synthesis of reactive systems orna kupferman hebrew university moshe vardi rice university
TRANSCRIPT
![Page 1: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/1.jpg)
Synthesis of Reactive systems
Orna Kupferman Hebrew University
Moshe Vardi Rice University
![Page 2: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/2.jpg)
Is the system correct?
![Page 3: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/3.jpg)
Formal Verification:
System A mathematical model M
Desired behavior A formal specification
The system has the required behavior
M satisfies
Model checking
It Works!
But…
![Page 4: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/4.jpg)
It’s hard to design systems:It’s even harder to design correct systems:
![Page 5: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/5.jpg)
Synthesis:
Input: a specification .
Output: a system satisfying .
WOW!!!An unusual effectiveness of logic in
computer science!
![Page 6: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/6.jpg)
Synthesis:
Input: a specification .
Output: a system satisfying .
Input: pq.
Output: p,q
truth assignment
for pq.
synthesis satisfiability
![Page 7: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/7.jpg)
of temporal logic specifications:
Synthesis
Satisfiability
A specification: L 2)AP (
A state of the system: 2AP
p,q
A computations of the system: 2)AP (
p,q p q p,q
specifications languages
Is GpFp satisfiable?
![Page 8: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/8.jpg)
An LTL specification .
An automaton A.
[VW86]
L(A)= : satisfies
LTL nondeterministic Büchi word automata
req
req grant
req grant
req
=G (req XF grant)
A:
The automata-theoretic approach:
is satisfiable
A is nonempty
![Page 9: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/9.jpg)
Date: Mon, 28 Dec 92 18:12:25 PST
From: Moshe Vardi [email protected]
To: [email protected] (Orna Bernholtz)
Yes, the VW86 algorithm can be easily extended to give you a finite representation of an accepting run. Thus, it can be used as a synthesis algorithm .
You can view this as the automata-theoretic prespective on the Clarke&Emerson-style synthesis. For further elaboration on this perspective, see the paper by P. Wolper: On the relations of programs and computations to models of temporal logic, LNCS 398, 1989.
Moshe
P.S. Let me know if you’d like me to mail you the paper.
![Page 10: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/10.jpg)
user 1
user 2
1. Whenever user i sends a job, the job is eventually printed.
2. The printer does not serve the two users simultaneously.
1. G(j1 F p1) G(j2 F p2)
2. G((p1) (p2))
Let’s synthesize a scheduler that satisfies the specification …
An example:
![Page 11: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/11.jpg)
Satisfiability of such a scheduler exists?
NO!
A model for help in constructing a scheduler?
NO!
j1 j2 p1 p2
A model for : a scheduler that is guaranteed to satisfy for some input sequence.
Wanted: a scheduler that is guaranteed to satisfy for all input sequences.
![Page 12: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/12.jpg)
Closed vs. open systems
Closed system: no input!
o0o0, o1o0, o1,o2o0, o1,o2,…,oi
all input sequences=some input sequence
synthesis satisfiability
![Page 13: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/13.jpg)
Closed vs. open systems
Open system: interacts with an environment! o0
o1=f(i0)
o2=f(i0,i1)
o3=f(i0,i1,i2)
i2
i1
i0
An open system: labeled state-transition graph
AP=IO
f:(2I)* 2O
![Page 14: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/14.jpg)
Closed vs. open systems
Open system: f:(2I)* 2O
In the printer example: I={j1,j2}, O={p1,p2}f:({{},{j1},{j2},{j1,j2}})* {{},{p1},{p2},{p1,p2}}
synthesis satisfiability
![Page 15: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/15.jpg)
f()
f(01)f(00) f(10) f(11)
00 01 10 11
The computation tree of f (|I|=2):
2IO-labeled 2I-tree I-exhaustive
A computation of f:
)f() ( (i0,f(i0)) (i1,f(i0,i1)) (i2,f(i0,i1,i2)) …
A path in the computation tree, which embodies all computations:(2IO)
![Page 16: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/16.jpg)
The specification is realizable if there is f:(2I)*2O such that all the
computations of f satisfy .
NO!Yes! (for all exists)
is satisfiable is realizable? is satisfiable is realizable?
A computation of f:
)f() ( (i0,f(i0)) (i1,f(i0,i1)) (i2,f(i0,i1,i2)) …
A path in the computation tree, which embodies all computations:(2IO)
![Page 17: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/17.jpg)
Date: Thu, 27 Jan 94 13:46:43 IST
From: [email protected] (Orna Bernholtz)
Subject: Church’s problem
We mentioned it in the summer. You referred me to Pnueli and Rozner work about “synthesis as a game between the environment and the
system.”
Orna
![Page 18: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/18.jpg)
love(x,y)
in(x,y)
y2=x
women
men
proofs bugs
R R
16 4
![Page 19: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/19.jpg)
f: women men
love(x,f(x))
f: proofs bug
in(x,f(x))
f: R R
f2(x)=x16 4
Suppose that we have…
Can we find such f?
![Page 20: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/20.jpg)
Church’s problem 1963
Any f: does every x have y such that R(x,y)?
We will search for a “constructable” f.
X Y
RX Y
Can we find f: X Y such that
R(x,f(x)) for every x X?
![Page 21: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/21.jpg)
X
)2I(
R (2I) (2O)
Can we find f: (2I) (2O) such that
R(x,f(x)) for every x (2I) ?
Y
)2O(
R (2IO)
An LTL formula over I Oconstructabl
e
Can we find f: (2I)* 2O such that
all the computations of f satisfy ?
Synthesis:
![Page 22: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/22.jpg)
X
)2I(
Can we find f: (2I) (2O) such that
R(x,f(x)) for every x (2I) ?
Y
)2O(
An LTL formula over I O
Can we find f: (2I)* 2O such that
all the computations of f satisfy ?
Synthesis:
Linear appraoch:
Branching appraoch:
Can we find f: (2I)* 2O such that
the computation tree of f satisfies ?
CTL* formula
![Page 23: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/23.jpg)
Date: Sat, 6 Jan 1996 10:28:16 CST
From: Moshe Vardi [email protected]
We need some motivation for the branching specs. I think Antioniotti looked at synthesis with CTL specs, but I am not sure that he fully solved it .
Didn’t I give you some of his papers?
Moshe
“Whenever user 1 sends a job, the printer may print it”
AG(j1 EFp1)Exists an input
sequence…
![Page 24: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/24.jpg)
Solving the synthesis problem: [Rabin 70, Pnueli Rozner 88]
For linear specifications
We easily extend to branching specifications
![Page 25: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/25.jpg)
Solving the synthesis problem: [Rabin 70, Pnueli Rozner 88]
Given a CTL* specification over IO:
1. Construct an automaton A on 2IO-labeled 2I-trees such that A accepts exactly all the trees that satisfy .
2. Construct an automaton AI-exh on 2IO-labeled 2I-trees such that AI-exh accepts exactly all the I-exhaustive trees.
A tree accepted by both A and AI-exh :
f: (2I)* 2O whose computation tree satisfies !
3. Check A AI-exh for emptiness.
(with respect to regular trees)
![Page 26: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/26.jpg)
Synthesis with incomplete information:
“The printer should not print papers containing bugs”.
Hidden information, unknown to the system!
•Partial observability…
•Internal signals…
•Incomplete information…
The system does not see the full picture!
![Page 27: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/27.jpg)
The system does not see the full picture!
Still has to be correct with respect to the most hostile environment
![Page 28: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/28.jpg)
Synthesis with incomplete information:
“The printer should not print papers containing bugs”.
Hidden information, unknown to the system!The setting:
•I: input signals
•O: output signals
•H: hidden signals.
A strategy for the system:
f:(2I)* 2O
Independent of H…
What about the computation tree?
![Page 29: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/29.jpg)
00 01 10 11
0 1
The system’s computation tree:
For someone that has incomplete information:
I={job}
2I={{},{job}}
For someone that has complete information:
I={job}, H={bug}
2I x2H={{},{job}}x{{},{bug}}
A tree with a binary branching degree
A tree with branching degree four
![Page 30: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/30.jpg)
00 01 10 11
0 1
The system’s computation tree:
0000 01 10010 11
For someone that has complete information:
I={job}, H={bug}
2I x2H={{},{job}}x{{},{bug}}
![Page 31: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/31.jpg)
The system’s computation tree:
00 01 10 11
0 1The thin tree:
1111
The fat tree:
00 01 10 11
1000 1001 1100 11010010 0011 0110 01110000 0001 0100 0101 1010 1011 1110
What the system sees
What reality is; the thing that should satisfy .
2I-tree
2IH-tree
![Page 32: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/32.jpg)
1111
The system’s computation tree:
00 01 10 11
0 1The thin tree:
The fat tree:
00 01 10 11
1000 1001 1100 11010010 0011 0110 01110000 0001 0100 0101 1010 1011 1110
indistinguishable by the system
A consistent tree: indistinguishable nodes agree on their label.
![Page 33: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/33.jpg)
Solving the synthesis problem:
Given a CTL* specification over IOH:
1. Construct an automaton A on 2IOH -labeled 2IH -trees such that A accepts exactly all the trees that satisfy .
2. Construct an automaton Aexh on 2IOH -labeled 2IH -trees such that Aexh accepts exactly all the consistent (IH)-exhaustive trees.A tree accepted by both A and Aexh :
f: (2I)* 2O whose fat computation tree satisfies !
3. Check A Aexh for emptiness.
(with respect to regular trees)
![Page 34: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/34.jpg)
Solving the synthesis problem:
Given a CTL* specification over IOH:
1. Construct an automaton A on 2IOH -labeled 2IH -trees such that A accepts exactly all the trees that satisfy .
2. Construct an automaton Aexh on 2IOH -labeled 2IH -trees such that Aexh accepts exactly all the consistent (IH)-exhaustive trees.A tree accepted by both A and Aexh :
f: (2I)* 2O whose fat computation tree satisfies !
3. Check A Aexh for emptiness.
(with respect to regular trees)
![Page 35: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/35.jpg)
consistent
Consistency is not a regular property!
![Page 36: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/36.jpg)
The idea:Wanted: is there a fat tree that is both good and consistent?
We cannot check whether a tree is consistent.
There is a transformation g:thin trees fat trees that generates only consistent fat trees.
So we check: is there a thin tree t such that g(t) is good?
The automaton reads t, but pretends to read g(t).
Unusual effectiveness of alternating automata!
![Page 37: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/37.jpg)
Solving the synthesis problem:
Construct an alternating automaton A on 2IO -labeled 2I -trees such that A accepts an I-exhaustive (thin) tree iff its fat version satisfies .
A tree accepted by A:
f: (2I)* 2O whose fat computation tree satisfies !
Check A for emptiness. (with respect to regular
trees)
Given a CTL* specification over IOH:
Construct an alternating automaton A on 2IO -labeled 2I -trees such that A accepts an I-exhaustive (thin) tree iff its fat version satisfies .
![Page 38: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/38.jpg)
Synthesis with complete information:
•LTL: 2EXPTIME-complete.
•CTL: EXPTIME-complete.
•CTL*: 2EXPTIME-complete.
Satisfiability:
•LTL: PSPACE-complete.
•CTL: EXPTIME-complete.
•CTL*: 2EXPTIME-complete.
Complexity:
Synthesis with incomplete information:
•LTL: 2EXPTIME-complete.
•CTL: EXPTIME-complete.
•CTL*: 2EXPTIME-complete.
A is a Rabin automaton with exponentially many states and a linear index
A is a Büchi automaton with linearly many states
![Page 39: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/39.jpg)
So far…
O I
...systems with a single component.
Let’s synthesis five dining philosophers.
HMMMM…
![Page 40: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/40.jpg)
Synthesis of distributed systems:
P0
P2P1
P3
Each process Pi has Ii, Oi, and HiAn architecture:
•I0Oenv
•I1Oenv
•I2O0
•I3O1 O2
![Page 41: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/41.jpg)
Synthesis of distributed systems:
Input:
• A specification over IOH.
• An architecture A.
Output:
Strategies fi: (2Ii)* 2IiHi
such that their composition satisfies (if exist).
composition??
![Page 42: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/42.jpg)
Solving synthesis of distributed systems:
Pnueli Rozner 90: distributed systems are hard to synthesize; undecidable in the general case.
can simulate a Turing machine.
Two independent input streams
Two player games with incomplete information
[Peterson Reif 79]
P0 P1
![Page 43: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/43.jpg)
Solving synthesis of distributed systems:
[PR90:]hierarchical architectures are decidable.
P2 PnP0 P1
![Page 44: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/44.jpg)
Date: Sat, 6 Feb 1999 10:34:25 –0600 (CST)
From: Moshe Vardi< [email protected]>
Subject: Re: hierarchies
In fact, I think we might be able to handle even a more general case, where I_j \subset O_{j_1} \cup O_{j+1}, which allows information to flow up and down the chain.
Moshe
Date: Sun, 7 Feb 1999 17:07:19 +0200
From: Orna Kupferman >[email protected]>
Subject: Re: hierarchies
We should be able to generalize even more… …the dependencies induce a flow that alternating automata can handle.
Orna
![Page 45: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/45.jpg)
Solving synthesis of distributed systems:
[PR90:]hierarchical architectures are decidable.
P2 PnP0 P1
[KV00:]using alternating automata:
One/two-way chains are decidable.
One/two-way rings are decidable.
P2 PnP0 P1
P2 PnP0 P1
![Page 46: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/46.jpg)
Date: Sun, 7 Feb 1999 22:17:29 –0600 (CST)
From: Moshe Vardi< [email protected]>
Subject: Re: hierarchies
This is nice because these architectures are actually quite realistic. In communication protocol architecture, we typically have layers, where the upper layer is the application layer and the lower level is the physical layer, and information flows between the layers.
Moshe
![Page 47: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/47.jpg)
The solution:
1. A specification an alternating automaton A.
2. Reapet:
A and an architecture with n components.
A’ (of size exponential in A) and an architecture with n-1 components.
Complexity:
nonelementary.
![Page 48: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/48.jpg)
Date: Mon, 8 Feb 1999 14:18:13 –0600 (CST)
From: Moshe Vardi< [email protected]>
Subject: Re: hierarchies
BTW, regarding the nonelementary complexity, we can cite the MONA experience that shows that nonelementary algorithms can nevertheless be practical, since the worst-case complexity does not always arise.
Moshe
![Page 49: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/49.jpg)
More about the nonelementary complexity:
Synthesis is not harder than verification!
How come? Verification is linear in the system and at
most exponential in the specification.
![Page 50: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/50.jpg)
More about the nonelementary complexity:
Input to verification: M and .
Input to synthesis: and A.
[Rozner92 :]a specification such that the smallest system satisfying has a nonelementary size.
![Page 51: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/51.jpg)
Other related work:
Synthesis against a non-maximal environment.
The computatin tree may not be I-exhaustive; makes a difference for existential requirements [joint work with P. Madhusudan and P.S. Thiagaragan].
-calculus synthesis.
Many technical problems…
![Page 52: Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University](https://reader030.vdocuments.site/reader030/viewer/2022032516/56649c7b5503460f9492f285/html5/thumbnails/52.jpg)
Date: Thu, 27 Aug 1998 12:08:42 –0500 (CST)
From: Moshe Vardi< [email protected]>
I think we are done.Moshe