Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.

Slides:



Advertisements
Similar presentations
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Advertisements

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Factoring Polynomials
Process Algebra (2IF45) Probabilistic Process Algebra Suzana Andova.
Process Algebra (2IF45) Probabilistic Process Algebra Suzana Andova.
Possibilistic and probabilistic abstraction-based model checking Michael Huth Computing Imperial College London, United Kingdom.
Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.
Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
A testing scenario for probabilistic automata Marielle Stoelinga UC Santa Cruz Frits Vaandrager University of Nijmegen.
Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.
Analysis of Security Protocols (V) John C. Mitchell Stanford University.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Branching Bisimulation Congruence for Probabilistic Transition Systems
CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.
Unit 4 Review Solutions a 5 – 32a 2 4a 2 (3a 3 – 8) 2. a 2 b 2 + ab ab(ab + 1) 3. x(x – 2) + y(2 – x) x(x – 2) – y(x – 2) (x – 2)(x – y)
The Power of Simulation Relations Sixty and Beyond Toronto, August 20, 2008 Roberto Segala - University of Verona 1 The Power of Simulation Relations Roberto.
EXAMPLE 6 Simplify expressions involving variables
Jun. Sun Singapore University of Technology and Design Songzheng Song and Yang Liu National University of Singapore.
Factoring Polynomials
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Chapter 11 Factoring Polynomials.
Boolean Algebra – the ‘Lingua Franca’ of the Digital World The goal of developing an automata is based on the following (loosely described) ‘ideal’: if.
Model-based Methods for Web Service Verification.
Towards Global and Local Types for Adaptation Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Joint work with Mario Bravetti,
1 Two-point Sampling. 2 X,Y: discrete random variables defined over the same probability sample space. p(x,y)=Pr[{X=x}  {Y=y}]: the joint density function.
1 Levi Lúcio © A Test Selection Language for CO-OPN Specifications Levi Lúcio, Luis Pedro and Didier Buchs University of Geneva.
Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.
Reactive systems – general
Epistemic Strategies and Games on Concurrent Processes Prakash Panangaden: Oxford University (on leave from McGill University). Joint work with Sophia.
1 Bisimulations as a Technique for State Space Reductions.
Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,
 Polynomials Lesson 3 Multiplying and Factoring Polynomials using the Distributive Method.
Discrete Mathematics CS 2610 February 12, Agenda Previously Finished functions Began Boolean algebras And now Continue with Boolean algebras.
Learning Symbolic Interfaces of Software Components Zvonimir Rakamarić.
MPRI 3 Dec 2007Catuscia Palamidessi 1 Why Probability and Nondeterminism? Concurrency Theory Nondeterminism –Scheduling within parallel composition –Unknown.
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
Use properties of radicals
1 Use graphs and not pure logic Variables represented by nodes and dependencies by edges. Common in our language: “threads of thoughts”, “lines of reasoning”,
Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.
Compositional Formal Verification using MOCHA PI: Tom Henzinger Student 1: Freddy Mang (game-theoretic methods) Student 2: Ranjit Jhala (probabilistic.
Process Algebra (2IF45) Basic Process Algebra Dr. Suzana Andova.
Regular Languages Chapter 1 Giorgi Japaridze Theory of Computability.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Krishnendu ChatterjeeFormal Methods Class1 MARKOV CHAINS.
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Probabilistic Dependence Logic Pietro Galliani. Not all undetermined formulas are undetermined in the same way  x $y(=(y)  x=y) Abelard Eloise Eloise.
Objectives The student will be able to:
8.2A Factoring using Distributive Property
Solving Quadratic Equations by Factoring
Choosing a Factoring Method
Objective The student will be able to:
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1
Choosing a Factoring Method
Choosing a Factoring Method
Choosing a Factoring Method
Warm Up Rewrite -6x + 2x3 + 1 – 9x in standard form, then name by degree & number of terms. 2) Multiply (x + 3)(5x – 1) 3) Multiply (x – 1)(4x2 +5x –
Compositional Refinement for Hierarchical Hybrid Systems
Non-preemptive Semantics for Data-race-free Programs
Choosing a Factoring Method
‘Crowds’ through a PRISM
Protocol Verification by the Inductive Method
Algebra 1 Section 2.3.
Choosing a Factoring Method
Choosing a Factoring Method
Choosing a Factoring Method
Choosing a Factoring Method
Presentation transcript:

Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems

Compositional Methods for Probababilistic Systems2 Introduction Compositional Model : –Construct large systems from models of components Shallow Compositionality: Syntactic –Given P, Q can construct PkQ Deep Compositionality: Semantic –|[ P k Q ]| a function of |[P]|, |[Q]|

Compositional Methods for Probababilistic Systems3 Deep Compositionality : Example Transition systems with Trace Semantics Variable-based version: –System made of variables X –X-State: A valuation of the variables in X –X-Trace: A sequence of X-States, corresponding to a run –|[P]| : Set of X-Traces corresponding to all possible runs –Private variables projected away Given components P, Q: –Read variables written by each other –|[P k Q]| = |[P]| Å |[Q]|

Compositional Methods for Probababilistic Systems4 Deep Compositionality Composition of properties –Allows decomposition of large verification tasks Simple Refinement Decomposition: –To check: P 1 k P 2 ¹ Q 1 k Q 2 –Suffices that: P 1 ¹ Q 1 and P 2 ¹ Q 2 Assume-Guarantee Decomposition: –To check: P 1 k P 2 ¹ Q 1 k Q 2 –Suffices that: P 1 k Q 2 ¹ Q 1 and Q 1 k P 2 ¹ Q 2 Crucial for non-deterministic systems –Even more beneficial in the probabilistic setting

Compositional Methods for Probababilistic Systems5 Our Contribution First Deeply compositional model for systems with both Probabilistic and Non-deterministic choice Generalise semantic properties of trace-based models to the probabilistic setting First Assume-Guarantee rule for decomposing refinement checks for such systems

Compositional Methods for Probababilistic Systems6 Previous Work A large body of work on the modelling and verification of probabilistic systems –Vardi 85, Courcoubetis & Yannakakis 89 –Basic Model : Markov Decision Processes –Defining the behaviour using schedulers “Branching-time” models based on Process Algebras: Jonson & Larsen 91 Probabilistic Process Algebras –Performance properties Models based on I/O Automata by Segala 95 –Semantics described as Trace Distributions –Refinement as trace distribution inclusion

Compositional Methods for Probababilistic Systems7 Plan Systems with Probabilistic and Non-determinisitic choice Why is deep compositionality tricky ? –Atoms, the solution to the scheduler problem Concrete Model : Probabilistic Modules Bundle Algebra Theorems Conclusions etc.

Compositional Methods for Probababilistic Systems8 Probabilistic Systems We wish to model transition systems that can make both Probabilistic and Non-deterministic choice ¼ ¾ ½ ½ At a state, the system does the following: 1.Picks one of several available distributions (or moves) over next state non-deterministically 2.Picks a next state randomly out of the chosen distribution

Compositional Methods for Probababilistic Systems9 Prob. Systems: Example ¼ ¾ ½ ½ There are 2 possible behaviors arising from the non-deterministic choice at ¼, ¾ ½, ½

Compositional Methods for Probababilistic Systems10 Semantics: dealing with choices Non-deterministic, Probabilistic choice are “orthogonal” Factor out non-determinism using schedulers [Derman70, Vardi 1985, Courcoubetis & Yannakakis 1989] Given a scheduler, the execution is fully probabilistic –Outcome: A sequence of bundles of length i, 8 i > 0 –Semantics: Sum of the outcomes for all the different schedulers

Compositional Methods for Probababilistic Systems11 Schedulers: Example 1/2 4 Possible Schedulers, one outcome (bundle) for each ½ :, ½ : Outcomes (Bundles)Schedulers

Compositional Methods for Probababilistic Systems12 Non-Det. Choice Vs Prob. Choice 1/2 AB Non-deterministic choice is more flexible than probabilistic choice We want A ¹ B, but … Bundle of A ½, ½ Bundles of B 11 1

Compositional Methods for Probababilistic Systems13 , 1-  Non-Det. Choice Vs Prob. Choice 1/2 AB Solution: Let the scheduler be randomized The scheduler of B can flip a coin to select nondeterministic choice The move of B is then the convex combination of its simple moves Bundles of B: For every  2 [0,1] In particular  = ½ matches A’s bundle

Compositional Methods for Probababilistic Systems14 Semantics of Probabilistic Systems X-State: A valuation of the variables in X 1/3 2/3 X-Move: A probability distribution over X-States Given a set of variables X: X-Trace: A sequence of X-States X-Bundle: A probability distribution over X-Traces 1/2 1/3 1/6 X-Probabilistic Language: A set of X-Bundles

Compositional Methods for Probababilistic Systems15 Semantics of Probabilistic Systems Refinement corresponds to bundle inclusion: –P ¹ Q if |[ P ]| µ |[ Q ]| Given a Probabilistic system P with variables X, semantics |[ P ]| is an X-Probabilistic language X-Probabilistic Language: A set of X-Bundles

Compositional Methods for Probababilistic Systems16 Plan Systems with Probabilistic and Non-determinisitic choice Why is deep compositionality tricky ? –Atoms, the solution to the scheduler problem Concrete Model : Probabilistic Modules Bundle Algebra Theorems Conclusions etc.

Compositional Methods for Probababilistic Systems17 Why is it tricky ? (1) P X0X0 Y0Y0 P0P0 X0X0 Y0Y0 P1P1 X0X0 Y0Y0 P0P0 X0X0 Y0Y0 P1P1 X1X1 Y1Y1 P Priv: P Ctr : X Extl: Y Q X0X0 Y0Y0 Q0Q0 X0X0 Y0Y0 Q1Q1 X0X0 Y0Y0 Q0Q0 Y0Y0 X0X0 Q1Q1 Y1Y1 X1X1 Q Priv: Q Ctr : Y Extl: X PkQ Priv: P, Q Ctr : X, Y Q X0X0 Y0Y0 P Q1Q1 X0X0 Y0Y0 P1P1 Q0Q0 X0X0 Y0Y0 P1P1 Q1Q1 X0X0 Y0Y0 P0P0 Q0Q0 X0X0 Y0Y0 P0P0 Q0Q0 X0X0 Y0Y0 P0P0 Q1Q1 X0X0 Y1Y1 P0P0 Q0Q0 X1X1 Y0Y0 P1P1 Q1Q1 X1X1 Y1Y1 P1P1 1/2 1/4 This is the ONLY bundle of P k Q ) |[P]| Å |[Q]| ¾ |[ P k Q ]| !! A bundle in |[P]| and |[Q]|

Compositional Methods for Probababilistic Systems18 Why is it tricky ? (1) |[P]| Å |[Q]| ¾ |[ P k Q ]| !! P X0X0 Y0Y0 P0P0 X0X0 Y0Y0 P1P1 X0X0 Y0Y0 P0P0 X0X0 Y0Y0 P1P1 X1X1 Y1Y1 P Priv: P Ctr : X Extl: Y Q X0X0 Y0Y0 Q0Q0 X0X0 Y0Y0 Q1Q1 X0X0 Y0Y0 P0P0 Y0Y0 X0X0 Q1Q1 Y1Y1 X1X1 Q Priv: Q Ctr : Y Extl: X PkQ Priv: P, Q Ctr : X, Y Q X0X0 Y0Y0 P Q1Q1 X0X0 Y0Y0 P1P1 Q0Q0 X0X0 Y0Y0 P1P1 Q1Q1 X0X0 Y0Y0 P0P0 Q0Q0 X0X0 Y0Y0 P0P0 Q0Q0 X0X0 Y0Y0 P0P0 Q1Q1 X0X0 Y0Y0 P0P0 Q0Q0 X0X0 Y0Y0 P1P1 Q1Q1 X0X0 Y0Y0 P1P1 External variable was scheduled looking at private variable … … this breaks compositionality ) must have two schedulers 1.CONTROLLED-VAR scheduler: can look at private variables 2.EXTERNAL-VAR scheduler: cannot look at private variables

Compositional Methods for Probababilistic Systems19 Why is it tricky ? (2) P Ctr : X, non-det Extl: Y Q Ctr : Y, non-det Extl: X PkQ Ctr : X, Y X,Y are non-det. set With a single scheduler we get : No matching bundle in |[P]| or |[Q]| |[P]| Å |[Q]| ½ |[ P k Q ]| !! ) A composed system must be made up of schedulers for individual components X:=1 X:=0  1-  Y:=1 Y:=0  1-  X0X0 Y0Y0 X1X1 X0X0 X1X1 Y0Y0 Y1Y1 X1X1 (1-  )(1-  )(1-  )  (1-  )    1/2 X0X0 Y0Y0 X1X1 X0X0 X1X1 Y0Y0 Y1Y1 X1X1 00

Compositional Methods for Probababilistic Systems20 Ex 2: After composition, joint scheduling breaks compos. Ex 1: Environment must not see private variables ! Schedulers and Compositionality Q: Why are previous models not deeply compositional ? A: Monolithic Schedulers are bad !! Module P Interface x Private p External y Module Q Interface y Private q External x Module P k Q Interface x Private p Interface y Private q Compose

Compositional Methods for Probababilistic Systems21 Atoms : The Solution to the Scheduler Problem A single scheduler associated with each atom - Module Scheduler is the “composition” of atomic schedulers Atomic (scheduling) structure preserved after parallel composition Module P Reads x,p,y… Writes x,p… External y,… Writes y Reads Obs Reads x,… Writes … Module Q Reads y,p,x… Writes x,p… External x,… Writes x Reads Obs Reads x,… Writes … Compose Module P k Q Reads x,p,y… Writes x,p… Reads x,… Writes … Reads y,p,x… Writes x,p… Reads x,… Writes … External … Writes … Reads Obs Atoms : Units of Scheduling Variables written by the atom Variables read : on whose history non-det. is resolved

Compositional Methods for Probababilistic Systems22 The Importance of Atoms Module A Atom Axy controls x,y Init [] true-> x,y:=0,0 [] true-> x,y:=0,1 [] true-> x,y:=1,0 [] true-> x,y:=1,1 Module B Atom Bx controls x Init [] true-> x:=0 [] true-> x:=1 Update []... Atom By controls y Init [] true-> y:=0 [] true-> y:=1 Update []... |[A]|  |[B]| because: A has a bundle where x,y have correlated values { ½: 0,0 ½: 1,1} In B’s bundle it is not possible to get correlation, despite complete non-det in each atom, as the schedulers are independent

Compositional Methods for Probababilistic Systems23 Plan Systems with Probabilistic and Non-determinisitic choice Why is deep compositionality tricky ? –Atoms, the solution to the scheduler problem Concrete Model : Probabilistic Modules Bundle Algebra Theorems Conclusions etc.

Compositional Methods for Probababilistic Systems24 Probabilistic Modules Module A Interface x,w Private y External z Atom A XY control x,y read x,y,z Init [] true-> ½ x,y:=0,0 ½ x,y:=1,1 Update [] true-> x’,y’:= x,x [] y ->’¼ x’y:= : z,z ¾ x’y’= z, : z Atom A w control w read y,z Init [] true-> w:=0 [] true-> w:=1 Update [] true-> w’:= z Update : To each state, associate a set of distributions (moves), for next state Z1Z1 X1X1 Y1Y1 X1X1 1 Move 1 Y1Y1 X0X0 1/4 Y1Y1 X1X1 Y0Y0 3/4 Move 2 The atom scheduler Chooses between moves

Compositional Methods for Probababilistic Systems25 Operations : Parallel Composition Module P Reads x,p,y… Writes x,p… External y,… Writes y Reads Obs Reads x,… Writes … Module Q Reads y,p,x… Writes x,p… External x,… Writes x Reads Obs Reads x,… Writes …

Compositional Methods for Probababilistic Systems26 Operations : Parallel Composition Module P k Q Reads x,p,y… Writes x,p… External y,… Writes y Reads Obs Reads x,… Writes … Reads y,p,x… Writes x,p… Reads x,… Writes …

Compositional Methods for Probababilistic Systems27 Module A Interface x,w Private y External z Atom A XY control x,y read x,y,z Init [] true-> ½ x,y:=0,0 ½ x,y:=1,1 Update [] true-> x’,y’:= x,x [] y ->¼ x’y’:= : z,z ¾ x’y’= z, : z Atom A w control w read y,z Init [] true-> w:=0 [] true-> w:=1 Update [] true-> w’:= z Module Semantics

Compositional Methods for Probababilistic Systems28 Module Semantics Module A Reads x,y,z Writes x,y External z Writes z Reads x,w Reads y,z… Writes w… 11 22  env Schedulers for every atom Each Scheduler takes a trace, returns a move  : 1/3 2/3 Every triple (  1,  2,  env ) generates a bundle 1/2 1/3 1/6 |[A]| = Union over all triples (  1,  2,  env ) :

Compositional Methods for Probababilistic Systems29 Composing Atomic Schedulers XPXP Ctr P XQXQ Ctr Q XPXP Ctr P XQXQ Ctr Q Project PP Ctr P Move QQ Ctr Q Move  P £  Q =  P||Q £ Ctr P [ Ctr Q = X P k Q Move

Compositional Methods for Probababilistic Systems30 Semantics: Atomic Schedulers Composing Atom Schedulers: For schedulers  1 from X 1 to Y 1,  2 from X 2 to Y 2, s.t. Y 1 Å Y 2 = ?, (  1 £  2 ) : from X 1 [ X 2 to Y 1 [ Y 2 s.t. (  1 £  2 )(t) =  1 (t[X 1 ]) £  2 (t[X 2 ]) For sets of schedulers  1 from X 1 to Y 1,  2 from X 2 to Y 2,  1 £  2 = {  1 £  2 |  1 2  1,  2 2  2 }

Compositional Methods for Probababilistic Systems31 Module Semantics Schedulers of P extl  (P) = set of all schedulers from extlX(P) [ intfX(P) to extlX(P) mod  (P) = extl  (P) £  A 2 Atoms(P) atom  (A) Language of P L(P) = [  2 mod  (P) Outcome(  ) Trace Semantics of P |[ P ]| = L(P)[obsX(P)] – the language projected to the observables

Compositional Methods for Probababilistic Systems32 Plan Systems with Probabilistic and Non-determinisitic choice Why is deep compositionality tricky ? –Atoms, the solution to the scheduler problem Concrete Model : Probabilistic Modules Bundle Algebra Theorems Conclusions etc.

Compositional Methods for Probababilistic Systems33 Semantics of Probabilistic Systems X-State: A valuation of the variables in X 1/3 2/3 X-Move: A probability distribution over X-States Given a set of variables X: X-Trace: A sequence of X-States X-Bundle: A probability distribution over X-Traces 1/2 1/3 1/6 X-Probabilistic Language: A set of X-Bundles

Compositional Methods for Probababilistic Systems34 Bundle Algebra For reasoning about parallel composition Decomposing : Projection Given sets of variables X, X’ s.t. X’ µ X –X-Bundle  X’-Bundle Composing : Product Given sets of variables X, Y – X-Bundle £ Y-Bundle  (X [ Y) – Bundle

Compositional Methods for Probababilistic Systems35 Projection : States X’ X X State X’State

Compositional Methods for Probababilistic Systems36 Projection : Moves 1/9 1/6 1/9 1/3 X X Move X’ Move X’

Compositional Methods for Probababilistic Systems37 Projection : Bundles 1/81/12 1/241/6 1/9 1/3 X Bundle X’ Bundle

Compositional Methods for Probababilistic Systems38 Product : States X X YX Z X [ Y StateX [ Z State X [ Y [ Z State Y X Z

Compositional Methods for Probababilistic Systems39 Product : Moves, Bundles £ X [ Y Move X [ Z Move X [ Y [ Z Move Y X = X Z x.166 /.5.5 x.25 /.5

Compositional Methods for Probababilistic Systems40 Operations : Product Product : Given 2 sets of variables X 1, X 2 : –Given an X 1 -State s 1, a X 2 -State s 2 : s 1, s 2 can be multiplied if s 1 [X 1 Å X 2 ] = s 2 [X 1 Å X 2 ] –Same condition for for Traces and Bundles –Given an X 1 -Bundle b 1, X 2 -Bundle b 2 : (b 1 £ b 2 ): X 1 [ X 2 – Bundle s.t. (b 1 £ b 2 )(t) = b 1 (t[X 1 ]) £ b 2 (t[X 2 ]) / b 1 (t[X 1 Å X 2 ]) –Given an X 1 -Language L 1, X 2 -Language L 2 : L 1 £ L 2 = { b 1 £ b 2 | b 1 2 L 1 and b 2 2 L 2 can be multiplied }

Compositional Methods for Probababilistic Systems41 Plan Systems with Probabilistic and Non-determinisitic choice Why is deep compositionality tricky ? –Atoms, the solution to the scheduler problem Concrete Model : Probabilistic Modules Bundle Algebra Theorems Conclusions etc.

Compositional Methods for Probababilistic Systems42 Compositional Semantics Theorem: |[ P 1 k P 2 ]| = |[ P 1 ]| Å |[ P 2 ]| This is because L(P 1 k P 2 ) = L(P 1 ) £ L(P 2 ) For every b 1 2 L(P 1 ), b 2 2 L(P 2 ), s.t. b 1 [X(P 1 ) Å X(P 2 )] = b 2 [X(P 1 ) Å X(P 2 )] … are multipliable b 1 £ b 2 2 L(P 1 k P 2 ) For every b 2 L(P 1 k P 2 ) b[X(P 1 )] 2 L(P 1 ) and b[X(P 2 )] 2 L(P 2 )

Compositional Methods for Probababilistic Systems43 Recall : Probabilistic Refinement Refinement corresponds to bundle inclusion: –P ¹ Q if |[ P ]| µ |[ Q ]| Given a Probabilistic system P with variables X, semantics |[ P ]| is an X-Probabilistic language X-Probabilistic Language: A set of X-Bundles

Compositional Methods for Probababilistic Systems44 Refinement Is Compositional Module Refinement: P ¹ Q iff |[ P ]| µ |[ Q ]| Theorem: Refinement is Compositional P k Q ¹ P If P ¹ Q, then P k R ¹ Q k R –Follows from deep compositionality Theorem: Assume-Guarantee If P 1 k Q 2 ¹ Q 1 and Q 1 k P 2 ¹ Q 2, then P 1 k P 2 ¹ Q 1 k Q 2 –Deep compositionality –Induction

Compositional Methods for Probababilistic Systems45 Conclusions Deeply compositional semantics for systems with Non-deterministic and Probabilistic choice Assume-Guarantee rule Only possible by restricting the visibility and influence of schedulers Checking Bundle Inclusion –Simulation based approach Adding combinational (0-delay) dependencies Logics for Specification: –Correctness and performance properties –Compositional reasoning

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.