On the relation between reactive synthesis and supervisory control of non-terminating processes

Reactive synthesis and supervisory control theory both provide a design methodology for the automatic and algorithmic design of digital systems from declarative specifications. The reactive synthesis approach originates in computer science, and seeks to synthesise a system that interacts with its environment over time and that, doing so, satisfies a prescribed specification. Here, the distinguishing feature when compared to other synthesis problems in computer science is that the interaction is temporal in that it explicitly refers to a sequence of computation cycles. Supervisory control originates in control theory and seeks to synthesise a controller that – in closed-loop configuration with a plant – enforces a prescribed specification over time. The distinguishing feature compared to other branches of control is that all dynamics are driven by discrete events as opposed to continuous signals. While both methods apparently are closely related, the technical details differ significantly. We provide a formal comparison which allows us to identify conditions under which one can solve one synthesis problem using methods from the other one; we also discuss how the resulting solutions compare. To facilitate this comparison, we give a unified introduction to reactive synthesis and supervisory control and derive formal problem statements and a characterisation of their solutions in terms of ω-languages. Recent contributions to the two fields address different aspects of the respective problem, and we expect the formal relationship identified in this paper to be useful in that it allows the application of algorithmic techniques from one field in the other.


Introduction
Reactive synthesis (RS) addresses the systematic design of digital systems that dynamically interact with their environment by alternating input readings from discrete variables and output assignments to discrete variables.The progress of time is modelled by successive computation cycles and the current output assignment is considered to depend on all past input readings.Thus, the digital system imposes a causal feedback on the environment and it is therefore referred to as a reactive module.
The synthesis problem here is to construct a reactive module realised by a finite automaton that exhibits a behaviour that satisfies some prescribed specification.The problem of reactive synthesis was first proposed by Church (1957) with solutions by Büchi andLandweber (1969), andRabin (1972).It is since then an active field of research, addressing temporal logic specifications (e.g.Pnueli and Rosner 1989;Emerson and Jutla 1991;Maler et al. 1995;Thomas 1995), partial observation (e.g.Kupferman and Vardi 2000), stochasticity (e.g. de Alfaro andHenzinger 2000, 2007;Chatterjee and Henzinger 2012), and, most relevant for this paper, environment assumptions (see Bloem et al. 2014;Brenguier et al. 2017 for an overview).For a comprehensive introduction to the field see e.g.Thomas (1995) and Finkbeiner (2016).
Supervisory Control Theory (SCT) is a branch of control theory that also addresses the systematic design of digital systems.It models systems as discrete-event systems -dynamical systems in which relevant variables are of finite range and in which changes of their respective values are referred to as events.The synthesis problem is to construct a controller that provides causal feedback to a given plant such that the closed-loop system satisfies a prescribed specification.For supervisory control, the plant is a discrete-event system and the causal feedback, referred to as the supervisor, maps the past event sequence to a control pattern in order to restrict the plant behaviour.Supervisory control theory was originally proposed by Ramadge and Wonham (1987) and now is an established field of research.Topics addressed include partial observation (e.g.Lin and Wonham 1988;Cieslak et al. 1988;Cai et al. 2015;Yin andLafortune 2016, 2017), robustness (e.g.Cury and Krogh 1999;Bourdon et al. 2005), modularity (e.g.Ramadge and Wonham 1989b;Rudie and Wonham 1992;de Querioz and Cury 2000), hierarchical control architectures (e.g.Zhong and Wonham 1990;Wong and Wonham 1996;Schmidt et al. 2008), fault-tolerance (e.g.Wen et al. 2008;Paoli et al. 2011;Moor 2016), and, most relevant for this report, behaviours over an infinite time-axis (e.g.Ramadge 1989a; Thistle andWonham 1994a, 2009;Moor et al. 2011;Baier and Moor 2015;Zhang and Cai 2018).
Both design methodologies seek to synthesise a causal feedback map that operates on a finite alphabet and satisfies a formal specification.When used on particular instances of a given synthesis problem, both techniques appear to be closely related.However, the technical details differ significantly.In this paper we provide a formal comparison, allowing us to identify conditions under which one can solve one synthesis problem via the respective other one and we discuss how the resulting solutions compare.To facilitate this comparison, we give a concise introduction to RS and SCT and derive formal problem statements and a characterisation of their solutions uniformly in terms of ω-languages.Recent contributions to the two fields focus attention on different aspects of the respective problem, and we expect the formal relationship identified in this paper to be useful in that it allows the application of algorithmic techniques from one field to the other.

Scope
Regarding reactive synthesis, our study considers a variant that explicitly addresses assumptions on the environment behaviour, as these assumptions correspond to the Discrete Event Dynamic Systems (2020) 30:81-124 prescribed plant behaviour in supervisory control.For ease of comparison, we consider both the assumption and the specification to be given abstractly as ω-languages -formal languages of infinite words-and for algorithmic effectiveness, as ω-regular languages which allow automata-based representations.For ease of illustration, we restrict attention to specifications given as deterministic Büchi automata.While deterministic Büchi automata capture only a strict subset of ω-regular languages, it allows us to keep the notation and algorithms reasonably simple; our comparisons can be extended to the full class of all ωregular specifications.While many papers on RS use specifications given in linear temporal logic (LTL) (see Pnueli 1977), it is well understood how such formulae can be translated into ω-automata (see Vardi and Wolper 1986;Safra 1988).
Regarding supervisory control, most of the literature, including the seminal work by Ramadge and Wonham (1987), refers to * -languages as their base model, i.e., formal languages of finite words.In this setting, synthesis can enforce safety properties while maintaining liveness properties present in the plant behaviour.This contrasts the design of reactive modules where the synthesis of liveness properties is conceived a relevant challenge.We therefore conduct our study for a branch of supervisory control that addresses the synthesis problem for ω-languages; (see Ramadge 1989a;Thistle andWonham 1994a, 1995), where the authors explicitly relate their work to Church's problem.For a comprehensive introduction to SCT for ω-languages see also the technical report by Moor (2017).
Contribution Within this perspective of our choice, our contribution is threefold: (I) We show that one can solve the considered RS problem using SCT and provide an algorithm over deterministic Büchi-automata realisations which ensures that the resulting reactive module will not falsify the assumptions on the environment.(II) We show that one can solve the considered synthesis problem from SCT using RS for restricted subclasses of plant (resp.environment) behaviours.(III) We establish equivalence of the two synthesis problems regarding solvability for the subclasses considered in (II).
The considered RS problem is formalised by an implication style logic formula, i.e., the specification is such that if the assumptions are satisfied, then a guarantee shall be provided.Hence, a valid solution to the synthesis problem might falsify the assumption.SCT seeks to avoid this issue by requiring that valid solutions to the synthesis problem need to be non-conflicting, i.e., at any point both the plant and the supervisor can fulfil their liveness properties eventually.Due to this additional property of solutions, our transformation in (I) achieves reactive modules which do not falsify the assumption.The reverse transformation in (II), however, only holds if the computed reactive module returns solutions which are nonconflicting.We identify three sufficient conditions for the latter to hold: (a) topologically closed, (b) topologically closed input/output, and (c) strongly non-anticipating input/output plant (resp.environment) behaviours.
When establishing result (II)(c), we identify a close relationship between strongly nonanticipating input/output plant behaviours (see Moor et al. 2011) and non-falsifiable environment assumptions (see e.g.Brenguier et al. (2017) 1 ) which ensure an almost identical form of non-conflictingness and which were derived independently in both communities.
Both synthesis algorithms are formalised as fixed-points in the μ-calculus.The RS algorithm uses a three-nested fixed-point while SCT synthesis amounts to a four-nested fixed-point.Result (I) clarifies that this additional fixed-point iteration indeed generates an additional property on the solution.Notably, this property cannot be encoded as an ωregular property and hence, the SCT fixed-point cannot result from a translation of an LTL synthesis problem into a μ-calculus formula.Regarding result (II), we may expect some computational benefits as a trade-off when imposing conditions (a)-(c) on a synthesis problem in SCT.Moreover, we show that for topologically closed plant (resp.environment) behaviours with alternating inputs and outputs both fixed-points collapse to the same twonested one.Using result (III)(b), the latter establishes equivalence of both algorithms in this case.

Related work
The problem of correctly handling assumptions in synthesis has recently gained attention in the reactive synthesis community.As our solution via SCT synthesis and result (I) does not assume precise knowledge about the environment strategy (or the ability to impose an environment strategy), it is distinct from assume-guarantee approaches (Chatterjee and Henzinger 2007) or rational synthesis (Fisman et al. 2010).It is closest related to obliging games (Chatterjee et al. 2010), cooperative reactive synthesis as in Bloem et al. (2015) and assume-admissible synthesis (Brenguier et al. 2017).Chatterjee et al. (2010) incorporate a similar notion of non-conflictingness as SCT, but in contrast to SCT does not utilise liveness properties of the environment assumptions to enforce the system guarantees.Bloem et al. (2015) synthesise a reactive module which assumes as little cooperation (w.r.t. to a given hierarchy of cooperation levels) as possible by the environment.Contrary, our approach via result (I) always assumes the same form of cooperation coinciding with just one cooperation level.Applying assume-admissible synthesis, the system and its environment results in two individual synthesis problems.Given that both have a solution, only implementing the solution for the system ensures that the specification is fulfilled if the environment only takes admissible moves.This is comparable to the view taken in this paper, however, the hypothesis that the environment behaves admissible is stronger than the hypothesis used for SCT, namely that the environment attains its liveness properties if not prevented from doing so.Moreover, our approach only requires to solve one synthesis problem, instead of two.
Our study complements the recent comparison between RS and SCT by Ehlers et al. (2017).There, the authors focus attention on SCT over * -languages and discuss maximal permissiveness of a solution to the synthesis problem.This contrasts our choice of ω-languages, where a maximally permissive solution fails to exist in general and, taking a perspective common in RS, we resort to computing some solution provided that one exists.Moreover, Ehlers et al. (2017) encode the requirement of a non-conflicting closed-loop, as it is commonly discussed in the context of SCT, by a specific CTL formula and solve the synthesis problem by a specialised variant of RS.In contrast, to obtain our result (II), we address a non-conflicting closed loop by structural assumptions on the problem parameters which imply that for the corresponding RS problem the assumptions are non-falsifiable by any reactive module.
Further, our work is in line with previous work establishing connections between supervisory control and other types of program synthesis, such as behavior composition (Barati and St-Denis 2015;Felli et al. 2017) or planning by model checking (Barveau et al. 1998).These works also discovered a strong connection between both fields which is used to apply established tools from one field to a problem statement of the other.
Outline This paper is organised as follows.After recalling necessary notation and basic facts in Section 2, we give a concise but self-contained introduction to reactive synthesis and supervisory control in Sections 3 and 4, respectively.Here, synthesis problems are stated to respect the conventions used in the respective literature, with an additional uniform characterisation of solutions in terms of ω-languages to facilitate the comparison in Section 5, in which we develop our main results (I)-(III) as outlined above.Technical propositions and proofs are organised in the Appendices A-D.A preliminary version of this work appeared as Schmuck et al. (2018), focusing on input-output behaviours.The current paper extends this by establishing a solution of a synthesis problem from SCT via RS for arbitrary topologically closed behaviours in Section 5.2.Additionally, we provide more in-depth explanations, examples and proofs for the results already presented by Schmuck et al. (2018).

Preliminaries
We provide common terminology and recall some elementary facts regarding formal languages, automata, two-player games and fixpoint calculus.A general introduction to these topics can be found in e.g.Hopcroft and Ullman (1979), Thomas (1990), Grädel et al. (2002), and Bradfield and Stirling (2006).
Formal languages Let be a finite alphabet.Then we write * , + , and ω for the sets of finite sequences, non-empty finite sequences, and infinite sequences over , respectively.We define ∞ = * ∪ ω .The subsets L ⊆ * and L ⊆ ω are called the *and ωlanguages over , respectively.For ⊆ , the natural projection of w ∈ * on * is denoted by p w.As with all other operators on words used in this paper, we take pointwise images for an extension to languages over , i.e., we write p L for { p s | s ∈ L } with L ⊆ * .For two words s ∈ * and t ∈ ∞ we write st ∈ ∞ for the concatenation.We write s ≤ t and s < t if s is a prefix of t or a strict prefix of t, respectively.The set of all prefixes of a word t ∈ ∞ is denoted pfxt ⊆ * .For L ⊆ * , we have L ⊆ pfxL, and, if equality holds, we say that L is prefix closed.The limit limL of L ⊆ * contains all words α ∈ ω which have infinitely many prefixes in L and we define cloL := limpfx L as the topological closure of L ⊆ ω .L is said to be topologically closed if L = cloL, and relatively topologically closed w.r.t.M ⊆ ω , if L = (cloL) ∩ M.This notion of closedness defines a topology, i.e., ∅ and ω are closed, finite unions of closed ω-languages are closed, and arbitrary intersections of closed ω-languages are closed.

Automata An automaton over the alphabet is a tuple
M is called finite if Q and δ are finite.We identify δ with its respective set-valued map δ : Q × Q where δ(q, σ ) := { q | (q, σ, q ) ∈ δ } ⊆ Q, and with the common inductive extension to a word-valued second argument s ∈ * .For P ⊆ Q and N ⊆ * , we denote δ(P , N) := ∪{ δ(q, s) then M is said to be deterministic.For deterministic automata, we interpret δ as partial function and write δ(q, s) = q and δ(q, s)! as short forms for δ(q, s) = {q } and δ(q, s) = ∅, respectively.We define } as the *and ωlanguages generated by M, respectively, which are prefix closed and topologically closed, respectively.

Accepted languages
Given a set of final states F ⊆ Q and the extended automaton Regular * -languages are those that are accepted by some finite automaton.
For ω-languages, we refer to an acceptance condition F and the extended automaton tuple The set of states that occur infinitely often in π is denoted Infπ .We use Büchi, generalized Büchi and Parity acceptance conditions.The Büchi acceptance condition is given by a set F ⊆ Q and a run π over M is accepted if (Infπ) ∩ F = ∅.Similarly, the generalized Büchi acceptance condition is given by a set Finally, the parity acceptance condition is given by a set of colors F = {C 1 , C 2 , . . ., C k } which is defined by a coloring function c : Q→{1, ..., k}, s.t.C k = {q ∈ Q}c(q) = k, and a run π is accepted if the highest color visited infinitely often is even, i.e., if max Infc(π) is even.An automaton M with Büchi, generalized Büchi or Parity acceptance condition is referred to as a Büchi, generalized Büchi or Parity automaton, respectively.The accepted ω-language L ω m (M) consists of all words α ∈ ω for which there exists a corresponding accepted run over M. For deterministic automata, we have L ω m (M) = lim L * m (M).Referring to an acceptance condition, we say that the automaton M is trim if for every state q there exists an accepted run that passes q at least once.The class of ω-languages that is accepted by some finite Büchi, generalized Büchi or parity automaton is referred to as the ω-regular languages.The class of ω-languages that is accepted by some deterministic finite Büchi automaton is a strict subset of the ω-regular languages while any ω-regular language is accepted by some deterministic parity automaton.

Two-player games
Then the tuple H = (Q 0 , Q 1 , 0 , 1 , δ 0 , δ 1 ) defines the turn-based two player game graph induced by M, where Q l , l and δ l with l ∈ {0, 1} are interpreted as the player l state set, alphabet and transition set, respectively.Any run π of M is called a play over H .Given a game graph H , a strategy for player 0 is a function 2) . . .π(k).Strategies for player 1 are defined likewise, i.e., as functions f 1 : (Q 0 Q 1 ) + → 1 and with a play π being compliant with νq is in the domain of f l .Throughout this paper, we discuss games from the perspective of exclusively one of the two players and interpret the Büchi (reps.parity) acceptance condition F for this player.The tuple (H, F) if it is an accepted run in M. A strategy f l , l ∈ {0, 1}, is a winning strategy for player l if all plays compliant with f l are winning.

Fixpoint calculus
We utilize the following notational conventions from the μ-calculus.
Let f denote a monotone operator on a finite set Q, i.e., f (P ) ⊆ f (P ) ⊆ Q for all P ⊆ P ⊆ Q.Then the least and the greatest fixed point exist uniquely and are denoted μP .f(P ) and νP .f(P ), respectively.They can be computed by the iterations P 1 := ∅, P i+1 := P i ∪ f (P i ), with μP .f(P ) = ∪{ P i | i ∈ N }, and P 1 := Q, P i+1 := P i ∩ f (P i ), with νP .f(P ) = ∩{ P i | i ∈ N }.If f is given as an expression in terms of multiple setvalued parameters with range Q, and if this expression is monotone in each parameter, so are the respective fixed points.For such monotone expressions f , fixed-point formulae can be nested.

Reactive synthesis
This section gives a concise introduction to reactive synthesis with environment assumptions, derives a formal problem statement, and a characterisation of its solutions in terms of ω-languages.For illustration purposes, we recall an algorithmic solution of the synthesis problem for the specific case where all relevant ω-languages are provided as deterministic Büchi automata.

Reactive modules
A reactive module is a device that reads the values of input variables in order to assign values to output variables, and that, over time, does so once in every computation cycle.A reactive module is commonly represented as a function r that maps the sequence of past input readings s ∈ U + , to the current output assignment y ∈ Y , i.e, r : U + →Y .
( 1 ) Considering infinitely many computation cycles, the interaction of a reactive module with its environment generates an infinite sequence α ∈ (U Y ) ω of alternating input readings and output assignments.Therefore, the behaviour of a reactive module r : U + →Y is defined as the ω-language L of all sequences α that comply with r over all computation cycles : If, in addition, r is implemented as a finite automaton, then L is ω-regular.2From the infinite time behaviour L we recover the local behaviour by taking the prefix pfx L and obtain a representation on a per-computation-cycle basis.Since the behaviour of a reactive module is exclusively characterised by individual computation cycles, we have L = lim pfx L =: cloL and, hence, L is topologically closed; see also Lemma 1.
For our subsequent discussion we will eliminate the explicit reference to the reactive module r : U + →Y by utilising a direct characterisation of those languages L that qualify for a representation by Eq. 2. Referring to behavioural systems theory by J. C. Willems (1991), we adapt the notion of input-output systems to the notation used in the present paper.3Definition 1 Given an ω-language L ⊆ (U Y ) ω or L ⊆ (Y U ) ω of alternating inputs and outputs, with U, Y = ∅ and U ∩ Y = ∅, we say that The above notion of inputs and outputs enables the following characterisation of behaviours associated with some reactive module.
Lemma 1 Let U, Y = ∅, U ∩ Y = ∅ and r : U + →Y .Then the associated behaviour L ⊆ (U Y ) ω of r defined by Eq. 2 is non-empty and it holds that: (RM1) L is topologically closed, (RM2) U is a locally free input for L, and (RM3) the output locally processes the input.
Vice versa, if a non-empty language L ⊆ (U Y ) ω satisfies conditions (RM1) -(RM3), then there exists a reactive module r : U + →Y with associated behaviour L s.t.r(v) is the unique element of the singleton set

Problem statement (RS)
The problem commonly referred to as reactive synthesis is about the systematic design of a reactive module, henceforth also referred to as the system, that provides a formal guarantee G ⊆ (U Y ) ω .In the basic setting of reactive synthesis, it is assumed that any input symbol may be generated by the environment at any time and that, in turn, the environment accepts any output symbol generated by the system.Then, properties (RM2) and (RM3) of L ensure that the interaction of the system with its environment can be continued for infinitely many computation cycles, i.e., the two components do not deadlock.Thus, we end up with an ω-word α ∈ L. In turn, the system to provide the guarantee G amounts to the language inclusion specification L ⊆ G.The crucial point here is that G may express liveness properties which can not be characterised on a per-computation-cycle basis.Hence, we do not necessarily have equality in G ⊆ lim pfx G; i.e., G, in contrast to L, may not be topologically closed.In many applications, an arbitrary behaviour of the environment is considered unrealistic, and one explicitly accounts for formal assumptions imposed on the environment.For the purpose of our discussion, we parameterise such assumptions by an ω-language A ⊆ (U Y ) ω to express that over infinitely many computation cycles the environment will produce input symbols such that we end up with an ω-word α ∈ A. The intention here is to synthesise the system according to the inclusion L ⊆ A → G := ((U ∪ Y ) ω − A) ∪ G and to then conclude α ∈ G for any α ∈ A. A consequence of this concept of an environment assumption is that over finitely many computation cycles the environment must comply to the local behaviour pfx A. This in turn restricts the output symbols that the reactive module may generate in each individual computation cycle in order be operational over infinitely many cycles.Technically, we require that the system and the environment do not deadlock, i.e., ∀s ∈ (pfx This amounts to the following problem statement for the synthesis of a reactive module. asks to either construct a system such that the associated behaviour L does not deadlock with A, see Eq. 4, and such that or, to verify that no such system exists.4 Note that A → (G ∩ A) = A → G, and, hence, we can restrict our discussion without loss of generality to the case where ∅ = G ⊆ A ⊆ (U Y ) ω .Furthermore, we can choose A = (U Y ) ω to recover the basic setting without assumptions from our formal problem statement, i.e., in this case, Eq. 4 is trivially satisfied and the system to provide the guarantee collapses to the simple inclusion L ⊆ G.
With Lemma 1, the problem of reactive synthesis amounts to the construction of a nonempty subset L ⊆ A → G that satisfies (RM1) -(RM3) and that does not deadlock, Eq. 4, or to the verification that no such subset exists.Henceforth, we may refer to a qualifying behaviour L as a solution of the synthesis problem.
Remark 1 The problem of reactive synthesis is more commonly formalised by using specifications given in linear temporal logic (LTL) over a set of atomic propositions U ∪ Y (see, e.g., Pnueli and Rosner 1989).Such an LTL formula ϕ over U ∪ Y can be translated into a specification language G ⊆ (U Y ) ω with U = 2 U and Y = 2 Y by constructing a Büchi automaton from ϕ, and then, for algorithmic reasons, determinising this automaton to obtain a deterministic Rabin or Parity automaton.
Remark 2 In the reactive synthesis literature, environment assumptions are usually specified by a separate LTL formula which is then translated to an automaton as outlined in Remark 1, or they are directly given as an automaton model.In either case, the automaton may exhibit reachable states from which on the acceptance condition can not be satisfied, i.e., we may have that the generated language A loc ⊆ (U Y ) * is a strict super-set of the prefix pfx A of the accepted language A. The requirement of the system and the environment not to deadlock, Eq. 4, is then substituted by However, if we synthesise a system with behaviour L in which there indeed exist words s ∈ A loc ∩ (pfx L) with s ∈ pfx A, any extension α ∈ (U Y ) ω , s < α, of such a word is not in A. Hence, L falsifies the assumption and we may after infinitely many computation cycles end up with an ω-word α ∈ G.This is undesirable and we will identify further more subtle variations of this issue in due course of our study.To this end, we restrict the discussion to the case of A loc = pfx A, i.e., we parameterise the assumption as a single ω-language A and we refer to its prefix pfx A as the associated local behaviour.

Algorithmic solution
The interaction of the system and its environment outlined above can be viewed as a turnbased two player game: in every round the environment player selects an input u ∈ U and the system selects the output y ∈ Y .It was shown by Gurevich and Harrington (1982) and Pnueli and Rosner (1989) that for ω-regular specifications there exists a winning strategy for the system player in this game if and only if the reactive synthesis problem has an ω-regular solution L. Based on this result, a solution can be obtained by constructing a deterministic game, finding a winning strategy for the system player and translating this strategy into a finite automaton representing the reactive module.For a concise presentation of this construction, we consider the special case in which both G and A are realisable as deterministic Büchi automata.While this does not imply that A → G can be realised by a deterministic Büchi automaton, there still exists a direct and simple solution procedure for this case, which we briefly recall.
We refer to the previous section and restrict, without loss of generality, the discussion to the case of ∅ = G ⊆ A. Given this setting, we consider a generalised Büchi automaton M with acceptance condition , where M A and M G refer to the simple Büchi automaton obtained from M by using the single winning state set T 0 and T 1 , respectively.Additionally, we assume that M does not deadlock5 .We refer to G ⊆ A ⊆ (U Y ) ω to observe that the alternation of input readings and output assignments induces a disjoint union decomposition of the state set and the transition relation, i.e., M can be defined by the tuple The generalised Büchi automaton M defines the turn-based deterministic game graph In the context of the reactive synthesis problem, player 0 and player 1 are the environment and system player, respectively, and a system player winning strategy must ensure that all plays on H that visit T 0 infinitely often, must also visit T 1 infinitely often.This can be expressed by the four-colour parity game (H, C) with C = {∅, \QT 0 , T 0 , T 1 }, where C 2 = \QT 0 and C 4 = T 1 are the sets with even colour.Hence, a play π according to α on H is winning for (H, C) if either T 0 is not visited infinitely often, i.e. α / ∈ A or, else, if T 0 is visited infinitely often, then T 1 is also visited infinitely often, i.e., α ∈ A ∩ G.Both cases together amount to α ∈ A → G.Note also that, by construction, we have α ∈ cloA for any play α on H .
It was shown in Emerson and Jutla (1991) that the winning states for the system player in the 4-colour parity game can be computed by the fixed-point where (9) However, as C 1 is empty, Eq. 8 simplifies to the three-nested fixed point If q 0 ∈ Win 1 , the synthesis problem has a solution and a memoryless winning strategy for the system player can be derived from the iterations in Eq. 10 as follows.
Consider the last iteration of the fixed-point in Eq. 10 resulting in the set X ∞ 4 = Win 1 ⊆ Q and assume that we have to iterate over X 3 k-times before this fixed-point is reached.If X i 3 is the set obtained after the i-th iteration, we have that This defines a ranking for every state q ∈ X ∞ 4 s.t. Then Y is a winning strategy for the system player in the Parity game (H, C) if y = f 1 implies rank(δ 1 (q, y)) < rank(q) if rank(q) > 1 and δ 1 (q, y) ∈ X ∞ 4 otherwise.It should be observed that f 1 defines r in Eq. 1 in the obvious way s.t.r(p U s) = f 1 (q) iff δ(q 0 , s) = q.A finite automaton realising r (and therefore L) is obtained by pruning M from all states q / ∈ X ∞ 4 and all transitions (q, y, q ) s.t.y f 1 (q).A proof that this winning strategy indeed defines a reactive module solving Problem 1 can be obtained as a special case of the construction presented in Bloem et al. (2012).
Remark 3 Referring back to Remark 2, the outlined synthesis algorithm generalises to the case where G is not necessarily a subset of A and pfx A A loc .By following the same construction as in footnote 5, we obtain an automaton M which accepts Remark 4 In the special case where A is topologically closed, we can assume without loss of generality that T 0 = Q and, hence, C 2 = ∅ and C 3 = Q.Then, the synthesis formula in Eq. 10 simplifies to This observation can be equally motivated by noting that for T 0 = Q, the Parity game (H, C) reduces to (H, {Q \ T 1 , T 1 }) which is equivalent to the Büchi game (H, T 1 ).It is well known that Büchi games (H, T 1 ) are solvable by the fixed-point in Eq. 12; see e.g.Maler et al. (1995) and Zielonka (1998).In this context, the basic version of reactive synthesis without environment assumptions results in computing a system winning strategy in the Büchi game (H , F 1 ) where H is the game graph obtained from M 1 (given that G is realisable by the deterministic Büchi automaton M 1 ).In other words, adding a topologically closed environment assumption A, algorithmically amounts to solving the basic reactive synthesis problem via Eq. 12 over M in Eq. 7 instead of M 1 .
Example 1 Consider a topologically closed assumption A as discussed in Remark 4 s.t.pfx A is the language generated by M depicted in Fig. 1 and G is accepted by M with final q 0 q 1 q 2 q 3 q 4 q 5 q 6 Fig. 1 Transition structure of the automaton M in Eq. 7 discussed in Example 1-2.Environment and system states Q 0 and Q 1 are indicated by circles and squares, respectively.The final states T 0 = {q 4 } and T 1 = {q 5 } are indicated in blue and red, respectively Discrete Event Dynamic Systems (2020) 30:81-124 state set T 1 = {q 5 }.Using Eq. 12 to solve this synthesis problem results in the winning state set Win 1 = {q 3 , q 4 , q 5 , q 6 } (indicated by the dashed square in Fig. 1).As q 0 / ∈ Win 1 (F 1 ), Problem 1 has no solution in this example.If q 3 would be an initial state, it should be noted that the resulting system strategy would transition from q 3 in q 4 as rank(q 3 ) = 3, rank(q 4 ) = 2 and rank(q 6 ) = 4.
Example 2 Consider the assumption A given by the language accepted by M in Fig. 1 with accepting state set T 0 = {q 4 }.In this case, we evaluate (10) and obtain Win 1 = Q.Using Eq. 11, all states in Q \ T 0 have rank 1 while q 4 has rank 2. This implies that the resulting system strategy will transition from q 3 to q 6 .The problem discussed in Example 1 fails to have a solution, as the environment can prevent the system from reaching q 3 from the initial state.Interestingly, adding liveness to the environment using the restricted final state set T 0 = {q 4 } in Example 2 does not directly resolve this problem.The implication-style specification used in the formal statement of Problem 1 rather adds more sequences to the set of winning plays if A is not topologically closed; every sequence which does not conform with G (i.e., does not reach q 5 infinitely often) is still winning as long as it does not conform with the assumptions A (i.e., does not visit q 4 infinitely often) either.As this is true for the sequence iterating between q 1 and q 2 and preventing the system to reach q 3 , the synthesis problem now has a solution.Furthermore, choosing to transition to q 4 or q 6 from q 3 is now equally good.While always choosing the former ensures to win by visiting both q 4 and q 5 infinitely often, the latter ensures to win by visiting neither q 4 nor q 5 at all.Example 2 shows that the constructed strategy actually favours a transition from q 3 to q 6 , and by this falsifies the assumption.

Supervisory control
The purpose of this section is to give a concise introduction to supervisory control and to do so from a perspective and in a notation most convenient for a comparison to reactive synthesis.Technically, we refer to a branch of supervisory control theory proposed by Ramadge (1989a) and Thistle and Wonham (1994a) which explicitly accounts for non-terminating processes and therefore utilises ω-languages as the base model.For illustration purposes, we again give an algorithmic solution of the synthesis problem for the specific case of deterministic Büchi automata realisations of the involved ω-languages.

Supervisors
A supervisory controller is a device that takes as input a finite sequence of events from an alphabet generated by a process which is commonly referred to as the plant and, in turn, outputs a control pattern γ ⊆ .Formally, the supervisor is defined as a map where uc ⊆ are so called uncontrollable events.On start-up, the supervisor applies the control pattern γ = f ( ) and thereby restricts the plant to generate an event σ ∈ γ .After the plant has generated its event, the control pattern is updated accordingly, and so forth.In this process, the role of the uncontrollable events uc is that, by the definition of , their occurrence cannot be prevented by the supervisor.
For the subsequent discussion, the following representation of a supervisor as an ωlanguage turns out convenient:6 The language defined by Eq. 14 is referred to as the behaviour associated with the supervisor f .The following lemma characterises languages that match the behaviour of some supervisor.
Vice versa, if ∅ = L ⊆ ω satisfies ( SC1) and ( SC2), then f : * → defined by for any s ∈ * is a supervisor with associated behaviour L.

Problem statement (SCT)
The problem commonly referred to as supervisory controller synthesis is about the systematic design of a supervisor for a given plant, such that the resulting closed-loop system -established by the feedback composition of this supervisor with the plant -satisfies a given specification.When the supervisor and plant behaviours are given as the ω-languages L ⊆ ω and A ⊆ ω , respectively, their closed-loop configuration evolves on words that comply with both component behaviours.Technically, we distinguish the local closed-loop behaviour K loc := (pfx L) ∩ (pfx A) and the accepted closed-loop behaviour K := L ∩ A and require that the latter meets an upper-bound specification K ⊆ G.
Regarding liveness of the closed-loop configuration, supervisory control commonly addresses not only deadlocks but also livelocks.The latter are characterised by finite sequences s ∈ K loc from the local closed-loop behaviour that can be continued indefinitely within K loc but any such infinite extension fails to satisfy the plant acceptance condition.
To rule out such sequences, the synthesis problem asks for a non-blocking supervisor, i.e., it is required that L and A are non-conflicting: As the local behaviour K loc of a non-conflicting closed loop can be recovered by K loc = pfx K, one refers to K concisely as the closed-loop behaviour.
In the absence of an acceptance condition of the plant, i.e., when A is topologically closed, livelocks are not an issue and, hence, non-conflictingness, Eq. 16, is equivalent to the absence of deadlocks, Eq. 4.
The interpretation of the case when A is not topologically closed is more involved.Here, Eq. 16 guarantees that at any instance of time, the plant under supervision can achieve its acceptance condition on at least one infinite extension of the string generated so far.Thus, at some stage the plant must actually choose a path that not only attains a marked state but also complies with the restrictions subsequently imposed by the supervisor.In general, this should be interpreted as a form of cooperation.We will come back to this point in Section 5.3.
We summarize the above discussion in the following formal statement of the supervisor synthesis problem for non-terminating processes.
Problem 2 (Supervisory Controller Synthesis) Given an alphabet with uncontrollable event set ∅ = uc ⊆ , a plant A ⊆ ω and an upper-bound specification G ⊆ ω , the supervisory control problem SCT[ , uc , A, G] asks to either construct a non-blocking supervisor with associated behaviour L ⊆ ω , see Eq. 16, such that or, to verify that no such supervisor exists 7 .
Referring to the behavioural characterisation of supervisors, Lemma 2, we identify a qualifying associated behaviour L as a solution to the supervisory control problem.As in the setting of reactive synthesis, Section 3.2, we can, without loss of generality, restrict our discussion to the case of ∅ = G ⊆ A.
Remark 5 As with reactive synthesis, we may alternatively represent the plant behaviour by two distinct languages A loc ⊆ * and A ⊆ ω , where A loc is prefix-closed and represents the local behaviour.In this regard, Ramadge (1989a) and Thistle and Wonham (1994a) specifically address the case pfx A A loc of a blocking plant and the supervisors task is to avoid livelocks and deadlocks in the closed loop.Since non-conflictingness is addressed by our formal problem statement, we can introduce a distinguished uncontrollable event † ∈ to make plant conflicts explicit; i.e., we substitute A loc by A loc ∪ ((A loc − pfx A) † * ) and A by A ∪ ((A loc − pfx A) † ω ), to formally obtain A loc = pfx A. Using the original guarantee G, the supervisor then must circumvent conflicts by implicitly avoiding the generation of the uncontrollable event † ∈ .Using this pre-processing stage, our formal problem statement with A loc = pfx A is not restrictive.

Algorithmic solution
Given a plant, the common approach to solve Problem 2 is via a characterisation of all closed-loop behaviours that can be achieved by non-blocking supervisory control 8 .
The following proposition from Ramadge (1989a) characterises this set.
Proposition 1 Given an alphabet with uncontrollable events uc ⊆ , consider two languages A and K with ∅ = K ⊆ A ⊆ ω .Then there exists a non-blocking supervisor f : * → for the plant A with closed-loop behaviour K if and only if 7 For A = ∅ the problem trivially has no solution and for uc = we have L = ω for the only qualifying supervisor; i.e., in this case the synthesis problem collapses to the verification of A ⊆ G. Whenever convenient we therefore assume A = ∅ and uc = . 8The style of argument is similar to the Youla-Kučera parameterization of all stabilising controllers for a linear time invariant system, which is conceived a milestone in control theory; see e.g., Kučera (2011) for a recent presentation.For the situation here, a convenient characterisation of supervisors with the qualitative property not to block at the first stage, allows to care about the quantitative upper bound specification at an largely independent second stage.
(i) K is relatively topologically closed w.r.t.A, i.e., K = clo(K) ∩ A, and (ii) Given a closed-loop behaviour K that satisfies conditions (i) and (ii), a corresponding supervisor f can be extracted by for all s ∈ * .
Proposition 1 reduces Problem 2 to the synthesis of a closed-loop behaviour ∅ = K ⊆ A ∩ G satisfying (i) and (ii).Such a closed-loop behaviour exists, if and only if is non-empty.Moreover, if K ↑ itself exhibits conditions (i) and (ii) then K ↑ is referred to as the supremal closed-loop behaviour and the so called maximally permissive supervisor to solve the synthesis problem can be extracted from K ↑ via (18).However, the union in Eq. 19 in general fails to preserve topological closedness and hence, a maximally permissive solution does not exist in general.This contrasts SCT for * -languages but conforms with the situation for reactive synthesis, where maximally permissive strategies do not exist in general.
Remark 6 Condition (i) in Proposition 1 is specific for the supervision of ω-languages, whereas condition (ii) is literally identical to the original notion of controllability introduced by Ramadge and Wonham (1987) for the more common setting where both A and G are *languages.In that setting, all relevant closed-loop properties are preserved under arbitrary union and a supremal closed-loop behaviour uniquely exists.For ω-languages, it is only under the additional assumption that A ∩ G itself is relatively topologically closed w.r.t.
A, that K ↑ qualifies for an achievable closed-loop behaviour; see Ramadge (1989a).In this case, K ↑ can be computed by the common synthesis algorithm for * -languages from Ramadge and Wonham (1987) with appropriately chosen parameters A ⊆ * and G ⊆ * and with a minor variation to address deadlocks; see also the appendix of Moor et al. (2012).
The relation between supervisory control of * -languages and reactive synthesis is discussed in detail by Ehlers et al. (2017), focusing on the supremal closed-loop behaviour and a corresponding maximally permissive supervisor.
To compute some K ⊆ A ∩ G which solves Problem 2, Thistle and Wonham (1994a) introduce the following notion of the controllability prefix, which characterises the set of states from which the synthesis problem has a solution.
Definition 2 Given an alphabet with uncontrollable events uc ⊆ and a plant A ⊆ ω , consider the upper bound specification G ⊆ ω .The controllability prefix of G w.r.t.A is denoted9 cfx A G and defined as the set of strings s ∈ pfx G, for which there exists Comparing (i) and (ii) in Definition 2 with their analogue in Proposition 1, we see that V is a closed-loop behaviour that can be enforced by a non-blocking supervisor that "takes over to control the plant" after the string s in the controllability prefix fx A G was generated by the plant.As V ⊆ G, this supervisor is able to enforce the guarantee G.
It is shown in Thistle and Wonham (1994a) that ∈ cfx A G if and only if K ↑ = ∅, i.e., if and only if Problem 2 has a solution.
For ω-regular parameters, the controllability prefix can be represented in terms of a fixedpoint over an automaton representation of the involved languages; see Thistle and Wonham (1994a).For a concise representation of this construction, we assume again that both G and A are realisable as deterministic Büchi automata.We further assume without loss of generality that ∅ = G ⊆ A. Given this setting, we consider a generalised Büchi automaton 10 where M A and M G refer to the deterministic Büchi automata obtained from M by using the single accepted state set F A and F G , respectively.We call M a representation of A and G.
Given the generalised deterministic Büchi automaton M, a string s ∈ cfx A G corresponds to the state q = δ(q 0 , s) reachable by s from q 0 in M, and hence q is called a winning state.Following Thistle and Wonham (1994b) and Moor (2017), the set of all winning states can be computed by the four-nested fix-point where denotes the inverse dynamics operator; i.e., Pre(T , D) denotes the set of predecessor states q ∈ Q of the target set T ⊆ Q which can be controlled such that the successor state violates the domain constraint D ⊆ Q only in favour of attaining the target set.
Recall that a solution to Problem 2 exists if and only if ∈ cfx A G, which amounts to q 0 ∈ Win(M).If this is true, a non-blocking supervisor solving Problem 2 can be derived from iterations of the fixed-point in Eq.21 as follows.Consider the last iteration of the fixed-point in Eq.21 resulting in the set Z ∞ = Win(M) ⊆ Q of states and assume that the fixed point over Y is reached after k iterations.If Y i is the set obtained after the ith iteration, we have that denote the fixed-point of the iteration over X resulting in Y i and denote by W i j the set obtained in the j th iteration over W performed while computing X i .Then we have for all 0 Using these sets, we define a ranking for every state q ∈ Z ∞ s.t.
initialised with Y 0 := Z ∞ ∩ F G and W i 0 = ∅ for all 0 < i ≤ k.We order ranks lexicographically.Based on this ranking function we define a state feedback map g : (24) The state feedback map g defines a supervisor f : * → in the obvious way, i.e. f (s) = g(q) if δ(q 0 , s) = q ∈ Z ∞ and f (s) = ∈ , otherwise.The behaviour L associated with f is defined via ( 14).The proof that L solves Problem 2 can be obtained as a special case of the construction presented by Thistle andWonham (1992, 1994b).
Remark 7 The state feedback g, as defined in Eq. 24, will only enable controllable events for transitions that decrease the rank and, hence, achieve progress in terms of attaining a marked state.Regarding the acceptance condition, however, it is sufficient to attain markings eventually.A more permissive feedback is obtained by initially controlling the local closed-loop K loc to be a subset of fx A G and only eventually to activate the supervisor constructed above.The original literature (Thistle and Wonham 1994a) addresses permissiveness by explicitly considering a lower-bound specification E, ∅ = E ⊆ G.Under the condition that E is relatively topologically-closed w.r.t.A and that E ⊆ K ↑ , a supervisor can be constructed such that the closed-loop behaviour K satisfies E ⊆ K ⊆ G. Thus, the additional problem parameter E can be used to tune permissiveness of the supervisor.As mentioned in Remark 6, if G ∩ A is relatively topologically-closed w.r.t.A then so is K ↑ .In this case, one can choose E = K ↑ and the supervisor constructed by Thistle and Wonham (1994a) essentially matches the one that can be obtained by synthesis procedures from * -languages.
Remark 8 Following the discussion in Remark 4, we consider the case where A is topologically closed.Again, this implies that we can assume without loss of generality that F A = Q in M. In this case the fixed-point in Eq.21 collapses to where we use the short form Pre(T ) := Pre(T , ∅).
We see that Eqs. 12 and 25 are describing the same fixed-point, and this suggests a strong connection between reactive synthesis and supervisory control for the special case of a topologically closed language A, which is verified in Section 5. rank(q) = (1, 1), and rank(r) = rank(p) = (1, 2).Hence, the resulting supervisor disables b in q.However, given the corresponding problem instance we see, that in case (B) disabling b in q is strictly necessary, while this is not true for (A).In fact, as G and A coincide for case (A) there exists a maximally permissive supervisor (see the discussion in Remark 6) which enables both b and d in s.This also constitutes a solution to the given supervisory control problem, as we assume that the plant only generates runs which correspond to words in A. By this we know that it will always eventually transition from q to s, implying that the resulting closed loop behaviour fulfils the guarantee.Considering a third case (C) with problem parameters F A = {r, s}, F G = {s}, uc = the fixed-point computation amounts to Win(M) = ∅, hence, the corresponding supervisory control problem has no solution.This is due to the fact that the controller cannot prevent the plant from alternating between r and q (as b ∈ uc ) and by this generating an accepting run on M A which is not in G.

Comparison
This section provides a comparison between the reactive synthesis problem, Problem 1, as introduced in Section 3, and the supervisory control problem, Problem 2, as introduced in Section 4. For both problems, the system that one seeks to synthesise can be interpreted as a causal feedback which is meant to be operated in interaction with its respective environment.However, the problems differ in the interpretation of how the system and the environment interact.For reactive synthesis, the system operates in computation cycles with reading inputs and assigning outputs once per cycle.Thus, the system is driven by some mechanism that triggers the cycle and the input readings.In turn, the system drives its environment by output assignments.This contrasts the common interpretation in supervisory control, where the system passively observes past events to apply a control pattern, while the environment is responsible for the actual execution of transitions.However, these interpretations of the interaction do not show up explicitly either in the formal problem statement or in the synthesis algorithms.Thus, we may very well consider a reactive system where computation cycles are triggered by the environment and we may also consider supervisors that effectively apply singleton control patterns to actively execute plant transitions.Thus, regarding causality, the different interpretations of system interaction are irrelevant at this stage.Using this insight, we demonstrate how one can formally transform the two synthesis problems and their solutions into each other.
In Section 5.1, we transform the parameters of a reactive synthesis problem such that they constitute a supervisory control problem and we show how any solution of the latter problem can be transformed back to obtain a solution to the initial reactive synthesis problem.Furthermore, this solution results in a reactive module whose associated behaviour does not conflict with A, i.e., the computed module does not falsify the assumptions.While this is formalised on the language level, we show though examples how this practically results in the algorithmic solution of a reactive synthesis problem via the four-nested fixed-point from supervisory control, s.t. the latter property is ensured.
The converse transformation, i.e., to solve a supervisory control problem by reactive synthesis, requires additional assumptions to ensure that the resulting supervisor is nonconflicting.Section 5.2 first discusses a general transformation which ensures the latter property if the plant behaviour A is topologically closed.This transformation is then simplified for the special case of plant behaviours with alternating controllable and uncontrollable events.Section 5.3 finally shows, that for the latter problem class a weaker condition, namely strongly non-anticipation, exists, which ensures that the suggested transformation results in a supervisor which is non-conflicting.Again, all transformations are formalised on the language level and we show the resulting algorithmic solution procedures through examples.

Reactive synthesis via supervisory control
In this section, we show how a reactive synthesis problem can be solved using supervisory controller synthesis.This is done in two steps.Given a particular instance of the reactive synthesis problem we (i) derive a corresponding supervisory control problem which we solve as outlined in Section 4.3, and (ii) convert the solution to a reactive module that solves the original reactive synthesis problem.
Step (i) Given the reactive synthesis problem RS[U, Y, A, G], we are provided the nonempty and disjoint finite sets U and Y and two ω-languages A, G ⊆ (U Y ) ω .To construct a corresponding supervisory control problem, a natural choice is to associate the assumption A with the plant and the guarantee G with the specification.This implies = U ∪ Y and our remaining choice is that of uc .We let uc = U and, hence, Y = − uc , which will be justified below.Having set all parameters, we obtain the supervisory control problem SCT[ , uc , A, G].To this end, we assume that SCT[ , uc , A, G] exhibits a solution f : * → with associated behaviour L.
Step (ii) As our first observation, we recall from Lemma 2 that the behaviour L is topologically closed (SC1) and universally controllable (SC2).In contrast, reactive modules are characterised by (RM1) -(RM3) in Lemma 1, where topological closedness (RM1) matches (SC1) and the locally free input (RM2) is implied by universal controllability (SC2) and Y = − uc .Thus, to transform L to qualify as the behaviour of a reactive module, we are left to address that the output locally processes the input (RM3).
At a first stage, we trim f to only enable those controllable events that can actually occur, i.e., we consider h : * → with for all s ∈ * .This is not expected to affect the closed-loop behaviour and, indeed, the supervisor f constructed in Section 4.3 already possesses this property.At a second stage, we ensure that at any instance of time exactly one controllable event is enabled, i.e., we consider f : * → that satisfies for all s ∈ * .
As an example, f can be constructed as a composition f = h • h where h : → is a static filter such that for all γ ∈ .Although this second post-processing stage at instances enables an arbitrarily chosen additional controllable event, it does so only when the plant at hand will not accept any controllable event at all.Thus, the second post-processing stage is expected to restrict the closed-loop behaviour.Technically, f is a supervisor and, by Lemma 2, the associated behaviour L is non-empty and exhibits (SC1) and (SC2).Referring to the second postprocessing stage, we obtain the following additional properties: in support of (RM3).
In a third post-processing step, we intersect L with (U Y ) ω in order to enforce alternating inputs and outputs, i.e., L := L ∩ (U Y ) ω .(31) Although the latter construct will formally invalidate (SC2), it retains (RM2) and it does not affect the closed-loop configuration A ∩ L since we have A ⊆ (U Y ) ω .

Result
We can now state our first main result, i.e., L indeed solves the reactive synthesis problem  Y, A, G].If L is ω-regular, then f can be chosen to be realisable by a finite automaton, and, in turn, L is ω-regular.
By Theorem 1, for any reactive synthesis problem for which the corresponding supervisory control problem exhibits a solution, we can use this solution to construct a reactive module that solves the original reactive synthesis problem.For practical purposes, we therefore achieve the solution of an RS problem via SCT by using the synthesis algorithm from supervisory control, Section 4.3, and the additional post-processing given by Eqs.26-31, as demonstrated by Example 4.However, since the requirement of non-conflictingness in the context of SCT is stronger than the requirement of the absence of deadlocks in the context of RS, we may encounter the situation of a solvable RS problem, for which the corresponding SCT problem exhibits no solution at all; see the following remark for more detail.
Remark 9 Although A and L in Theorem 1 are non-conflicting by hypothesis, this property is in general not preserved by the proposed transformation, i.e., A and L may fail to be non-conflicting.However, if all problem parameters are ω-regular and if a realisation of L is obtained by the synthesis algorithm presented in Section 4.3, the situation becomes more favourable.Here, the transformations in Eqs.26-31 effectively restrict the state feedback g : Q → given in Eq. 24 to enable exactly one controllable event in each state q ∈ Q in which the plant can execute a controllable event at all.This restriction preserves the fact that controllable events are only enabled if the respective transition decreases the state rank or if the state rank in the current state is (0,0).Non-conflictingness of A and L then follows exactly by the same arguments as for A and L provided by the original literature (Thistle andWonham 1992, 1994b).In particular, the resulting reactive module does not falsify the assumptions; see also Example 4. This insight is also used by Majumdar et al. (2019) where a non-conflicting reactive module is directly constructed by a four-nested fixed-point algorithm over a two-player game graph which is inspired by the one in Eq. 21.Majumdar et al. (2019) further give a self-contained proof of the desired non-conflictingness result in the framework of two-player games which is slightly different from the language-based setting of Theorem 1.
Example 4 Consider the reactive synthesis problem RS[U, Y, A, G] discussed in Example 2, which is solved using the automaton M depicted in Fig. 1.To solve the corresponding supervisory control problem SCT[ , uc , A, G] instead, an automaton M conforming with Eq. 20 which corresponds to SCT[ , uc , A, G] is needed.The only structural difference between M and M is that the former distinguishes environment and system states, while the latter distinguishes controllable (ticked) and uncontrollable transitions.However, due to the alternation of uc = U and c = Y in A and G, these changes are only cosmetic.For convenience, we depicted M corresponding to SCT[ , uc , A, G] in Fig. 3.
Using Eq.21 to solve SCT[ , uc , A, G] over M results in Win( M) = Q with rank(q 3 ) = (1, 2), rank(q 4 ) = (1, 1), rank(q 6 ) = (2, 2).Defining a supervisor based on this ranking and extracting a reactive module via Eqs.26-31 results in a system strategy which always transitions from q 3 to q 4 .Comparing this solution to the one obtained in Example 2, we see that the four-nested fixed point in Eq.21 allows to distinguish between transitioning from q 3 to q 4 or to q 6 and, as a consequence, chooses the former to not falsify the assumptions.This clearly constitutes a more desirable solution to problem Interestingly, G is relatively topologically closed w.r.t A, and we can therefore also compute a maximally permissive supervisor (see Remark 6).This supervisor enables every available transition in every state and therefore leaves the choice to the plant whether it transitions to q 4 or q 6 in q 3 .As we assume that the plant only generates runs which correspond to words in A, it will always eventually transition from q 3 to q 4 , implying that the resulting closed loop fulfils the guarantee.

Supervisory control via reactive synthesis
We now consider a supervisory control problem and aim for a solution via reactive synthesis.Within this section, we discuss two different possible transformations and show that in both cases the resulting supervisor is non-conflicting if the plant behaviour A is topologically closed.

Control-patterns as system outputs
In this section, we match the ranges of the respective feedback maps without imposing any a-priori assumptions on the problem parameters.In this sense, our approach here is rather general.However, to obtain a qualifying supervisor, we will need to impose relevant restrictions in retrospect.Similar to Section 5.1, our approach is organised in two steps.Given a supervisory control problem, we (i) derive a corresponding reactive synthesis problem q 0 q 1 q 2 q 3 q 4 q 5 q 6 Step (i) Given a supervisory control problem SCT[ , uc , A, G], we are provided an alphabet , a set of uncontrollable events uc ⊆ , a plant behaviour A ⊆ ω and an upper-bound specification G ⊆ ω on the closed-loop behaviour.As before, we associate the supervisory controller with the reactive module, i.e., the system to be designed.In order to define the input range U and the output range Y , recall from Section 4.1 that a supervisor is a map f : * → that applies a control pattern γ = f (s) after the system has generated the sequence s ∈ * .The system in turn generates the next event σ ∈ , and so forth.Therefore, a nearby choice U and Y is given by and , respectively.The interaction of the supervisor and the plant always starts with the former applying a control pattern γ = f ( ), i.e., the system to be designed has the first move.In contrast, in our description of reactive synthesis, any run begins with a move by the environment.We therefore introduce a distinguished dummy event 0 ∈ which will pass on the first move to the system to be designed; i.e., and define U := and Y := .With this choice, a reactive synthesis problem refers to ω-languages that are subsets of (U Y ) ω = ( ) ω and we need to transform our problem parameters A, G ⊆ ω accordingly.We begin with the specification G by pre-pending the distinguished event 0 ∈ and by interleaving any control-patterns between each two events from to obtain The plant A is transformed similarly, while ensuring that once a control pattern γ ∈ has been applied, the next event σ ∈ will be within γ .We obtain This results in the reactive synthesis problem RS[U, Y, A , G ]. To this end, we assume that RS[U, Y, A , G ] exhibits a solution r : U + → Y with associated behaviour L .
Step (ii) Given L from Step (i), we construct as a candidate to solve SCT[ , uc , A, G].It is shown in Appendix C, Proposition 4, that L indeed satisfies (SC1), (SC2) and we have that L ⊆ A → G, as consequences of (RM1) and (RM2) holding for L and of L ⊆ A → G .In particular, L is the behaviour associated with a supervisor that enforces the upper bound specification Furthermore, it is shown in Appendix C, Proposition 5 that pfx L and pfx A do not deadlock.
Referring back to Problem 2, we are left to verify that K is non-empty and that A and L are non-conflicting, or to give conditions under which this holds.
Result Whenever A is topologically closed, we know that the absence of deadlocks in the closed loop, Eq. 4, implies non-conflictingness of A and L, Eq. 16.Hence we can use topologically closedness as a sufficient condition to conclude that the supervisor with associated behaviour L given in Eq. 35 solves SCT[ , uc , A, G].
Theorem 2 Given a finite alphabet with the non-empty set of uncontrollable events uc ⊆ , a plant A ⊆ ω and a specification G ⊆ ω , consider the supervisory control problem SCT[ , uc , A, G].Pre-process the parameters according to Eqs. 32-34 to If the plant A is topologically closed, then L defined by Eq. 35 By the above theorem we have the following result.Given an instance of the supervisory control problem with topologically closed plant and assuming that the corresponding reactive synthesis problem has a solution, this solution can be transformed into a non-blocking supervisor solving the initial control problem.Technically, the overall procedure amounts to pre-processing the problem instance by Eqs.32-34, using the reactive synthesis procedure discussed in Section 3.3 to compute a reactive module, and post-processing the latter by Eq. 35.This is illustrated by the following example.This results in splitting every state q ∈ Q of M into a system state q 1 and k environment states q 0 k with k ∈ {1, . . ., K} and K being the number of possible control patters available in q.Then the transition from q 1 to q 0 k is labelled with the respective control pattern γ k ⊆ .Outgoing transitions of q 0 k mimic outgoing transitions of q in M, i.e., a transition (q, σ, q ) ∈ δ of M is copied to all (q 0 k , σ, q 1 ) ∈ δ of M for which σ ∈ γ k .Finally, we add a dummy initial state d whose outgoing transition is labelled by the dummy event 0 and which leads to the system part p 1 of M's initial state p.
The resulting automaton M is depicted in Fig. 4, where all γ -labels are trimmed to the events actually available at its source state.The sets of final states are translated in the obvious way, resulting in T 0 = {r 0 , s 0 } (blue) and T 1 = {s 1 } (red).Depending on the controllability status of event b we get one or two possible control patterns in state q.I.e., if b ∈ uc we obtain the automaton without q 0 2 , while b ∈ \ uc results in the full automaton containing both q 0 1 and q 0 2 . 2 ) and uc = (excluding q 0 2 ).The final state sets are T 0 = {r 0 , s 0 } (blue) and T 1 = {s 1 } (red) Discrete Event Dynamic Systems (2020) 30:81-124 We now use M as the input to the reactive synthesis algorithm in Section 3.3.If uc = the system has no choice in any of the system states.Therefore, it cannot prevent the environment to always take transition b in q 0 .Hence, the set of winning states is empty which coincides with the solution of case (C) in Example 3. If uc = \ {b}, the system has a choice in q 1 and can apply the control pattern {d}, effectively disabling b in q of M in Fig. 2.This coincides with the solution obtained of case (B) in Example 3.

Equivalence of problem statements
Given the results in Theorems 1 and 2, we have established that for topologically closed plants both synthesis problems can be solved via the respective other one.However, our construction assumes that the respective target problem exhibits a solution.Since Theorem 2 uses a non-trivial transformation of the problem parameters A and G, the two theorems alone do not establish equivalence of the two problems regarding solvability.For this purpose, we show in Appendix C, Proposition 6, that our transformation of The above corollary relates to the observation in Remark 4 and Remark 8 that the algorithmic solution of both problem statements reduce to the computation of the same 2-nested fixed point if A is topologically closed.However, it should be noted, that the input automata to both algorithms differ (compare Figs. 2 and 4 for an example).

Input-output behaviours
The transformation proposed in Section 5.2.1 turned out technically involved because it needed to encode a mechanism to interleave plant symbols with control patterns in a single language.Therefore, we expect considerable simplifications when we restrict the discussion to plant behaviours in which controllable and uncontrollable events alternate.Technically, we now consider a supervisory control problem with parameters uc and A, G ⊆ ( uc ( − uc )) ω .As we will match inputs and outputs with uncontrollable and controllable events, respectively, we refer to this class of behaviours as input-output behaviours.We again derive a solution of the given supervisory control problem via reactive synthesis in two steps.Step (ii) L satisfies (RM1)-(RM3) and we need to derive a behaviour that satisfies (SC1) and (SC2).Topological closedness (SC1) is immediate by (RM1).Regarding (SC2), we propose the following transformation:

Step (i)
It is shown in Appendix D, Proposition 7, that the above construct L indeed satisfies (SC1) and (SC2) and, moreover, retains the absence of deadlocks, i.e., pfx L and pfx A do not deadlock.
For L to solve the control problem, we are left to establish that its corresponding supervisor is non-blocking and that it enforces the language inclusion specification; technically, A and L must be non-conflicting with ∅ = A ∩ L ⊆ G.
Result Using the same reasoning as in Section 5.2.1, we see that non-conflictingness of A and L is implied by the absence of deadlocks provided that A is topologically closed.Using this sufficient condition, we get the following result on the synthesis of supervisors for input-output behaviours via reactive synthesis.If the plant A is topologically closed, then L defined by Eq. 36 Given the results in Theorem 1 and Theorem 3, we have established that both synthesis problems can be solved via the respective other one under the assumption of a topologically closed plant.By additionally requiring that A and G are input-output behaviours, neither of the proposed transformations affects the problem parameters A and G. Hence, both problem statements are equivalent w.r.t.solvability, as summarised in the following corollary, complementing Corollary 1.

Corollary 2 Given an alphabet with the non-empty set of uncontrollable events uc
, let U = uc and Y = − uc .For any non-empty topologically closed behaviour A ⊆ (U Y ) ω and any upper bound G ⊆ (U Y ) ω , the supervisory control problem SCT[ , uc , A, G] has a (ω-regular) solution if and only if the reactive synthesis problem RS[U, Y, A, G] has a (ω-regular) solution.
Theorem 1 and Theorem 3 show that in the special case of input-output behaviours a sound transformation is obtained by simply choosing U = uc and Y = − uc and keeping A and G unchanged otherwise.
In this setting, the automaton M defined for reactive synthesis and for supervisory control in Eqs.7 and 20, respectively, coincide; compare Figs. 1 and 3 for an example.Technically, states with outgoing transitions from U = uc (resp.Y = − uc ) correspond to environment states (resp.system states).Likewise, outgoing transitions from an environment state (resp.system state) are considered uncontrollable (resp.controllable).Therefore, the unconditioned version Pre(T ) = Pre(T , ∅) of the pre-operator defined in Eq. 22 coincides with the controllable pre-operator Pre 1 defined in Eq. 9. Following up Remarks 4 and 8 for topologically closed ω-languages A, both synthesis algorithms compute the same 2-nested fixed-point, see Eqs. 12 and 25.Hence, for topologically closed input-output behaviours both solution techniques also coincide on the automaton level.

Non-falsifiable assumptions and strong non-anticipation
By our comparison so far the reactive synthesis problem can be solved via supervisory control.However, the converse transformation in general fails as a non-blocking supervisor by definition requires that L and A are non-conflicting and this requirement cannot be expressed by an upper-bound specification in the reactive synthesis problem under consideration.We have seen in Section 5.2 that topological closeness of A can be used as a sufficient condition to ensure that the solution L obtained via reactive synthesis is such that L does not conflict with A.
In this section, we present two alternative weaker conditions for a non-conflicting closed loop which were independently developed in either field, and we discuss how they relate.Technically, both conditions address the situation of input-output behaviours and, in this regard, follow up our discussion in Section 5.2.2.

Non-falsifiable assumptions in reactive synthesis
Consider a reactive synthesis problem RS[U, Y, A, G] with solution L, which implies that L and A do not deadlock.Hence, the closed-loop configuration can continue for infinitely many computation cycles to generate an ω-word α ∈ (cloA) ∩ (cloL).Since L is closed, we also have α ∈ L. However, one may fail on α ∈ A, and, by the specification L ⊆ A → G, risk that α ∈ G (see e.g.Example 2).Technically, the problem statement of reactive synthesis does not prevent the construction of a reactive module such that there exists s ∈ (pfx This implies for all extensions β ∈ (U ∪ Y ) ω with sβ ∈ L that sβ ∈ A. For parameters G ⊆ A we obtain sβ ∈ G, i.e., after the finitely many computation cycles represented by s it is known that the guarantee will not be satisfied.
This issue can be avoided if the given assumption A is non-falsifiable11 in the following sense.Given the two player game interpretation used in the algorithmic synthesis of reactive modules (see Section 3.3), an assumption is called non-falsifiable, if the environment player has a winning strategy in the Büchi game (H, T 0 ) over the game graph H .In this case, there exists a causal map by which the environment can organise its moves, which ensures that for any infinite play some final environment state q ∈ T 0 is visited infinitely often, regardless of the moves chosen by the reactive module.In this sense, both players win and we have α ∈ A ∩ L for any ω-word generated in the closed-loop configuration.

Strong non-anticipation in supervisory control A closely related issue has been identified
in the context of supervisory control by Moor et al. (2011).Consider a supervisory control problem SCT[ , uc , A, G] with plant A ⊆ ω and specification G ⊆ A, and let L ⊆ ω denote a solution.As we ask for a non-blocking supervisor, we know that at no specific instance of time the supervisor can prevent the plant to attain its acceptance condition, i.e., for all s ∈ K loc we have s ∈ pfx(A ∩ L) and there exists β ∈ ω such that sβ ∈ A ∩ L. However, this does not rule out supervisors which require the plant to eventually take certain transitions that depend on future control patterns, i.e., the plant may need to anticipate the moves of the supervisor.
We illustrate this subtle issue by the following example adapted from Moor et al. (2011).
Example 6 Consider the automaton given in Figure 5 and assume that F A = {AA, BB} and F G = {AA}.A supervisor solving the synthesis problem may therefore at some stage disable 0 A AA B BB Fig. 5 Transition structure of a Büchi-automaton realising a plant behaviour that needs to anticipate future control patterns in order to satisfy its acceptance condition.Accepting states are marked in red and controllable transitions are indicated by a tick the transition from B to BB for all future.If the plant is not aware of this restriction, it might still organise its moves in the attempt to satisfy its acceptance condition by visiting BB infinitely often, e.g., by always transitioning form 0 to B. This results in an infinite sequence which falsifies the assumptions.
To avoid the implicit need for cooperation, there is an interest in plant behaviours that can attain their acceptance conditions independently of the supervisor.A class of such plant behaviours has been characterised by Moor et al. (2011) for the special case of input-output behaviours.The reported results amount to a representation of A as a union of topologically closed components that each exhibit Y = − uc as a locally free input.It is further shown that this condition is equivalent to the controllability prefix of A w.r.t. the closure cloA to equal pfx A, i.e., cfx cloA, Y A = pfx A (37) where Y = − uc takes the role the uncontrollable events.
The latter property is referred to as strong non-anticipation.Referring to the game theoretic interpretation of supervisory control used in the discussion of the synthesis algorithm in Section 4.3, Eq. 37 requires that the local plant pfx A is always in a winning configuration regarding the satisfaction of its own acceptance condition, i.e., at any time the plant can decide to internally apply a causal feedback map to choose the next event such that the plant acceptance condition will be met regardless the control imposed by the supervisor.By strong nonanticipation, a non-conflicting closed loop, Eq. 16, is implied by the absence of deadlocks.
Since non-conflictingness imposes its formal requirements only on words within the local closed loop, (pfx A) ∩ (pfx L), we may use the weaker condition to conclude a non-conflicting closed loop from the absence of deadlocks; see Appendix D, Proposition 9, for a formal proof.
If we synthesise L by supervisory control, the closed loop will be non-conflicting by construction.To additionally ensure Eq. 38, we can pre-process the specification s.t.
Comparison When comparing the game theoretic interpretations of non-falsifiable assumption and strong non-anticipation, the former requires the "environment to play clever" from the very beginning, whereas the latter allows the plant to start doing so eventually.This suggests that whenever an assumption is non-falsifiable we have ∈ cfx cloA, Y (A), which is indeed always the case if Eq. 37 holds; see Appendix D, Proposition 8, for a formal proof.Hence, the condition of a non-falsifiable assumption is weaker then the condition of a strongly non-anticipating plant behaviour.More precisely, we have that (i) topological closedness of A implies (ii) strong non-anticipation, which in turn implies (iii) (38), to finally imply (iv) A to be a non-falsifiable assumption.The converse implications, however, do not hold in general.
Result Referring to the simple transformation discussed in Section 5.2.2, we consider an instance of the supervisory control problem SCT[ , uc , A, G] where A and G are inputoutput behaviours, and the corresponding reactive synthesis problem RS[U, Y, A, G], with U = uc , Y = − uc .As the condition in Eq. 38 constitutes a closed-loop property, it can be verified after a solution L of RS[U, Y, A, G] is computed.If this test passes, we can conclude that the absence of deadlocks, Eq. 4, implies a non-conflicting closed loop, Eq. 16.With this, we can use Eq.38 as a sufficient condition to establish a solution of SCT[ , uc , A, G] via RS[U, Y, A, G] analogously to Theorem 3. Nevertheless, as Eq.38 is weaker then topological closeness of A, we obtain a generalisation of Theorem 3.

Theorem 4 Given the premises of Theorem 3,
L defined by Eq. 36 solves SCT[ , uc , A, G] if Eq. 38 holds.If L is ω-regular, then so is L.
Again referring to Theorem 1 from Section 5.1, but now using Theorem 4 rather than Theorem 3, we obtain the following generalisation of Corollary 2. Referring back to the discussion below Corollary 2, we still have that the automata realisations of the two corresponding problem instances are effectively identical.As A is not assumed to be topologically closed, we now have to use the three-nested fixed-point algorithm in Eq. 10 to solve the reactive synthesis problem and, in turn, to obtain a solution of supervisory control problem.Note that it is not evident how the four-nested fixed-point for supervisory controller synthesis (21) can be directly converted to a three-nested fixed-point to specifically address strongly non-anticipating plants.
Example 7 Consider the instance of Problem 2 represented by M depicted in Fig. 3 and the automaton M depicted in Fig. 1 representing the corresponding instance of Problem 1. Recall from Example 2 that a solution of the latter is given by a reactive module which always transitions from from q 3 to q 6 .The only possible closed-loop run on M is hence given by the sequence q 0 q 1 q 2 (q 3 q 6 ) ω , and this run generates an ω-word α ∈ (cloA) ∩ L but α ∈ A. In particular, we have pfx α ⊆ (pfx A) ∩ (pfx L) and, if our condition in Eq. 38 was satisfied, we had that pfx α ⊆ cfx cloA, Y A. Here, the definition of the controllability prefix, Definition 2, requires that there exists a choice of uncontrollable events, by which the plant can enforce to attain its acceptance condition.However, this is not possible given that the choice of controllable events taken by the module only allows for the run q 0 q 1 q 2 (q 3 q 6 ) ω .Therefore, Eq. 38 is not satisfied for this example.This is as expected, since the given solution to Problem 1 falsifies the assumptions.

Conclusion
We have described a variant of reactive synthesis (RS) with upper-bound language-inclusion specification which explicitly addresses environment assumptions and, thus, is a promising candidate when aiming for a comparison with supervisory control theory (SCT).For SCT, we have presented a variant that uses ω-languages as the base model and, hence, matches this characteristic feature of RS.For both domains we present technical problem statements and we derive behavioural characterisations of reactive modules and supervisors, respectively.This facilitates a technical comparison.In our attempt to transform problem instances from one domain of research to the other, we make the following core observations.We succeed unconditionally in solving any instance of the considered RS problem by using SCT; see Section 5.1 (Theorem 1).On the practical side, our proposed transformation retains regularity and we may apply the four-nested fixed-point algorithm from SCT to obtain a reactive module.Notably, the obtained reactive module will not actively falsify the assumptions on the environment.This additional property is enforced by the SCT algorithm as it only computes solutions which do not conflict with the environment assumptions.As the latter property cannot be encoded as an ω-regular property, the four-nested fixed-point algorithm cannot result from a straightforward translation of an LTL synthesis problem into a μ-calculus formula over a two-player game.This provides a new perspective on algorithms ensuring solutions which do not falsify the assumptions, which is an active field of research in the RS community.
The reverse transformation does not work out in general.The reason is that the additional property of non-conflicting solutions required by SCT is not guaranteed by solutions to the RS problem.For this reason, we can only solve a synthesis problem from SCT by RS, if we ensure a non-conflicting closed-loop by imposing additional restrictions on the problem parameters.To this end, we identify three cases: topologically closed plants, Theorem 2, topologically closed plants with alternating inputs and outputs, Theorem 3, and strongly non-anticipating plants with alternating inputs and outputs, Theorem 4. The last, in our opinion, is of particular interest since the additional assumption of strong nonanticipation is weaker then topologically closedness and well motivated for hybrid systems or abstractions thereof, see Moor et al. (2011).It is furthermore both conceptionally and technically closely related to non-falsifiable assumptions, a condition developed independently in the RS community.Again, each of the proposed transformations retains regularity of the problem parameters and, hence, can be used to practically synthesise supervisors by algorithms from RS.Hence, for the considered class of plant behaviours we see that a three nested fixed-point computation suffices and may therefore expect computational benefits as a trade-off when imposing additional conditions on the supervisor synthesis problem.
Referring back to the transformation of RS problems via Theorem 1 into synthesis problems in SCT, it is observed that it affects the solutions but not the problem parameters.The same is true for the reverse transformations of input/output behaviours in Theorems 3 and 4.This establishes equivalence of the two problems regarding solvability for respective subclasses of plants as stated in Corollaries 2 and 3. Likewise, we establish by Corollary 1 the equivalence of the transformed problems regarding solvability for topologically closed but non-alternating plants behaviours.Moreover, we show that for topologically closed plant behaviours with alternating inputs and outputs both fixed-point algorithms collapse to the same 2-nested fixed-point.Using Corollary 2, this establishes equivalence of both synthesis algorithms in this case.you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material.If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
for an arbitrary u ∈ U .Let s ∈ (U Y ) * U and y ∈ Y denote the unique choice to satisfy (41) for v.By (RM2), we obtain syu ∈ pfx L, and, hence, we can choose y ∈ Y such that syuy ∈ pfx L.
With s = syu, we observe p U s = vu and s y ∈ pfx L, i.e., s and y satisfy Eq. 41 for vu.Now consider any s ∈ (U ∪Y ) * and y ∈ Y with p U s = vu and s y ∈ pfx L. Since the length of vu is at least 2, we can decompose by s = t û ŷu with û ∈ U and ŷ ∈ Y .By the induction hypothesis, we obtain t û = s and ŷ = y.Hence, s = syu = s .Together with (RM3), this also implies y = y .
Step  r (v).Since this holds true for any prefix, we have α ∈ L .For the converse inclusion, pick any α ∈ L .By s i y i < α, s i ∈ (U Y ) (i−1) U , y i ∈ Y , i ∈ N, we construct a strictly monotone sequence of prefixes of α.Observe via (RM2) that s 1 ∈ pfx L. Now assume s i ∈ pfx L for some i ∈ N and consider v := p U s i .By the claim in (A), there uniquely exists s ∈ (U Y ) * U and y ∈ Y such that Eq. 41 holds, where we have y = r (v) and s = f (v).Uniqueness then implies s i = s and, referring to the definition of the associated behaviour, we also have y i = r (v).We conclude s i y i ∈ pfx L, and hence, by (RM2), s i+1 ∈ pfx L. Thus, infinitely many prefixes (s i ) i∈N of α are within pfx L. Topological closedness (RM1) then implies α ∈ L.
Proof of Lemma 2 Technically, our lemma can be interpreted as a special case of Proposition 3.1 in Ramadge (1989a) when applied to the formal plant behaviour A = ω .In the interest of a self-contained exposition, we provide a direct proof.First, let f : * → denote a supervisor with associated behaviour L as in Eq. 14.For our argument, we consider the * -language We observe that pfx L ⊆ L and, hence, L ⊆ limpfx L ⊆ limL.Moreover, t ∈ L implies pfxt ⊆ L, i.e., L is prefix-closed, and limL ⊆ L. Hence, limL = L.We now establish (SC1), (SC2) and non-emptiness of L.
Ad (SC1) As the limit of a prefix-closed * -language, L is topologically closed.Ad (SC2) We pick arbitrary s ∈ pfx L and σ ∈ uc to show that sσ ∈ pfx L. We begin with t 1 := s ∈ L to construct a sequence (t i ) i∈N by t i+1 := t i σ .From σ ∈ uc ⊆ f (t i ), we obtain t i ∈ L for all i ∈ N. By construction, (t i ) i∈N is strictly monotone and, hence, the limit amounts to a singleton α Observe that sσ = t 2 < α, to conclude sσ ∈ pfx L. Ad L = ∅ Observe that ∈ L. Since uc = ∅ we can pick an arbitrary σ ∈ uc and conduct the same construction as in (SC2), now starting with t 1 = , to obtain α ∈ L.
For the converse implication, we now consider any non-empty L ⊆ (U Y ) ω that complies with (SC1) and (SC2) to define the supervisor f : * → , with associated behaviour L , and we show that L = L .
In particular, we have sσ ∈ pfx L and, hence, σ ∈ f (s).By the arbitrary choice of the prefix, we conclude that α ∈ L from Eq. 14.Ad L ⊆ L Pick any α ∈ L .We fist show that pfx α ⊆ pfx L by induction over the length of the respective prefix.Clearly, the claim is true for the prefix of length 0, i.e., we have ∈ pfx L by non-emptiness of L. For the induction step, consider s ∈ pfx L and σ ∈ with sσ < α.Since α ∈ L we obtain σ ∈ f (s) from Eq. 14.If σ is in the left union component of Eq. 43, we directly obtain sσ ∈ pfx L. If σ is in the right union component uc , we also obtain sσ ∈ pfx L from the proof of (SC2).Hence, pfx α ⊆ pfx L and we finally obtain α ∈ L by topological closeness (SC1).

B Reactive synthesis via supervisory control
The following technical proposition summarises relevant properties obtained by our construction of L in Eqs. 26, 27 and 31.
Proof Recall that L is the behaviour associated with the supervisor f and, hence, exhibits the properties (SC1) and (SC2).As a preliminary observation, we show that L and (U Y ) ω are non-conflicting.Pick any s ∈ (pfx L ) ∩ (pfx(U Y ) ω ).If s ∈ (U Y ) * , we refer to universal controllability (SC2) to obtain su ∈ pfx L for any u ∈ U .If s ∈ (U Y ) * , we must have s ∈ (U Y ) * U and we refer to Eq. 29 to obtain that sy ∈ pfx L for some y ∈ Y .In both cases, we have established the existence of some σ ∈ such that sσ ∈ (pfx L ) ∩ (pfx(U Y ) ω ), i.e., the two languages do not deadlock.Note that L is topologically closed (SC1) and that (U Y ) ω is topologically closed, too.Thus, not to deadlock implies non-conflictingness.
We now turn to the individual claims suggested by the proposition.
Ad (RM1) The intersection L of two topologically closed languages is itself topologically closed.Ad (RM2) Pick any s ∈ * , u , u ∈ U and assume that su ∈ pfx L .In particular, su ∈ pfx L and, by (SC2), su This implies sy ∈ pfx L and sy ∈ pfx L , and, by Eq. 30, y = y .Ad A ∩ L ⊆ A ∩ L We pick any α ∈ A ∩ L and establish α ∈ L. Since L is topologically closed, it is sufficient to show that pfxα ⊆ pfx L and we do so by induction.By L = ∅, we have ∈ pfx L, i.e., the claim is true for the prefix < α of length 0.
In particular, this implies σ ∈ f (s).We extend sσ by an arbitrary β ∈ ω uc , and refer to the induction hypothesis s ∈ pfx L to obtain sσ β ∈ L. This implies sσ ∈ pfx L and thereby completes the induction step.This concludes the proof of α ∈ L with A ∩ L ⊆ A ∩ L as an immediate consequence.
Regarding ω-regularity, we first observe that all post-processing is performed for topologically closed languages.Thus, there are no acceptance conditions.The language associated with h is the intersection of cloA and L and amounts to a product composition.The static filter h can be implemented on a per-state basis.In particular, the language L associated with f := h • h is ω-regular.Hence, L = L ∩ (U Y ) ω is ω-regular, too.

C Supervisory control via reactive synthesis -control-patterns as outputs
The following three technical propositions summarise relevant properties obtained by our construction of L from L in Eq. 35 w.r.t. the plant and specification as transformed by Eqs.33 and 34.
Proposition 3 Consider a finite alphabet , uncontrollable events uc , ∅ = uc ⊆ , control patterns := { γ ⊆ | uc ⊆ γ } and extended variants thereof as defined in Eq. 32, and, for an arbitrary language L ⊆ ( ) ω , the variant L ⊆ ω defined in Eq. 35.If L is topologically closed, then so is L.
Proof In general, topological closedness is not retained under projection.Thus, in order to establish the claim, we need to explicitly refer to the special situation of alternating visible symbols and invisible symbols, as well as to the fact that the alphabets under consideration are finite.Pick an arbitrary β ∈ cloL and denote (s i ) i∈N a sequence s i < s i+1 ∈ pfxβ ⊆ pfx L for all i ∈ N. Define the sets of * -words from the full alphabet that comply with s i , i ∈ N, by We can also extend 0tγ σ to an ω-word in L , however, in order to address (35) we need to take care that all prefixes comply with past control patterns.For an inductive argument, pick any rσ ∈ pfx L .By the alternating structure of L , we find γ ∈ such that rσ γ ∈ pfx L and, by the free input (RM2), we can choose any ∈ γ to obtain rσ γ ∈ pfx L .This construction maintains compliance with control patterns, i.e., rσ ∈ L implies rσ γ ∈ L. Applying this construction to the initial string 0tγ σ ∈ pfx L , and referring to topological closedness (RM1), we obtain an ω-word 0tγ σ α ∈ L such that pfx(0tγ σ α ) ⊆ L. For the projection, we have p (0tγ σ α ) = 0sσ p α, and, referring to the definition of L in Eq. 35, we obtain sσ ∈ pfx L. This concludes the proof.
Proof of Theorem 2 Regarding L, (SC1), (SC2) and non-emptyness are established by Propositions 3 and 4.Moreover, we obtain by Proposition 5 that A and L do not deadlock.Since both languages are topologically closed, this implies non-conflictingness.Since the intersection of non-empty and non-conflicting languages is non-empty12 , we obtain for the closed-loop behaviour ∅ = K := A ∩ L. For the specification, we again refer to Proposition 4 to obtain Now assume that L is ω-regular and consider a finite automaton realisation A = (Q, ∪ , δ, Q o ).Since L is topologically closed, we do not need to consider an acceptance condition and we can without loss of generality assume that A is deterministic and reachable.A finite automaton realisation A of L as defined by Eq. 35 can be constructed in three steps.
Step (i) We can test on a per state basis whether or not enabled transitions are labeled in compliance with the recent control pattern.Here, we may need to split states in order for the most recent control pattern to be unique for each state.We then remove all transitions which are meant to be disabled by the most recent control pattern an denote the resulting automaton A .This automaton realises the language Step (ii) We refer to well known algorithms that implement the projection to obtain A to realise L := p L and to observe that Although in general projection does not retain realisability by deterministic Büchi automata, in the absence of an acceptance condition we may determinise the result by the common subset-construction.
Step (iii) We perform the intersection with 0( ) ω and drop the leading 0-symbol.Again, these operations retain regularity and respective algorithms are well known.We denote the resulting automaton A and observe that A indeed realises L.
The following proposition is used to support the proof of the equivalence Corollary 1. patterns in ω-words α ∈ L after every single symbol.This construction can be realised by adding a marker-bit to the state set of A, effectively doubling the state count, and by extending the transition relation in order to track whether or not a control pattern is to be inserted next.Here, the control pattern to be inserted is identified as the set of enabled events in the corresponding state of A. In particular, the resulting automaton has a finite state count.

D Supervisory control via reactive synthesis -input-output behaviours
The following technical proposition summarises relevant properties obtained by our construction of L in Eq. 36.
Proposition 7 Consider a finite alphabet , uncontrollable events uc , ∅ = uc , let U = uc and Y = − uc .Consider arbitrary languages A, L ⊆ (U Y ) ω and the variant L ⊆ ω defined in Eq. 36.
If L satisfies (RM1) and (RM2) and if pfx L and pfx A do not deadlock, then L satisfies (SC1) and (SC2).and that α must have infinitely many prefixes in at least one of the union components.We distinguish two cases.If, case (a), α has infinitely many prefixes in pfx L, we refer to refer to topological closedness (RM1) to obtain α ∈ L ⊆ L .For the complementary case (b), α has finitely many prefixes in pfx L and, hence, infinitely many in (pfx L) * uc .In particular, there is a longest prefix s < α with s ∈ pfx L).Therefore, we have α ∈ s ω uc ⊆ (pfx L)( ω uc ).In both cases, we have established α ∈ L .Hence, L is topologically closed.Furthermore let H be the game graph induced by A and G via M in Eq. 7 with acceptance condition {T 0 , T 1 }.Then, the environment, player 0, has a winning strategy f 0 in the Büchi game (H, T 0 ) if and only if ∈ cfx cloA, Y A.
Proof We prove both implications separately.First, assume there exists a winning strategy f 0 for player 0 in the Büchi game (H, T 0 ).Then all plays compliant with f 0 have corresponding words α ∈ A. Now use f 0 to define the map r : Y + → U s.t.r(p Y s) := f 0 (q) for δ(q 0 , s) = q.Then we can infer from Lemma 1 that the behaviour L associated with r satisfies (RM1)-(RM3), however, with Y the input symbols and U the output symbols.In particular, L is closed.Moreover, we have that L ∩ (cloA) ⊆ A and that pfx L and pfx A do not deadlock.Now we can apply the transformation from Section 5.2.2 and, adapting the role of inputs and outputs accordingly, to obtain L := L ∪ ((pfx L)(( − uc ) ω )).Here, we refer to Proposition 7 to obtain that L satisfies (SC1) and (SC2) with Y = − uc in the role of the uncontrollable events.In particular, we have that L is closed and that L ∩ (clo A) ⊆ A. Using V := L ∩ (clo A), we have (i) V = cloV= (cloV) ∩ (cloA) and (ii) ((pfx V)Y ) ∩ (pfx A) ⊆ pfx V. Referring to Definition 2 this implies ∈ cfx cloA, Y (A) and hence proves the first implication.
For the converse implication, assume that ∈ cfx cloA, Y (A) and consider any deterministic Büchi automaton M A = {Q, , {q 0 }, δ, F A } such that A = L ω m (M A ) and pfx(A) = L * (M).Without loss of generality, we assume that M A does not deadlock.Hence, using the trivial acceptance condition F = Q, we can realise cloA on the same transition structure and we denote M = (Q, , {q 0 }, δ, {Q, a realisation of the formal plant A = cloA and the formal guarantee G = A with uncontrollable events uc := − uc = Y and controllable events uc = U .This matches the setting of our discussion of the algorithmic solution to the synthesis problem, Section 4.3.
Here, we refer to the simplified fixed-point in Eq. 25 for topologically closed plants, which for our problem parameters amounts to with inverse dynamics operator, Eq. 22, Recall from our discussion in Section 4.3 that a string is in the controllability prefix if and only if it leads to a winning state; i.e., technically s ∈ cfx A , uc (G ) if and only if δ(q 0 , s) ∈ Win(M ).In particular, we obtain that q 0 ∈ Win(M ) from the prerequisite ∈ cfx cloA, Y (A) = cfx A , uc (G ).
We now turn to an interpretation in the context of reactive synthesis and recall that the alternation of input symbols and output symbols induces a disjoint union composition of the state set and the transition relation.Technically, we refer to Eq. 7 and write and with an arbitrary dummy parameter T 1 ⊆ Q.Note that, at this stage, we are not interested in solving a reactive synthesis problem.Instead, we consider the Büchi game (H , T 0 ) from the perspective of player 0, where H denotes the game graph associated with M .It is well known that this game can be solved via the fixed-point Win 0 = νX 4 .μX 3 .Pre 0 (X 3 ) ∪ (T 0 ∩ Pre 0 (X 4 )) (60) with the player-0-controllable prefix defined Pre 0 (T ) := { q ∈ Q 0 | δ 0 (q, U ) ∩ T = ∅ } ∪ { q ∈ Q 1 | δ 1 (q, Y ) ⊆ T } ; (61) see also Eqs. 9 and 12, our argument in Remark 4 and the provided references (i.e., Maler et al. 1995;Zielonka 1998).In particular, there exists a winning strategy for player 0 if and only if q 0 ∈ Win 0 .We now observe (a) that the player-0-controllable prefix (61) matches the inverse dynamics operator (58), i.e., we have Pre 0 (T ) = Pre(T ) for any T ⊆ Q; and (b) that the two fixed-points ( 57) and ( 60) coincide.This implies that Win(M ) = Win 0 .In particular, we obtain that q 0 ∈ Win 0 from q 0 ∈ Win(M ), and, hence, there exists a winning strategy f 0 for player 0 in (H , T 0 ).Recall that our entire argument is valid for any deterministic Büchi automaton realisation M A of A. Hence, our argument also applies to the specific case where we choose M A to have the same state set and the same transition relation as M from Eq. 7 obtained from the actual problem parameters A and G.We then have that M = M and, hence, the associated game graph H matches H . Thus player 0 has a winning strategy f 0 in the Büchi game (H, T 0 ).

Proposition 9 Given an alphabet with the non-empty set of uncontrollable events uc
, let U = uc and Y = − uc .For an assumption A ⊆ (U Y ) ω and a guarantee G ⊆ (U Y ) ω , let L denote a solution to the reactive synthesis problem, Problem 1.If Eq. 38 holds then A and L are non-conflicting.

Example 3 Fig. 2
Fig. 2 Transition structure of automaton M in Eq. 20 representing A and G for the instance of Problem 2 which is solved in Example 3 RS[U, Y, A, G].A proof is given in Appendix B. Theorem 1 Given non-empty alphabets U , Y , U ∩ Y = ∅, the assumption A ⊆ (U Y ) ω , and the guarantee G ⊆ (U Y ) ω , consider the reactive synthesis problem RS[U, Y, A, G].Let := U ∪ Y and uc := U .If a supervisor f : * → with associated behaviour L solves the supervisory control problem SCT[ , uc , A, G], then L , as defined by Eqs. 26, 27 and 31, solves RS[U,

Fig. 3
Fig. 3 Automaton M representing SCT[ , uc , A, G] in Example 4 which corresponds to RS[U, Y, A, G] represented by M in Fig. 1.Final states are F A = {q 4 } (blue) and F G = {q 5 } (red) and transitions labelled by controllable events − uc are indicated by a tick

Example 5
Consider the supervisory control problem SCT[ , uc , A, G] discussed in Example 3, s.t.M depicted in Fig. 2 represents G and A with F G = {s} and F A = {s, r}.As M cannot generate infinite strings which do not visit either r or s infinitely often, it follows that A is topologically closed.To obtain the corresponding reactive synthesis problem RS[U Y A G ] (as defined in Eqs.32-34), we manipulate M in Fig.2s.t. the resulting automaton M conforms with Eq. 7 and represents A and G .

Fig. 4
Fig. 4 Automaton M representing RS[U, Y, A , G ] in Example 5, which corresponds to SCT[ , uc , A, G] represented by M in Fig. 2 with uc = \ {b} (including q 02 ) and uc = (excluding q 02 ).The final state sets are T 0 = {r 0 , s 0 } (blue) and T 1 = {s 1 } (red) Given a supervisory control problem SCT[ , uc , A, G] with input-output behaviours, we can choose the correspondence U := uc and Y := − uc and obtain G, A ⊆ (U Y ) ω ; i.e., our choice constitutes qualifying parameters for the reactive synthesis problem RS[U, Y, A, G].Let L denote a solution of RS[U, Y, A, G].

Theorem 3
Given a finite alphabet with the non-empty set of uncontrollable events uc ⊆ , an input-output plant behaviour A ⊆ ω and an input-output specification behaviour G ⊆ ω , consider the supervisory control problem SCT[ , uc , A, G].Let L denote a solution to the reactive synthesis problem RS[U, Y, A, G], where U = uc , Y = − uc .

Corollary 3
Given an alphabet with ∅ = uc , let U = uc and Y = − uc .For any non-empty behaviours A, G ⊆ (U Y ) ω where A is strongly non-anticipating, the control problem SCT[ , uc , A, G] has a (ω-regular) solution if and only if the reactive synthesis problem RS[U, Y, A, G] has a (ω-regular) solution.
(B) Referring to Step (A), we can define functions f : U + → (U ∪ Y ) * and r : U + → Y such that Eq. 41 is true for s ∈ (U Y ) * U and y ∈ Y if and only if s = f (v) and y = r (v).Clearly, r is a reactive module.Step (C) We now show that the behaviour L associated with r constructed in step (B) matches L. Pick any α ∈ L and consider any prefix sy < α with s ∈ (U Y ) * U and y ∈ Y .Denote v = p U s.By sy ∈ pfx L and the unique choice in (A) this implies s = f (v) and y = Ad A and L not to deadlock Pick any s ∈ (pfx A) ∩ (pfx L ).If s ∈ (U Y ) * , we refer to (RM2) to obtain sU ⊆ pfx L .Since A ⊆ (U Y ) ω , there must exist some u ∈ U such that su ∈ pfx A. Thus, we have su∈ (pfx A) ∩ (pfx L ).If s ∈ (U Y ) * , we must have s ∈ (U Y ) * U .Consider the same sets of enabled output events as above, i.e.,Y f := f (s) ∩ Y = { y ∈ Y | sy ∈ pfx L } and Y a := { y ∈ Y | sy ∈ pfx A }, and recall that Y a ∩ Y f = ∅.By the definition of the post-processed supervisor h, we haveh(s) = uc ∪ (Y a ∩ Y f ).Thus, y ∈ f (s) for some y ∈ Y a ∩ Y f .As above, we extend sy by an arbitrary β ∈ ω uc to obtain syβ ∈ L , and, hence sy ∈ pfx L .Since L and (U Y ) ω are non-conflicting, we finally obtain that sy ∈ (pfxL ) ∩ (pfx((U Y ) ω )) = pfx L .Proof of Theorem 1 We refer to the above proposition and obtain that L satisfies (RM1)-(RM3) and that A Corollary 1 Assume that SCT[ , uc , A, G] has a (ω-regular) solution L. We then refer to Proposition 6 to obtain a (ω-regular) solution of RS[UY A G ]. Conversely, assume that RS[UY A G ] has a solution L .We then refer to Theorem 2 to obtain a (ωregular) solution of SCT[ , uc , A, G].
Moreover, L ∩ (U Y ) ω = L, (pfx L ) ∩ (pfx((U Y ) * )) = pfx L.Finally, pfx L and pfx A do not deadlock.Proof We prove the individual claims suggested by the proposition.Ad (SC1) For topological closedness, pick any α ∈ cloL , i.e., pfx α ⊆ pfx L .Note that pfx L = (pfx L) ∪ ((pfx L) * uc ) (55) Ad (SC2) For controllability, pick any s ∈ pfx L and σ ∈ uc , to obtain sσ ∈ pfx L by Eq. 55.Ad L ∩ (U Y ) ω = L This equality is immediate from the fact that for every α ∈ L − L we have α ∈ (pfx L) ω uc and, hence,α ∈ (U Y ) ω .Ad (pfx L ) ∩ (pfx((U Y ) * )) = pfx L We first show that L and (U Y ) ω are nonconflicting.Pick any s ∈ (pfx L ) ∩ (pfx((U Y ) ω )).If s ∈ (U Y )* , we refer to (SC2) and extend s by any σ ∈ U = uc to obtain sσ ∈ pfx L .Else, if s ∈ (U Y ) * , we must have s ∈ (U Y ) * U .We write s = tu with u ∈ U and refer (55) for t ∈ pfx L, and to (RM2) for s = tu ∈ pfx L. Thus, we can extend s by σ ∈ Y such that sσ = tuσ ∈ pfx L ⊆ pfx L .In both cases, we have established sσ ∈ (pfx L ) ∩ (pfx((U Y ) ω )).Since both languages are topologically closed, this concludes the proof of non-conflictingness of L and(U Y ) ω , which in turn implies (pfx L ) ∩ (pfx((U Y ) * )) = (pfx L ) ∩ (pfx((U Y ) ω )) = pfx(L ∩ ((U Y ) ω )) = pfx L. Ad A and L not to deadlock Note that (pfx A) ∩ (pfx L ) = (pfx A) ∩ (pfx L ) ∩ (pfx((U Y ) ω )) = (pfx A) ∩ (pfx L);as A and L do not deadlock, the latter equality implies that A and L do not deadlock, either.Proof of Theorem 3 Referring to Proposition 7, we have (SC1) and (SC2) for L .Note also that L = ∅ is an immediate consequence of non-emptyness of L. Regarding the specification, we observe for the closed-loop behaviourA ∩ L = A ∩ L ∩ (U Y ) ω = A ∩ L ⊆ A ∩ (A → G) = G.Again referring to Proposition 7, we also have that pfx L and pfx A do not deadlock.Thus, non-conflictingness is implied by both A and L being topologically closed.Since the latter two languages are also non-empty, it follows that A ∩ L = ∅.Inspecting (36), all operations retain regularity.Proof ofCorollary 2 Assume that SCT[ , uc , A, G] has a (ω-regular) solution.We then refer to Theorem 1 to obtain a (ω-regular) solution of RS[U, Y, A, G].Conversely, assume that RS[U, Y, A, G] has a (ω-regular) solution.We then refer to Theorem 3 to obtain a (ω-regular) solution of SCT[ , uc , A, G].Non-falsifiable assumptions and strong non-anticipationProposition 8 Given an alphabet with the non-empty set of uncontrollable events uc , consider the reactive synthesis problem RS[U, Y, A, G] with U = uc , Y = − uc , and parameters A, G ∈ (U Y ) ω , both realised by deterministic Büchi automata.
SCT[ , uc , A, G] to RS[U, Y, A , G ] retains solvability.Additionally referring to Theorem 2, this gives the following corollary.
uc ⊆ , A ⊆ ω be a plant, G ⊆ ω be a upper bound specification and U = , Y = , A and G be defined by Eqs.32-34.If the plant A is topologically closed, then SCT[ , uc , A, G] has a (ω-regular) solution if and only if RS[U, Y, A , G ] has a (ω-regular) solution.
By the definition of the post-processed supervisor h, we haveh(s) ∩ Y = (Y a (s) ∩ Y f (s)).By the definition of f , we have that f (s) ∩ Y is a singleton, i.e., we obtain that {σ Now consider s ∈ * , σ ∈ with sσ < α and assume that s ∈ pfx L. If s ∈ (U Y ) * , we have that σ ∈ U and refer to (RM2) to obtain sσ ⊆ pfx L. If s ∈ (U Y ) * , we must have s ∈ (U Y ) * U , and, hence, σ ∈ f (s) ∩ Y .Denote Y f (s) the outputs that comply with the original supervisor f given s, i.e., Y f (s) := f (s) ∩ Y = { y ∈ Y | sy ∈ pfx L }.Likewise, denote Y a the outputs that comply with the plant given s, i.e., Y a (s) := { y ∈ Y | sy ∈ pfx A }. Then non-conflictingness of A and L implies Y a (s) ∩ Y f (s) = ∅.