Presentation is loading. Please wait.

Presentation is loading. Please wait.

Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological."— Presentation transcript:

1 Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological systems Vasu Singh: Software interface derivation Gregory Theoduloz: Combining model checking and program analysis Arindam Chakrabarti: Web service interfaces Krishnendu Chatterjee: Stochastic games Slobodan Matic: Time-triggered programming Vinayak Prabhu: Robust hybrid systems

2 Model Checking: From Graphs to Games Tom Henzinger EPFL

3 Graph Models of Systems vertices = states edges = transitions paths = behaviors

4 Game Models of Systems vertices = states edges = transitions paths = behaviors players = components

5 graph Game Models of Systems INDEPENDENT COMPONENTS: game FAIRNESS:  -automaton PROBABILITIES: Markov decision process stochastic game  regular game

6 Graphs vs. Games a ba a b a

7 -synthesis [Church, Rabin, Ramadge/Wonham, Pnueli/Rosner et al.] -receptiveness [Dill, Abadi/Lamport] -semantics of interaction [Abramsky] -reasoning about adversarial behavior -interface-based design -modular reasoning [Kupferman/Vardi et al.] -early error detection [deAlfaro/H/Mang] -model-based testing [Gurevich et al.] -scheduling [Sifakis et al.] -reasoning about security [Raskin et al.] -etc. Game Models enable

8 Game Models Always about open systems: -players = processes / components / agents -input vs. output -demonic vs. angelic nondeterminism

9 Game Models Always about open systems: -players = processes / components / agents -input vs. output -demonic vs. angelic nondeterminism 1.Output games: input demonic (adversarial) 2.Input games: output demonic

10 Output Games P1: init x := 0 loop choice | x := x+1 mod 2 | x := 0 end choice end loop S1:  (  x ¸ y ) P2: init y := 0 loop choice | y := x | y := x+1 mod 2 end choice end loop S2:  even(y)

11 Graph Questions 8  (x ¸ y) 9  (x ¸ y)

12 Graph Questions 8  (x ¸ y) 9  (x ¸ y) 00 1011 01  X

13 Zero-Sum Game Questions hhP1ii  (x ¸ y) hhP2ii  even(y)

14 Zero-Sum Game Questions hhP1ii  (x ¸ y) hhP2ii  even(y) 00 10 01 11 ATL [Alur/H/Kupferman]  X

15 Nonzero-Sum Game Questions hhP1ii  (x ¸ y)  hhP2ii  even(y) 00 10 01 11

16 Nonzero-Sum Game Questions hhP1ii  (x ¸ y)  hhP2ii  even(y) 00 10 01 11 Secure equilibrium [Chatterjee/H/Jurdzinski] 

17 Classical Notion of Rationality Nash equilibrium: none of the players gains by deviation. 3,11,0 4,23,2 (row, column)

18 Refined Notion of Rationality Nash equilibrium: none of the players gains by deviation. Secure equilibrium: none hurts the opponent by deviation. 3,11,0 4,23,2 (row, column)

19 Secure Equilibrium Natural notion of rationality for multi-component systems: –First, a component tries to meet its specification. –Second, a component may obstruct the other components. A secure equilibrium is a contract: if one player deviates to lower the other player’s payoff, then her own payoff decreases as well, and vice versa.

20 Theorem W 10 hhP1ii (S1 Æ : S2 ) W 01 hhP2ii (S2 Æ : S1) W 11 W 00 hhP1iiS1  hhP2iiS2

21 Generalization of Determinacy W 10 W 01 W 11 W 00 W1W1 W2W2 Zero-sum games: S1 = :S2Nonzero-sum games: S1, S2 hhP2iiS2 hhP1iiS1

22 Game Models Always about open systems: -players = processes / components / agents -input vs. output -demonic vs. angelic nondeterminism 1.Output games: input demonic (adversarial) 2.Input games: output demonic

23 Input Games x! y! x! z! a? b? a? Control objective:  : z

24 Input Games x! y! x! z! a? b? a? Control objective:  : z

25 Input Games x! y! x! z! a? b? a? Control objective:  : z

26 Input Games x! y! x! z! a? b? a? Controller: x? y? a!b! [Ramadge/Wonham et al.]

27 Input Games x! y! x! z! a? b? a? Not input enabling

28 Input Games x! y! x! z! a? b? a? Environment avoids deadlock = Input assumption Interface automata [deAlfaro/H]

29 Input Games x! y! x! z! a? b? a? x,y? a! Legal environment

30 Input Games x! y! x! z! a? b? a? x,y? b! Illegal environment

31 open data close read open? read?data! close? File server Interface Compatibility

32 open data close read open? read?data! close? open! data? read! close! Good client Interface Compatibility File server

33 open data close read open? read?data! close? open! Interface Compatibility Bad clientFile server

34 Incremental Design

35

36

37 Input assumption Incremental Design Input assumption

38 Propagated weakest input assumption Incremental Design

39 x y ab a?b? x!y! a?b? y!x! a? x! y! Input Assumption Propagation

40 x y aabb a? x,y? a,b? y? a?b? x!y! a?b? y!x! a? x! y! Input Assumption Propagation

41 x y aabb a? x,y? a,b? y? a?b? x!y! a?b? y!x! a? x! y! Input Assumption Propagation

42 x y aabb a? x,y? a,b? y? a?b? x!y! a?b? y!x! a? x! y! Two interfaces are compatible if they can be used together in some environment.

43 ab a? x!y! b?a? xy y! The Composite Interface

44 Refinement x! y! x! z! a? b? a? x,y? a! Every legal environment should be a legal environment of the refined process. y! x,z?y?

45 Refinement x! y! x! z! a? b? a? x,y? a! Every legal environment should be a legal environment of the refined process. y! x,z?y?

46 Refinement x! y! x! z! a? b? a? x,y? a! Every legal environment should be a legal environment of the refined process. y! x,z?y? b?

47 Refinement x! y! x! z! a? b? a? x,y? a! Every legal environment should be a legal environment of the refined process. y! x,z?y?

48 Refinement x! y! x! z! a? b? a? x,y? a! Every legal environment should be a legal environment of the refined process. y! x,z?y? z!

49 Interface Refinement: I/O Alternating Simulation A’  A iff 1. for all inputs i, if A –i?-> B, then there exists B’ such that A’ –i?-> B’ and B’  B, and 2. for all outputs o, if A’ –o!-> B’, then there exists B such that A –o!-> B and B’  B.

50 Interface Refinement: I/O Alternating Simulation A’  A iff 1. for all inputs i, if A –i?-> B, then there exists B’ such that A’ –i?-> B’ and B’  B, and 2. for all outputs o, if A’ –o!-> B’, then there exists B such that A –o!-> B and B’  B.

51 Interface Refinement: I/O Alternating Simulation A’  A iff 1. for all inputs i, if A –i?-> B, then there exists B’ such that A’ –i?-> B’ and B’  B, and 2. for all outputs o, if A’ –o!-> B’, then there exists B such that A –o!-> B and B’  B. Every environment (i.e., input strategy that avoids deadlock) for A is an environment for A’ [Alur/H/Kupferman/Vardi].

52 If A and B is are compatible and A'  A and B'  B, then A’ and B' are compatible and A'||B'  A||B. A’ · A … A’ refines / implements A The Principle of Independent Implementability

53 If A and B is are compatible and A'  A and B'  B, then A’ and B' are compatible and A'||B'  A||B. A’ · A … A’ refines / implements A The Principle of Independent Implementability This is a theorem if -A, B, A’, B’ are two-player games Input vs. Output -two games are compatible if player Input has a winning strategy in the composite game

54 Interface-based Design

55

56

57

58

59 Summary There are many models of computation (e.g. pushdown, timed, stochastic) and many models of interaction (e.g. synchronous). Similarly, there are many variants of games (e.g. concurrent vs. turn-based moves; pure vs. randomized strategies).

60 Summary There are many models of computation (e.g. pushdown, timed, stochastic) and many models of interaction (e.g. synchronous). Similarly, there are many variants of games (e.g. concurrent vs. turn-based moves; pure vs. randomized strategies). The technical details are different, but to ask and answer the kind of questions we discussed, the only important feature of a model is the presence of multiple players.

61 References Interface Automata: de Alfaro, H FSE 2001 Secure Equilibria: Chatterjee, H, Jurdzinski LICS 2004

Download ppt "Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological."

Similar presentations

From Graph Models to Game Models Tom Henzinger EPFL.

From Graph Models to Game Models Tom Henzinger EPFL.
Interface Theories With Component Reuse Laurent DoyenEPFL Thomas HenzingerEPFL Barbara JobstmannEPFL Tatjana PetrovEPFL.

Interface Theories With Component Reuse Laurent DoyenEPFL Thomas HenzingerEPFL Barbara JobstmannEPFL Tatjana PetrovEPFL.
Game Theory Assignment For all of these games, P1 chooses between the columns, and P2 chooses between the rows.

Game Theory Assignment For all of these games, P1 chooses between the columns, and P2 chooses between the rows.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
Mixed Strategies For Managers

Mixed Strategies For Managers
Energy and Mean-Payoff Parity Markov Decision Processes Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria MFCS 2011.

Energy and Mean-Payoff Parity Markov Decision Processes Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria MFCS 2011.
MIT and James Orlin © 2003 1 Game Theory 2-person 0-sum (or constant sum) game theory 2-person game theory (e.g., prisoner’s dilemma)

MIT and James Orlin © Game Theory 2-person 0-sum (or constant sum) game theory 2-person game theory (e.g., prisoner’s dilemma)
Nash Equilibria In Graphical Games On Trees Edith Elkind Leslie Ann Goldberg Paul Goldberg.

Nash Equilibria In Graphical Games On Trees Edith Elkind Leslie Ann Goldberg Paul Goldberg.
Game Theory: introduction and applications to computer networks Game Theory: introduction and applications to computer networks Zero-Sum Games (follow-up)

Game Theory: introduction and applications to computer networks Game Theory: introduction and applications to computer networks Zero-Sum Games (follow-up)
Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.

Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.
Krishnendu Chatterjee1 Graph Games with Reachabillity Objectives: Mixing Chess, Soccer and Poker Krishnendu Chatterjee 5 th Workshop on Reachability Problems,

Krishnendu Chatterjee1 Graph Games with Reachabillity Objectives: Mixing Chess, Soccer and Poker Krishnendu Chatterjee 5 th Workshop on Reachability Problems,
Krishnendu Chatterjee1 Partial-information Games with Reachability Objectives Krishnendu Chatterjee Formal Methods for Robotics and Automation July 15,

Krishnendu Chatterjee1 Partial-information Games with Reachability Objectives Krishnendu Chatterjee Formal Methods for Robotics and Automation July 15,
Randomness for Free Laurent Doyen LSV, ENS Cachan & CNRS joint work with Krishnendu Chatterjee, Hugo Gimbert, Tom Henzinger.

Randomness for Free Laurent Doyen LSV, ENS Cachan & CNRS joint work with Krishnendu Chatterjee, Hugo Gimbert, Tom Henzinger.
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.

Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.

Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Discounting the Future in Systems Theory Chess Review May 11, 2005 Berkeley, CA Luca de Alfaro, UC Santa Cruz Tom Henzinger, UC Berkeley Rupak Majumdar,

Discounting the Future in Systems Theory Chess Review May 11, 2005 Berkeley, CA Luca de Alfaro, UC Santa Cruz Tom Henzinger, UC Berkeley Rupak Majumdar,
Interface Automata 29-September-2011. Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach –

Interface Automata 29-September Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach –
Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.

Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.
Stochastic Zero-sum and Nonzero-sum  -regular Games A Survey of Results Krishnendu Chatterjee Chess Review May 11, 2005.

Stochastic Zero-sum and Nonzero-sum  -regular Games A Survey of Results Krishnendu Chatterjee Chess Review May 11, 2005.
Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.

Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.

Similar presentations

Ads by Google