A LTL Fragment for GR(1)-Synthesis

The idea of automatic synthesis of reactive programs starting from temporal logic (LTL) specifications is quite old, but was commonly thought to be infeasible due to the known double exponential complexity of the problem. However, new ideas have recently renewed the interest in LTL synthesis: One major new contribution in this area is the recent work of Piterman et al. who showed how polynomial time synthesis can be achieved for a large class of LTL specifications that is expressive enough to cover many practical examples. These LTL specifications are equivalent to omega-automata having a so-called GR(1) acceptance condition. This approach has been used to automatically synthesize implementations of real-world applications. To this end, manually written deterministic omega-automata having GR(1) conditions were used instead of the original LTL specifications. However, manually generating deterministic monitors is, of course, a hard and error-prone task. In this paper, we therefore present algorithms to automatically translate specifications of a remarkable large fragment of LTL to deterministic monitors having a GR(1) acceptance condition so that the synthesis algorithms can start with more readable LTL specifications.

💡 Research Summary

The paper addresses a major practical obstacle in the application of GR(1) synthesis: the manual construction of deterministic Büchi automata from LTL specifications. While Piterman et al. showed that GR(1) specifications—implications of the form “assumptions → guarantees” where each conjunct is a Büchi condition—can be synthesized in polynomial time, the prerequisite deterministic automata have traditionally been produced by hand, a process that is both error‑prone and time‑consuming. The authors propose a fully automated pipeline that takes a large fragment of LTL, determines whether it belongs to the GR(1) class, and then constructs the required deterministic automata using a symbolic determinization technique.

The first contribution is a syntactic approximation based on the well‑known temporal‑logic hierarchy (safety, liveness, Büchi, co‑Büchi, and their Boolean closures). By recursively analysing the structure of an LTL formula, the algorithm decides whether the formula can be represented by a deterministic Büchi automaton. This check is purely syntactic; it never produces false positives, though it may reject some formulas that are in fact GR(1)‑compatible. Empirical evidence shows that the rejection rate is negligible for realistic specifications.

The second contribution exploits the observation that the negation of any formula that can be turned into a deterministic Büchi automaton can be expressed as a nondeterministic co‑Büchi automaton. Nondeterministic co‑Büchi automata admit an efficient symbolic determinization via the Breakpoint construction. The Breakpoint construction works by maintaining two sets of states—“active” and “waiting”—and can be implemented using binary decision diagrams (BDDs), enabling compact symbolic representation of potentially huge state spaces. After determinizing the co‑Büchi automaton, a final negation yields a deterministic Büchi automaton equivalent to the original LTL formula.

The authors implemented the entire workflow: (1) syntactic GR(1) membership testing, (2) translation of the formula into a nondeterministic co‑Büchi automaton, (3) symbolic Breakpoint determinization, and (4) conversion back to a deterministic Büchi automaton. The resulting automata are fed directly into an existing GR(1) synthesis engine (based on the algorithms of Piterman et al.) to produce a winning strategy, i.e., a Mealy machine that implements the system’s output behavior.

The paper validates the approach on three case studies: (a) a protocol from ARM’s Advanced Micro‑System Bus (AMBA) architecture, (b) a generalized buffer example used in IBM’s RuleBase system, and (c) a robot control scenario. In each case, the automatically generated deterministic automata matched the manually crafted ones in size and structure, while the automated translation step required only a few seconds. The overall synthesis time was dominated by the GR(1) game solving phase, not by the translation, demonstrating that the proposed method does not introduce a performance bottleneck.

In conclusion, the work bridges the gap between high‑level LTL specifications and the low‑level deterministic automata required for GR(1) synthesis. By eliminating the manual determinization step, it reduces human error, shortens development cycles, and makes GR(1) synthesis more accessible to practitioners. The authors suggest future extensions to cover larger LTL fragments, to integrate other acceptance conditions such as Streett or Rabin, and to explore further symbolic optimizations.