Quantitative Modeling, Verification, and Synthesis

Slides:

Advertisements

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Advertisements

From Graph Models to Game Models Tom Henzinger EPFL.

Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)

Lecture 24 MAS 714 Hartmut Klauck

Markov Decision Process

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

Energy and Mean-Payoff Parity Markov Decision Processes Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria MFCS 2011.

Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.

Krishnendu Chatterjee1 Partial-information Games with Reachability Objectives Krishnendu Chatterjee Formal Methods for Robotics and Automation July 15,

Randomness for Free Laurent Doyen LSV, ENS Cachan & CNRS joint work with Krishnendu Chatterjee, Hugo Gimbert, Tom Henzinger.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Markov Decision Processes

Computability and Complexity 5-1 Classifying Problems Computability and Complexity Andrei Bulatov.

Discounting the Future in Systems Theory Chess Review May 11, 2005 Berkeley, CA Luca de Alfaro, UC Santa Cruz Tom Henzinger, UC Berkeley Rupak Majumdar,

Complexity 11-1 Complexity Andrei Bulatov Space Complexity.

Models and methods in systems biology Daniel Kluesing Algorithms in Biology Spring 2009.

Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.

EECE Hybrid and Embedded Systems: Computation T. John Koo, Ph.D. Institute for Software Integrated Systems Department of Electrical Engineering and.

Games, Times, and Probabilities: Value Iteration in Verification and Control Krishnendu Chatterjee Tom Henzinger.

Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.

Learning in Games. Fictitious Play Notation! For n Players we have: n Finite Player’s Strategies Spaces S 1, S 2, …, S n n Opponent’s Strategies Spaces.

XYZ 6/18/2015 MIT Brain and Cognitive Sciences Convergence Analysis of Reinforcement Learning Agents Srinivas Turaga th March, 2004.

Stochastic Games Games played on graphs with stochastic transitions Markov decision processes Games against nature Turn-based games Games against adversary.

Approaches to Reactive System Synthesis J.-H. Roland Jiang.

1 Hybrid Agent-Based Modeling: Architectures,Analyses and Applications (Stage One) Li, Hailin.

From Boolean to Quantitative System Specifications Tom Henzinger EPFL.

ESE601: Hybrid Systems Introduction to verification Spring 2006.

Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.

Theory of Computing Lecture 22 MAS 714 Hartmut Klauck.

Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.

Antoine Girard VAL-AMS Project Meeting April 2007 Behavioral Metrics for Simulation-based Circuit Validation.

Quantitative Languages Krishnendu Chatterjee, UCSC Laurent Doyen, EPFL Tom Henzinger, EPFL CSL 2008.

Solving Games Without Determinization Nir Piterman École Polytechnique Fédéral de Lausanne (EPFL) Switzerland Joint work with Thomas A. Henzinger.

Thinking Mathematically Algebra: Graphs, Functions and Linear Systems 7.3 Systems of Linear Equations In Two Variables.

Utility Theory & MDPs Tamara Berg CS Artificial Intelligence Many slides throughout the course adapted from Svetlana Lazebnik, Dan Klein, Stuart.

Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.

Nama : Jehan binti Jamian No.matrik : UK Discrete Mathematics Area of mathematics that deals with the study of discrete objects. Discusses languages.

1 Mathematical Institute Serbian Academy of Sciences and Arts, Belgrade DEUKS Meeting Valencia, September 9-11, 2008, Valencia New PhD modules proposal.

FDA- A scalable evolutionary algorithm for the optimization of ADFs By Hossein Momeni.

THEORY OF COMPUTATION 08 KLEENE’S THEOREM.

Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.

Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts.

Orna Kupferman Hebrew University Formal Verification -- Deciding the Undecidable.

Expressiveness and Closure Properties for Quantitative Languages Krishnendu Chatterjee, IST Austria Laurent Doyen, ULB Belgium Tom Henzinger, EPFL Switzerland.

1 CD5560 FABER Formal Languages, Automata and Models of Computation Lecture 3 Mälardalen University 2010.

Graz University of Technology Professor Horst Cerjak, Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Barbara Jobstmann.

Topics in Algorithms 2007 Ramesh Hariharan. Tree Embeddings.

1Computer Sciences Department. Book: INTRODUCTION TO THE THEORY OF COMPUTATION, SECOND EDITION, by: MICHAEL SIPSER Reference 3Computer Sciences Department.

D E C I D A B I L I T Y 1. 2 Objectives To investigate the power of algorithms to solve problems. To explore the limits of algorithmic solvability. To.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Design and Analysis of Algorithms (09 Credits / 5 hours per week) Sixth Semester: Computer Science & Engineering M.B.Chandak

Variants of LTL Query Checking Hana ChocklerArie Gurfinkel Ofer Strichman IBM Research SEI Technion Technion - Israel Institute of Technology.

Church’s Problem and a Tour through Automata Theory Wolfgang Thomas Pillars of Computer Science. Springer Berlin Heidelberg, 2008.

About Alternating Automata Daniel Choi Provable Software Laboratory KAIST.

Finite-State Machines Fundamental Data Structures and Algorithms Peter Lee March 11, 2003.

CSCI 4325 / 6339 Theory of Computation Zhixiang Chen.

CS 154 Formal Languages and Computability May 10 Class Meeting Department of Computer Science San Jose State University Spring 2016 Instructor: Ron Mak.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.

Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.

Krishnendu ChatterjeeFormal Methods Class1 MARKOV CHAINS.

Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,

Four Lectures on Model Checking Tom Henzinger University of California, Berkeley.

Sub-fields of computer science. Sub-fields of computer science.

The Duality Theorem Primal P: Maximize

Program Synthesis is a Game

Markov Decision Processes

Chapter 11 Limitations of Algorithm Power

Presentation transcript:

Quantitative Modeling, Verification, and Synthesis Tom Henzinger IST Austria With Roderick Bloem, Pavol Cerny, Krishnendu Chatterjee, Laurent Doyen, Karin Greimel, Barbara Jobstmann, Arjun Radhakrishna, and Rohit Singh.

Mathematical Modeling: A Tale of Two Cultures Engineering Differential Equations Linear Algebra Probability Theory Computer Science Logic Automata Theory Combinatorics

Uptime: 127 years

What went wrong? Engineering Computer Science Theories of estimation. Theories of correctness.

What went wrong? Engineering Computer Science Theories of estimation. Goal: build reliable and robust systems. Computer Science Theories of correctness. Temptation: programs are mathematical objects; hence we want to prove them correct.

Qualitative Systems Theories Property Verification Yes/No

Qualitative Systems Theories Property Verification Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

Logical Systems Theories Property Structure Formula Satisfaction Relation Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

Logical Systems Theories -Regular Automaton System Property  (p ) } q) Verification Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

Logical Systems Theories Quantitative System Quantitative Property Timed Automaton  (p ) }· 5 q) Verification Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

Logical Systems Theories Quantitative System Quantitative Property Markov Process 8 (p ) Pr(}q) ¸ 0.5) Verification Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

Logical Systems Theories Quantitative System Quantitative Property Markov Process 8 (p ) Pr(}q) ¸ 0.5) Verification B -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

A Quantitative Systems Theory Quantitative Property Analysis R -measure of “fit” between system and property -could involve cost, quality, performance, etc.

A Quantitative Systems Theory Quantitative Property  (p ) } q) Analysis The less time between p and q, the better. R -measure of “fit” between system and property -could involve cost, quality, performance, etc.

A Quantitative Systems Theory Quantitative Property  (p ) } q) Analysis The fewer “unnecessary” q, the better. R -measure of “fit” between system and property -could involve cost, quality, performance, etc.

A Quantitative Systems Theory Q1 Assigning values to behaviors Boolean case: correct vs. incorrect behaviors Q2 Assigning values to systems/properties Boolean case: sets of behaviors (nondeterminism) Q3 Assigning values to pairs of systems/properties Boolean case: preorders (refinement)

A Quantitative Systems Theory Q1 Assigning values to behaviors Boolean case: correct vs. incorrect behaviors Q2 Assigning values to systems/properties Boolean case: sets of behaviors (nondeterminism) Q3 Assigning values to pairs of systems/properties Boolean case: preorders (refinement)

Boolean Systems Theories P1 P2 P3 S1 S’1 S2 S’2 S’’2

Boolean Systems Theories P1 P2 P3 S1 S’1 S2 S’2 S’’2

Boolean Systems Theories P1 P2 P3 S1 S’1 S2 S’2 S’’2

A Quantitative Systems Theory P1 P2 P3 0.9 0.8 S1 S’1 S2 S’2 S’’2

A Quantitative Systems Theory P1 P2 P3 0.9 0.5 0.8 0.7 S1 S’1 S2 S’2 S’’2

A Quantitative Systems Theory P1 P2 P3 0.9 0.5 0.8 0.7 S1 S’1 S2 S’2 S’’2 0.2

Q1 Assigning Values To Behaviors a. Probabilities

Q1 Assigning Values To Behaviors a. Probabilities b. Resource use -worst case vs. average case (e.g. deadlines, QoS) -peak vs. accumulative (e.g. power consumption)

Q1 Assigning Values To Behaviors a. Probabilities b. Resource use -worst case vs. average case (e.g. deadlines, QoS) -peak vs. accumulative (e.g. power consumption) c. Quality measures -discounting vs. long-run averaging

Q1 Assigning Values To Behaviors: Reliability a: ok b: fail Discounted value (0 < d < 1):  a aaaaaaaaaa... 1 aaaaaaaab... 1 - d8 aaab... 1 - d3 b... 0

Q1 Assigning Values To Behaviors: Reliability a: ok b: fail Discounted value (0 < d < 1):  a aaaaaaaaaa... 1 aaaaaaaab... 1 - d8 aaab... 1 - d3 b... 0 Long-run average value: limavg a aaaaaaaaaa... 1 abaabaaab... 1 aaabaaabaaab... 3/4 babbabbba... 0 aaaaaabbb... 0

Q2, Q3 Assigning Values To Systems x: behaviors w: observations (infinite words) A,B: systems A(w) = supx { val(x) : obs(x) = w } worst case

Q2, Q3 Assigning Values To Systems x: behaviors w: observations (infinite words) A,B: systems A(w) = supx { val(x) : obs(x) = w } worst case B(w) = expx { val(x) : obs(x) = w } avg case

Q2, Q3 Assigning Values To Systems x: behaviors w: observations (infinite words) A,B: systems A(w) = supx { val(x) : obs(x) = w } worst case B(w) = expx { val(x) : obs(x) = w } avg case relative to input distribution

Q3 Assigning Distances To Systems x: behaviors w: observations (infinite words) A,B: systems A(w) = supx { val(x) : obs(x) = w } B(w) = expx { val(x) : obs(x) = w } diff(A,B) = supw { |A(w) – B(w)| } exp

Q3 Assigning Distances To Systems x: behaviors w: observations (infinite words) A,B: systems A(w) = supx { val(x) : obs(x) = w } B(w) = expx { val(x) : obs(x) = w } diff(A,B) = supw { |A(w) – B(w)| } Boolean compositionality: if A · A’ then A||B · A’||B Quantitative compositionality: diff(A||B,A’||B) · fB(diff(A,A’))

Is there a Quantitative Systems Theory with -an appealing mathematical formulation, -useful expressive power, and -good algorithmic properties? (Like the boolean theory of -regularity.)

Quantitative Language Inclusion x: behaviors w: observations (infinite words) A,B: systems A(w) = supx { val(x) : obs(x) = w } B(w) = expx { val(x) : obs(x) = w } 8 w : A(w) · B(w) For interesting cases (e.g. nondeterministic sup limavg), open or undecidable.

BUT ... We know how to solve games with quantitative objectives (e.g. limavg = mean payoff).

BUT ... We know how to solve games with quantitative objectives (e.g. limavg = mean payoff). There is a natural game-theoretic “satisfaction relation”: simulation

Simulation Preorder a b b a a 1 a b

Simulation Game Player System: chooses a transition of the system Player Property: matches the letter by choosing a transition of the property Player System wins if Player Property cannot match: System incorrect w.r.t. Property

Quantitative Simulation Game for Incorrect Systems Player System: chooses a transition of the system Player Property: matches the letter by choosing a transition of the property (weight 0), or chooses an illegal transition (weight 1) Player System tries to make Player Property choose as many illegal transitions as possible: maximize limavg of weights The more illegal transitions of the Property are needed to simulate the System, the greater the distance.

Quantitative Simulation Distance b b a a 1/3 1/4 b b b b a

Quantitative Simulation Game for Correct Systems Player System: chooses a transition of the system (weight 0), or chooses an illegal transition (weight 1) Player Property: matches the letter by choosing a transition of the property Player Property tries to make Player System choose as many illegal transitions as possible: maximize limavg of weights The more illegal transitions of the System can be tolerated without violating the Property, the greater the robustness.

Quantitative Robustness Distance 2/3 1/3 a a b a

Qualitative Systems Theories Property Analysis Yes/No

Qualitative Systems Theories Property Synthesis Correct System

Qualitative Systems Theories -Regular Automaton Graph Game with -Regular Objective Correct System = Winning Strategy

Quantitative Systems Theories Quantitative Property Synthesis Optimal System

Quantitative Systems Theories Weighted Automaton Graph Game with Quantitative Objective Optimal System = Optimal Strategy

Buchi Automaton pq pq pq pq pq pq pq pq  (p ) } q)

Weighted Limavg Automaton 1 pq: 0 pq: 0 pq: 0 pq: 1 pq: 1 pq: 1 pq: 0 pq: 0 Following p, all steps until the next q are penalized.

Weighted Limavg Automaton 2 pq: 0 pq: 0 pq: 1 pq: 0 pq: 0 pq: 0 pq: 0 pq: 0 All “unnecessary” q are penalized.

Conclusions -We need to move from boolean correctness criteria to quantitative system preference metrics. -“Quantitative” is more than “timed” and “probabilistic.” -Games with quantitative objectives offer algorithmic solutions. -Weighted automata offer a natural quantitative specification language, but what is the corresponding temporal logic?