From Graph Models to Game Models Tom Henzinger EPFL.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Advertisements

Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,
- 1 - Using an SMT Solver and Craig Interpolation to Detect and Remove Redundant Linear Constraints in Representations of Non-Convex Polyhedra Christoph.
Unit-iv.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Avoiding Determinization Orna Kupferman Hebrew University Joint work with Moshe Vardi.
Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)
Uri Zwick Tel Aviv University Simple Stochastic Games Mean Payoff Games Parity Games.
Vincent Conitzer CPS Repeated games Vincent Conitzer
Monte Carlo Model Checking Radu Grosu SUNY at Stony Brook Joint work with Scott A. Smolka.
Winning concurrent reachability games requires doubly-exponential patience Michal Koucký IM AS CR, Prague Kristoffer Arnsfelt Hansen, Peter Bro Miltersen.
Hybrid automata - Abstraction Anders P. Ravn Department of Computer Science, Aalborg University, Denmark Hybrid Systems – PhD School Aalborg University.
Finite State Machines Finite state machines with output
Distributed Computing 5. Snapshot Shmuel Zaks ©
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Interface Theories With Component Reuse Laurent DoyenEPFL Thomas HenzingerEPFL Barbara JobstmannEPFL Tatjana PetrovEPFL.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Energy and Mean-Payoff Parity Markov Decision Processes Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria MFCS 2011.
Krishnendu Chatterjee1 Partial-information Games with Reachability Objectives Krishnendu Chatterjee Formal Methods for Robotics and Automation July 15,
Randomness for Free Laurent Doyen LSV, ENS Cachan & CNRS joint work with Krishnendu Chatterjee, Hugo Gimbert, Tom Henzinger.
Concurrent Reachability Games Peter Bro Miltersen Aarhus University 1CTW 2009.
A Hybridized Planner for Stochastic Domains Mausam and Daniel S. Weld University of Washington, Seattle Piergiorgio Bertoli ITC-IRST, Trento.
Discounting the Future in Systems Theory Chess Review May 11, 2005 Berkeley, CA Luca de Alfaro, UC Santa Cruz Tom Henzinger, UC Berkeley Rupak Majumdar,
Stochastic Zero-sum and Nonzero-sum  -regular Games A Survey of Results Krishnendu Chatterjee Chess Review May 11, 2005.
Games, Times, and Probabilities: Value Iteration in Verification and Control Krishnendu Chatterjee Tom Henzinger.
Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.
Stochastic Games Games played on graphs with stochastic transitions Markov decision processes Games against nature Turn-based games Games against adversary.
Approaches to Reactive System Synthesis J.-H. Roland Jiang.
Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder.
Hybrid Systems a lecture over: Tom Henzinger’s The Theory of Hybrid Automata Anders P. Ravn Aalborg University PhD-reading course November 2005.
From Boolean to Quantitative System Specifications Tom Henzinger EPFL.
Chess Review November 18, 2004 Berkeley, CA Hybrid Systems Theory Edited and Presented by Thomas A. Henzinger, Co-PI UC Berkeley.
Stochastic Games Krishnendu Chatterjee CS 294 Game Theory.
Lazy Abstraction Tom Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Program Review May 10,
Quantitative Languages Krishnendu Chatterjee, UCSC Laurent Doyen, EPFL Tom Henzinger, EPFL CSL 2008.
Jun. Sun Singapore University of Technology and Design Songzheng Song and Yang Liu National University of Singapore.
Thread-modular Abstraction Refinement Thomas A. Henzinger, et al. CAV 2003 Seonggun Kim KAIST CS750b.
Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.
Model Checking Lecture 4 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Solving Large Markov Decision Processes Yilan Gu Dept. of Computer Science University of Toronto April 12, 2004.
Uri Zwick Tel Aviv University Simple Stochastic Games Mean Payoff Games Parity Games TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
Games with Secure Equilibria Krishnendu Chatterjee (Berkeley) Thomas A. Henzinger (EPFL) Marcin Jurdzinski (Warwick)
Orna Kupferman Hebrew University Formal Verification -- Deciding the Undecidable.
Avoiding Determinization Orna Kupferman Hebrew University Joint work with Moshe Vardi.
Four Lectures on Model Checking Tom Henzinger University of California, Berkeley.
Weighted Automata and Concurrency Akash Lal Microsoft Research, India Tayssir Touili, Nicholas Kidd and Tom Reps ACTS II, Chennai Mathematical Institute.
Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)
R. Brafman and M. Tennenholtz Presented by Daniel Rasmussen.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Krishnendu ChatterjeeFormal Methods Class1 MARKOV CHAINS.
Four Lectures on Model Checking Tom Henzinger University of California, Berkeley.
Hybrid BDD and All-SAT Method for Model Checking
Program Synthesis is a Game
Stochastic -Regular Games
Markov Decision Processes
Markov Decision Processes
Alternating tree Automata and Parity games
Uri Zwick Tel Aviv University
Quantitative Modeling, Verification, and Synthesis
Presentation transcript:

From Graph Models to Game Models Tom Henzinger EPFL

Graph Models of Systems vertices = states edges = transitions paths = behaviors

graph Extended Graph Models MULTIPLE ACTORS: game graph LIVENESS: -automaton PROBABILITIES: Markov decision process stochastic game regular game

Graphs vs. Games a ba a b a

Games model Open Systems Two players: environment / controller / input vs. system / plant / output Multiple players: processes / components / agents Stochastic players: nature / randomized algorithms

-synthesis [Church, Rabin, Ramadge/Wonham, Pnueli/Rosner] -receptiveness [Dill, Abadi/Lamport] -scheduling [Sifakis et al.] -reasoning about system components [Kupferman/Vardi et al.] -early error detection [deAlfaro/H/Mang] -model-based testing [Gurevich et al.] -interface compatibility [deAlfaro/H] -program repair [Bloem et al.] -etc. Applications of Graph Games

Example P1: init x := 0 loop choice | x := x+1 mod 2 | x := 0 end choice end loop S1: ( x = y ) P2: init y := 0 loop choice | y := x | y := x+1 mod 2 end choice end loop S2: ( y = 0 )

Graph Questions 8 ( x = y ) 9 ( x = y ) CTL

Graph Questions 8 ( x = y ) 9 ( x = y ) X CTL

Zero-Sum Game Questions hhP1ii ( x = y ) hhP2ii ( y = 0 ) ATL [Alur/H/Kupferman]

Zero-Sum Game Questions hhP1ii ( x = y ) hhP2ii ( y = 0 ) ATL [Alur/H/Kupferman]

Zero-Sum Game Questions hhP1ii ( x = y ) hhP2ii ( y = 0 ) ATL [Alur/H/Kupferman] X

Zero-Sum Game Questions hhP1ii ( x = y ) hhP2ii ( y = 0 ) ATL [Alur/H/Kupferman] X

Nonzero-Sum Game Questions hhP1ii ( x = y ) hhP2ii ( y = 0 ) Secure equilibra [Chatterjee/H/Jurdzinski]

Nonzero-Sum Game Questions hhP1ii ( x = y ) hhP2ii ( y = 0 ) Secure equilibra [Chatterjee/H/Jurdzinski]

Winning Conditions Qualitative: -regular (safety; Buchi; parity) Quantitative: max; lim sup; lim avg

Quantitative Game Questions hhP1ii lim sup hhP1ii lim avg

Quantitative Game Questions hhP1ii lim sup = 3 hhP1ii lim avg

Quantitative Game Questions hhP1ii lim sup = 3 hhP1ii lim avg =

Many Open Problems Buchi (lim sup) games in subquadratic time ? Parity (lim avg) games in polynomial time ??

Solving Games by Value Iteration Generalization of the -calculus: computing fixpoints of transfer functions (pre; post). Generalization of dynamic programming: iterative optimization. q Region R: Q ! V q R(q)

Solving Games by Value Iteration Generalization of the -calculus: computing fixpoints of transfer functions (pre; post). Generalization of dynamic programming: iterative optimization. q Region R: Q ! V q R(q) R(q) := pre(R(q))

Q states transition labels : Q Q transition function = [ Q ! {0,1} ] regions with V = B 9 pre: q 9 pre(R) iff ( ) (q, ) R 8 pre: q 8 pre(R) iff ( ) (q, ) R Graph

acb 9 c =( X) ( c Ç 9pre(X) )

acb Graph 9 c =( X) ( c Ç 9pre(X) )

acb Graph 9 c =( X) ( c Ç 9pre(X) )

acb Graph 9 c =( X) ( c Ç 9pre(X) ) 8 c=( X) ( c Ç 8pre(X) )

Q 1, Q 2 states( Q = Q 1 [ Q 2 ) transition labels : Q Q transition function = [ Q ! {0,1} ] regions with V = B 1pre: q 1pre(R) iff q 2 Q 1 Æ ( ) (q, ) R or q 2 Q 2 Æ ( 8 2 ) (q, ) 2 R 2pre: q 2pre(R) iff q 2 Q 1 Æ ( 8 ) (q, ) R or q 2 Q 2 Æ ( 9 2 ) (q, ) 2 R Turn-based Game

c ab

c ab hh1ii c =( X) ( c Ç 1pre(X) )

c Turn-based Game ab hh1ii c =( X) ( c Ç 1pre(X) )

c Turn-based Game ab hh1ii c =( X) ( c Ç 1pre(X) ) hh2ii c=( X) ( c Ç 2pre(X) )

c Turn-based Game ab hh1ii c =( X) ( c Ç 1pre(X) ) hh2ii c=( X) ( c Ç 2pre(X) )

c Turn-based Game ab hh1ii c =( X) ( c Ç 1pre(X) ) hh2ii c=( X) ( c Ç 2pre(X) )

Q 1, Q 2 states( Q = Q 1 [ Q 2 ) transition labels : Q N £ Q transition function = [ Q ! N ] regions with V = N 1pre: 1pre(R)(q) = (max ) max( 1 (q, ), R( 2 (q, )) ) if q 2 Q 1 (min 2 ) max( 1 (q, ), R( 2 (q, )) ) if q 2 Q 2 2pre: 2pre(R)(q) = (min ) max( 1 (q, ), R( (q, )) ) if q 2 Q 1 (max 2 ) max( 1 (q, ), R( 2 (q, )) ) if q 2 Q 2 Quantitative Game

c ab

c ab hh1ii 0 =( X) max( 0, 1pre(X) )

c Quantitative Game ab hh1ii 0 =( X) max( 0, 1pre(X) )

c Quantitative Game ab hh1ii 0 =( X) max( 0, 1pre(X) )

c Quantitative Game ab hh1ii 0 =( X) max( 0, 1pre(X) )

Q states 1, 2 moves of both players : Q 1 2 Q transition function = [ Q ! {0,1} ] regions with V = B 1pre: q 1pre(R) iff ( 1 1 ) ( 2 2 ) (q, 1, 2 ) R 2pre: q 2pre(R) iff ( 2 2 ) ( 1 1 ) (q, 1, 2 ) R Concurrent Game

acb 1,11,21,11,2 2,12,22,12,2 1,11,22,21,11,22,2 2,12,1

acb 1,11,21,11,2 2,12,22,12,2 1,11,22,21,11,22,2 2,12,1 hh2ii c=( X) ( c Ç 2pre(X) )

acb 1,11,21,11,2 2,12,22,12,2 1,11,22,21,11,22,2 2,12,1 Concurrent Game hh2ii c=( X) ( c Ç 2pre(X) )

acb 1,11,21,11,2 2,12,22,12,2 1,11,22,21,11,22,2 2,12,1 Concurrent Game hh2ii c=( X) ( c Ç 2pre(X) ) Pr(1): 0.5 Pr(2): 0.5

Q states 1, 2 moves of both players : Q 1 2 Dist(Q) probabilistic transition function = [ Q ! [0,1] ] regions with V = [0,1] 1pre: 1pre(R)(q) = (sup 1 1 ) (inf 2 2 ) R( (q, 1, 2 )) 2pre: 2pre(R)(q) = (sup 2 2 ) (inf 1 1 ) R( (q, 1, 2 )) Stochastic Game [deAlfaro/Majumdar]

acb Pl.1 Pl.2 a: 0.6 b: 0.4 a: 0.1 b: 0.9 a: 0.5 b: 0.5 a: 0.2 b: Pl.1 Pl.2 a: 0.0 c: 1.0 a: 0.7 b: 0.3 a: 0.0 c: 1.0 a: 0.0 b: 1.0 Stochastic Game

acb Pl.1 Pl.2 a: 0.6 b: 0.4 a: 0.1 b: 0.9 a: 0.5 b: 0.5 a: 0.2 b: Pl.1 Pl.2 a: 0.0 c: 1.0 a: 0.7 b: 0.3 a: 0.0 c: 1.0 a: 0.0 b: 1.0 Stochastic Game hh1ii c =( X) max( c, 1pre(X) ) 0 10

acb Pl.1 Pl.2 a: 0.6 b: 0.4 a: 0.1 b: 0.9 a: 0.5 b: 0.5 a: 0.2 b: Pl.1 Pl.2 a: 0.0 c: 1.0 a: 0.7 b: 0.3 a: 0.0 c: 1.0 a: 0.0 b: 1.0 Stochastic Game hh1ii c =( X) max( c, 1pre(X) ) 0 11

acb Pl.1 Pl.2 a: 0.6 b: 0.4 a: 0.1 b: 0.9 a: 0.5 b: 0.5 a: 0.2 b: Pl.1 Pl.2 a: 0.0 c: 1.0 a: 0.7 b: 0.3 a: 0.0 c: 1.0 a: 0.0 b: 1.0 Stochastic Game hh1ii c =( X) max( c, 1pre(X) )

acb Pl.1 Pl.2 a: 0.6 b: 0.4 a: 0.1 b: 0.9 a: 0.5 b: 0.5 a: 0.2 b: Pl.1 Pl.2 a: 0.0 c: 1.0 a: 0.7 b: 0.3 a: 0.0 c: 1.0 a: 0.0 b: 1.0 Stochastic Game hh1ii c =( X) max( c, 1pre(X) )

acb Pl.1 Pl.2 a: 0.6 b: 0.4 a: 0.1 b: 0.9 a: 0.5 b: 0.5 a: 0.2 b: Pl.1 Pl.2 a: 0.0 c: 1.0 a: 0.7 b: 0.3 a: 0.0 c: 1.0 a: 0.0 b: 1.0 Stochastic Game hh1ii c =( X) max( c, 1pre(X) ) limit 1 11

Solving Games by Value Iteration Safety: Buchi: Parity: … Many open questions: How do different evaluation orders compare? How fast do these algorithms converge? When are they optimal?

Q control locations transition labels Sprogram statements : Q S £ Q transition function Ppredicates = [ Q ! 2 P ] regions with V = 2 P 9 pre: p 9 pre(R)(q) iff ( ) ( wp[ (q, )] R( 2 (q, )) ) p ) Predicate Abstraction for Programs

Graph-based (finite-carrier) systems: Q = B m = boolean formulas [e.g. BDDs] pre = ( 9 x 2 B ) Timed and hybrid systems: Q = B m £ R n = formulas of ( Q, ·,+) [e.g. polyhedral sets] pre = ( 9 x 2 Q ) Beyond Graphs as Finite Carrier Sets

Summary Model checking is a very special (boolean) case of graph-based optimization problems. It can be generalized to solve much more general questions that involve multiple players, quantitative resources, probabilistic transitions, and continuous state spaces. The theory and practice of this is still wide open …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.