Presentation is loading. Please wait.

Presentation is loading. Please wait.

From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.

Published byLouis Gadd Modified over 10 years ago

Similar presentations

Presentation on theme: "From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University."— Presentation transcript:

1 From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University

2 Outline Model Checking Infinite-State Systems Methodology: Monotonicity Well Quasi-Orderings Models Petri Nets Lossy Channel Systems Timed Petri Nets Extension to Games

3 Model Checking T sat  ? transition system specification

4 Model Checking T sat  ? transition system specification Transition System 

5  Reachability Init Fin Init reaches Fin?

6 Transition Systems  Reachability Init Fin Init reaches Fin? Saftey Properties = Reachability

7 Forward Reachability Analysis

8 Post

9 Fin Forward Reachability Analysis = computing Post Init Forward Reachability Analysis Post

10 Backward Reachability Analysis

11 Pre

12 Init Fin Backward Reachability Analysis = computing Pre Backward Reachability Analysis Pre

13 Init Fin Backward Reachability Analysis Fin Forward Reachability Analysis Init

14 Infinite-State Systems 1. Unbounded Data Structures stacks queues clocks counters, etc. 2. Unbounded Control Structures Parameterized Systems Dynamic Systems

15 Init Fin Backward Reachability Analysis infinite

16 Init Fin Backward Reachability Analysis infinite effective symbolic representation

17 Petri Nets

18 States = Markings

19 Transitions

20 Firing t Transitions t

21 t is disabled Transitions t

22 Monotonicity

23

24

25 Petri Nets: infinite state

26

27

28

29

30 W C R=1? R:=0 R:=1 Mutual Exclusion

31 W C R=1? R:=0 R:=1 R=1? R:=0 R:=1 R=1? R:=0 R:=1 R=1? R:=0 R:=1 Mutual Exclusion

32 R=1? R:=0 R:=1 R=1? R:=0 R:=1 R=1? R:=0 R:=1 Mutual Exclusion

33 R=1? R:=0 R:=1 R=1? R:=0 R:=1 R=1? R:=0 R:=1 Mutual Exclusion Initial states: R=1 All processes in Infinitely many

34 R=1? R:=0 R:=1 R=1? R:=0 R:=1 R=1? R:=0 R:=1 Mutual Exclusion Initial states: R=1 All processes in Infinitely many Bad states: Two or more processes in

35 R=1? R:=0 R:=1 R=1? R:=0 R:=1 R=1? R:=0 R:=1 Mutual Exclusion WC R=1

36 Mutual Exclusion WC R=1 Set of initial states : infinite

37 Mutual Exclusion WC R=1

38 Mutual Exclusion WC R=1 WC

39 Mutual Exclusion WC R=1

40 Mutual Exclusion WC R=1 WC

41 mutual exclusion: #tokens in critical section > 1 critical section Safety Properties

42 mutual exclusion: #tokens in critical section > 1 Ideal = Upward closed set of markings critical section Safety Properties

43 mutual exclusion: #tokens in critical section > 1 Ideal = Upward closed set of markings safety = reachability of ideals critical section Safety Properties

44 Petri Nets Concurrent systems Infinite-state: symbolic representation Monotonic behaviour Safety properties: reachability of ideals

45 Petri Nets Concurrent systems Infinite-state: symbolic representation Monotonic behaviour Safety properties: reachability of ideals

46 Monotonicity ideals closed under computing Pre

47 I Monotonicity ideals closed under computing Pre

48 Monotonicity ideals closed under computing Pre I

49 I Monotonicity ideals closed under computing Pre

50 IPre(I) Monotonicity ideals closed under computing Pre

51 Fin Backward Reachability Analysis Ideals

52 Ideals: Symbolic Representation i : index (generator) i : generator of ideal i : denotes all markings larger than i

53 Ideals: Symbolic Representation index (generator)

54 Ideals: Symbolic Representation index (generator)

55 Ideals: Symbolic Representation index (generator)

56 Ideals: Symbolic Representation index (generator)

57 Ideals: Symbolic Representation Index for bad states C

58 Ideals: Symbolic Representation Index for bad states C

59 Each ideal can be characterized by a finte set of generators

60 Index is minimal element of its ideal If i j then j i

61 Index for bad states C Indices of Pre Monotonicity ideals closed under computing Pre

62 Index for bad states C Indices of Pre Monotonicity ideals closed under computing Pre i: index Pre(i) computable

63 Backward Reachability Analysis Step 0 : C

64 Backward Reachability Analysis Step 0 : C Step 1 :

65 Backward Reachability Analysis Step 0 : C Step 1 :

66 Backward Reachability Analysis Step 0 : C Step 1 : Step 2 :

67 Backward Reachability Analysis Step 0 : C Step 1 : Step 2 :

68 Backward Reachability Analysis Step 0 : C Step 1 : Step 2 : Step 3 :

69 Backward Reachability Analysis Step 0 : C Step 1 : Step 2 : Step 3 :

70 What did we need? 1.Computable ordering 2. Monotonicity, Computability of Pre 3. Termination -- Ordering is WQO

71 What did we need? 1.Computable ordering 2. Monotonicity, Computability of Pre 3. Termination -- Ordering is WQO ”nice properties”

72 Well Quasi-Ordering (WQO) ( A, ) is WQO if a 0 a 1 a 2 a 3....... i,j: i<j and a i a j ( Nat, ) is WQO x 0 x 1 x 2 x 3....... : natural numbers i,j: i<j and x i x j WQO : Simple Example

73 Properties of WQO ( A, = ) is WQO if A is finite a 0 a 1 a 2 b a 3 a 4 a 5 b a 6.............. Finite Sets

74 Properties of WQO if ( A, ) is WQO w 2 : b 0 b 1 b 2 b 3 b 4 b 5 b 6 Words w 1 : a 0 a 1 a 2 * then ( A, ) is WQO **

75 Properties of WQO if ( A, ) is WQO Multisets then ( A M, M ) is WQO M1M1 M2M2 M 1 M M 2

76 Methodology  Start from a finite domain  Build more complicated data structures: words, multisets, lists, sets, etc.

77 Examples -- WQO ( A*, ) A : finite alphabet w 1 w 2 : w 1 subword of w 2 e.g. ab xaybz

78 Examples -- WQO Words of natural numbers 3 7 1 4 2 8 5 2 7w1w1 w2w2 w1w1 w2w2

79 Multisets over a finite alphabet

80 Words of multisets over a finite alphabet

81 Lossy Channel Systems !m ?n m n n m …… finite state process unbounded lossy channel send and receive operations Infinite state space Perfect channel = Turing machine Motivation: Link protocols

82 State !m ?n mpnm npn

83 Transitions Send !m m

84 Transitions Send !m m Receive ?m m

85 Transitions Send !m m Receive ?m m Messages may nondeterministically be lost

86 !m ?n Example p n m p n n m p m m p m

87 Ordering same colour subword m n p m p n p m n p m p m n p m p n p

88 Ordering same colour subword m n p m p n p m n p m p m n p m p n p Computable and WQO

89 Monotonicity w1w1 w2w2 w3w3

90 w1w1 w2w2 w3w3 Downward closed

91 Ideal Index m n p denotes all larger states m n m p m m n m p ………… m n p m n m p m m n m p ………… m n p

92 Each ideal can be characterized by a finite set of generators By WQO of

93 Computing Pre Pre ( ) contains the following: w

94 Computing Pre Pre ( ) contains the following: !m if and w = w’ m then w w’

95 Computing Pre Pre ( ) contains the following: !m if and w = w’ m then !m if and last( w) = m then w w’ w

96 Computing Pre Pre ( ) contains the following: !m if and w = w’ m then !m if and last( w) = m then ?m if then w w’ w m w

97 Example Pre ( ) !b if a d !d if a d b ?d if d a d b a d b

98 Methodology (applied to LCS) 1.Computable ordering 2. Monotonicity, Computability of Pre 3. Ordering is WQO

99 LCS -- Forward vs Backward Analysis Pre*(w) is regular and computable Post*(w) is regular but not computable

100 Timed Petri Nets 2.1 8.5 0.5 6.2 4.6 [1,5] [4,7] [0,3] [4, ) [1,2] [3,6]

101 2.1 3.5 0.5 6.2 4.6 [1,5] [4,7] [0,3] [1,2] States = Markings 2.1 3.5 0.5 6.2 4.6 [4, ) [3,6]

102 2.1 3.5 0.5 6.2 4.6 [1,5] [4,7] [0,3] [1,2] Timed Transitions 2.1 3.5 0.5 6.2 4.6 [4, ) [3,6]

103 2.1 3.5 0.5 6.2 4.6 [1,5] [4,7] [0,3] [1,2] 3.4 4.8 1.8 7.5 5.9 [1,5] [4,7] [0,3] [1,2] increase age by 1.3 2.1 3.5 0.5 6.2 4.6 3.4 4.8 1.8 7.5 5.9 [4, ) [3,6] Timed Transitions

104 3.1 4.5 1.5 7.2 5.6 [1,5] [4,7] [0,3] [1,2] t Discrete Transitions 3.1 4.5 1.5 7.2 5.6 [4, ) [3,6]

105 3.1 4.5 1.5 7.2 5.6 [1,5] [4,7] [0,3] [1,2] t 3.1 7.2 5.6 [1,5] [4,7] [0,3] [1,2] t 0.8 Firing t 3.1 7.2 0.8 5.6 3.1 4.5 1.5 7.2 5.6 [4, ) [3,6] Discrete Transitions

106 Timed Petri Nets Concurrent timed systems Infinite-state: symbolic representation Monotonic behaviour Safety properties: reachability of ideals

107 Equivalence on Markings 3.1 7.2 5.6 [1,5] [4,7] [0,3] [1,2] t 0.8 [4, ) max = 7 ages > max behave identically [3,6]

108 Markings equivalent if they agree on:  colours  integral parts of clock values  ordering on fractional parts 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 Equivalence on Markings

109 Markings equivalent if they agree on:  colours  integral parts of clock values  ordering on fractional parts 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 3.1 1.5 4.8 Equivalence on Markings

110 Markings equivalent if they agree on:  colours  integral parts of clock values  ordering on fractional parts 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 3.1 1.5 4.8 3.2 1.6 4.7 Equivalence on Markings

111 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 3 6 1 5 4 Markings equivalent if they agree on:  colours  integral parts of clock values  ordering on fractional parts Equivalence on Markings

112 3.1 4.8 4.8 1.1 5.4 3.2 4.7 4.7 1.2 5.5 5 3131 4444 words over multisets over a finite alphabet Markings equivalent if they agree on:  colours  integral parts of clock values  ordering on fractional parts Equivalence on Markings

113 Ordering on Markings M 1 M 2 iff M 3 :  M 1 M 3  M 3 M 2 < 3.1 4.8 1.5 6.2 5.6 4.8 6.4 5.7

114 Ordering on Markings M 1 M 2 iff M 3 :  M 1 M 3  M 3 M 2 < 3.1 4.8 1.5 6.2 5.6 4.8 6.4 5.7 4.8 6.2 5.6

115 3.1 4.8 1.5 6.2 5.6 4.8 6.4 5.7 4.8 6.2 5.6

116 6 5 4 3 6 1 5 4 subword 3.1 4.8 1.5 6.2 5.6 4.8 6.4 5.7 4.8 6.2 5.6 6 5 4 =

117 M 1 M 2 iff M 3 :  M 1 M 3  M 3 M 2 3.2 1.2 4.7 < 3.1 4.8 4.8 1.1 5.4 Ordering on Markings

118 M 1 M 2 iff M 3 :  M 1 M 3  M 3 M 2 3.2 1.2 4.7 < 3.1 4.8 4.8 1.1 5.4 Ordering on Markings 3.1 4.8 1.1

119 subword 4 3131 5 3131 4444 4 3131 = 3.2 1.2 4.7 3.1 4.8 4.8 1.1 5.4 3.1 4.8 1.1

120 is a well quasi-ordering = subword ordering on multisets over a finite alphabet Properties of

121 Properties of -- Monotonicity M1M1 M3M3 M2M2

122 M1M1 M3M3 M2M2 M4M4

123 M1M1 M3M3 M2M2 M4M4 M5M5

124 M1M1 M3M3 M2M2 M4M4 M5M5 M6M6

125 M1M1 M3M3 M2M2 M4M4 M5M5 M6M6

126 Methodology (applied to TPN) 1.Computable ordering 2. Monotonicity, Computability of Pre 3. Ordering is WQO

127 Player A : Can B take game to ? Player B : Infinite-State Games

128 Backward Reachability Analysis Characterize losing states for A A-states B-states = Pre( )

129 Backward Reachability Analysis Characterize losing states for A B-states A-states = Pre( )

130 Backward Reachability Analysis Characterize losing states for A Pre

131 Vector Addition Systems with States (VASS) y -- x++ x-- Finite-state automaton operating on variables Variables range over natural numbers Operations: increment or decrement variable

132 y-- x++ x-- VASS = Petri nets x y VASS Petri net

133 x-- x++ VASS Games Player A : Player B : Can B take game to ?

134 x-- x++ 0 0 1 2 3 4

135 x-- x++ 0 0 1 2 3 4 A cannot avoid

136 x-- x++ 1 1 2 3 4 5 0

137 x-- x++ 1 1 2 3 4 5 0 A can avoid

138 x-- x++ 2 2 3 4 5 6 1 0 1 2 3

139 x-- x++ 2 2 3 4 5 6 1 0 1 2 3 A cannot avoid

140 Player A: 0 -- lose 1 -- win >1 -- lose Monotonicity does not imply upward closedness

141 Backward Reachability Analysis Characterize losing states for A Pre Why scheme does not work for VASS? Monotonicity does not imply that ideals are closed under Pre

142 2-Counter Machines y-- x++ x-- x=0? Is reachable? Problem undecidable

143 Simulation of 2-Counter Machines by VASS Games x++ Counter machine VASS game

144 Simulation of 2-Counter Machines by VASS Games x-- Counter machine VASS game

145 Simulation of 2-Counter Machines by VASS Games x=0? x-- Counter machine VASS game

146 Safety undecidable for VASS Games Safety undecidable for Monotonic Games

147 B-Downward Closed Games s1s1 s2s2 s3s3

148 s1s1 s2s2 s3s3 any set ideal Pre

149 Backward Reachability Analysis B-Downward closed games Pre ideal

150 Backward Reachability Analysis B-Downward closed games Pre ideal characterization of A-losing states decidability of safety ”nice ordering”

151 Backward Reachability Analysis B-LCS Games B-LCS: characterization of A-losing states Safety decidable for B-LCS games ?n ?m !m !n !m Player B can lose messages

152 A-Downward Closed Games

153 Post

154 A-Downward Closed Games Post

155 A-Downward Closed Games

156

157 F

158 F

159 FT

160 FTFT Termination all leaves closed Evaluate tree: = OR = AND

161 A-Downward Closed Games FTFT Termination guaranteed if is WQO

162 A-Downward Closed Games FTFT Safety decidable for A-LCS Games Can we characterize winning states ?

163 A Problem for LCS !m ?n sfsf { w w } sfsf characterize Set regular But Not computable

164 A-LCS Games Winning set regular But not computable !m LCS A-LCS game

165 A-LCS Games Winning set regular But not computable ?m LCS A-LCS game

166 A-LCS Games Winning set regular But not computable A-LCS game For each :

167 Conclusions and Planned Work  Define a WQO on state space  Safety properties: reachability of ideals  Examples: Timed Petri nets Parameterized systems Broadcast protocols Cache coherence protocols Lossy channel systems, etc.

168  Extension to Games  Regular Model Checking  Stochastic behaviours

Download ppt "From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University."

Similar presentations

Eager Markov Chains Parosh Aziz Abdulla Noomene Ben Henda Richard Mayr Sven Sandberg TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Eager Markov Chains Parosh Aziz Abdulla Noomene Ben Henda Richard Mayr Sven Sandberg TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
Theory of Computing Lecture 23 MAS 714 Hartmut Klauck.

Theory of Computing Lecture 23 MAS 714 Hartmut Klauck.
Language and Automata Theory

Language and Automata Theory
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.

Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.
Concurrent Operational Semantics of Safe Time Petri Nets Claude Jard European University of Brittany, ENS Cachan Bretagne, IRISA Campus de Ker-Lann, 35170.

Concurrent Operational Semantics of Safe Time Petri Nets Claude Jard European University of Brittany, ENS Cachan Bretagne, IRISA Campus de Ker-Lann,
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Siddharth Srivastava, Neil Immerman, Shlomo Zilberstein University of Massachusetts Amherst.

Siddharth Srivastava, Neil Immerman, Shlomo Zilberstein University of Massachusetts Amherst.
Petri Nets Section 2 Roohollah Abdipur.

Petri Nets Section 2 Roohollah Abdipur.
Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
What’s Decidable for Asynchronous Programs? Rupak Majumdar Max Planck Institute for Software Systems Joint work with Pierre Ganty, Michael Emmi, Fernando.

What’s Decidable for Asynchronous Programs? Rupak Majumdar Max Planck Institute for Software Systems Joint work with Pierre Ganty, Michael Emmi, Fernando.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.

Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.
Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.

Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.
CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ 85287 Dr. Yann-Hang Lee

CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee
Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.

Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.
Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.

Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.
1 A class of Generalized Stochastic Petri Nets for the performance Evaluation of Mulitprocessor Systems By M. Almone, G. Conte Presented by Yinglei Song.

1 A class of Generalized Stochastic Petri Nets for the performance Evaluation of Mulitprocessor Systems By M. Almone, G. Conte Presented by Yinglei Song.

Similar presentations

Ads by Google