Assume-admissible synthesis

Acta Informatica, Jul 2016

In this paper, we introduce a novel rule for synthesis of reactive systems, applicable to systems made of n components which have each their own objectives. This rule is based on the notion of admissible strategies. We compare this rule with previous rules defined in the literature, and show that contrary to the previous proposals, it defines sets of solutions which are rectangular. This property leads to solutions which are robust and resilient, and allows one to synthesize strategies separately for each agent. We provide algorithms with optimal complexity and also an abstraction framework compatible with the new rule.

A PDF file should load here. If you do not see its contents the file may be temporarily unavailable at the journal website or you do not have a PDF plug-in installed and enabled in your browser.

Alternatively, you can download the file locally and open with any standalone PDF reader:

https://link.springer.com/content/pdf/10.1007%2Fs00236-016-0273-2.pdf

Assume-admissible synthesis

Acta Informatica Romain Brenguier 0 1 2 Jean-François Raskin 0 1 2 Ocan Sankur 0 1 2 0 CNRS, IRISA , Rennes , France 1 Département d'informatique, Université Libre de Bruxelles , Brussels , Belgium 2 Department of Computer Science, University of Oxford , Oxford , UK In this paper, we introduce a novel rule for synthesis of reactive systems, applicable to systems made of n components which have each their own objectives. This rule is based on the notion of admissible strategies. We compare this rule with previous rules defined in the literature, and show that contrary to the previous proposals, it defines sets of solutions which are rectangular. This property leads to solutions which are robust and resilient, and allows one to synthesize strategies separately for each agent. We provide algorithms with optimal complexity and also an abstraction framework compatible with the new rule. The automatic synthesis of reactive systems has recently attracted a considerable attention. The theoretical foundations of most of the contributions in this area rely on two-player zero sum games played on graphs: one player (player 1) models the system to synthesize, and the other player (player 2) models its environment. The game is zero-sum: the objective of player 1 is to enforce the specification of the system while the objective of player 2 is the negation of this specification. This is a worst-case assumption: because the cooperation of the environment cannot be assumed, we postulate that it is antagonistic. A fully adversarial environment is usually a bold abstraction of reality. Nevertheless, it is popular because it is simple and sound: a winning strategy against an antagonistic player is winning against any environment which pursues its own objective. But this approach may fail to find a winning strategy even if there exist solutions when the objective of the environment Assume-admissible synthesis 1 Introduction Supported by the ERC starting Grant inVEST (FP7-279499). B Ocan Sankur is taken into account. Also, this model is for two players only: system vs environment. In practice, both the system and the environment may be composed of several parts to be constructed individually or whose objectives should be considered one at a time. In fact, many systems, such as telecommunication protocols, and distributed algorithms are made of several components or processes, each having its own objective which may or may not conflict other components’ objectives. Consider, for instance, a communication network in which each node has the objective of transmitting a message to a subset of other nodes, using some preferred frequency range; the objectives of some nodes may not conflict at all if they are independent (using different frequencies), while some of them may be in conflict. Indeed, game theory is used to model such situations; see e.g. [20]. Such problems are the subject of non-zero sum games where each entitiy having its own objective is seen as a different player (a.k.a. agent). For controller synthesis within this context, it is thus crucial to take different players’ objectives into account when synthesizing strategies; accordingly, alternative notions have been proposed in the literature. A first classical alternative is to weaken the winning condition of player 1 using the objective of the environment, requiring the system to win only when the environment meets its objective. This approach together with its weaknesses have been discussed in [3], we will add to that later in the paper. A second alternative is to use concepts from n-players non-zero sum games. This is the approach taken both by assume-guarantee synthesis [7] (AG), and by rational synthesis [18] (RS). For two players, AG relies on secure equilibria [9] (SE), a refinement of Nash equilibria [28] (NE). In SE, objectives are lexicographic: players first try to maximize their own specifications, and then try to falsify the specifications of others. It is shown in [9] that SE are those NE which represent enforceable contracts between the two players. However the AG rule as extended to several players in [7] no longer corresponds to secure equilibria. This was not noticed in [7], so the algorithm proposed for computing secure equilibria does not actually apply for the AG rule. The difference between AG and SE is that AG strategies have to be resiliant to deviations of all the other players, while SE profiles have to be resiliant to deviations by only one player. In RS, the system is assumed to be monolithic and the environment is made of components that are partially controllable. In RS, we search for a profile of strategies where the system ensures its objective and the players that model the environment are given an “acceptable” strategy profiles, from which it is assumed that they will not deviate. “Acceptable” is formalized by any solution concept, e.g. by NE, dominating strategies (Dom), or subgame perfect equilibria (SPE). 1. As a first an (...truncated)


This is a preview of a remote PDF: https://link.springer.com/content/pdf/10.1007%2Fs00236-016-0273-2.pdf

Romain Brenguier, Jean-François Raskin, Ocan Sankur. Assume-admissible synthesis, Acta Informatica, 2017, pp. 41-83, Volume 54, Issue 1, DOI: 10.1007/s00236-016-0273-2