Environment Assumptions for Synthesis

The synthesis problem asks to construct a reactive finite-state system from an $\omega$-regular specification. Initial specifications are often unrealizable, which means that there is no system that implements the specification. A common reason for unrealizability is that assumptions on the environment of the system are incomplete. We study the problem of correcting an unrealizable specification $\phi$ by computing an environment assumption $\psi$ such that the new specification $\psi\to\phi$ is realizable. Our aim is to construct an assumption $\psi$ that constrains only the environment and is as weak as possible. We present a two-step algorithm for computing assumptions. The algorithm operates on the game graph that is used to answer the realizability question. First, we compute a safety assumption that removes a minimal set of environment edges from the graph. Second, we compute a liveness assumption that puts fairness conditions on some of the remaining environment edges. We show that the problem of finding a minimal set of fair edges is computationally hard, and we use probabilistic games to compute a locally minimal fairness assumption.

💡 Research Summary

The paper addresses a fundamental obstacle in reactive synthesis: many ω‑regular specifications are unrealizable because the assumptions on the environment are too weak. The authors propose a systematic method to automatically generate an environment assumption ψ such that the strengthened specification ψ→ϕ becomes realizable, while ensuring that ψ constrains only the environment and is as weak as possible. Their approach is grounded in the game‑theoretic formulation of synthesis. A specification ϕ is realizable exactly when player 1 (the system) has a winning strategy in a two‑player turn‑based game graph constructed from ϕ. If ϕ is unrealizable, player 2 (the environment) has a winning region, and the edges that player 2 can use from that region are the source of the problem.

The algorithm proceeds in two stages. First, a safety assumption is computed by removing a minimal set of environment edges. This corresponds to finding a minimum cut that separates the initial state from the winning region of player 1. The cut can be obtained in polynomial time using standard max‑flow/min‑cut techniques, and the resulting graph guarantees that any remaining play never violates the safety part of the specification.

Second, a liveness (fairness) assumption is added because safety alone may still leave the game unwinnable for player 1. The remaining environment edges are examined for those that could be taken infinitely often by player 2, thereby preventing player 1 from satisfying its liveness objective. The authors formalize the problem of selecting a minimal set of such edges as the “minimal fair‑edge set” problem and prove it is NP‑hard. Consequently, they do not aim for a global optimum; instead they devise a polynomial‑time procedure that yields a locally minimal fairness assumption. The key insight is a reduction from deterministic parity games to probabilistic parity games: by turning the game into a stochastic one where the environment’s choice is modeled probabilistically, one can compute a set of edges whose removal makes the probability of winning for player 1 equal to one. For Büchi and co‑Büchi specifications this reduction runs in linear time; for general parity objectives it lies in NP∩coNP.

The constructed assumption ψ is the conjunction of the safety and liveness parts. Importantly, ψ itself is environment‑realizable: there exists an environment strategy that satisfies ψ without restricting the system’s outputs. Thus ψ truly captures only environment constraints. The authors illustrate the method on several examples, notably a simple hardware controller with signals req, cancel, and grant. The original specification requires every request to be eventually granted and that grant be low after a cancel or after being high. The environment can force cancel forever, making the spec unrealizable. The algorithm automatically derives a weak yet sufficient assumption such as “if a request occurs, the environment must eventually stop canceling unless a grant has already been issued,” which is far more permissive than the naïve G ¬cancel.

Compared with related work, this paper differs in three respects. First, it derives assumptions solely from the specification, without any reference to a concrete system design. Second, it seeks the weakest possible environment restriction, rather than merely any sufficient restriction. Third, it introduces a novel use of probabilistic games to compute locally minimal fairness assumptions, a technique not previously applied to synthesis.

The contributions can be summarized as follows:

1. Formal definition of the environment‑assumption synthesis problem and justification of why a unique weakest assumption may not exist or may be hard to compute.
2. Polynomial‑time algorithm for the safety part based on minimum cuts.
3. Proof of NP‑hardness for the minimal fairness‑edge problem and a practical polynomial‑time heuristic using probabilistic parity games.
4. Complexity analysis showing linear‑time solutions for Büchi/co‑Büchi and NP∩coNP for general parity objectives.
5. Experimental validation on benchmark specifications, demonstrating that the generated assumptions are natural and useful for designers.

In conclusion, the paper provides a rigorous, game‑theoretic framework for automatically strengthening unrealizable specifications by computing minimal environment assumptions. This advances the state of the art in reactive synthesis, offering a tool that can help designers identify missing environmental constraints, generate realistic test environments, and ultimately produce implementable systems from high‑level specifications. Future directions include quantitative measures of assumption weakness, compositional handling of multiple specifications, and integration with existing synthesis toolchains for industrial case studies.