Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University

Model Checking The main goal of model checking is to verify whether a given model satisfies a required property (specification). Simulation relations preserve satisfiability of specifications given in the form of temporal logic formulas. Simulation is used to prove that one model is a refinement/abstraction of the other.

Varieties of simulation Various types of simulation Strong simulation (preserves CTL*) Weak simulation (preserves LTL -X ) Quasi-block simulation (is monotonic w.r.t. parallel composition) Stuttering simulation (preserves CTL* -X ) Equivalence relations and preorders (simulations and bisimulations) Models with fair constraints

(Bi)simulation checking approaches Relational coarsest partition (bisimulations only) Fixed-point approach Game-theoretic Universal (fair/unfair, simulation/bisimulation) Efficient (strong simulation)

Game-theoretic approach

Game for strong simulation

Reduction to game rules In some cases reduction can be obtained automatically, For more complex relations it is necessary to write game rules by hand. We have written game rules for stuttering (bi)simulation and proved their correctness.

Theoretical results Stuttering simulation Stuttering bisimulation Non fairO(m 2 ) time O(m 2 ) space O(mn) time O(m) space FairO(m 2 n 2 ) time O(m 2 ) space O(m 2 n 2 ) time O(m 2 ) space

Game-theoretic language Observation: Games for computing different kinds of simulation have much in common. Result: We designed the language for describing rules of simulation checking games.

Game-theoretic language : example {The game for checking strong simulation on LTS with labeled transitions} types S: (S1, S2); D: (S1, S2, A); rules (A s1)(E s2) S(s1, s2); steps S(s1, s2) -> D(s1', s2, a) : t(s1,a,s1'); D(s1, s2', a) -> S(s1, s2) : t(s2',a,s2);

Game-theoretic language We have described a number of (bi)simulations in our language: Strong Weak Block Stuttering

Simulation checking tool Our simulation checking tool checks whether there exists a simulation defined in game- theoretic terms between two models. Models Model’s BDDs Game rules Game’s BDD Game solver Answer (counterexample)

BDD We have used BDD to describe symbolically game graph and models to be checked. When we tested our tool with models that consist of 10 5 states, we ran out of memory: BDD of the game was too large Therefore, we decided to construct BDD of the game on-the-fly. However, BDD of the models must be in explicit form.

Where are we now? We are trying to answer the following questions: If there is a winning strategy, how can we find it as fast as possible? Otherwise, how can we maximally fast find a counterexample? What is the optimal order for BDD variables?

Timed automatons Timed automatons are used to model continuous and monotonous processes UPPAAL tool developed by K.G.Larsen group at Aaalborg University (Denmark) can be used to analyze timed automatons OffSoftBright press? X:=0 press? X<=3 press? X>3 Model of two-level light controller: user should press it twice quickly to turn on bright light or press once to turn on soft light.

Timed simulations We defined several timed simulations and proposed game-theoretic algorithms for solving them jointly with the K.G.Larsen group The sets of winning clock valuations are stored in the symbolic form in the game states These algorithms will be implemented in the UPPAAL tool

Questions?