Abstract
We introduce TACoS, a tool for synthesizing controllers satisfying MTL specifications of undesired behavior with timing constraints. Our contribution extends an existing theoretical approach towards practical applications. The most notable features include: Online labeling to terminate early if a solution has been found, heuristic search to expand the most promising nodes first, search graph pruning to reduce the problem size by pruning irrelevant parts of the search graph, and reusing previously explored search nodes to further reduce the search graph. Finally, multi-threading support allows to make use of modern CPUs with many parallel threads. TACoS comes with a C++ library with minimal external dependencies and simple-to-use API. We evaluate our approach on a number of scenarios and investigate how each of the enhancements improves the performance.
The tool is publicly available at https://github.com/morxa/tacos.
Supported by DFG RTG 2236 UnRAVeL and DFG grant GL-747/23-1 ConTrAkt.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Controller synthesis is the problem of determining a controller for a given system to ensure the behavior of the composed system follows a certain specification. The problem has been researched extensively for different kinds of systems and different kinds of specifications (e.g., [4, 7, 9]). It has also seen interest in the AI community (e.g., [8]) and in robotics (e.g., [12, 13, 15]). One particular synthesis problem is controller synthesis for MTL specifications [7], where the system is modeled as timed automaton (TA) and the specification of undesired behavior is given as a metric temporal logic (MTL) formula. The problem has shown to be decidable for finite words and fixed resources [7]. While several applications are based on metric temporal constraints (e.g., [17, 20, 22]), to the best of our knowledge, no general implementation of such a synthesis approach exists.
Related Work Controller synthesis for timed systems has been researched extensively, in different settings. Tools such as Acacia+ [6] and Unbeast [10] synthesize controllers for LTL specifications, which does not allow time constraints. SynthKro and FlySynth [1] synthesize controllers that remain in or reach a given set of states of a timed automaton. Uppaal-Tiga [5] and Synthia [19] control timed automata against a TCTL specification to accomplish reachability or safety. Uppaal-Tiga has also been extended to models with partial observability [11], using pre-defined controller templates. Casaal [16] synthesizes a controller for \(\text {MTL}_{0,\infty }\) specifications. \(\text {MTL}_{0,\infty }\) is a subset of MTL, where every bounded until operator may only use an upper or a lower time-bound (not both).
In this work, we present TACoS, a TA Controller Synthesis tool for MTL specifications, based on theoretical decidability results from [7]. In Sect. 2, we summarize the MTL synthesis problem, before we describe our tool in more detail in Sect. 3. In Sect. 4, we evaluate TACoS on benchmarks from several scenarios, before we conclude in Sect. 5.
2 The MTL Synthesis Problem
Timed automata (TA) [2] are a widely used model for representing real-timed and hybrid systems. Their properties are often described with MTL [14], a temporal logic that extends linear temporal logic (LTL) with metric time on the Until modality. One commonly used semantics for MTL is a pointwise semantics, in which formulas are interpreted over timed words. A timed word \(\rho \) over a finite set of atomic propositions \( AP \) is a finite or infinite sequence \(\rho = \left( \sigma _0,\tau _0\right) \left( \sigma _1,\tau _1\right) \ldots \) where \(\sigma _i \in AP \) and \(\tau _i \in \mathbb {R}_+\) such that the sequence \((\tau _i)\) is monotonically non-decreasing and non-Zeno. We use \(|\rho |\) to denote the number of elements in \(\rho \). For a set \( AP \) of atomic propositions, the formulas of MTL are built from \( \phi \;{:}{:}\!\!= a \,\mid \,\lnot \phi \,\mid \,\phi \wedge \phi \,\mid \,\phi \,\mathbf {U}_{I}\, \phi \) (where \(a \in AP \)). We use the short-hand notations \(\phi \,\widetilde{\mathbf {U}}_{I}\, \psi :=\lnot \left( \lnot \phi \,\mathbf {U}_{I}\, \lnot \psi \right) \) (dual until), \(\mathbf {F}_{I} \phi :=(\top \,\mathbf {U}_{I}\, \phi )\) (finally) and \(\mathbf {G}_{I}\phi :=\lnot \mathbf {F}_{I} \lnot \phi \) (globally). Given a timed word \(\rho = \left( \sigma _0, \tau _0\right) \left( \sigma _1, \tau _1\right) \ldots \) over alphabet \( AP \) and an MTL formula \(\phi \), \(\rho , i \models \phi \) is defined as usual for the boolean operators, and with the following rule for \(\,\mathbf {U}_{I}\) : \(\rho , i \models \phi _1 \,\mathbf {U}_{I}\, \phi _2\) iff there exists j such that (1) \(i< j < |\rho |\), (2) \(\rho , j \models \phi _2\), (3) \(\tau _j - \tau _i \in I\), (4) and \(\rho , k \models \phi _1\) for all k with \(i< k < j\). We also write \(\rho \models \phi \) for \(\rho , 0 \models \phi \) and we define the language of \(\phi \) as \(L(\phi ) = \{ \rho \mid \rho \models \phi \}\).
MTL Control Problem. The goal is to synthesize a controller \(\mathcal {C}\) that controls a plant \(\mathcal {P}\) against a specification of undesired behaviors \(\varPhi \) such that all resulting traces in the composition of \(\mathcal {P}\) and \(\mathcal {C}\) satisfy the specification \(\varPhi \) without blocking the plant \(\mathcal {P}\). In this context, control means that \(\mathcal {C}\) has control over some actions, while the environment controls the remaining actions. The synthesis problem on finite words and finite resources (i.e., fixed number of clocks and fixed constants) is decidable [7]. We refer to [7] for the formal definition.
3 Approach
Based on [7], our tool works as follows: First, it translates the specification into an alternating timed automaton (ATA) [18]. Next, it recursively constructs a tree over regionalized configurations of the synchronous product of the plant TA \(\mathcal {A}\) and the specification ATA \(\mathcal {B}\). Intuitively, each node n in the search tree contains a single regionalized configuration \(n_{\mathcal {A}}\) of \(\mathcal {A}\) and a set \(n_{\mathcal {B}}\) of possible configurations of \(\mathcal {B}\), which represents parts of the specification that have not been satisfied yet. Each newly discovered node in the search tree is expanded by computing all (regionalized) time and jump successors \(n_{\mathcal {A}}'\) of \(n_{\mathcal {A}}\) and the respective \(N_{\mathcal {B}}'\) for all symbols. Nodes in which the \(\mathcal {A}\) configuration is in a final location and \(\varPhi \) has fully been satisfied (\(\mathcal {B}\) is accepting) are labeled as bad, as they represent cases in which the plant is in a final state and the specification has been violated. After building the search tree, the tree is traversed and labeled bottom-up (good, bad) based on the labels of the leaf nodes. A controller exists if the root node is labeled good.
TACoS aims to provide a practicable tool to synthesize TA controllers against an MTL specification, with a focus on performance and usability. We summarize the most notable features in the following.
Parallelization. To make use of multi-threading, the node expansion is parallelized. Pending nodes are stored in a globally accessible queue and worker threads take nodes from the queue, expand those and push resulting successors into the queue for further processing.
Incremental Labeling. Instead of first constructing a complete search tree and then labeling the tree bottom-up, it is also possible to partially label the tree during expansion. Nodes are labelled recursively until either the root node has been labeled or not enough information is available to label a node. This approach allows to label the root node without constructing the complete search tree.
Pruning. With incremental labeling, a node’s label may be determined during search. With pruning, whenever a node’s label is determined, all of its unlabeled successors are marked as canceled, which prevents them from being expanded later on. The combination of incremental labeling and pruning allows to effectively skip large parts of the search graph during construction.
Node Reusing. When constructing the search tree as described, many nodes are created multiple times. This may occur whenever certain states of the system are reachable via different execution paths of the plant. Duplicate nodes consequently agree on their subtrees, i.e., the work of exploring these subtrees will be done several times. To overcome this, we identify duplicate nodes during the search. Instead of re-creating the sub-tree, we reuse the existing node instead and add the corresponding edges. This changes the underlying data structure from a search tree to a search graph, affecting all other improvements as well.
Search Heuristics. Incremental labeling and search-graph pruning heavily depend on the order in which nodes are expanded. We provide several heuristics which determine the order of nodes in the queue: breadth-first-search (bfs) and depth-first-search (dfs) work as expected. A heuristics based on timing (time) prioritizes the node with the shortest accumulated time (global time). The heuristic cw prefers nodes with configurations where more parts of the specification (of undesired behavior) are not yet satisfied. The heuristic env prefers environment actions over controller actions, based on the intuition that the controller should only act if necessary (and let the plant run otherwise). The composite heuristic comp is a weighted sum of other heuristics. In the following, we have used \(\mathtt {comp} = 16\cdot \mathtt {cw} + 4\cdot \mathtt {env} + 1\cdot \mathtt {time}\). Finally, the tool also provides a random heuristic, which is mainly helpful for comparison and testing.
Action- and Location-Based Specification. The approach in [7] suggests a method designed for action-based specifications in which labels on transitions (the actions) are used. However, location-based specifications, which specify the desired or undesired behavior in terms of properties on locations, sometimes allow a more intuitive specification. Our tool supports both types of specifications.
Utility. To ease debugging, we provide several utility functions such as plotting of the input automata, the resulting controller, or the search graph. TACoS reads text input and is shipped with a C++ library with simple API to create input programmatically. The synthesis result can be stored in a human-readable or binary format. TACoS can also be run in an interactive mode after search, which allows to debug the controller synthesis step-by-step with visual support.
4 Evaluation
We evaluated our system on several scenarios and ran each scenario in each configuration five times. All experiments were conducted on an AMD Ryzen 7 3700X with 16 parallel threads and 32 GB memory. We measured the number of locations in the input problem, the number of nodes in the search graph, the number of explored nodes in the search graph, and the number of locations in the resulting controller. We used three scenarios:
Example 1
(Railroad). This is a variant of the train-gate controller [3]. A train approaches a crossing, the controller needs to open and close the gate such that the train can pass. The problem is modeled as product of two TAs. The train performs the uncontrollable actions get_near, enter, leave, travel in sequence, i.e., approaches and passes through the gate section. The gate may perform the controllable actions start_close,start_open, finish_close, finish_open to change its state. The composed system is safe if the gate is closed when the train enters and opens after the train leaves the crossing. Thus, the bad behavior is defined by
We have parameterized the problem by the number of crossings and the distances before each crossing, where Railroad(4,8) is the problem with two crossings and a distance of 4 and 8 time units before the first and second crossing.
Example 2
(Robot). A robot transports goods between stations (based on [22]). It has a camera that needs to be enabled 1 s before the robot performs a pick or a put action. As the camera may overheat, it must not run continuously for longer than 4 s. The camera is controllable with the actions on and off, the robot’s actions pick, put, and move are not controllable. The robot takes exactly 3 s to move between the stations. The specification of undesired behavior is given as:
Example 3
(Conveyor Belt). A conveyor belt moves luggage in an airport (based on [21]). If a piece of luggage gets stuck, the belt must stop, which allows the luggage to be removed. The conveyor must not immediately continue but instead wait for at least 2 s. Also, the conveyor should not stop without reason. The controllable actions are move and stop, while the uncontrollable actions are release, resume, and stuck. The undesired behavior is specified as follows:
Results We first compare the different heuristics in Table 1. We can see that using heuristics is generally helpful and improves both the running time and the resulting search size and controller size when compared to bfs. Interestingly, the heuristic time does not perform well and is actually worse than bfs, dfs, and even random. Also, dfs performs surprisingly well compared to the other heuristics, at least in this scenario. With some margin, the composite heuristic comp performs best. Second, we evaluate multi-threaded search, running times are shown in Table 2. We can see that multi-threading reduces the running time, but increases CPU time and often has a negative impact on search size and controller size, most likely as additional nodes with a worse heuristic value are expanded as well when computing with multiple threads. Finally, Table 3 shows the performance on the scaled railroad problem. We can see that TACoS is able to find a controller even for large input problems, although the running time increases significantly. Further results are available on the tool webpageFootnote 1.
5 Conclusion
We have presented TACoS, to our knowledge the first tool for TA controller synthesis against MTL specifications. TACoS comes with a number of features aiming to provide both good performance and usability. We have evaluated the tool in three settings, which showed that it is capable of synthesizing controllers with reasonable performance. To further improve its performance, investigating more sophisticated heuristics would be a promising next step. Also, in future work, we want to investigate the applicability of the presented approach for control program synthesis and its performance on real robotic systems.
Notes
References
Altisen, K., Tripakis, S.: Tools for controller synthesis of timed systems. In: RT-TOOLS (2002)
Alur, R., Dill, D.: A theory of timed automata. TCS 126(2) (1994). https://doi.org/10.1016/0304-3975(94)90010-8
Alur, R., Henzinger, T., Vardi, M.: Parametric real-time reasoning. In: STOC (1993)
Asarin, E., Maler, O., Pnueli, A., Sifakis, J.: Controller synthesis for timed automata. IFAC 31(18) (1998). https://doi.org/10.1016/S1474-6670(17)42032-5
Behrmann, G., Cougnard, A., David, A., Fleury, E., Larsen, K.G., Lime, D.: UPPAAL-Tiga: time for playing games! In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 121–125. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_14
Bohy, A., Bruyère, V., Filiot, E., Jin, N., Raskin, J.-F.: Acacia+, a tool for LTL synthesis. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 652–657. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_45
Bouyer, P., Bozzelli, L., Chevalier, F.: Controller synthesis for MTL specifications. In: Baier, C., Hermanns, H. (eds.) CONCUR 2006. LNCS, vol. 4137, pp. 450–464. Springer, Heidelberg (2006). https://doi.org/10.1007/11817949_30
De Giacomo, G., Vardi, M.: Synthesis for LTL and LDL on finite traces. In: IJCAI (2015)
D’souza, D., Madhusudan, P.: Timed control synthesis for external specifications. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 571–582. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45841-7_47
Ehlers, R.: Unbeast: symbolic bounded synthesis. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 272–275. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19835-9_25
Finkbeiner, B., Peter, H.-J.: Template-based controller synthesis for timed systems. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 392–406. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28756-5_27
He, K., Lahijanian, M., Kavraki, L., Vardi, M.: Reactive synthesis for finite tasks under resource constraints. In: IROS (2017). https://doi.org/10.1109/IROS.2017.8206426
Hofmann, T., Lakemeyer, G.: Controller synthesis for Golog programs over finite domains with metric temporal constraints. arXiv:2102.09837 (2021)
Koymans, R.: Specifying real-time properties with metric temporal logic. Real-Time Syst. 2(4), 255–299 (1990). https://doi.org/10.1007/BF01995674
Kress-Gazit, H., Fainekos, G., Pappas, G.: Temporal-logic-based reactive mission and motion planning. IEEE Trans. Robot. 25(6), 1370–1381 (2009). https://doi.org/10.1109/TRO.2009.2030225
Li, G., Jensen, P.G., Larsen, K.G., Legay, A., Poulsen, D.B.: Practical controller synthesis for MTL0,\(\infty \). In: SPIN (2017). https://doi.org/10.1145/3092282.3092303
Nikou, A., Tumova, J., Dimarogonas, D.: Cooperative task planning of multi-agent systems under timed temporal specifications. In: ACC (2016). https://doi.org/10.1109/ACC.2016.7526793
Ouaknine, J., Worrell, J.: On the decidability of metric temporal logic. In: LICS (2005). https://doi.org/10.1109/LICS.2005.33
Peter, H.-J., Ehlers, R., Mattmüller, R.: Synthia: verification and synthesis for timed automata. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 649–655. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_52
Saha, S., Julius, A.: An MILP approach for real-time optimal controller synthesis with metric temporal logic specifications. In: ACC (2016). https://doi.org/10.1109/ACC.2016.7525063
van Hulst, A.C., Reniers, M.A., Fokkink, W.J.: Maximally permissive controlled system synthesis for non-determinism and modal logic. Discrete Event Dyn. Syst. 27(1), 109–142 (2016). https://doi.org/10.1007/s10626-016-0231-8
Viehmann, T., Hofmann, T., Lakemeyer, G.: Transforming robotic plans with timed automata to solve temporal platform constraints. In: IJCAI (2021). https://doi.org/10.24963/ijcai.2021/287
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Hofmann, T., Schupp, S. (2021). TACoS: A Tool for MTL Controller Synthesis. In: Calinescu, R., Păsăreanu, C.S. (eds) Software Engineering and Formal Methods. SEFM 2021. Lecture Notes in Computer Science(), vol 13085. Springer, Cham. https://doi.org/10.1007/978-3-030-92124-8_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-92124-8_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92123-1
Online ISBN: 978-3-030-92124-8
eBook Packages: Computer ScienceComputer Science (R0)