32:[["$","audio",null,{"id":"tts"}],["$","$L37",null,{"paperID":"1912.13430","publisher":"arxiv","paperJSON":{"title":"Towards Neural-Guided Program Synthesis for Linear Temporal Logic Specifications","paperID":"1912.13430","avgLineHeight":10.95,"imgScale":4,"sections":[{"heading":"Abstract","paragraphs":[[{"text":"Synthesizing a program that realizes a logical specification is a classical problem in computer science. We examine a particular type of program synthesis, where the objective is to synthesize a strategy that reacts to a potentially adversarial environment while ensuring that all executions satisfy a ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Linear Temporal Logic ","element":"span"},{"text":"(","element":"span"},{"text":"LTL","element":"span"},{"text":") specification. Unfortunately, exact methods to solve so-called ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"synthesis ","element":"span"},{"text":"via logical inference do not scale. In this work, we cast ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis as an optimization problem. We employ a neural network to learn a Q-function that is then used to guide search, and to construct programs that are subsequently verified for correctness. Our method is unique in combining search with deep learning to realize ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis. In our experiments the learned Q-function provides effective guidance for synthesis problems with relatively small specifications.","element":"span"}]]},{"heading":"1 Introduction","paragraphs":[[{"text":"Automated synthesis of programs from logical specification—","element":"span"},{"style":{"fontStyle":"italic"},"text":"program synthesis from specification","element":"span"},{"text":"— is a classical problem in computer science that dates back to Church ","element":"span"},{"href":"#id-0","referenceIndex":8,"text":"(1957)","element":"a"},{"text":". We are concerned with ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"synthesis","element":"span"},{"text":"—the synthesis of a reactive module that interacts with the environment such that all executions satisfy a prescribed ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Linear Temporal Logic ","element":"span"},{"text":"(","element":"span"},{"text":"LTL","element":"span"},{"text":") formula. The formula specifies the objective of the program and other sundry constraints including assumptions on the behavior of the environment, and safety and liveness constraints ","element":"span"},{"href":"#id-1","referenceIndex":22,"text":"(Pnueli and Rosner, ","element":"a"},{"href":"#id-1","referenceIndex":22,"text":"1989)","element":"a"},{"text":". There is no simulator, no requirement of a Markovian transition system, and no reward function. Rather, the logical specification provides all that is known of the behavior of the environment and mandated behavior of the program. Synthesized programs are ","element":"span"},{"style":{"fontStyle":"italic"},"text":"correct by construction","element":"span"},{"text":". ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis has a myriad of applications including the automated construction of logical circuits, game agents, and controllers for intelligent devices and safety-critical systems.","element":"span"}],[{"text":"Programming from specification, and specifically ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis has been studied intensely in theory and in practice (e.g., ","element":"span"},{"href":"#id-2","referenceIndex":15,"text":"(Jacobs et al., ","element":"a"},{"href":"#id-2","referenceIndex":15,"text":"2019)","element":"a"},{"text":"). We contrast it with ","element":"span"},{"style":{"fontStyle":"italic"},"text":"programming by example ","element":"span"},{"text":"which synthesizes a program that captures the behavior of input-output data or program traces (e.g., ","element":"span"},{"href":"#id-3","referenceIndex":13,"text":"(Gulwani, ","element":"a"},{"href":"#id-3","referenceIndex":13,"text":"2016)","element":"a"},{"text":"). In this category, differential approaches use deep learning for ","element":"span"},{"style":{"fontStyle":"italic"},"text":"program induction","element":"span"},{"text":", to ","element":"span"},{"style":{"fontStyle":"italic"},"text":"infer ","element":"span"},{"text":"the output of the program for new inputs (e.g. ","element":"span"},{"href":"#id-4","referenceIndex":10,"text":"(Ellis et al., ","element":"a"},{"href":"#id-4","referenceIndex":10,"text":"2016; ","element":"a"},{"href":"#id-5","referenceIndex":20,"text":"Parisotto et al., ","element":"a"},{"href":"#id-5","referenceIndex":20,"text":"2017; ","element":"a"},{"href":"#id-6","referenceIndex":28,"text":"Zhang et al., ","element":"a"},{"href":"#id-6","referenceIndex":28,"text":"2018; ","element":"a"},{"href":"#id-7","referenceIndex":7,"text":"Chen et al., ","element":"a"},{"href":"#id-7","referenceIndex":7,"text":"2018)","element":"a"},{"text":"). In neural-guided search, statistical techniques are used to guide search (e.g. ","element":"span"},{"href":"#id-8","referenceIndex":1,"text":"(Balog et al., ","element":"a"},{"href":"#id-8","referenceIndex":1,"text":"2017)","element":"a"},{"text":"), motivated in part by the fact that discrete search techniques may be more efficient than differentiable approaches alone ","element":"span"},{"href":"#id-9","referenceIndex":11,"text":"(Gaunt et al., ","element":"a"},{"href":"#id-9","referenceIndex":11,"text":"2016)","element":"a"},{"text":".","element":"span"}],[{"text":"LTL ","element":"span"},{"text":"synthesis is a challenging problem. Its complexity is known to be 2EXP-complete, and exact methods to solve this problem via logical inference do not scale—in part because of the prohibitively large search space. Thus, there is a need for exploration and development of novel approaches to ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis that have the potential to scale.","element":"span"}],[{"text":"In this work we make a first step towards applying two scalable techniques to ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis. Namely, ","element":"span"},{"style":{"fontStyle":"italic"},"text":"search ","element":"span"},{"text":"and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"learning","element":"span"},{"text":". We are interested in answering this question: ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Can we learn good guidance for ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"synthesis?","element":"span"}],[{"text":"Sophisticated search techniques, and in particular heuristic search, have the potential to scale to large spaces by means of efficient exploration and pruning. However, searching over spaces induced by LTL formulae present unique challenges that have not yet resulted in effective heuristic search techniques. Recent successes of deep learning for Markov Decision Processes (MDP) (e.g. ","element":"span"},{"href":"#id-10","referenceIndex":19,"text":"(Mnih ","element":"a"},{"href":"#id-10","referenceIndex":19,"text":"et al., ","element":"a"},{"href":"#id-10","referenceIndex":19,"text":"2015)","element":"a"},{"text":") and complex sequential decision-making problems (e.g. ","element":"span"},{"href":"#id-11","referenceIndex":25,"text":"(Silver et al., ","element":"a"},{"href":"#id-11","referenceIndex":25,"text":"2018)","element":"a"},{"text":") have inspired us to explore the use neural networks to capture the complex structure of ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specifications with a view to providing guidance to search methods.","element":"span"}],[{"text":"The main challenge that we had to address in this work was how to frame ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis—a problem that has commonly been addressed using formal methods via logical inference—into an optimization problem. To this end, we introduce a novel dynamic programming based formulation of ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis that allows us to deploy statistical approaches, and in particular deep learning combined with search, to realize ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis. We employ a neural network to learn a Q-function that is used to guide search, and to construct programs that are subsequently verified for correctness, thereby benefitting from the scalability of an approximate method while maintaining correct-by-construction guarantees. In our experiments the learned Q-function provided effective guidance for the synthesis of relatively small specifications, solving a number of the benchmarks that serve as standard evaluation metrics for the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis community.","element":"span"}]]},{"heading":"2 Reactive LTL Synthesis","paragraphs":[[{"text":"The central problem that we examine in this paper is the synthesis of controllers for sequential decision-making in discrete dynamical environments. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Reactive synthesis ","element":"span"},{"text":"constructs a strategy such that ","element":"span"},{"style":{"fontStyle":"italic"},"text":"all ","element":"span"},{"text":"executions of the strategy realize a specified temporally extended property, regardless of how the environment behaves ","element":"span"},{"href":"#id-1","referenceIndex":22,"text":"(Pnueli and Rosner, ","element":"a"},{"href":"#id-1","referenceIndex":22,"text":"1989)","element":"a"},{"text":". The specified property may include reachability goals and safety and liveness properties, as well as assumptions regarding the behavior of the environment. In contrast with MDPs, the environment dynamics are not stochastic nor necessarily Markovian but rather non-deterministic.","element":"span"}],[{"text":"In ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis, the temporally extended property to be satisfied takes the form of a ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Linear Temporal Logic ","element":"span"},{"text":"(","element":"span"},{"text":"LTL","element":"span"},{"text":") formula over a set of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"environment ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic"},"text":"X","element":"span"},{"text":") and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"system ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic"},"text":"Y","element":"span"},{"text":") variables (Definition ","element":"span"},{"href":"#id-12","text":"1)","element":"a"},{"text":". ","element":"span"},{"text":"LTL ","element":"span"},{"text":"is a modal logic that extends propositional logic with temporal modalities to express temporally extended properties of infinite-length state traces. In a nutshell, ","element":"span"},{"style":{"height":10},"width":26,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-0.png","element":"img","alt":"ϕ","inline":true,"padRight":true},{"text":"denotes that ","element":"span"},{"style":{"height":10},"width":26,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-1.png","element":"img","alt":" ϕ","inline":true,"padRight":true},{"text":"holds in the next timestep, and ","element":"span"},{"style":{"height":14},"width":114.91,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-2.png","element":"img","alt":" ϕ1Uϕ2","inline":true,"padRight":true},{"text":"denotes that ","element":"span"},{"style":{"height":10},"width":42.07,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-3.png","element":"img","alt":" ϕ1","inline":true,"padRight":true},{"text":"holds until ","element":"span"},{"style":{"height":10},"width":42.07,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-4.png","element":"img","alt":" ϕ2","inline":true,"padRight":true},{"text":"holds. Unary operators ","element":"span"},{"style":{"fontStyle":"italic"},"text":"eventually ","element":"span"},{"text":"(","element":"span"},{"style":{"height":14},"width":27,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-5.png","element":"img","alt":"♦","inline":true},{"text":") and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"always ","element":"span"},{"text":"(","element":"span"},{"style":{"height":0},"width":20,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-6.png","element":"img","alt":"□","inline":true},{"text":"), and binary operator ","element":"span"},{"style":{"fontStyle":"italic"},"text":"release ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic"},"text":"R","element":"span"},{"text":") can be defined using ","element":"span"},{"text":"and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"U ","element":"span"},{"text":"(cf. ","element":"span"},{"href":"#id-13","referenceIndex":21,"text":"(Pnueli, ","element":"a"},{"href":"#id-13","referenceIndex":21,"text":"1977)","element":"a"},{"text":"). Formally, we say that an infinite trace ","element":"span"},{"style":{"height":10},"width":230.09,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-7.png","element":"img","alt":" ρ = s1, s2, . . .","inline":true,"padRight":true},{"text":"satisfies ","element":"span"},{"style":{"height":16},"width":155.46,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-8.png","element":"img","alt":" ϕ (ρ |= ϕ","inline":true},{"text":", for short) iff ","element":"span"},{"style":{"height":16},"width":143.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-9.png","element":"img","alt":" ρ, 1 |= ϕ","inline":true},{"text":", where for every natural number ","element":"span"},{"style":{"height":13.2},"width":97.79,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-10.png","element":"img","alt":" i ≥ 1:","inline":true}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"style":{"height":16},"width":131.6,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-11.png","element":"img","alt":" ρ, i |= p","inline":true},{"text":", for a propositional variable ","element":"span"},{"style":{"height":14},"width":197.27,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-12.png","element":"img","alt":" p, iff p ∈ si,","inline":true}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"style":{"height":16},"width":162.17,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-13.png","element":"img","alt":" ρ, i |= ¬ψ","inline":true,"padRight":true},{"text":"iff it is not the case that ","element":"span"},{"style":{"height":16},"width":146.99,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-14.png","element":"img","alt":" ρ, i |= ψ,","inline":true}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"style":{"fontStyle":"italic"},"text":"ρ, i ","element":"span"},{"style":{"height":16},"width":589.64,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-15.png","element":"img","alt":" |= (ψ ∧ χ) iff ρ, i |= ψ and ρ, i |= χ,","inline":true}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"style":{"fontStyle":"italic"},"text":"ρ, i ","element":"span"},{"style":{"height":16},"width":368.92,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-16.png","element":"img","alt":" |= ϕ iff ρ, i + 1 |= ϕ,","inline":true}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"style":{"height":16},"width":190.57,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-17.png","element":"img","alt":" ρ, i |= ϕUψ","inline":true,"padRight":true},{"text":"iff there exists a ","element":"span"},{"style":{"height":16},"width":955.55,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-18.png","element":"img","alt":" j ≥ i such that ρ, j |= ψ, and ρ, k |= ϕ for every i ≤ k < j.","inline":true}],[{"id":"id-12","style":{"fontWeight":"bold"},"text":"Definition 1. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"An ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"specification is a triplet ","element":"span"},{"style":{"height":16},"width":424.53,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-19.png","element":"img","alt":" ⟨X, Y, ϕ⟩, where X and Y","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"are two finite disjoint sets of environment and system variables, respectively, and ","element":"span"},{"style":{"height":14.4},"width":189.82,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-20.png","element":"img","alt":" ϕ is an LTL","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"formula over ","element":"span"},{"style":{"height":12.8},"width":118.45,"height":32,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-21.png","element":"img","alt":" X ∪ Y.","inline":true}],[{"text":"LTL ","element":"span"},{"text":"synthesis is the task of computing a strategy that satisfies the specification (Definition ","element":"span"},{"href":"#id-14","text":"2)","element":"a"},{"text":". Strategies are functions that map non-empty finite sequences of subsets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X","element":"span"},{"text":"—i.e., elements of ","element":"span"},{"style":{"height":17.39},"width":104.84,"height":43.47,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-22.png","element":"img","alt":"(2X )+","inline":true},{"text":"—to a subset of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Y","element":"span"},{"text":". In general, strategies are non-Markovian and take history into account.","element":"span"}],[{"id":"id-14","style":{"fontWeight":"bold"},"text":"Definition 2. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"The ","element":"span"},{"text":"synthesis ","element":"span"},{"style":{"fontStyle":"italic"},"text":"problem for an ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"specification ","element":"span"},{"style":{"height":16},"width":157.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-23.png","element":"img","alt":" ⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"consists in computing an agent strategy ","element":"span"},{"style":{"height":17.39},"width":293.42,"height":43.47,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-24.png","element":"img","alt":" f : (2X )+ → 2Y","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"such that, for any infinite sequence ","element":"span"},{"style":{"height":13.19},"width":154.85,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-25.png","element":"img","alt":" X1X2 · · ·","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"of subsets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X","element":"span"},{"style":{"fontStyle":"italic"},"text":", the sequence ","element":"span"},{"style":{"height":16},"width":829.91,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/1-26.png","element":"img","alt":" (X1 ∪ f(X1))(X2 ∪ f(X1X2)) · · · satisfies ϕ. The","inline":true,"padRight":true},{"text":"realiazability ","element":"span"},{"style":{"fontStyle":"italic"},"text":"problem consists in deciding whether one such strategy exists.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Example: ","element":"span"},{"text":"The ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specification ","element":"span"},{"style":{"height":16},"width":396.88,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-0.png","element":"img","alt":" ⟨{x} , {y} , □(x ↔ y)⟩","inline":true,"padRight":true},{"text":"is realizable. One agent strategy that synthesizes the specification outputs ","element":"span"},{"style":{"height":16},"width":203.85,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-1.png","element":"img","alt":" Yn+1 = {y}","inline":true,"padRight":true},{"text":"whenever ","element":"span"},{"style":{"height":16},"width":175.18,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-2.png","element":"img","alt":" Xn = {x}","inline":true},{"text":", and ","element":"span"},{"style":{"height":16.79},"width":162.95,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-3.png","element":"img","alt":" Yn+1 = ∅","inline":true,"padRight":true},{"text":"whenever ","element":"span"},{"style":{"height":15.19},"width":127.84,"height":37.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-4.png","element":"img","alt":"Xn = ∅","inline":true},{"text":". Note, the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formula does not constrain the output of the system in the first timestep.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"2.1 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Bounded Synthesis","element":"span"}],[{"text":"Traditional approaches to ","element":"span"},{"text":"LTL ","element":"span"},{"text":"realizability and synthesis rely on automata transformations of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formula. Here, we review results from so-called ","element":"span"},{"style":{"fontStyle":"italic"},"text":"bounded synthesis ","element":"span"},{"text":"approaches, that make use of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Universal Co-Büchi Word ","element":"span"},{"text":"(UCW) automata ","element":"span"},{"href":"#id-15","referenceIndex":17,"text":"(Kupferman and Vardi, ","element":"a"},{"href":"#id-15","referenceIndex":17,"text":"2005)","element":"a"},{"text":". An important result in bounded synthesis is that ","element":"span"},{"text":"LTL ","element":"span"},{"text":"realizability can be characterized in terms of the runs of UCW automata, in a way that the space of the search for solutions can be ","element":"span"},{"style":{"fontStyle":"italic"},"text":"bounded","element":"span"},{"text":". The result, adapted from ","element":"span"},{"href":"#id-16","referenceIndex":24,"text":"(Schewe and Finkbeiner, ","element":"a"},{"href":"#id-16","referenceIndex":24,"text":"2007)","element":"a"},{"text":", is stated in Theorem ","element":"span"},{"href":"#id-17","text":"1. ","element":"a"},{"text":"Besides that, the computational advantage of bounded synthesis is that UCW automata transformations can be done more efficiently in practice than to other types of automata (e.g., parity automata).","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"UCW automata: ","element":"span"},{"text":"An UCW automaton is a tuple ","element":"span"},{"style":{"height":16},"width":273.3,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-5.png","element":"img","alt":" ⟨Q, Σ, q0, δ, QF ⟩","inline":true},{"text":", where ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Q ","element":"span"},{"text":"is a finite set of states, ","element":"span"},{"style":{"height":10.8},"width":29,"height":27,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-6.png","element":"img","alt":"Σ","inline":true,"padRight":true},{"text":"is the input alphabet (here, ","element":"span"},{"style":{"height":16.58},"width":336.14,"height":41.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-7.png","element":"img","alt":" Σ := 2X∪Y), q0 ∈ Q","inline":true,"padRight":true},{"text":"is the initial state, ","element":"span"},{"style":{"height":16.58},"width":270.18,"height":41.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-8.png","element":"img","alt":" δ : Q × Σ → 2Q","inline":true,"padRight":true},{"text":"is the (non-deterministic) transition function, and ","element":"span"},{"style":{"height":14},"width":143.16,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-9.png","element":"img","alt":" QF ⊆ Q","inline":true,"padRight":true},{"text":"is a set of rejecting states. Without loss of generality, we assume ","element":"span"},{"style":{"height":17.59},"width":1399.88,"height":43.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-10.png","element":"img","alt":" δ(q, σ) ̸= ∅ for each (q, σ) ∈ Q×Σ. A run of Aϕ on a play ρ = (X1 ∪Y1)(X2 ∪Y2) · · ·","inline":true,"padRight":true},{"text":"is a sequence ","element":"span"},{"style":{"height":10},"width":124.4,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-11.png","element":"img","alt":" q0q1 · · ·","inline":true,"padRight":true},{"text":"of elements of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Q","element":"span"},{"text":", where each ","element":"span"},{"style":{"height":10.79},"width":69.53,"height":26.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-12.png","element":"img","alt":" qi+1","inline":true,"padRight":true},{"text":"is an element of ","element":"span"},{"style":{"height":16},"width":231.75,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-13.png","element":"img","alt":" δ(qi, Xi ∪ Yi)","inline":true},{"text":". The ","element":"span"},{"style":{"fontStyle":"italic"},"text":"co-Büchi ","element":"span"},{"text":"index of a run is the maximum number of occurrences of rejecting states. A run of ","element":"span"},{"style":{"height":16.39},"width":50.89,"height":40.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-14.png","element":"img","alt":" Aϕ","inline":true,"padRight":true},{"text":"is ","element":"span"},{"style":{"fontStyle":"italic"},"text":"accepting ","element":"span"},{"text":"if its co-Büchi index is finite, and a play ","element":"span"},{"style":{"height":10},"width":21,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-15.png","element":"img","alt":" ρ","inline":true,"padRight":true},{"text":"is ","element":"span"},{"style":{"fontStyle":"italic"},"text":"accepting ","element":"span"},{"text":"if all the runs of ","element":"span"},{"style":{"height":16.39},"width":50.89,"height":40.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-16.png","element":"img","alt":" Aϕ","inline":true,"padRight":true},{"text":"on ","element":"span"},{"style":{"height":10},"width":21,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-17.png","element":"img","alt":" ρ","inline":true,"padRight":true},{"text":"are accepting. An ","element":"span"},{"style":{"height":14.4},"width":239.21,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-18.png","element":"img","alt":" LTL formula ϕ","inline":true,"padRight":true},{"text":"can be transformed into an UCW automaton that accepts all and only the models of ","element":"span"},{"style":{"height":10},"width":26,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-19.png","element":"img","alt":" ϕ","inline":true,"padRight":true},{"text":"in worst-case exponential time ","element":"span"},{"href":"#id-15","referenceIndex":17,"text":"(Kupferman and Vardi, ","element":"a"},{"href":"#id-15","referenceIndex":17,"text":"2005)","element":"a"},{"text":".","element":"span"}],[{"id":"id-17","style":{"fontWeight":"bold"},"text":"Theorem 1. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Let ","element":"span"},{"style":{"height":16.39},"width":233.17,"height":40.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-20.png","element":"img","alt":" Aϕ be a UCW","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"transformation of ","element":"span"},{"style":{"height":14.4},"width":379.28,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-21.png","element":"img","alt":" LTL formula ϕ. An LTL","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"specification ","element":"span"},{"style":{"height":16},"width":192.4,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-22.png","element":"img","alt":" ⟨X, Y, ϕ⟩ is","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"realizable iff there exists a strategy ","element":"span"},{"style":{"height":17.39},"width":465.8,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-23.png","element":"img","alt":" f : (2X )+ → 2Y and k < ∞","inline":true},{"style":{"fontStyle":"italic"},"text":", worst-case exponential in the size of ","element":"span"},{"style":{"height":16.39},"width":52.82,"height":40.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-24.png","element":"img","alt":" Aϕ","inline":true},{"style":{"fontStyle":"italic"},"text":", such that, for any infinite sequence ","element":"span"},{"style":{"height":13.19},"width":154.85,"height":32.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-25.png","element":"img","alt":" X1X2 · · ·","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"of subsets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X","element":"span"},{"style":{"fontStyle":"italic"},"text":", all runs of ","element":"span"},{"style":{"height":16.39},"width":52.82,"height":40.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-26.png","element":"img","alt":" Aϕ","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"on the sequence ","element":"span"},{"style":{"height":16},"width":567.67,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-27.png","element":"img","alt":"(X1 ∪ f(X1))(X2 ∪ f(X1X2)) · · ·","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"hit a number of rejecting states that is bounded by ","element":"span"},{"style":{"fontStyle":"italic"},"text":"k","element":"span"},{"style":{"fontStyle":"italic"},"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"2.2 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Automata Decompositions","element":"span"}],[{"text":"UCW transformations of ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formulae are worst-case exponential, and can be a computational bottleneck. To mitigate for this, synthesis tools Acacia","element":"span"},{"style":{"height":8.8},"width":25,"height":22,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-28.png","element":"img","alt":"+","inline":true,"padRight":true},{"href":"#id-18","referenceIndex":2,"text":"(Bohy et al., ","element":"a"},{"href":"#id-18","referenceIndex":2,"text":"2012) ","element":"a"},{"text":"and SynKit ","element":"span"},{"href":"#id-19","referenceIndex":5,"text":"(Camacho ","element":"a"},{"href":"#id-19","referenceIndex":5,"text":"et al., ","element":"a"},{"href":"#id-19","referenceIndex":5,"text":"2018b) ","element":"a"},{"text":"decompose the formula into a conjunction of subformulae, and then transform each subformula into UCW automata. Clearly, each subformula is potentially easier to transform into UCW automata than the whole formula. The results for bounded synthesis can be naturally extended to multiple automata decompositions, where the automata capture, collectively, ","element":"span"},{"text":"LTL ","element":"span"},{"text":"satisfaction.","element":"span"}],[{"id":"id-20","style":{"fontWeight":"bold"},"text":"Theorem 2 ","element":"span"},{"text":"(adapted from ","element":"span"},{"href":"#id-18","referenceIndex":2,"text":"(Bohy et al., ","element":"a"},{"href":"#id-18","referenceIndex":2,"text":"2012)","element":"a"},{"text":")","element":"span"},{"style":{"fontWeight":"bold"},"text":". ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Let ","element":"span"},{"style":{"height":13.99},"width":42.82,"height":34.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-29.png","element":"img","alt":" Ai","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"be UCW transformations of ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"formulae ","element":"span"},{"style":{"height":14.4},"width":745.88,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-30.png","element":"img","alt":"ϕi, i = 1..m, and let ϕ = ϕ1 ∧ · · · ∧ ϕm. LTL","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"specification ","element":"span"},{"style":{"height":16},"width":157.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-31.png","element":"img","alt":" ⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"is realizable iff there exists a strategy ","element":"span"},{"style":{"height":17.38},"width":465.28,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-32.png","element":"img","alt":" f : (2X )+ → 2Y and k < ∞","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"such that, for any infinite sequence ","element":"span"},{"style":{"height":13.19},"width":154.85,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-33.png","element":"img","alt":" X1X2 · · ·","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"of subsets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X","element":"span"},{"style":{"fontStyle":"italic"},"text":", the runs of each ","element":"span"},{"style":{"height":13.99},"width":42.81,"height":34.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-34.png","element":"img","alt":" Ai","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"on the sequence ","element":"span"},{"style":{"height":16},"width":568.4,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-35.png","element":"img","alt":" (X1 ∪ f(X1))(X2 ∪ f(X1X2)) · · ·","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"hit a number of rejecting states that is bounded by ","element":"span"},{"style":{"fontStyle":"italic"},"text":"k","element":"span"},{"style":{"fontStyle":"italic"},"text":".","element":"span"}]]},{"heading":"3 Safety Games for Bounded Synthesis","paragraphs":[[{"text":"Reactive synthesis is usually interpreted as a two-player game between the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"system ","element":"span"},{"text":"player, and the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"environment ","element":"span"},{"text":"player. In each turn, the environment player makes a move by selecting a subset of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"uncontrollable ","element":"span"},{"text":"variables, ","element":"span"},{"style":{"height":13.2},"width":134.01,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-36.png","element":"img","alt":" X ⊆ X","inline":true},{"text":". In response, the system player makes a move by selecting a subset of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"controllable ","element":"span"},{"text":"variables, ","element":"span"},{"style":{"height":13.2},"width":120.71,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-37.png","element":"img","alt":" Y ⊆ Y","inline":true},{"text":"—thus, the sets of player actions are the powersets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X ","element":"span"},{"text":"and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Y","element":"span"},{"text":". Game states and transitions are constructed by means of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"automata ","element":"span"},{"text":"transformations of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formula. In particular, bounded synthesis is interpreted as a ","element":"span"},{"style":{"fontStyle":"italic"},"text":"safety game ","element":"span"},{"text":"where the agent is constrained to react in a way that (infinite-length) game plays must yield automaton runs that hit a bounded number of rejecting states (cf. Theorems ","element":"span"},{"href":"#id-17","text":"1 ","element":"a"},{"text":"and ","element":"span"},{"href":"#id-20","text":"2)","element":"a"},{"text":". We formalize safety games below, and frame bounded synthesis as safety games in Section ","element":"span"},{"href":"#id-21","text":"3.1.","element":"a"}],[{"style":{"fontWeight":"bold"},"text":"Safety games: ","element":"span"},{"text":"In this paper, a two-player ","element":"span"},{"style":{"fontStyle":"italic"},"text":"safety game ","element":"span"},{"text":"is a tuple ","element":"span"},{"style":{"height":16.79},"width":554.76,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-38.png","element":"img","alt":" ⟨Zenv, Zsys, S, s1, T, Sbad⟩, where","inline":true},{"style":{"height":13.19},"width":76.87,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-39.png","element":"img","alt":"Zenv","inline":true,"padRight":true},{"text":"and ","element":"span"},{"style":{"height":15.59},"width":70.77,"height":38.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-40.png","element":"img","alt":" Zsys","inline":true,"padRight":true},{"text":"are sets of actions, ","element":"span"},{"style":{"fontStyle":"italic"},"text":"S ","element":"span"},{"text":"is a set of states, ","element":"span"},{"style":{"height":13.19},"width":128.81,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-41.png","element":"img","alt":" s1 ∈ S","inline":true,"padRight":true},{"text":"is the initial state of the game, ","element":"span"},{"style":{"height":15.59},"width":413.58,"height":38.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-42.png","element":"img","alt":"T : S ×Zenv ×Zsys → S","inline":true,"padRight":true},{"text":"is a transition function, and ","element":"span"},{"style":{"height":13.2},"width":153.45,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/2-43.png","element":"img","alt":" Sbad ⊆ S","inline":true,"padRight":true},{"text":"is a set of losing states. Analogously to ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis, we refer to the players as the environment and system. The game starts in ","element":"span"},{"style":{"height":13.2},"width":147.94,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-0.png","element":"img","alt":" s1, and is","inline":true,"padRight":true},{"text":"played an infinite number of turns. In each turn, the environment player selects an action ","element":"span"},{"style":{"height":13.2},"width":162.52,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-1.png","element":"img","alt":" x ∈ Zenv,","inline":true,"padRight":true},{"text":"and the system player reacts by selecting an action ","element":"span"},{"style":{"height":15.59},"width":140.44,"height":38.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-2.png","element":"img","alt":" y ∈ Zsys","inline":true},{"text":". If the game state in the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"n","element":"span"},{"text":"-th turn is ","element":"span"},{"style":{"height":9.19},"width":38.68,"height":22.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-3.png","element":"img","alt":" sn","inline":true,"padRight":true},{"text":"and the players moves are ","element":"span"},{"style":{"height":14.4},"width":160.5,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-4.png","element":"img","alt":" xn and yn","inline":true},{"text":", then the game state transitions to ","element":"span"},{"style":{"height":16},"width":465.65,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-5.png","element":"img","alt":" sn+1 = T(sn, xn, yn). Thus,","inline":true,"padRight":true},{"text":"game plays are infinite sequences of pairs ","element":"span"},{"style":{"height":16.79},"width":341.5,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-6.png","element":"img","alt":" (x, y) ∈ Zenv × Zsys","inline":true,"padRight":true},{"text":"that yield sequences of game states ","element":"span"},{"style":{"height":10},"width":201.97,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-7.png","element":"img","alt":"ρ = s1s2 · · ·","inline":true,"padRight":true},{"text":". A game play is winning (for the system player) if it yields a sequence of states that never hits a losing state. Solutions to a safety game are ","element":"span"},{"style":{"fontStyle":"italic"},"text":"policies ","element":"span"},{"style":{"height":15.59},"width":346.68,"height":38.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-8.png","element":"img","alt":" π : S × Zenv → Zsys","inline":true,"padRight":true},{"text":"that guarantee that game plays are winning, regardless how the environment moves, provided that the system acts in each state as mandated by ","element":"span"},{"style":{"height":6.8},"width":23,"height":17,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-9.png","element":"img","alt":" π","inline":true},{"text":". Safety games can be solved in polynomial time in the size of the search space, via fix-point computation of the set of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"safe states","element":"span"},{"text":"—i.e., states from which the system player has a winning strategy to avoid falling into losing states. If the initial state is a safe state, then a winning strategy for the system player can be obtained by performing actions that prevent the environment from transitioning into an unsafe state.","element":"span"}],[{"id":"id-21","style":{"fontWeight":"bold"},"text":"3.1 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Safety Game Reformulations","element":"span"}],[{"text":"Bounded synthesis approaches reduce the synthesis problem into a series of safety games ","element":"span"},{"style":{"height":13.19},"width":48.33,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-10.png","element":"img","alt":" Gk","inline":true},{"text":", parametrized by ","element":"span"},{"style":{"fontStyle":"italic"},"text":"k","element":"span"},{"text":". In those games, the environment and system players perform actions that correspond to the powersets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X ","element":"span"},{"text":"and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Y ","element":"span"},{"text":"variables, respectively. First, ","element":"span"},{"style":{"height":10},"width":26,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-11.png","element":"img","alt":" ϕ","inline":true,"padRight":true},{"text":"is transformed into a UCW automaton, ","element":"span"},{"style":{"height":16.79},"width":379.35,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-12.png","element":"img","alt":" Aϕ = ⟨Q, Σ, q0, δ, QF ⟩","inline":true},{"text":". With a fixed order in the elements of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"X","element":"span"},{"text":", ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Y","element":"span"},{"text":", and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Q","element":"span"},{"text":", we identify each subset ","element":"span"},{"style":{"height":13.2},"width":128.58,"height":33,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-13.png","element":"img","alt":" X ⊆ X","inline":true,"padRight":true},{"text":"with a boolean vector ","element":"span"},{"style":{"height":18.19},"width":366.82,"height":45.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-14.png","element":"img","alt":" x = ⟨x(1), . . . , x(|X|)⟩","inline":true,"padRight":true},{"text":"that indicates whether ","element":"span"},{"style":{"height":13.19},"width":126.02,"height":32.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-15.png","element":"img","alt":" xi ∈ X","inline":true,"padRight":true},{"text":"by making the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"i","element":"span"},{"text":"th element in ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"x ","element":"span"},{"text":"true (similarly with subsets of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Y ","element":"span"},{"text":"and ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Q","element":"span"},{"text":"). Game states are vectors ","element":"span"},{"style":{"height":18.18},"width":345.42,"height":45.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-16.png","element":"img","alt":"s = ⟨s(1), . . . , s(|Q|)⟩","inline":true,"padRight":true},{"text":"that do bookkeeping of the co-Büchi indexes of the runs of ","element":"span"},{"style":{"height":16.39},"width":50.88,"height":40.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-17.png","element":"img","alt":" Aϕ","inline":true,"padRight":true},{"text":"on the partial play that leads to ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":". More precisely, each element ","element":"span"},{"style":{"height":14.18},"width":54.41,"height":35.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-18.png","element":"img","alt":" s(i) ","inline":true,"padRight":true},{"text":"is an integer that tells the maximum co-Büchi index among all the runs of ","element":"span"},{"style":{"height":16.39},"width":50.89,"height":40.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-19.png","element":"img","alt":" Aϕ","inline":true,"padRight":true},{"text":"on the partial play that finish in ","element":"span"},{"style":{"height":17.39},"width":54.95,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-20.png","element":"img","alt":" q(i)","inline":true},{"text":". If none of the runs finish in ","element":"span"},{"style":{"height":17.38},"width":316.68,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-21.png","element":"img","alt":"q(i), then s(i) = −1","inline":true},{"text":". The transition function, ","element":"span"},{"style":{"fontStyle":"italic"},"text":"T","element":"span"},{"text":", progresses the automaton runs captured in a state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"according to the move of the environment and system players.","element":"span"}],[{"style":{"width":"48%"},"width":761,"height":181,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-22.png","element":"img"}],[{"text":"We write ","element":"span"},{"text":"idx(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") ","element":"span"},{"text":"to refer to the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"co-Büchi index of game state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":", that we define as the maximum co-Büchi index among all the runs captured by ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":". Formally, ","element":"span"},{"style":{"height":18.18},"width":325.67,"height":45.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-23.png","element":"img","alt":" idx(s) := maxi s(i)","inline":true},{"text":". Losing states in ","element":"span"},{"style":{"height":13.19},"width":72.73,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-24.png","element":"img","alt":" Sbad","inline":true,"padRight":true},{"text":"are those ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"with ","element":"span"},{"text":"idx(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") = ","element":"span"},{"style":{"fontStyle":"italic"},"text":"k","element":"span"},{"text":". Intuitively, in those games the environment player aims at maximizing the index of the states visited, whereas the system player aims at keeping this number bounded. Theorem ","element":"span"},{"href":"#id-22","text":"3 ","element":"a"},{"text":"relates ","element":"span"},{"text":"LTL ","element":"span"},{"text":"realizability with the existence of solutions to those safety games. For computational reasons, we redefine a transition function ","element":"span"},{"style":{"height":13.19},"width":40.29,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-25.png","element":"img","alt":" Tk","inline":true,"padRight":true},{"text":"that reduces the search space to those states with co-Büchi index bounded by ","element":"span"},{"style":{"fontStyle":"italic"},"text":"k","element":"span"},{"text":".","element":"span"}],[{"id":"id-22","style":{"fontWeight":"bold"},"text":"Theorem 3 ","element":"span"},{"text":"(adapted from ","element":"span"},{"href":"#id-16","referenceIndex":24,"text":"(Schewe and Finkbeiner, ","element":"a"},{"href":"#id-16","referenceIndex":24,"text":"2007)","element":"a"},{"text":")","element":"span"},{"style":{"fontWeight":"bold"},"text":". ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"specification ","element":"span"},{"style":{"height":16},"width":157.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-26.png","element":"img","alt":" ⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"is realizable iff the safety game ","element":"span"},{"style":{"height":17.39},"width":501.54,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-27.png","element":"img","alt":" Gk = ⟨2X , 2Y, S, s1, Tk, Sbad⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"constructed from any UCW transformation of ","element":"span"},{"style":{"height":10},"width":26,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-28.png","element":"img","alt":" ϕ","inline":true},{"style":{"fontStyle":"italic"},"text":", ","element":"span"},{"style":{"height":16.79},"width":381.12,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-29.png","element":"img","alt":"Aϕ = ⟨Q, Σ, q0, δ, QF ⟩","inline":true},{"style":{"fontStyle":"italic"},"text":", has a solution for some ","element":"span"},{"style":{"height":11.6},"width":116.98,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-30.png","element":"img","alt":" k < ∞","inline":true},{"style":{"fontStyle":"italic"},"text":", worst-case exponential in the number of states in ","element":"span"},{"style":{"height":16.39},"width":181.68,"height":40.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-31.png","element":"img","alt":" Aϕ, where:","inline":true}],[{"style":{"width":"40%"},"width":647,"height":291,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-32.png","element":"img"}],[{"style":{"fontWeight":"bold"},"text":"3.2 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Automata Decompositions","element":"span"}],[{"text":"Theorem ","element":"span"},{"href":"#id-22","text":"3 ","element":"a"},{"text":"can be extended to handle multiple automata decompositions of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formula. The result, stated in Theorem ","element":"span"},{"href":"#id-23","text":"4, ","element":"a"},{"text":"is adapted from known results that proof the correctness of bounded synthesis approaches employed by Acacia","element":"span"},{"style":{"height":8.8},"width":25,"height":22,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/3-33.png","element":"img","alt":"+","inline":true,"padRight":true},{"text":"and SynKit, which exploit decompositions to improve ","element":"span"},{"text":"scalability ","element":"span"},{"href":"#id-18","referenceIndex":2,"text":"(Bohy et al., ","element":"a"},{"href":"#id-18","referenceIndex":2,"text":"2012; ","element":"a"},{"href":"#id-19","referenceIndex":5,"text":"Camacho et al., ","element":"a"},{"href":"#id-19","referenceIndex":5,"text":"2018b)","element":"a"},{"text":". We presume the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specification formula is a conjunction of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"m ","element":"span"},{"text":"subformulae ","element":"span"},{"style":{"height":21.49},"width":762.3,"height":53.72,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-0.png","element":"img","alt":" ϕ = ϕ1 ∧ · · · ∧ ϕm. For each i = 1..m, let G(i)k ","inline":true,"padRight":true},{"text":"be the safety game ","element":"span"},{"text":"constructed as described in Theorem ","element":"span"},{"href":"#id-22","text":"3 ","element":"a"},{"text":"from a UCW automaton transformation ","element":"span"},{"style":{"height":14.8},"width":134.8,"height":37,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-1.png","element":"img","alt":" Ai of ϕi","inline":true},{"text":". The idea is to construct a cross-product safety game ","element":"span"},{"style":{"height":13.19},"width":48.33,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-2.png","element":"img","alt":" Gk","inline":true,"padRight":true},{"text":"that maintains the dynamics of each ","element":"span"},{"style":{"height":21.49},"width":67.06,"height":53.72,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-3.png","element":"img","alt":" G(i)k ","inline":true,"padRight":true},{"text":"in parallel.","element":"span"}],[{"id":"id-23","style":{"fontWeight":"bold"},"text":"Theorem 4. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Let ","element":"span"},{"style":{"height":14.4},"width":449.71,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-4.png","element":"img","alt":" ϕ = ϕ1∧· · ·∧ϕm be an LTL","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"formula, and let ","element":"span"},{"style":{"height":21.49},"width":607.74,"height":53.72,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-5.png","element":"img","alt":" G(i)k = ⟨2X , 2Y, S(i), s(i)1 , T (i)k , S(i)bad⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"be safety games associated to each ","element":"span"},{"style":{"height":14},"width":203.37,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-6.png","element":"img","alt":" ϕi, i = 1..m","inline":true},{"style":{"fontStyle":"italic"},"text":", and constructed as described in Theorem ","element":"span"},{"href":"#id-22","style":{"fontStyle":"italic"},"text":"3. ","element":"a"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"specification ","element":"span"},{"style":{"height":16},"width":157.15,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-7.png","element":"img","alt":" ⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"is realizable iff the safety game ","element":"span"},{"style":{"height":17.38},"width":501.54,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-8.png","element":"img","alt":" Gk = ⟨2X , 2Y, S, s1, Tk, Sbad⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"constructed as described below has a solution for some ","element":"span"},{"style":{"height":11.6},"width":124.99,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-9.png","element":"img","alt":" k < ∞.","inline":true}],[{"style":{"width":"58%"},"width":931,"height":241,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-10.png","element":"img"}],[{"style":{"fontWeight":"bold"},"text":"3.3 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Extraction of Solutions","element":"span"}],[{"text":"So far the results in Theorems ","element":"span"},{"href":"#id-22","text":"3 ","element":"a"},{"text":"and ","element":"span"},{"href":"#id-23","text":"4 ","element":"a"},{"text":"relate ","element":"span"},{"text":"LTL ","element":"span"},{"text":"realizability with the existence of solutions to the reduced safety games, but do not state how we can synthesize solutions to the original ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specification. In effect, a winning strategy ","element":"span"},{"style":{"height":17.38},"width":290.95,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-11.png","element":"img","alt":" f : (2X )+ → 2Y","inline":true,"padRight":true},{"text":"that realizes the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specification ","element":"span"},{"style":{"height":16},"width":157.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-12.png","element":"img","alt":"⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"text":"can be directly constructed from a policy ","element":"span"},{"style":{"height":11.2},"width":293.13,"height":28,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-13.png","element":"img","alt":" π : S × X → Y","inline":true,"padRight":true},{"text":"that solves the game ","element":"span"},{"style":{"height":13.19},"width":48.33,"height":32.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-14.png","element":"img","alt":" Gk","inline":true},{"text":". Recursively,","element":"span"}],[{"style":{"width":"42%"},"width":680,"height":153,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-15.png","element":"img"}],[{"text":"An advantageous property of solutions to the reduced safety games is that they provide means to implement ","element":"span"},{"style":{"fontStyle":"italic"},"text":"f ","element":"span"},{"text":"compactly in the form of a controller, or finite-state machine with internal memory that stores the current game state, and whose output to a sequence ","element":"span"},{"style":{"height":9.59},"width":165.35,"height":23.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-16.png","element":"img","alt":" x1 · · · xm","inline":true,"padRight":true},{"text":"depends only on the last environment move, ","element":"span"},{"style":{"height":9.59},"width":59.26,"height":23.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-17.png","element":"img","alt":" xm","inline":true},{"text":", and the internal state ","element":"span"},{"style":{"height":9.59},"width":54.17,"height":23.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-18.png","element":"img","alt":" sm","inline":true},{"text":"—not on the entire history.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"3.4 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Computational Complexity","element":"span"}],[{"text":"The transformation of ","element":"span"},{"text":"LTL ","element":"span"},{"text":"into an UCW automaton is worst-case exponential in the size of the formula. For a fixed ","element":"span"},{"style":{"height":11.6},"width":115.14,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-19.png","element":"img","alt":" k < ∞","inline":true},{"text":", the size of the state space is ","element":"span"},{"style":{"height":18.18},"width":167.72,"height":45.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-20.png","element":"img","alt":" O(kΣ|Qi|)","inline":true},{"text":", that is, exponential in the sum of automata sizes. The game ","element":"span"},{"style":{"height":13.19},"width":48.33,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/4-21.png","element":"img","alt":" Gk","inline":true,"padRight":true},{"text":"can be solved by fix-point computation in polynomial time in the size of the search space. Decompositions of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formula have the potential to produce smaller UCW automata and games with smaller size. Note, however, that the worst-case computational complexity is doubly exponential in the size of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specification formula.","element":"span"}]]},{"heading":"4 Dynamic Programming for LTL Synthesis","paragraphs":[[{"text":"In Section ","element":"span"},{"text":"3 ","element":"span"},{"text":"we showed how ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis can be cast as a series of safety games. Modern approaches to bounded synthesis use different technology (e.g. BDDs, SAT) to solve those games via logical inference (e.g. ","element":"span"},{"href":"#id-24","referenceIndex":16,"text":"(Jobstmann and Bloem, ","element":"a"},{"href":"#id-24","referenceIndex":16,"text":"2006; ","element":"a"},{"href":"#id-18","referenceIndex":2,"text":"Bohy et al., ","element":"a"},{"href":"#id-18","referenceIndex":2,"text":"2012)","element":"a"},{"text":"). Unfortunately, exact methods have limited scalability, because the size of the search space grows (worst-case) doubly-exponentially with the size of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specification formula. In this section we study the use of dynamic programming to solve these safety games.","element":"span"}],[{"text":"Dynamic programming gradually approximates optimal solutions, and is an alternative to exact methods that do logical inference. Dynamic programming has been widely used in the context of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Markov Decision Processes ","element":"span"},{"text":"(MDPs), where the objective is to compute strategies that optimize for reward-worthy behavior. The challenge for us in this work is to frame ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis as an optimization problem, for which dynamic programming techniques can be used. There are at least two significant differences between the dynamics of MDPs and safety games, that prevent us from using off-the-shelf methods. First, state transitions in an MDP are stochastic, whereas in a game the transitions are non-deterministic. Second, in an MDP the agent receives a reward signal upon ","element":"span"},{"text":"performing an action, and optimizes for maximizing the expected (discounted) cumulative reward. In contrast, in a safety game the agent does not receive reward signals, and aims at winning the game. The same differences appear with so-called ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Markov games ","element":"span"},{"href":"#id-25","referenceIndex":18,"text":"(Littman, ","element":"a"},{"href":"#id-25","referenceIndex":18,"text":"1994)","element":"a"},{"text":".","element":"span"}],[{"text":"As it is common in dynamic programming, we first formulate a set of Bellman equations for safety games. Bellman equations describe the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"value ","element":"span"},{"text":"of a state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":", ","element":"span"},{"style":{"fontStyle":"italic"},"text":"V ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":")","element":"span"},{"style":{"fontStyle":"italic"},"text":", ","element":"span"},{"text":"in terms of the values of future states in a sequential decision-making process, assuming both players act “optimally” – recall, the environment aims at maximizing the maximum index of visited states, and the system aims at keeping this number bounded. Solutions to the safety game can be obtained by performing, in each state, a greedy action that minimizes the (in our case, worst-case) value of the next state. Bellman equations can be solved using dynamic programming – for instance, value iteration. We show that value iteration on this set of Bellman equations is guaranteed to converge to a solution to the associated safety game. In the next section, we show how learning methods – in particular, an adaptation of (deep) Q-learning – can be used to provide guidance.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"4.1 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Bellman Equations","element":"span"}],[{"text":"In our set of Bellman equations, we conceptualize ","element":"span"},{"style":{"fontStyle":"italic"},"text":"V ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") ","element":"span"},{"text":"as a function that tells the maximum index of the states visited from ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":", assuming that both players act optimally (cf. Theorem ","element":"span"},{"href":"#id-26","text":"5)","element":"a"},{"text":". Solutions are value – or, equivalently, Q-value – functions that satisfy the Bellman equations in each ","element":"span"},{"style":{"height":11.6},"width":106.62,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-0.png","element":"img","alt":" s ∈ S.","inline":true}],[{"id":"id-26","style":{"fontWeight":"bold"},"text":"Theorem 5. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"An ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"specification ","element":"span"},{"style":{"height":16},"width":157.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-1.png","element":"img","alt":" ⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"is realizable iff there exists a value function ","element":"span"},{"style":{"fontStyle":"italic"},"text":"V ","element":"span"},{"style":{"fontStyle":"italic"},"text":"with ","element":"span"},{"style":{"height":16},"width":197.44,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-2.png","element":"img","alt":"V (s1) < ∞","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"that is solution to the Bellman equations","element":"span"}],[{"style":{"width":"44%"},"width":709,"height":135,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-3.png","element":"img"}],[{"style":{"fontStyle":"italic"},"text":"Furthermore, policy ","element":"span"},{"style":{"height":16.79},"width":570.74,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-4.png","element":"img","alt":" π(s, x) := arg miny V (T(s, x, y))","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"solves the safety games ","element":"span"},{"style":{"height":16},"width":306.45,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-5.png","element":"img","alt":" Gk for k ≥ V (s1).","inline":true}],[{"style":{"fontStyle":"italic"},"text":"Proof. ","element":"span"},{"text":"If ","element":"span"},{"style":{"height":16},"width":157.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-6.png","element":"img","alt":" ⟨X, Y, ϕ⟩","inline":true,"padRight":true},{"text":"is realizable, then the safety game ","element":"span"},{"style":{"height":13.19},"width":48.33,"height":32.97,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-7.png","element":"img","alt":" Gk","inline":true,"padRight":true},{"text":"has a solution ","element":"span"},{"style":{"height":6.8},"width":23,"height":17,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-8.png","element":"img","alt":" π","inline":true,"padRight":true},{"text":"for some ","element":"span"},{"style":{"height":11.6},"width":135.77,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-9.png","element":"img","alt":" k < ∞","inline":true,"padRight":true},{"text":"(Theorem ","element":"span"},{"href":"#id-22","text":"3)","element":"a"},{"text":". ","element":"span"},{"style":{"fontStyle":"italic"},"text":"V ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") ","element":"span"},{"text":"can be defined as the maximum index of the states reachable from ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"following ","element":"span"},{"style":{"height":6.8},"width":23,"height":17,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-10.png","element":"img","alt":"π","inline":true},{"text":". In the other direction, let ","element":"span"},{"style":{"fontStyle":"italic"},"text":"V ","element":"span"},{"text":"be a solution to the Bellman equations. Then, the greedy policy ","element":"span"},{"style":{"height":16.79},"width":975.18,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-11.png","element":"img","alt":"π(s, x) = arg miny V (δ(s, x, y)) solves Gk for k = V (s1).","inline":true}],[{"text":"Solutions to the safety games and, by extension, to the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis problem can be constructed from solutions to the Bellman equations. In this step, it is crucial that the transition model (","element":"span"},{"style":{"fontStyle":"italic"},"text":"T","element":"span"},{"text":") is known to the agent.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"4.2 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Value Iteration for Safety Games","element":"span"}],[{"text":"Value iteration for MDPs updates the Q-values of states by performing one-step lookaheads. We naturally adapt this idea to develop a value iteration algorithm for safety games. The Q-value estimate for a pair ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"style":{"fontStyle":"italic"},"text":", ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"x","element":"span"},{"text":") ","element":"span"},{"text":"is ","element":"span"},{"style":{"height":19.62},"width":909.17,"height":49.05,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-12.png","element":"img","alt":"ˆQ(s, x) = max(idx(s), miny maxx′ Q(T(s, x, y), x′)","inline":true},{"text":". Intuitively, ","element":"span"},{"style":{"height":18.83},"width":128.14,"height":47.08,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-13.png","element":"img","alt":"ˆQ(s, x)","inline":true,"padRight":true},{"text":"performs one-step lookaheads from ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":", and selects the lowest Q-value that the system player could enforce in an adversarial setting. Then, the Q-value ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Q","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"style":{"fontStyle":"italic"},"text":", ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"x","element":"span"},{"text":") ","element":"span"},{"text":"is updated to ","element":"span"},{"style":{"height":18.83},"width":128.15,"height":47.07,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-14.png","element":"img","alt":"ˆQ(s, x)","inline":true},{"text":". When the Bellman equations have a solution, the Q value updates converge in safe states and yield solutions to the associated safety games (Theorem ","element":"span"},{"href":"#id-27","text":"6)","element":"a"},{"text":".","element":"span"}],[{"id":"id-27","style":{"fontWeight":"bold"},"text":"Theorem 6. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"If the Bellman equations in Theorem ","element":"span"},{"href":"#id-26","style":{"fontStyle":"italic"},"text":"5 ","element":"a"},{"style":{"fontStyle":"italic"},"text":"have a solution, then the Q-value updates below make ","element":"span"},{"style":{"height":16},"width":104.82,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-15.png","element":"img","alt":" V (s1)","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"converge to a bounded value, provided that the Q-value in each state is updated sufficiently often, and that the Q-value function is initialized to non-infinite values.","element":"span"}],[{"style":{"width":"52%"},"width":839,"height":62,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-16.png","element":"img"}],[{"style":{"fontStyle":"italic"},"text":"Furthermore, policy ","element":"span"},{"style":{"height":16.79},"width":570.82,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-17.png","element":"img","alt":" π(s, x) := arg miny V (T(s, x, y))","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"converges to a solution the safety game ","element":"span"},{"style":{"height":13.19},"width":48.33,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-18.png","element":"img","alt":" Gk","inline":true,"padRight":true},{"style":{"fontStyle":"italic"},"text":"for some ","element":"span"},{"style":{"height":11.6},"width":124.98,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-19.png","element":"img","alt":" k < ∞.","inline":true}],[{"style":{"fontStyle":"italic"},"text":"Proof. ","element":"span"},{"text":"To obtain the desired result, we show that the Bellman backup operator ","element":"span"},{"style":{"fontStyle":"italic"},"text":"BV ","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") = ","element":"span"},{"style":{"height":16.79},"width":640.9,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-20.png","element":"img","alt":"maxx max(idx(s), miny V (T(s, x, y))","inline":true,"padRight":true},{"text":"is a ","element":"span"},{"style":{"fontStyle":"italic"},"text":"contraction ","element":"span"},{"text":"in the set of safe states ","element":"span"},{"style":{"height":15.59},"width":175.64,"height":38.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-21.png","element":"img","alt":" Ssafe ⊆ S","inline":true},{"text":". Let ","element":"span"},{"style":{"height":10.98},"width":48.1,"height":27.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-22.png","element":"img","alt":"V ∗","inline":true,"padRight":true},{"text":"be a solution to the Bellman equations, i.e., ","element":"span"},{"style":{"height":10.98},"width":184.62,"height":27.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-23.png","element":"img","alt":" BV ∗ = V ∗","inline":true},{"text":". By using the property ","element":"span"},{"style":{"height":16},"width":236.16,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/5-24.png","element":"img","alt":" | maxx f(x) −","inline":true,"padRight":true},{"style":{"height":16},"width":576.59,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-0.png","element":"img","alt":"maxx g(x)| ≤ maxx |f(x) − g(x)|","inline":true},{"text":", and observing that ","element":"span"},{"style":{"height":10.99},"width":48.1,"height":27.47,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-1.png","element":"img","alt":" V ∗","inline":true,"padRight":true},{"text":"is finite in safe states, and infinite in unsafe states, it can be shown that ","element":"span"},{"style":{"height":17.68},"width":996.84,"height":44.2,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-2.png","element":"img","alt":" maxs∈Ssafe |BV (x) − V ∗(x)| ≤ maxs∈Ssafe |V (x) − V ∗(x)|","inline":true},{"text":". Hence, the Q value updates have to converge to finite values in the set of safe states, bounded by some ","element":"span"},{"style":{"height":11.6},"width":115.16,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-3.png","element":"img","alt":"k < ∞","inline":true},{"text":". It follows straightforward that the policy ","element":"span"},{"style":{"height":16.79},"width":570.76,"height":41.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-4.png","element":"img","alt":" π(s, x) := arg miny V (T(s, x, y))","inline":true,"padRight":true},{"text":"converges to a solution to the safety game ","element":"span"},{"style":{"height":13.19},"width":60.94,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-5.png","element":"img","alt":" Gk.","inline":true}]]},{"heading":"5 DQS: Deep Q-learning for LTL Synthesis","paragraphs":[[{"text":"State-of-the-art exact methods for ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis, and bounded synthesis in particular, have limited scalability. In part, this is due to the (potentially, doubly-exponential) size of the search space. We can expect, thus, similar challenges with the value iteration algorithm presented in Section ","element":"span"},{"text":"4. ","element":"span"},{"text":"The objective in this paper is not to do value iteration for safety games. Rather, the Bellman equations (Theorems ","element":"span"},{"href":"#id-26","text":"5) ","element":"a"},{"text":"and the convergence of value iteration (Theorem ","element":"span"},{"href":"#id-27","text":"6) ","element":"a"},{"text":"set the theoretical foundations that we need to do (deep) Q-learning.","element":"span"}],[{"text":"In this section we present a method to ","element":"span"},{"style":{"fontStyle":"italic"},"text":"learn ","element":"span"},{"text":"a Q function, with a variant of (deep) Q-learning adapted for safety games. Why do we want to do Q-learning, if we know the transition model? Our aim is not to learn a solution to the Bellman equations. Instead, we want to compute ","element":"span"},{"style":{"fontStyle":"italic"},"text":"good enough ","element":"span"},{"text":"approximations that provide good guidance. With this goal in mind, training a neural network seems to be a reasonable approach because neural networks can capture the structure of a problem and do inference. At inference time, the network provides guidance that can be used to construct solutions.","element":"span"}],[{"text":"Our approach, which we describe below, constitutes the first attempt to integrate search and learning to do ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis. We provided and elegant and extensible algorithm with wich a variety of search and learning algorithms can be deployed. For example, the guidance obtained with the trained neural network can be used in combination with AND/OR search techniques such as AO","element":"span"},{"style":{"height":5.2},"width":16,"height":13,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-6.png","element":"img","alt":"∗","inline":true},{"text":". Similarly, the guidance can be used as heuristics with more sophisticated search techniques such as LAO","element":"span"},{"href":"#id-28","referenceIndex":14,"style":{"height":14.18},"width":159.47,"height":35.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-7.png","element":"img","alt":"∗ (Hansen","inline":true,"padRight":true},{"href":"#id-28","referenceIndex":14,"text":"and Zilberstein, ","element":"a"},{"href":"#id-28","referenceIndex":14,"text":"2001) ","element":"a"},{"text":"in service of ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis. In recent research we exploited the correspondence between ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis and AI automated planning (see, e.g., ","element":"span"},{"href":"#id-29","referenceIndex":4,"text":"(Camacho and McIlraith, ","element":"a"},{"href":"#id-29","referenceIndex":4,"text":"2019)","element":"a"},{"text":") to reduce ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis specifications into fully observable non-deterministic planning problems that can be solved with off-the-shelf planners ","element":"span"},{"href":"#id-30","referenceIndex":3,"text":"(Camacho et al., ","element":"a"},{"href":"#id-30","referenceIndex":3,"text":"2018a,","element":"a"},{"href":"#id-19","referenceIndex":5,"text":"b)","element":"a"},{"text":". The heuristic obtained with our trained neural network can be used to guide planners, also in combination with domain-independent heuristics. Similar techniques than those that we present here can be used to learn heuristics and guide planners in planning problems with ","element":"span"},{"text":"LTL ","element":"span"},{"text":"goals (see, e.g., ","element":"span"},{"href":"#id-31","referenceIndex":6,"text":"(Camacho et al., ","element":"a"},{"href":"#id-31","referenceIndex":6,"text":"2017; ","element":"a"},{"href":"#id-29","referenceIndex":4,"text":"Camacho and ","element":"a"},{"href":"#id-29","referenceIndex":4,"text":"McIlraith, ","element":"a"},{"href":"#id-29","referenceIndex":4,"text":"2019)","element":"a"},{"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"5.1 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Deep Learning for LTL Synthesis","element":"span"}],[{"text":"We propose the use of a neural network to approximate the Q function. We mainly base our inspiration on recent success in ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Deep Q-learning for MDPs ","element":"span"},{"text":"(DQN), where a neural network is used to approximate the Q function in reinforcement learning for MDPs ","element":"span"},{"href":"#id-10","referenceIndex":19,"text":"(Mnih et al., ","element":"a"},{"href":"#id-10","referenceIndex":19,"text":"2015)","element":"a"},{"text":". Our approach shares other commonalities with existing differential approaches to program synthesis that use deep learning. Like the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Neural Turing Machine ","element":"span"},{"href":"#id-32","referenceIndex":12,"text":"(Graves et al., ","element":"a"},{"href":"#id-32","referenceIndex":12,"text":"2014)","element":"a"},{"text":", which augments neural networks with external memory. In comparison, our approach uses automata as compact memory.","element":"span"}],[{"text":"For its similarities with DQN, we name our ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Deep Q-learning for ","element":"span"},{"text":"LTL ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Synthesis ","element":"span"},{"text":"approach DQS. Like DQN, DQS uses a neural network to approximate the Q function. The network is trained in batches of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"states ","element":"span"},{"text":"obtained from a prioritized experience replay buffer. Experience is obtained by running search episodes, in which the moves of the environment and system players are simulated according to some exploration policy. The Q-values estimated by the neural network are used to guide search, as well as to extract solutions. Like DQN, DQS is not guaranteed to converge to a solution to the Bellman equations. However, ","element":"span"},{"style":{"fontStyle":"italic"},"text":"good enough ","element":"span"},{"text":"approximations may provide effective guidance, and yield correct solutions to the safety game and synthesis problems. We provide further details of the components of DQS below.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Q-value network: ","element":"span"},{"text":"The Q-value network ","element":"span"},{"style":{"height":14},"width":49.62,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-8.png","element":"img","alt":" Qθ","inline":true},{"text":", with parameters ","element":"span"},{"style":{"height":10.8},"width":19,"height":27,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-9.png","element":"img","alt":" θ","inline":true},{"text":", takes as input a state vector ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":", and outputs a vector ","element":"span"},{"style":{"height":16},"width":580.23,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-10.png","element":"img","alt":" Qθ(s) = ⟨Qθ(s, 1), . . . , Qθ(s, D)⟩","inline":true},{"text":". Each ","element":"span"},{"style":{"height":16},"width":140.66,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-11.png","element":"img","alt":" Qθ(s, d)","inline":true,"padRight":true},{"text":"is an estimation of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Q","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"style":{"fontStyle":"italic"},"text":", ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"x","element":"span"},{"text":")","element":"span"},{"text":", if ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"x ","element":"span"},{"text":"is a binary representation of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"d","element":"span"},{"text":". We sometimes abuse notation, and confuse ","element":"span"},{"style":{"fontStyle":"italic"},"text":"d ","element":"span"},{"text":"with its binary representation ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"x","element":"span"},{"text":". The input of ","element":"span"},{"style":{"height":14},"width":49.61,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/6-12.png","element":"img","alt":" Qθ","inline":true,"padRight":true},{"text":"has the same dimension as the game states, i.e., the number of ","element":"span"},{"text":"automaton states in ","element":"span"},{"style":{"height":16.39},"width":52.82,"height":40.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-0.png","element":"img","alt":" Aϕ","inline":true,"padRight":true},{"text":"– or the sum of automata states, if formula decompositions are exploited. The output has ","element":"span"},{"style":{"height":14.18},"width":152.53,"height":35.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-1.png","element":"img","alt":" D = 2|X| ","inline":true,"padRight":true},{"text":"neurons. The network weights are intitialized to gaussian values close to zero.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Training episodes: ","element":"span"},{"text":"Training episodes start in the initial state of the game, ","element":"span"},{"style":{"height":9.59},"width":39.17,"height":23.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-2.png","element":"img","alt":" s1","inline":true},{"text":". Environment and system’ actions are simulated according to an exploration policy. New states are generated according to the game transition function, ","element":"span"},{"style":{"fontStyle":"italic"},"text":"T","element":"span"},{"text":", and added into a prioritized experience replay buffer. Episodes last until a horizon bound is reached, or a state ","element":"span"},{"style":{"height":16},"width":308.52,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-3.png","element":"img","alt":" s = ⟨−1, . . . , −1⟩","inline":true,"padRight":true},{"text":"is reached, or a state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"with ","element":"span"},{"text":"idx(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") ","element":"span"},{"style":{"fontStyle":"italic"},"text":"> K ","element":"span"},{"text":"is reached for some hyperparameter ","element":"span"},{"style":{"fontStyle":"italic"},"text":"K","element":"span"},{"text":". After that happens, a new training episode starts.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Exploration policy: ","element":"span"},{"text":"Different exploration policies can be designed. Here, we use an adaptation of the epsilon-greedy policy commonly used in reinforcement learning. At the beginning of each episode, with probability ","element":"span"},{"style":{"height":10},"width":24,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-4.png","element":"img","alt":" µ","inline":true},{"text":", we set an ","element":"span"},{"style":{"fontStyle":"italic"},"text":"epsilon-greedy ","element":"span"},{"text":"exploration policy for the environment player. Otherwise, we set it to be ","element":"span"},{"style":{"fontStyle":"italic"},"text":"greedy","element":"span"},{"text":". We do the same for the system player, with independent probability. Greedy environment policies are ","element":"span"},{"style":{"height":16},"width":460.32,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-5.png","element":"img","alt":" π(s) = arg maxx Qθ(s, x)","inline":true},{"text":". For the system, greedy policies are ","element":"span"},{"style":{"height":21.49},"width":800.12,"height":53.72,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-6.png","element":"img","alt":" π(s, x) = arg miny maxx′ Q(x′)θ (T(s, x, y), x′)","inline":true},{"text":". Epsilon-greedy policies select an action at random with probability ","element":"span"},{"style":{"height":0},"width":20,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-7.png","element":"img","alt":" ϵ","inline":true},{"text":", and otherwise act greedily. We use ","element":"span"},{"style":{"height":14},"width":207.38,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-8.png","element":"img","alt":" µ = ϵ = 0.2.","inline":true}],[{"style":{"fontWeight":"bold"},"text":"Batch learning step: ","element":"span"},{"text":"Learning is done in batches of states, sampled from a prioritized experience replay buffer. A learning step involves computing, for each state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"in the batch, a new estimate of the Q-values, ","element":"span"},{"style":{"height":18.83},"width":146.17,"height":47.07,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-9.png","element":"img","alt":"ˆQθ(s, x)","inline":true},{"text":". The updates in each ","element":"span"},{"style":{"height":18.83},"width":146.18,"height":47.07,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-10.png","element":"img","alt":"ˆQθ(s, x)","inline":true,"padRight":true},{"text":"do a one-step lookahead as follows:","element":"span"}],[{"style":{"width":"58%"},"width":933,"height":267,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-11.png","element":"img"}],[{"text":"where ","element":"span"},{"text":"round(","element":"span"},{"style":{"fontStyle":"italic"},"text":"x","element":"span"},{"text":") ","element":"span"},{"text":"returns the closest integer to ","element":"span"},{"style":{"fontStyle":"italic"},"text":"x","element":"span"},{"text":". The values are rounded, as co-Büchi indexes are integers. To prevent the Q-value to be learned from diverging to infinite, we bound the values by ","element":"span"},{"style":{"height":11.6},"width":131.25,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-12.png","element":"img","alt":"K < ∞","inline":true},{"text":". The idea is to deem all states ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"with ","element":"span"},{"style":{"height":16},"width":174.83,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-13.png","element":"img","alt":" V (s) ≥ K","inline":true,"padRight":true},{"text":"as losing states, and focus on producing good Q-value estimates in game states that have co-Büchi index lower than ","element":"span"},{"style":{"fontStyle":"italic"},"text":"K","element":"span"},{"text":". The batch learning step updates the network weigths as to minimize the sum of TD errors accross all the states in the batch, with some ","element":"span"},{"style":{"fontStyle":"italic"},"text":"learning rate ","element":"span"},{"style":{"height":16},"width":167.73,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-14.png","element":"img","alt":" α ∈ (0, 1)","inline":true},{"text":". The TD error in state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"is ","element":"span"},{"style":{"height":18.83},"width":379.14,"height":47.08,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-15.png","element":"img","alt":" Σx|Q(s, x) − ˆQ(s, x)|","inline":true},{"text":". To incentive solutions with low co-Büchi indexes, we perform L2 regularisation. We do a batch learning step every four exploration steps, which has reported good results in DQN ","element":"span"},{"href":"#id-10","referenceIndex":19,"text":"(Mnih et al., ","element":"a"},{"href":"#id-10","referenceIndex":19,"text":"2015)","element":"a"},{"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Prioritized experience replay buffer: ","element":"span"},{"text":"Explored states ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"along episodes are added into a ","element":"span"},{"style":{"fontStyle":"italic"},"text":"prioritized experience replay ","element":"span"},{"text":"buffer ","element":"span"},{"href":"#id-33","referenceIndex":23,"text":"(Schaul et al., ","element":"a"},{"href":"#id-33","referenceIndex":23,"text":"2016)","element":"a"},{"text":", with a preference value that equals their current TD error ","element":"span"},{"style":{"height":18.83},"width":377.42,"height":47.07,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-16.png","element":"img","alt":" Σx|Q(s, x) − ˆQ(s, x)|","inline":true},{"text":". In a learning step, a batch of states is sampled in a manner that higher preference is given to those states with higher TD error. After a batch learning step, the preference value of the sampled states are updated to their new TD error.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Double DQS: ","element":"span"},{"text":"We investigate an enhancement of DQS. We borrow ideas from ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Double DQN ","element":"span"},{"text":"(DDQN) for MDPs, where a target network is used to stabilize learning ","element":"span"},{"href":"#id-34","referenceIndex":27,"text":"(van Hasselt, ","element":"a"},{"href":"#id-34","referenceIndex":27,"text":"2010)","element":"a"},{"text":". In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Double DQS ","element":"span"},{"text":"(DDQS) we use a target network ","element":"span"},{"style":{"height":14},"width":46.61,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-17.png","element":"img","alt":" Qt","inline":true,"padRight":true},{"text":"to estimate the Q-values in the one-step lookaheads, and update ","element":"span"},{"style":{"height":14},"width":149.19,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-18.png","element":"img","alt":"Qt to Qθ","inline":true,"padRight":true},{"text":"at the end of each episode. In DDQS the equations of the batch learning step become:","element":"span"}],[{"style":{"width":"46%"},"width":743,"height":134,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-19.png","element":"img"}],[{"style":{"fontWeight":"bold"},"text":"5.2 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Solution Extraction and Verification","element":"span"}],[{"text":"An advantage of knowing the transition function ","element":"span"},{"style":{"fontStyle":"italic"},"text":"T ","element":"span"},{"text":"is that solutions extracted from the neural network can be verified for correctness. At the end of each episode, we verify whether the greedy policy for the system player obtained from the Q-value network ","element":"span"},{"style":{"height":14},"width":49.62,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-20.png","element":"img","alt":" Qθ","inline":true,"padRight":true},{"text":"is a solution to the safety game ","element":"span"},{"style":{"height":13.19},"width":184.09,"height":32.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-21.png","element":"img","alt":" GK. Recall","inline":true,"padRight":true},{"text":"that a greedy sytem policy is ","element":"span"},{"style":{"height":21.49},"width":802.68,"height":53.72,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/7-22.png","element":"img","alt":" π(s, x) = arg miny maxx′ Q(x′)θ (T(s, x, y), x′)","inline":true},{"text":". The verification ","element":"span"},{"text":"step can be performed by doing an exhaustive enumeration of all reachable game states ","element":"span"},{"style":{"height":14.8},"width":201.24,"height":37,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-0.png","element":"img","alt":" s by π, from","inline":true,"padRight":true},{"text":"the initial state ","element":"span"},{"style":{"height":9.59},"width":39.17,"height":23.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-1.png","element":"img","alt":" s1","inline":true},{"text":", and checking that all have ","element":"span"},{"text":"idx(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":") ","element":"span"},{"style":{"fontStyle":"italic"},"text":"< K","element":"span"},{"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Learning from losing gameplays: ","element":"span"},{"text":"The verification step fails when it encounters a losing partial play, that is, a partial play ","element":"span"},{"style":{"height":10.4},"width":220.6,"height":26,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-2.png","element":"img","alt":" ρ = s1 · · · sn","inline":true,"padRight":true},{"text":"with ","element":"span"},{"style":{"height":16},"width":222.18,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-3.png","element":"img","alt":" idx(sn) = K","inline":true},{"text":". When this occurs, we run a series of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"n ","element":"span"},{"text":"batch learning steps. Each batch learning step includes samples from the prioritized experience replay buffer and a state in ","element":"span"},{"style":{"height":10},"width":21,"height":25,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-4.png","element":"img","alt":" ρ","inline":true},{"text":", starting backwards from ","element":"span"},{"style":{"height":9.59},"width":56.12,"height":23.98,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-5.png","element":"img","alt":" sn.","inline":true}],[{"style":{"fontWeight":"bold"},"text":"5.3 ","element":"span"},{"style":{"fontWeight":"bold"},"text":"Stronger Supervision Signals","element":"span"}],[{"text":"One of the challenges in reinforcement learning is having to deal with sparse rewards. In our learning framework for safety games there are no rewards, but rather supervision signals that enforce the Q-value estimates in a state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"are not lower than its co-Büchi index, ","element":"span"},{"text":"idx(","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s","element":"span"},{"text":")","element":"span"},{"text":". Arguably, the problem of sparsity may also manifest in our approach when the co-Büchi index of visited states along training episodes face sparse ","element":"span"},{"style":{"fontStyle":"italic"},"text":"phase transitions ","element":"span"},{"text":"(i.e., infrequent changes). In consequence, it may take a large number of episodes for these values to be propagated in the Q-value network.","element":"span"}],[{"text":"We propose the use of a ","element":"span"},{"style":{"fontStyle":"italic"},"text":"potential ","element":"span"},{"text":"function ","element":"span"},{"style":{"height":16},"width":246.54,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-6.png","element":"img","alt":" Φ : S → [0, 1)","inline":true,"padRight":true},{"text":"to provide stronger supervision signal in the learning process. Intuitively, ","element":"span"},{"style":{"height":16},"width":81.45,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-7.png","element":"img","alt":" Φ(s)","inline":true,"padRight":true},{"text":"indicates how close the co-Büchi index of a state ","element":"span"},{"style":{"fontStyle":"italic","fontWeight":"bold"},"text":"s ","element":"span"},{"text":"= ","element":"span"},{"style":{"height":18.18},"width":255.37,"height":45.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-8.png","element":"img","alt":"⟨s(1), . . . , s(m)⟩","inline":true,"padRight":true},{"text":"is from experiencing a phase transition that increments its value. Formally:","element":"span"}],[{"style":{"width":"58%"},"width":929,"height":96,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-9.png","element":"img"}],[{"text":"where ","element":"span"},{"style":{"fontStyle":"italic"},"text":"d","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic"},"text":"q","element":"span"},{"text":") ","element":"span"},{"text":"is the distance (minimum number of outer transitions) between automaton state ","element":"span"},{"style":{"fontStyle":"italic"},"text":"q ","element":"span"},{"text":"and a rejecting state. Without loss of generality, we presume in a UCW rejecting states are reachable from any state, and thus ","element":"span"},{"style":{"fontStyle":"italic"},"text":"d","element":"span"},{"text":"(","element":"span"},{"style":{"fontStyle":"italic"},"text":"q","element":"span"},{"text":") ","element":"span"},{"text":"is well defined.","element":"span"}],[{"text":"The learning updates are redefined, as shown below, to include the supervision given by the potentials. Note, this time we take the integer part of ","element":"span"},{"style":{"height":16},"width":360.45,"height":40,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-10.png","element":"img","alt":" Qθ, floor(Qθ(s′, x′)).","inline":true}],[{"style":{"width":"57%"},"width":916,"height":267,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-11.png","element":"img"}]]},{"heading":"6 Experiments","paragraphs":[[{"text":"We implemented our Deep Q-learning approach to ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis. We used ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Spot ","element":"span"},{"href":"#id-35","referenceIndex":9,"text":"(Duret-Lutz et al., ","element":"a"},{"href":"#id-35","referenceIndex":9,"text":"2016) ","element":"a"},{"text":"to transform ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formulae into UCW automata, and Tensorflow 2.0 library for deep learning. Experiments were conducted using 2.4GHz CPU Linux machines with 10GB of memory.","element":"span"}],[{"text":"The purpose of our experiments was not to compete with state-of-the-art tools for ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis— these are much faster. Rather, we wanted to evaluate the potential for providing effective search guidance of our neural-based approach.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Hyperparameters: ","element":"span"},{"text":"We experimented with different network sizes. Interestingly, very small networks were often sufficient for learning good guidance. We fixed a network with two dense hidden layers. The number of neurons corresponded to the input size—i.e., number of UCW automaton states. We employed an ","element":"span"},{"style":{"height":0},"width":20,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-12.png","element":"img","alt":" ϵ","inline":true},{"text":"-greedy exploration policy with ","element":"span"},{"style":{"height":14},"width":197.52,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-13.png","element":"img","alt":" µ = ϵ = 0.2","inline":true},{"text":", and Adam optimizer with learning rate adjusted to ","element":"span"},{"style":{"height":11.6},"width":416.87,"height":29,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-14.png","element":"img","alt":" α = 0.005. We set K = 4","inline":true,"padRight":true},{"text":"and a horizon bound of ","element":"span"},{"text":"50 ","element":"span"},{"text":"timesteps. These numbers were set large enough to find solutions. Search stopped after 1000 episodes. We used a prioritized experience replay buffer with batch size of 32 states. The learning step in ","element":"span"},{"style":{"height":14},"width":49.61,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-15.png","element":"img","alt":" Qθ","inline":true,"padRight":true},{"text":"was done every 4 timesteps. In DDQS, the target network ","element":"span"},{"style":{"height":14},"width":46.61,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/8-16.png","element":"img","alt":" Qt","inline":true,"padRight":true},{"text":"was updated at the end of each episode.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Benchmarks: ","element":"span"},{"text":"We evaluated our system on a family of 19 ","element":"span"},{"style":{"fontStyle":"italic"},"text":"lilydemo ","element":"span"},{"text":"benchmark problems retrieved from the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis competition SYNTCOMP ","element":"span"},{"href":"#id-36","referenceIndex":26,"text":"(SYNTCOMP, ","element":"a"},{"href":"#id-36","referenceIndex":26,"text":"2019)","element":"a"},{"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Configurations: ","element":"span"},{"text":"We tested the following configurations:","element":"span"}],[{"id":"id-37","style":{"width":"96%"},"width":1523,"height":469,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-0.png","element":"img"}],[{"text":"Figure 1: Problems solved with respect to the number of episodes (left) and the number of batch learning steps (right). We compared different configurations of DQS, using a target network (DDQS), reusing losing gameplays for learning (","element":"figcaption","subtype":"caption"},{"style":{"height":4.4},"width":31,"height":11,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-1.png","element":"img","alt":"−","inline":true},{"text":"), using potentials for a stronger supervision signal (","element":"figcaption","subtype":"caption"},{"style":{"height":14.4},"width":113.8,"height":36,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-2.png","element":"img","alt":"φ), and","inline":true,"padRight":true},{"text":"using automata decompositions (dec). Each configuration was tested a total of 20 times in each of the 10 ","element":"figcaption","subtype":"caption"},{"style":{"fontStyle":"italic"},"text":"lilydemo ","element":"figcaption","subtype":"caption"},{"text":"benchmark problems.","element":"figcaption","subtype":"caption"}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"text":"DQS[","element":"span"},{"style":{"height":4.4},"width":31,"height":11,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-3.png","element":"img","alt":"−","inline":true},{"text":"]: DQS, reusing losing gameplays for learning.","element":"span"}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"text":"DDQS: Implementation of DQS with a target network.","element":"span"}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"text":"DDQS[","element":"span"},{"style":{"height":4.4},"width":31,"height":11,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-4.png","element":"img","alt":"−","inline":true},{"text":"]: DDQS, reusing losing gameplays for learning.","element":"span"}],[{"style":{"fontStyle":"italic"},"text":"• ","element":"span"},{"text":"DDQS[","element":"span"},{"style":{"height":14},"width":74.92,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-5.png","element":"img","alt":"−, φ","inline":true},{"text":"]: Like DDQS[","element":"span"},{"style":{"height":4.4},"width":31,"height":11,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-6.png","element":"img","alt":"−","inline":true},{"text":"], also using potentials for a stronger supervision signal.","element":"span"}],[{"text":"In addition, we tested the configurations above using automata decompositions of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"specifi-cation. We refer to those configurations as ","element":"span"},{"style":{"fontStyle":"italic"},"text":"dec-DDQS","element":"span"},{"text":", etc. Each configuration was tested in each benchmark a total of 20 times.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Impact of using a target network: ","element":"span"},{"text":"The Q-values learned using a target network were more realistic than those learned without a target network, which tended to learn higher Q-values. These observed results resonate with the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"optimistic ","element":"span"},{"text":"behaviour often manifested by DQN without the use of a target network. In terms of performance, DDQS was able to learn faster than DQS (i.e., wth a fewer number of episodes and batch training steps), but the differences were not huge in the benchmarks being tested (see Figure ","element":"span"},{"href":"#id-37","text":"1 ","element":"a"},{"text":"(left and right)).","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Impact of using decompositions: ","element":"span"},{"text":"The use of automata decompositions may be necessary to scale to those problems with large specifications that, for computational limitations, cannot be transformed into a single automaton. Our learned greedy policies were not able to find exact solutions in large specifications where automata decompositions become necessary. Thus, further work needs be done to better exploit the guidance of the neural network in the search for solutions. Still, we conducted a study of the the impact of automata decompositions in the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"lilydemo ","element":"span"},{"text":"benchmark set. The use of automata decompositions translated into a larger number of automaton states, and therefore, required a larger number of input neurons (see Figure ","element":"span"},{"href":"#id-38","text":"2 ","element":"a"},{"text":"(left)). The use of automata decompositions also required more training episodes and steps, but not a huge number compared to single-automaton transformations of the ","element":"span"},{"text":"LTL ","element":"span"},{"text":"formula (see Figures ","element":"span"},{"href":"#id-37","text":"1 ","element":"a"},{"text":"and ","element":"span"},{"href":"#id-38","text":"2)","element":"a"},{"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Impact of using losing gameplays: ","element":"span"},{"text":"By exploiting losing gameplays, our approaches were able to learn with fewer learning episodes and batch learning steps (see Figure ","element":"span"},{"href":"#id-37","text":"1)","element":"a"},{"text":".","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Impact of using potentials: ","element":"span"},{"text":"The use of a stronger supervision signal in the form of potentials greatly improved the learning process. We can observe in Figure ","element":"span"},{"href":"#id-37","text":"1 ","element":"a"},{"text":"(left and right) that DDQS[","element":"span"},{"style":{"height":14},"width":65.16,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-7.png","element":"img","alt":"−,φ","inline":true},{"text":"] and dec-DDQS[","element":"span"},{"style":{"height":14},"width":64.96,"height":35,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/9-8.png","element":"img","alt":"−,φ","inline":true},{"text":"] greatly outperformed all other configurations that do not make use of potentials.","element":"span"}],[{"style":{"fontWeight":"bold"},"text":"Size of controllers: ","element":"span"},{"text":"We compared the size of the controllers obtained with the learned greedy policies in the different configurations of our learning-based system, with the minimal size of the controllers that solve the benchmark problems being tested (as reported in ","element":"span"},{"href":"#id-36","referenceIndex":26,"text":"(SYNTCOMP, ","element":"a"},{"href":"#id-36","referenceIndex":26,"text":"2019)","element":"a"},{"text":"). The controllers that we produced are significantly larger than the size of the minimal controllers for each benchmark problem (see Figure ","element":"span"},{"href":"#id-38","text":"2 ","element":"a"},{"text":"(right)). This suggests that the performance of our system may benefit from","element":"span"}],[{"id":"id-38","style":{"width":"96%"},"width":1527,"height":471,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/10-0.png","element":"img"}],[{"text":"Figure 2: Left: training episodes with respect to the input size of the neural network. Datapoints from algorithms that do not use decomposition are represented with circles, and otherwise represented with crosses. Right: size of the controllers obtained with our neural-based methods, compared with the minimal size of the controllers as reported in SYNTCOMP ","element":"figcaption","subtype":"caption"},{"href":"#id-36","referenceIndex":26,"text":"(SYNTCOMP, ","element":"a","subtype":"caption"},{"href":"#id-36","referenceIndex":26,"text":"2019)","element":"a","subtype":"caption"},{"text":".","element":"figcaption","subtype":"caption"}],[{"text":"the combination of more sophisticated search techniques—other than just epsilon-greedy exploration policies, and greedy execution policies—to prune the search space.","element":"span"}]]},{"heading":"7 Discussion and Future Work","paragraphs":[[{"text":"We addressed ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis, a formulation of program synthesis from specification that is 2EXP-complete, and that automatically generates programs that are correct by construction. Exact methods have limited scalability. The development of novel techniques with the potential to scale is crucial.","element":"span"}],[{"text":"We presented the first approach to ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis that combines two scalable methods: search and learning. Our novel approach reformulates ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis as an optimization problem. We reformulated ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis as a dynamic programming problem, and explored deep Q-learning to approximate solutions. Ultimately, our objective was to train neural networks to provide good guidance. Our approach shares commonalities with neuro-symbolic and neural-guided search approaches in using learned properties to guide search. Like the ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Neural Turing Machine","element":"span"},{"text":", which augments neural networks with external memory ","element":"span"},{"href":"#id-32","referenceIndex":12,"text":"(Graves et al., ","element":"a"},{"href":"#id-32","referenceIndex":12,"text":"2014)","element":"a"},{"text":", we use ","element":"span"},{"style":{"fontStyle":"italic"},"text":"automata ","element":"span"},{"text":"as compact memory.","element":"span"}],[{"text":"We were interested in evaluating the potential for providing effective search guidance of our neural-based approach. In our experiments, we solved synthesis benchmarks by virtue of simply executing policies that acted greedily with respect to the neural network guidance. In many cases, the network was trained using only a few dozen episodes in problems whose solutions are simple, but where the size of the search space is ","element":"span"},{"style":{"height":17.38},"width":118.02,"height":43.46,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/10-1.png","element":"img","alt":" O(230)","inline":true,"padRight":true},{"text":"or more. Furthermore, we found that simple enhancements, like reusing losing plays, could significantly improve performance. We also found that using potentials to strengthen the supervision signal proved extremely beneficial. While we did not solve the largest benchmark problems in SYNTCOMP, and our approach did not manifest state-of-the-art performance, we believe that the combination of learning and search proposed here provides a foundation for ","element":"span"},{"text":"LTL ","element":"span"},{"text":"synthesis and opens a new avenue for research.","element":"span"}]]},{"heading":"References","paragraphs":[[{"id":"id-8","text":"Balog, M., Gaunt, A. L., Brockschmidt, M., Nowozin, S., and Tarlow, D. (2017). Deepcoder: ","element":"span"},{"text":"Learning to write programs. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 5th International Conference on Learning Representations (ICLR)","element":"span"},{"text":".","element":"span"}],[{"id":"id-18","text":"Bohy, A., Bruyère, V., Filiot, E., Jin, N., and Raskin, J. (2012). Acacia+, a tool for LTL synthesis. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 24th International Conference on Computer Aided Verification (CAV)","element":"span"},{"text":", pages 652–657.","element":"span"}],[{"id":"id-30","text":"Camacho, A., Baier, J. A., Muise, C. J., and McIlraith, S. A. (2018a). Finite LTL synthesis as ","element":"span"},{"text":"planning. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 28th International Conference on Automated Planning and Scheduling (ICAPS)","element":"span"},{"text":", pages 29–38.","element":"span"}],[{"id":"id-29","text":"Camacho, A. and McIlraith, S. A. (2019). Strong fully observable non-deterministic planning with ","element":"span"},{"text":"LTL and LTL-f goals. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI)","element":"span"},{"text":", pages 5523–5531.","element":"span"}],[{"id":"id-19","text":"Camacho, A., Muise, C. J., Baier, J. A., and McIlraith, S. A. (2018b). LTL realizability via safety ","element":"span"},{"text":"and reachability games. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 27th International Joint Conference on Artificial Intelligence (IJCAI)","element":"span"},{"text":", pages 4683–4691.","element":"span"}],[{"id":"id-31","text":"Camacho, A., Triantafillou, E., Muise, C. J., Baier, J. A., and McIlraith, S. A. (2017). ","element":"span"},{"text":"Nondeterministic planning with temporally extended goals: LTL over finite and infinite traces. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 31st AAAI Conference on Artificial Intelligence (AAAI)","element":"span"},{"text":", pages 3716–3724.","element":"span"}],[{"id":"id-7","text":"Chen, X., Liu, C., and Song, D. (2018). Towards synthesizing complex programs from input-output ","element":"span"},{"text":"examples. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 6th International Conference on Learning Representations (ICLR)","element":"span"},{"text":".","element":"span"}],[{"id":"id-0","text":"Church, A. (1957). Applications of recursive arithmetic to the problem of circuit synthesis. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Summaries of the Summer Institute of Symbolic Logic, Cornell University 1957","element":"span"},{"text":", 1:3–50.","element":"span"}],[{"id":"id-35","text":"Duret-Lutz, A., Lewkowicz, A., Fauchille, A., Michaud, T., Renault, E., and Xu, L. (2016). Spot 2.0 ","element":"span"},{"text":"— a framework for LTL and ","element":"span"},{"style":{"height":6.8},"width":25,"height":17,"src":"https://cdn.bytez.com/mobilePapers/v2/arxiv/1912.13430/images/11-0.png","element":"img","alt":" ω","inline":true},{"text":"-automata manipulation. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 14th International Symposium on Automated Technology for Verification and Analysis (ATVA)","element":"span"},{"text":", volume 9938 of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Lecture notes in Computer Science","element":"span"},{"text":", pages 122–129. Springer.","element":"span"}],[{"id":"id-4","text":"Ellis, K., Solar-Lezama, A., and Tenenbaum, J. (2016). Sampling for Bayesian program learning. ","element":"span"},{"text":"In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 28th Annual Conference on Advances in Neural Information Processing Systems (NIPS)","element":"span"},{"text":", pages 1289–1297.","element":"span"}],[{"id":"id-9","text":"Gaunt, A. L., Brockschmidt, M., Singh, R., Kushman, N., Kohli, P., Taylor, J., and Tarlow, D. (2016). ","element":"span"},{"text":"Terpret: A probabilistic programming language for program induction. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"CoRR","element":"span"},{"text":", abs/1608.04428.","element":"span"}],[{"id":"id-32","text":"Graves, A., Wayne, G., and Danihelka, I. (2014). Neural turing machines. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"CoRR","element":"span"},{"text":", abs/1410.5401.","element":"span"}],[{"id":"id-3","text":"Gulwani, S. (2016). Programming by examples - and its applications in data wrangling. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Dependable Software Systems Engineering","element":"span"},{"text":", volume 45 of ","element":"span"},{"style":{"fontStyle":"italic"},"text":"NATO Science for Peace and Security Series - D: Information and Communication Security","element":"span"},{"text":", pages 137–158. IOS Press.","element":"span"}],[{"id":"id-28","text":"Hansen, E. A. and Zilberstein, S. (2001). Lao","element":"span"},{"text":"*","element":"span"},{"text":": A heuristic search algorithm that finds solutions with loops. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Artificial Intelligence","element":"span"},{"text":", 129(1-2):35–62.","element":"span"}],[{"id":"id-2","text":"Jacobs, S., Bloem, R., Colange, M., Faymonville, P., Finkbeiner, B., Khalimov, A., Klein, F., ","element":"span"},{"text":"Luttenberger, M., Meyer, P. J., Michaud, T., Sakr, M., Sickert, S., Tentrup, L., and Walker, A. (2019). The 5th reactive synthesis competition (SYNTCOMP 2018): Benchmarks, participants & results. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"CoRR","element":"span"},{"text":", abs/1904.07736.","element":"span"}],[{"id":"id-24","text":"Jobstmann, B. and Bloem, R. (2006). Optimizations for LTL synthesis. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 6th International Conference on Formal Methods in Computer-Aided Design (FMCAD)","element":"span"},{"text":", pages 117–124.","element":"span"}],[{"id":"id-15","text":"Kupferman, O. and Vardi, M. Y. (2005). Safraless decision procedures. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 46th IEEE Symposium on Foundations of Computer Science (FOCS)","element":"span"},{"text":", pages 531–542.","element":"span"}],[{"id":"id-25","text":"Littman, M. L. (1994). Markov games as a framework for multi-agent reinforcement learning. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 11th International Conference on Machine Learning (ICML)","element":"span"},{"text":", pages 157–163.","element":"span"}],[{"id":"id-10","text":"Mnih, V., Kavukcuoglu, K., Silver, D., Rusu, A. A., Veness, J., Bellemare, M. G., Graves, A., ","element":"span"},{"text":"Riedmiller, M. A., Fidjeland, A., Ostrovski, G., Petersen, S., Beattie, C., Sadik, A., Antonoglou, I., King, H., Kumaran, D., Wierstra, D., Legg, S., and Hassabis, D. (2015). Human-level control through deep reinforcement learning. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Nature","element":"span"},{"text":", 518(7540):529–533.","element":"span"}],[{"id":"id-5","text":"Parisotto, E., Mohamed, A., Singh, R., Li, L., Zhou, D., and Kohli, P. (2017). Neuro-symbolic ","element":"span"},{"text":"program synthesis. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 5th International Conference on Learning Representations (ICLR)","element":"span"},{"text":".","element":"span"}],[{"id":"id-13","text":"Pnueli, A. (1977). The temporal logic of programs. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 18th IEEE Symposium on Foundations of Computer Science (FOCS)","element":"span"},{"text":", pages 46–57.","element":"span"}],[{"id":"id-1","text":"Pnueli, A. and Rosner, R. (1989). On the synthesis of a reactive module. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","element":"span"},{"text":", pages 179–190.","element":"span"}],[{"id":"id-33","text":"Schaul, T., Quan, J., Antonoglou, I., and Silver, D. (2016). Prioritized experience replay. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 4th International Conference on Learning Representations (ICLR)","element":"span"},{"text":".","element":"span"}],[{"id":"id-16","text":"Schewe, S. and Finkbeiner, B. (2007). Bounded synthesis. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 5th International Symposium on Automated Technology for Verification and Analysis (ATVA)","element":"span"},{"text":", pages 474–488.","element":"span"}],[{"id":"id-11","text":"Silver, D., Hubert, T., Schrittwieser, J., Antonoglou, I., Lai, M., Guez, A., Lanctot, M., Sifre, L., ","element":"span"},{"text":"Kumaran, D., Graepel, T., Lillicrap, T. P., Simonyan, K., and Hassabis, D. (2018). A general reinforcement learning algorithm that masters chess, shogi, and go through self-play. ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Science","element":"span"},{"text":", 362:1140–1144.","element":"span"}],[{"id":"id-36","text":"SYNTCOMP (2019). The reactive synthesis competition. ","element":"span"},{"href":"http://www.syntcomp.org","style":{"fontFamily":"monospace"},"text":"http://www.syntcomp.org","element":"a"},{"text":". Accessed: 2019-10-31.","element":"span"}],[{"id":"id-34","text":"van Hasselt, H. (2010). Double q-learning. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 24th Annual Conference on Advances in Neural Information Processing Systems (NIPS)","element":"span"},{"text":", pages 2613–2621.","element":"span"}],[{"id":"id-6","text":"Zhang, L., Rosenblatt, G., Fetaya, E., Liao, R., Byrd, W. E., Might, M., Urtasun, R., and Zemel, R. S. ","element":"span"},{"text":"(2018). Neural guided constraint logic programming for program synthesis. In ","element":"span"},{"style":{"fontStyle":"italic"},"text":"Proceedings of the 31st Annual Conference on Advances in Neural Information Processing Systems (NeurIPS)","element":"span"},{"text":", pages 1744–1753.","element":"span"}]]}],"_version":"3.3.4"},"paperNode":"$25:props:children:props:children:0:props:product"}]]