Safety first: a two-stage algorithm for the synthesis of reactive systems

In the game-theoretic approach to the synthesis of reactive systems, specifications are often expressed as ω-regular languages. Computing a winning strategy to an infinite game whose winning condition is an ω-regular language is then the main step in obtaining an implementation. Conjoining all the properties of a specification to obtain a monolithic game suffers from the doubly exponential determinization that is required. Despite the success of symbolic algorithms, the monolithic approach is not practical. Existing techniques achieve efficiency by imposing restrictions on the ω-regular languages they deal with. In contrast, we present an approach that achieves improvement in performance through the decomposition of the problem while still accepting the full set of ω-regular languages. Each property is translated into a deterministic ω-regular automaton explicitly while the two-player game defined by the collection of automata is played symbolically. Safety and persistence properties usually make up the majority of a specification. We take advantage of this by solving the game incrementally. Each safety and persistence property is used to gradually construct the parity game. Optimizations are applied after each refinement of the graph. This process produces a compact symbolic encoding of the parity game. We then compose the remaining properties and solve one final game after possibly solving smaller games to further optimize the graph. An implementation is finally derived from the winning strategies computed. We compare the results of our tool to those of the synthesis tool Anzu.     

The first learning track of the international planning competition

The International Planning Competition is a biennial event organized in the context of the International Conference on Automated Planning and Scheduling. The 2008 competition included, for the first time, a learning track for comparing approaches for improving automated planners via learning. In this paper, we describe the structure of the learning track, the planning domains used for evaluation, the participating systems, the results, and our observations. Towards supporting the goal of domain-independent learning, one of the key features of the competition was to disallow any code changes or parameter tweaks after the training domains were revealed to the participants. The competition results show that at this stage no learning for planning system outperforms state-of-the-art planners in a domain independent manner across a wide range of domains. However, they appear to be close to providing such performance. Evaluating learning for planning systems in a blind competition raises important questions concerning criteria that should be taken into account in future competitions.     

802.11标准的不安全性(上)--截取移动通信中的信息

无线网络中所使用标准是IEEE802.11,它包含一个WEP(Wired EquivalentPrivacy)协议, 用来防止链路层通信上的窃听或其他攻击。我们已经发现了这个协议中几个严重的安全缺陷,而这归因于密码原理的误用。这些缺陷导致了一些实际攻击,从而表明WEP并没有达到它所预期的安全目标。在本篇论文中,我们将对每一个缺陷,根本性的安全原理以及随之而产生的攻击进行详细的讨论。     

The reactive simulatability (RSIM) framework for asynchronous systems

We define reactive simulatability for general asynchronous systems. Roughly, simulatability means that a real system implements an ideal system (specification) in a way that preserves security in a general cryptographic sense. Reactive means that the system can interact with its users multiple times, e.g., in many concurrent protocol runs or a multi-round game. In terms of distributed systems, reactive simulatability is a type of refinement that preserves particularly strong properties, in particular confidentiality. A core feature of reactive simulatability is composability, i.e., the real system can be plugged in instead of the ideal system within arbitrary larger systems; this is shown in follow-up papers, and so is the preservation of many classes of individual security properties from the ideal to the real systems.A large part of this paper defines a suitable system model. It is based on probabilistic IO automata (PIOA) with two main new features: One is generic distributed scheduling. Important special cases are realistic adversarial scheduling, procedure-call-type scheduling among colocated system parts, and special schedulers such as for fairness, also in combinations. The other is the definition of the reactive runtime via a realization by Turing machines such that notions like polynomial-time are composable. The simple complexity of the transition functions of the automata is not composable.As specializations of this model we define security-specific concepts, in particular a separation between honest users and adversaries and several trust models.The benefit of IO automata as the main model, instead of only interactive Turing machines as usual in cryptographic multi-party computation, is that many cryptographic systems can be specified with an ideal system consisting of only one simple, deterministic IO automaton without any cryptographic objects, as many follow-up papers show. This enables the use of classic formal methods and automatic proof tools for proving larger distributed protocols and systems that use these cryptographic systems.     

Dynamic hierarchical reactive controller synthesis

In the formal approach to reactive controller synthesis, a symbolic controller for a possibly hybrid system is obtained by algorithmically computing a winning strategy in a two-player game. Such game-solving algorithms scale poorly as the size of the game graph increases. However, in many applications, the game graph has a natural hierarchical structure. In this paper, we propose a modeling formalism and a synthesis algorithm that exploits this hierarchical structure for more scalable synthesis. We define local games on hierarchical graphs as a modeling formalism that decomposes a large-scale reactive synthesis problem in two dimensions. First, the construction of a hierarchical game graph introduces abstraction layers, where each layer is again a two-player game graph. Second, every such layer is decomposed into multiple local game graphs, each corresponding to a node in the higher level game graph. While local games have the potential to reduce the state space for controller synthesis, they lead to more complex synthesis problems where strategies computed for one local game can impose additional requirements on lower-level local games. Our second contribution is a procedure to construct a dynamic controller for local game graphs over hierarchies. The controller computes assume-admissible winning strategies that satisfy local specifications in the presence of environment assumptions, and dynamically updates specifications and strategies due to interactions between games at different abstraction layers at each step of the play. We show that our synthesis procedure is sound: the controller constructs a play that satisfies all local specifications. We illustrate our results through an example controlling an autonomous robot in a building with known floor plan and provide simulation results using an implementation of our algorithm on top of LTLMoP.     

The hierarchical fair competition (HFC) framework for sustainable evolutionary algorithms

Many current Evolutionary Algorithms (EAs) suffer from a tendency to converge prematurely or stagnate without progress for complex problems. This may be due to the loss of or failure to discover certain valuable genetic material or the loss of the capability to discover new genetic material before convergence has limited the algorithm's ability to search widely. In this paper, the Hierarchical Fair Competition (HFC) model, including several variants, is proposed as a generic framework for sustainable evolutionary search by transforming the convergent nature of the current EA framework into a non-convergent search process. That is, the structure of HFC does not allow the convergence of the population to the vicinity of any set of optimal or locally optimal solutions. The sustainable search capability of HFC is achieved by ensuring a continuous supply and the incorporation of genetic material in a hierarchical manner, and by culturing and maintaining, but continually renewing, populations of individuals of intermediate fitness levels. HFC employs an assembly-line structure in which subpopulations are hierarchically organized into different fitness levels, reducing the selection pressure within each subpopulation while maintaining the global selection pressure to help ensure the exploitation of the good genetic material found. Three EAs based on the HFC principle are tested - two on the even-10-parity genetic programming benchmark problem and a real-world analog circuit synthesis problem, and another on the HIFF genetic algorithm (GA) benchmark problem. The significant gain in robustness, scalability and efficiency by HFC, with little additional computing effort, and its tolerance of small population sizes, demonstrates its effectiveness on these problems and shows promise of its potential for improving other existing EAs for difficult problems. A paradigm shift from that of most EAs is proposed: rather than trying to escape from local optima or delay convergence at a local optimum, HFC allows the emergence of new optima continually in a bottom-up manner, maintaining low local selection pressure at all fitness levels, while fostering exploitation of high-fitness individuals through promotion to higher levels.     

列队竞争算法综合质量交换网络

在目前现有的2种质量交换网络综合方法的基础上,本文提出了1种新的基于组分区间法的质量交换网络超结构描述,建立了相应的以总费用最小为目标的质量交换网络超结构数学模型,并用列队竞争算法对该混合整数非线性规划问题(MINLP)进行了求解.为验证本方法的有效性,本文对2个实例进行了求解,求解结果略优于文献结果,说明了本文方法的可行性.     

Supervisory control and reactive synthesis: a comparative introduction

This paper presents an introduction to and a formal connection between synthesis problems for discrete event systems that have been considered, largely separately, in the two research communities of supervisory control in control engineering and reactive synthesis in computer science. By making this connection mathematically precise in a paper that attempts to be as self-contained as possible, we wish to introduce these two research areas to non-expert readers and at the same time to highlight how they can be bridged in the context of classical synthesis problems. After presenting general introductions to supervisory control theory and reactive synthesis, we provide a novel reduction of the basic supervisory control problem, non-blocking case, to a problem of reactive synthesis with plants and with a maximal permissiveness requirement. The reduction is for fully-observed systems that are controlled by a single supervisor/controller. It complements prior work that has explored problems at the interface of supervisory control and reactive synthesis. The formal bridge constructed in this paper should be a source of inspiration for new lines of investigation that will leverage the power of the synthesis techniques that have been developed in these two areas.     

亚硝酸甲酯合成过程中反应精馏塔的模拟与优化

煤制乙二醇工艺过程是重要的煤化工过程,目前对其的研究都未涉及到工艺参数的优化。本文采用Aspen Plus软件,结合煤制乙二醇工艺过程中亚硝酸甲酯合成反应精馏的特点,选用合适的反应动力学模型,对亚硝酸甲酯的反应精馏塔进行模拟。利用灵敏度分析模块,考察了全塔理论板数,进料位置和回流比等对塔顶亚硝酸甲酯质量流率的影响。研究发现全塔理论板数为41块、气相进料和液相甲醇最佳进料塔板位置分别为第35块和第1块、质量回流比为0.156时,得到的塔顶亚硝酸甲酯的质量流率比较高,该值与设计值误差为1.9%。本文的研究结果将为工业生产提供重要的参考。     

The SAT2002 competition

SAT Competition 2002 held in March–May 2002 in conjunction with SAT 2002 (the Fifth International Symposium on the Theory and Applications of Satisfiability Testing). About 30 solvers and 2300 benchmarks took part in the competition, which required more than 2 CPU years to complete the evaluation. In this report, we give the results of the competition, try to interpret them, and give suggestions for future competitions.