2011 Volume 28 Issue 3 Pages 3_132-3_146
Many fatal accidents of safety critical reactive systems have occurred in unexpected situations which had not been considered during design and test phases of the systems. To prevent these accidents, reactive systems should be designed to respond appropriately to any requests of any timing from their environments. Verifying this property in specification phase reduces the development costs of safety critical reactive systems. This property of a specification is well known as realizability. If a specification was found not to be realizable, we have to determine the flaws in the unrealizable specification. Unrealizability of a specification arises from arbitrary requirements given by system designers. From a different point of view, it can be thought that the unrealizable specification implicitly imposes a precondition on the behavior of environment, which a system can not control. If it is possible to obtain the precondition in intuitively comprehensive forms, this makes it easy for system designers to understand the cause of flaws in specifications.
In this paper, we propose methods for deriving constraints on the behavior of environments, which is implicitly imposed by unrealizable specifications. Instead of realizability, we use strong satisfiability which is a necessary condition for realizability, due to the fact that many practical unrealizable specifications are also strongly unsatisfiable, and strong satisfiability have the advantage of lower complexity for analysis against realizability. These methods derive constraints in propositional linear temporal logic from Büchi automata representing specifications. The expressions of derived constraints are limited to simple and intuitively comprehensive forms where only two temporal operators appear successively. We give proofs for three correctness properties of our methods, i.e. the termination property, the soundness property, and the weakest constraints derivability. We also discuss complexity of our methods. Finally, we discuss applicability of our methods.
