthesis of computing systems. The goal is to foster the development of frontier techniques in automating the development of computing system. Contributions of interest include algorithms, complexity and decidability analysis, as well as reproducible heuristics, implemented tools, and experimental evaluation. Application domains include software, hardware, embedded, and cyber-physical systems. Computation models include functional, reactive, hybrid and timed systems. Identifying, formalizing, and evaluating synthesis in particular application domains is encouraged. The sixth iteration of the workshop took place in Heidelberg, Germany. It was co-located with the 29th International Conference on Computer Aided Verification. The workshop included four contributed talks, four invited talks, and reports on the Syntax-Guided Synthesis Competition (SyGuS) and the Reactive Synthesis Competition (SYNTCOMP).

arXiv: Logic in Computer Science, 2015

We consider the synthesis of distributed implementations for specifications in Parametric Linear ... more We consider the synthesis of distributed implementations for specifications in Parametric Linear Temporal Logic (PLTL). PLTL extends LTL by temporal operators equipped with parameters that bound their scope. For single process synthesis it is well-established that such parametric extensions do not increase worst-case complexities. For synchronous systems, we show that, despite being more powerful, the distributed realizability problem for PLTL is not harder than its LTL counterpart. The case of asynchronous systems requires assumptions on the scheduler beyond fairness to ensure that bounds can be met at all, i.e., even fair schedulers can delay processes arbitrary long and thereby prevent the system from satisfying its PLTL specification. Thus, we employ the concept of bounded fair scheduling, where every process is guaranteed to be scheduled in bounded intervals and give a semi-decision procedure for the resulting distributed assume-guarantee realizability problem.

Guarded protocols were introduced in a seminal paper by Emerson and Kahlon (2000), and describe s... more Guarded protocols were introduced in a seminal paper by Emerson and Kahlon (2000), and describe systems of processes whose transitions are enabled or disabled depending on the existence of other processes in certain local states. We study parameterized model check- ing and synthesis of guarded protocols, both aiming at formal correctness arguments for systems with any number of processes. Cuto results re- duce reasoning about systems with an arbitrary number of processes to systems of a determined, xed size. Our work stems from the observa- tion that existing cuto results for guarded protocols i) are restricted to closed systems, and ii) are of limited use for liveness properties because reductions do not preserve fairness. We close these gaps and obtain new cuto results for open systems with liveness properties under fairness assumptions. Furthermore, we obtain cutos for the detection of global and local deadlocks, which are of paramount importance in synthesis. Finally, we prove t...

2018 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), 2018

We present an outline of the field of Design Understanding and summarize state-of-the-art researc... more We present an outline of the field of Design Understanding and summarize state-of-the-art research in deriving human-understandable knowledge in form of logic properties from an unknown design.

Lecture Notes in Computer Science, 2017

We study cutoff results for parameterized verification and synthesis of guarded protocols, as int... more We study cutoff results for parameterized verification and synthesis of guarded protocols, as introduced by Emerson and Kahlon (2000). Guarded protocols describe systems of processes whose transitions are enabled or disabled depending on the existence of other processes in certain local states. Cutoff results reduce reasoning about systems with an arbitrary number of processes to systems of a determined, fixed size. Our work is based on the observation that existing cutoff results for guarded protocols are often impractical, since they scale linearly in the number of local states of processes in the system. We provide new cutoffs that scale not with the number of local states, but with the number of guards in the system, which is in many cases much smaller. Furthermore, we consider natural extensions of the classes of systems and specifications under consideration, and present results for problems that have not been known to admit cutoffs before.

Proceedings of the ACM on Programming Languages, 2021

The last decade has sparked several valiant efforts in deductive verification of distributed agre... more The last decade has sparked several valiant efforts in deductive verification of distributed agreement protocols such as consensus and leader election. Oddly, there have been far fewer verification efforts that go beyond the core protocols and target applications that are built on top of agreement protocols. This is unfortunate, as agreement-based distributed services such as data stores, locks, and ledgers are ubiquitous and potentially permit modular, scalable verification approaches that mimic their modular design. We address this need for verification of distributed agreement-based systems through our novel modeling and verification framework, QuickSilver, that is not only modular, but also fully automated. The key enabling feature of QuickSilver is our encoding of abstractions of verified agreement protocols that facilitates modular, decidable, and scalable automated verification. We demonstrate the potential of QuickSilver by modeling and efficiently verifying a series of tric...

Verification, Model Checking, and Abstract Interpretation, 2020

We investigate the satisfaction of specifications in Prompt Linear Temporal Logic (Prompt-LTL) by... more We investigate the satisfaction of specifications in Prompt Linear Temporal Logic (Prompt-LTL) by concurrent systems. Prompt-LTL is an extension of LTL that allows to specify parametric bounds on the satisfaction of eventualities, thus adding a quantitative aspect to the specification language. We establish a connection between bounded fairness, bounded stutter equivalence, and the satisfaction of Prompt-LTL\X formulas. Based on this connection, we prove the first cutoff results for different classes of systems with a parametric number of components and quantitative specifications, thereby identifying previously unknown decidable fragments of the parameterized model checking problem.

Information and Computation, 2018

We consider the synthesis of distributed implementations for specifications in parameterized temp... more We consider the synthesis of distributed implementations for specifications in parameterized temporal logics such as PROMPT-LTL, which extends LTL by temporal operators equipped with parameters that bound their scope. For single process synthesis, it is well-established that such parametric extensions do not increase worst-case complexities. For synchronous distributed systems, we show that, despite being more powerful, the realizability problem for PROMPT-LTL is not harder than its LTL counterpart. For asynchronous systems, we have to express scheduling assumptions and therefore consider an assume-guarantee synthesis problem. As asynchronous distributed synthesis is already undecidable for LTL, we give a semi-decision procedure for the PROMPT-LTL assume-guarantee synthesis problem based on bounded synthesis. Finally, we show that our results extend to the stronger logics PLTL and PLDL.

Acta Informatica, 2019

Self-stabilization in distributed systems is a technique to guarantee convergence to a set of leg... more Self-stabilization in distributed systems is a technique to guarantee convergence to a set of legitimate states without external intervention when a transient fault or bad initialization occurs. Recently, there has been a surge of efforts in designing techniques for automated synthesis of self-stabilizing algorithms that are correct by construction. Most of these techniques, however, are not parameterized, meaning that they can only synthesize a solution for a fixed and predetermined number of processes. In this paper, we report a breakthrough in parameterized synthesis of self-stabilizing algorithms in symmetric networks, including ring, line, mesh, and torus. First, we develop cutoffs that guarantee (1) closure in legitimate states, and (2) deadlock-freedom outside the legitimate states. We also develop a sufficient condition for convergence in self-stabilizing systems. Since some of our cutoffs grow with the size of the local state space of processes, scalability of the synthesis procedure is still a problem. We address this problem by introducing a novel SMT-based technique for counterexample-guided synthesis of self-stabilizing algorithms in symmetric networks. We have fully implemented our technique and successfully synthesized solutions to maximal matching, three coloring, and maximal independent set problems for ring and line topologies.

Acta Informatica, 2019

We present an algorithm for solving two-player safety games that combines a mixed forward/backwar... more We present an algorithm for solving two-player safety games that combines a mixed forward/backward search strategy with a symbolic representation of the state space. By combining forward and backward exploration, our algorithm can synthesize strategies that are eager in the sense that they try to prevent progress towards the error states as soon as possible, whereas standard backwards algorithms often produce permissive solutions that only react when absolutely necessary. We provide experimental results for two classes of crafted benchmarks, the benchmark set of the Reactive Synthesis Competition (SYNTCOMP) 2017, as well as a set of randomly generated benchmarks. The results show that our algorithm in many cases produces more eager strategies than a standard backwards algorithm, and solves a number of benchmarks that are intractable for existing tools. Finally, we observe a connection between our algorithm and a recently proposed algorithm for the synthesis of controllers that are robust against disturbances, pointing to possible future applications.

Electronic Proceedings in Theoretical Computer Science, 2017

Electronic Proceedings in Theoretical Computer Science, 2016

We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis ... more We present the Temporal Logic Synthesis Format (TLSF), a high-level format to describe synthesis problems via Linear Temporal Logic (LTL). The format builds upon standard LTL, but additionally allows to use high-level constructs, such as sets and functions, to provide a compact and human-readable representation. Furthermore, the format allows to identify parameters of a specification such that a single description can be used to define a family of problems. Additionally, we present a tool to automatically translate the format into plain LTL, which then can be used for synthesis by a solver. The tool also allows to adjust parameters of the specification and to apply standard transformations on the resulting formula.

Electronic Proceedings in Theoretical Computer Science, 2016

We report on the design of the third reactive synthesis competition (SYNTCOMP 2016), including a ... more We report on the design of the third reactive synthesis competition (SYNTCOMP 2016), including a major extension of the competition to specifications in full linear temporal logic. We give a brief overview of the synthesis problem as considered in SYNTCOMP, and present the rules of the competition in 2016, as well as the ideas behind our design choices. Furthermore, we evaluate the recent changes to the competition based on the experiences with SYNTCOMP 2016. Finally, we give an outlook on further changes and extensions of the competition that are planned for the future.