About JTLV, see http://jtlv.ysaar.net/
Determine whether the spec in smv_file and spc_file is realizable without extracting an automaton.
Input:
Compute an automaton satisfying the spec in smv_file and spc_file and store in aut_file. Return the realizability of the spec.
Input:
smv_file: a string that specifies the name of the smv file.
spc_file: a string that specifies the name of the spc file.
aut_file: a string that specifies the name of the file containing the resulting automaton.
heap_size: a string that specifies java heap size.
priority_kind: a string of length 3 or an integer that specifies the type of priority used in extracting the automaton. Possible values of priority_kind are:
- 3 - ‘ZYX’
- 7 - ‘ZXY’
- 11 - ‘YZX’
- 15 - ‘YXZ’
- 19 - ‘XZY’
- 23 - ‘XYZ’
Here X means that the controller tries to disqualify one of the environment assumptions, Y means that the controller tries to advance with a finite path to somewhere, and Z means that the controller tries to satisfy one of his guarantees.
init_option: an integer in that specifies how to handle the initial state of the system. Possible values of init_option are
- 0 - The system has to be able to handle all the possible initial system states specified on the guarantee side of the specification.
- 1 (default) - The system can choose its initial state, in response to the initial environment state. For each initial environment state, the resulting automaton contains exactly one initial system state, starting from which the system can satisfy the specification.
- 2 - The system can choose its initial state, in response to the initial environment state. For each initial environment state, the resulting automaton contain all the possible initial system states, starting from which the system can satisfy the specification.
file_exist_option: a string that indicate what to do when the specified aut_file exists. Possible values are: ‘a’ (ask whether to replace or create a new file), ‘r’ (replace the existing file), ‘n’ (create a new file).
verbose: an integer that specifies the level of verbosity.
Generate JTLV input files: smv_file and spc_file.
Input:
Return a list of dictionary, each representing a counter example.
Input:
Set the name of the jtlv executable.
Input:
Set path to jtlv_grgame.jar.
Input:
Compute an automaton satisfying the spec in smv_file and spc_file and store in aut_file. Return the realizability of the spec.
Input:
smv_file: a string that specifies the name of the smv file.
spc_file: a string that specifies the name of the spc file.
aut_file: a string that specifies the name of the file containing the resulting automaton.
heap_size: a string that specifies java heap size.
priority_kind: a string of length 3 or an integer that specifies the type of priority used in extracting the automaton. Possible values of priority_kind are:
- 3 - ‘ZYX’
- 7 - ‘ZXY’
- 11 - ‘YZX’
- 15 - ‘YXZ’
- 19 - ‘XZY’
- 23 - ‘XYZ’
Here X means that the controller tries to disqualify one of the environment assumptions, Y means that the controller tries to advance with a finite path to somewhere, and Z means that the controller tries to satisfy one of his guarantees.
init_option: an integer in that specifies how to handle the initial state of the system. Possible values of init_option are
- 0 - The system has to be able to handle all the possible initial system states specified on the guarantee side of the specification.
- 1 (default) - The system can choose its initial state, in response to the initial environment state. For each initial environment state, the resulting automaton contains exactly one initial system state, starting from which the system can satisfy the specification.
- 2 - The system can choose its initial state, in response to the initial environment state. For each initial environment state, the resulting automaton contain all the possible initial system states, starting from which the system can satisfy the specification.
file_exist_option: a string that indicate what to do when the specified aut_file exists. Possible values are: ‘a’ (ask whether to replace or create a new file), ‘r’ (replace the existing file), ‘n’ (create a new file).
verbose: an integer that specifies the level of verbosity.
Compute an automaton satisfying spec. Return the realizability of spec.
If spec is realizable, the resulting automaton will be stored in the aut_file. Otherwise, the counter examples will be stored. This function essentially combines generateJTLVInput and computeStrategy
Input:
Automaton class for representing a finite state automaton. An Automaton object contains the following field:
Automaton([states_or_file, varname, verbose]) constructs an Automaton object based on the following input:
Add an AutomatonState object to this automaton.
Input:
Generate a python-graph representation of this automaton, stored in ‘self.pygraph’
Return string of automaton conforming to tulipcon XML.
If pretty is True, then use indentation and newlines to make the resulting XML string more visually appealing. idt_level is the base indentation level on which to create automaton string. This level is only relevant if pretty=True.
Note that name subtags within aut tag are left blank.
Return list of nodes consistent with the given fragment.
state_frag should be a dictionary. We say the state in a node is ``consistent’’ with the fragment if for every variable appearing in state_frag, the valuations in state_frag and the node are the same.
E.g., let aut be an instance of Automaton. Then aut.findAllAutPartState({“foobar” : 1}) would return a list of nodes (instances of AutomatonState) in which the variable “foobar” is 1 (true).
Return all the AutomatonState objects stored in this automaton whose state matches state. Return -1 if such an AutomatonState objects is not found.
Input:
Return the first AutomatonState object stored in this automaton whose state matches state. Return -1 if such an AutomatonState objects is not found.
Input:
Return the next AutomatonState object based on env_state. Return -1 if such an AutomatonState object is not found.
Input:
Find all nodes that include given ID in their outward transitions.
If the automaton is viewed as a directed graph, and the given ID corresponds to node v, then we are interested in all v’in V such that (v’,v) is an edge in the graph.
(Comments on efficiency.) The automaton is stored as a tree, where parents connect to children as in a linked list. Thus given a node, finding the set of outward edges takes constant time, whereas finding the inward set (as done by this method) requires searching the set of nodes and their respective transition sets; so, O(N*M) time, where N is the number of nodes and M is the average number of outward edges.
Return list of nodes (instances of AutomatonState), or None on error.
Return list of nodes that are initial, i.e., have empty In set.
N.B., the set of initial nodes is not saved, so every time you call getAutInit, all nodes are checked for empty inward edge sets, which itself incurs a search cost (cf. doc for method getAutInSet).
Return an AutomatonState object stored in this Automaton object whose id is aut_state_id. Raise IndexError if such AutomatonState object does not exist.
Input:
Construct an automation from aut_file.
Input:
Recreate automaton states from ‘self.pygraph’.
Merge and update transition listings as needed. N.B., this method will change IDs after trimming to ensure indexing still works (since self.states attribute is a list).
Read an automaton from given string conforming to tulipcon XML.
N.B., on a successful processing of the given string, the original Automaton instance to which this method is attached is replaced with the new structure. On failure, however, the original Automaton is untouched.
The argument x can also be an instance of xml.etree.ElementTree._ElementInterface ; this is mainly for internal use, e.g. by the function untagpolytope and some load/dumpXML methods elsewhere.
Return True on success; on failure, return False or raise exception.
Set the state of the AutomatonState object whose id is aut_state_id to aut_state_state. If such an AutomatoSstate object does not exist, an AutomatonState object whose id is aut_state_id and whose state is aut_state_state will be added.
Input:
Set the transition of the AutomatonState object whose id is aut_state_id to aut_state_transition. If such automaton state does not exist, an AutomatonState whose id is aut_state_id and whose transition is aut_state_transition will be added.
Input:
Recursively delete states with no outgoing transitions.
Merge and update transition listings as needed. N.B., this method will change IDs after trimming to ensure indexing still works (since self.states attribute is a list).
DEFUNCT UNTIL FURTHER NOTICE!
Combine states whose valuation of variables is identical
Merge and update transition listings as needed. N.B., this method will change IDs after trimming to ensure indexing still works (since self.states attribute is a list).
Return False on failure; True otherwise (success).
Delete all states that are inaccessible from the given state.
Merge and update transition listings as needed. N.B., this method will change IDs after trimming to ensure indexing still works (since self.states attribute is a list).
Write automaton to Graphviz DOT file.
In each state, the node ID and nonzero variables and their value (in that state) are listed. This style is motivated by Boolean variables, but applies to all variables, including those taking arbitrary integer values.
N.B., to allow for trace memory (manifested as ``rank’’ in JTLV output), we include an ID for each node. Thus, identical valuation of variables does not imply state equivalency (confusingly).
If hideZeros is True, then for each vertex (in the DOT diagram) variables taking the value 0 are not shown. This may lead to more succinct diagrams when many boolean variables are involved. The default if False, i.e. show all variable values.
It is possible to break states into a linear sequence of steps for visualization purposes using the argument distinguishTurns. If not None, distinguishTurns should be a dictionary with keys as strings indicating the agent (e.g. “env” and “sys”), and values as lists of variable names that belong to that agent. These lists should be disjoint. Note that variable names are case sensitive!
If distinguishTurns is not None, state labels (in the DOT digraph) now have a preface of the form ID::agent, where ID is the original state identifier and “agent” is a key from distinguishTurns.
N.B., if distinguishTurns is not None and has length 1, it is ignored (i.e. treated as None).
turnOrder is only applicable if distinguishTurns is not None. In this case, if turnOrder is None, then use whatever order is given by default when listing keys of distinguishTurns. Otherwise, if turnOrder is a list (or list-like), then each element is key into distinguishTurns and state decompositions take that order.
Return False on failure; True otherwise (success).
Write edge-labeled automaton to Graphviz DOT file.
I forked the method writeDotFile for fear of feature creep. At least now the features will creep upon us from separate methods, rather than a single complicated argument list.
env_vars and sys_vars should be lists of variable names (type string) describing environment and system variables, respectively.
The intent is to view nodes labeled with a system decision, and edges labeled with an environment decision, thus better expressing the game. Recall the automaton is a strategy.
Return False on failure; True otherwise (success).
AutomatonState class for representing a state in a finite state automaton. An AutomatonState object contains the following fields:
Construct an automation from aut_file.
Input: