Docstoc

bonn05

Document Sample
bonn05 Powered By Docstoc
					           From
Monotonic Transition Systems
             to
    Monotonic Games



       Parosh Aziz Abdulla

       Uppsala University
Outline

          •Model Checking
          •Infinite-State Systems
          •Methodology:
             Monotonicity
             Well Quasi-Orderings
          •Models
             Petri Nets
             Lossy Channel Systems
             Timed Petri Nets
          •Extension to Games
 Model Checking
  T          sat       f     ?

transition         specification
  system
 Model Checking
  T          sat       f     ?

transition         specification
  system


  Transition System
            Transition System




 Reachability
     Init




     Fin

Init reaches Fin?
            Transition Systems




 Reachability
     Init

                        Saftey Properties
                                =
                          Reachability

     Fin

Init reaches Fin?
Forward Reachability Analysis
Forward Reachability Analysis




                   Post
Forward Reachability Analysis




                   Post


Forward Reachability Analysis
= computing Post


 Init                           Fin
Backward Reachability Analysis
Backward Reachability Analysis




                  Pre
Backward Reachability Analysis




                  Pre


Backward Reachability Analysis
= computing Pre


 Init                            Fin
Forward Reachability Analysis



 Init                            Fin


Backward Reachability Analysis



 Init                            Fin
    Infinite-State Systems

1. Unbounded Data Structures
   • stacks
   • queues
   • clocks
   • counters, etc.

2. Unbounded Control Structures
   • Parameterized Systems
   • Dynamic Systems
Backward Reachability Analysis


 Init                            Fin




            infinite
Backward Reachability Analysis


 Init                            Fin




            infinite

 effective symbolic representation
Petri Nets
States = Markings
Transitions
Transitions

              t



  Firing
     t
Transitions

                  t



  t is disabled
Monotonicity
Monotonicity
Monotonicity
Petri Nets: infinite state
Petri Nets: infinite state
Petri Nets: infinite state
Petri Nets: infinite state
Petri Nets: infinite state
Mutual Exclusion
                          W
                              R=1?

                   R:=1
                              R:=0
                          C
Mutual Exclusion
                            W
                                R=1?

                     R:=1
                                R:=0
                            C




       R=1?          R=1?                R=1?
R:=1          R:=1                R:=1

       R:=0          R:=0                R:=0
Mutual Exclusion

       R=1?          R=1?          R=1?
R:=1          R:=1          R:=1

       R:=0          R:=0          R:=0
Mutual Exclusion

       R=1?           R=1?                R=1?
R:=1          R:=1           R:=1

       R:=0           R:=0                R:=0



       Initial states:
       • R=1                        Infinitely
       • All processes in             many
Mutual Exclusion

        R=1?          R=1?                     R=1?
R:=1           R:=1               R:=1

        R:=0          R:=0                     R:=0



       Initial states:
       • R=1                             Infinitely
       • All processes in                  many



       Bad states:
       Two or more processes in
Mutual Exclusion

           R=1?          R=1?              R=1?
R:=1              R:=1              R:=1

           R:=0          R:=0              R:=0




       C                        W   R=1
 Mutual Exclusion
                          C              W   R=1
Set of initial states :




                              infinite
Mutual Exclusion


                   C   W   R=1
Mutual Exclusion


                   C   W   R=1




                   C   W   R=1
Mutual Exclusion


                   C   W   R=1
Mutual Exclusion


                   C   W   R=1




                   C   W   R=1
Safety Properties
• mutual exclusion:
  #tokens in critical section > 1



                       critical section
Safety Properties
• mutual exclusion:
  #tokens in critical section > 1
  Ideal = Upward closed set of markings


                       critical section
Safety Properties
• mutual exclusion:
  #tokens in critical section > 1
  Ideal = Upward closed set of markings


                         critical section


       safety
          =
reachability of ideals
 Petri Nets


• Concurrent systems

• Infinite-state: symbolic representation

• Monotonic behaviour

• Safety properties: reachability of ideals
 Petri Nets


• Concurrent systems

• Infinite-state: symbolic representation

• Monotonic behaviour

• Safety properties: reachability of ideals
Monotonicity
ideals closed under computing Pre
Monotonicity
ideals closed under computing Pre




                                    I
Monotonicity
ideals closed under computing Pre




                                    I
Monotonicity
ideals closed under computing Pre




                                    I
Monotonicity
ideals closed under computing Pre




      Pre(I)                        I
Backward Reachability Analysis



                          Fin




                 Ideals
Ideals: Symbolic Representation




                      i : index (generator)


 i : generator of ideal
 i : denotes all markings larger than i
Ideals: Symbolic Representation




                  index (generator)
Ideals: Symbolic Representation




                  index (generator)
Ideals: Symbolic Representation




                  index (generator)
Ideals: Symbolic Representation




                  index (generator)
Ideals: Symbolic Representation


        C



                  Index for bad states
Ideals: Symbolic Representation


        C



                  Index for bad states
Each ideal can be characterized by
     a finte set of generators
Index is minimal element
of its ideal




                           j
   If   i   j   then
                           i
Monotonicity
ideals closed under computing Pre


      C



                     Index for bad states



          Indices of Pre
Monotonicity
ideals closed under computing Pre


      C



                      Index for bad states

                                 i: index
     Indices of Pre              Pre(i) computable
Backward Reachability Analysis


                      C



 Step 0 :
Backward Reachability Analysis


                      C



 Step 0 :


 Step 1 :
Backward Reachability Analysis


                      C



 Step 0 :


 Step 1 :
Backward Reachability Analysis


                      C



 Step 0 :


 Step 1 :


 Step 2 :
Backward Reachability Analysis


                      C



 Step 0 :


 Step 1 :


 Step 2 :
Backward Reachability Analysis


                      C



 Step 0 :


 Step 1 :


 Step 2 :


 Step 3 :
Backward Reachability Analysis


                      C



 Step 0 :


 Step 1 :


 Step 2 :


 Step 3 :
What did we need?

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Termination -- Ordering is WQO
What did we need?

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Termination -- Ordering is WQO




        ”nice properties”
Well Quasi-Ordering (WQO)

 (A,       ) is WQO if
     a0 a1 a2 a3 .......
       i,j: i<j   and      ai   aj

WQO : Simple Example

 ( Nat ,    ) is WQO
     x0 x1 x2 x3 ....... : natural numbers
       i,j: i<j   and      xi   xj
Properties of WQO


 Finite Sets
 ( A , = ) is WQO if A is finite
     a0 a1 a2 b a3 a4 a5 b a6 ..............
Properties of WQO

Words

 if ( A ,     ) is WQO
 w1 :         a0       a1        a2

    *
  w2 : b0     b1    b2 b3   b4   b5   b6


 then ( A*,        * ) is WQO
Properties of WQO

Multisets

 if ( A ,     ) is WQO
 then ( AM ,       M   ) is WQO




M1   M   M2


              M1                  M2
Methodology


  Start from a finite domain

  Build more complicated data structures:
   words, multisets, lists, sets, etc.
Examples -- WQO


  ( A* ,    )
  A : finite alphabet

  w1     w2 : w1 subword of w2

  e.g.     ab    xaybz
Examples -- WQO

Words of natural numbers



      5             2        7   w1

  3    7        1   4    2   8   w2



           w1       w2
Multisets over a finite alphabet
Words of multisets over a finite alphabet
        Lossy Channel Systems
   !m
                  • finite state process
             ?n   • unbounded lossy channel
                  • send and receive operations


m n n m ……


• Infinite state space
• Perfect channel = Turing machine
• Motivation: Link protocols
State          !m

  mpnm   npn        ?n
Transitions

Send
       !m
              m
Transitions

Send
       !m
                  m



Receive
       ?m     m
Transitions

Send
       !m
                                            m



Receive
       ?m               m



Messages may nondeterministically be lost
Example      !m

                  ?n
     pnmpn

      nmpm

      mpm
Ordering
• same colour
• subword

mn       pmpnp

mn       pmpnp

mn       pmp

 mn      pmpnp
Ordering
• same colour
• subword

mn       pmpnp
                    Computable
mn       pmpnp   and WQO

mn       pmp

 mn      pmpnp
Monotonicity



  w1           w3


  w2
Monotonicity



  w1              w3


  w2


Downward closed
Ideal Index


mnp      denotes all larger states


mnp           mnmp      mmnmp        …………



mnp           mnmp       mmnmp       …………
Each ideal can be characterized by
    a finite set of generators

   By WQO of
Computing Pre
Pre ( w ) contains the following:
Computing Pre
Pre ( w ) contains the following:
             !m
 if                     and    w = w’ m
 then   w’
Computing Pre
Pre ( w ) contains the following:
             !m
 if                     and     w = w’ m
 then   w’

             !m
 if                     and   last(w) = m

 then   w
Computing Pre
Pre ( w ) contains the following:
             !m
 if                     and       w = w’ m
 then   w’

             !m
 if                     and     last(w) = m

 then   w

             ?m          then       mw
 if
Example

Pre ( a d b )

                !b
 if                   ad


                !d
 if                  adb


                ?d
 if                  dadb
Methodology (applied to LCS)

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Ordering is WQO
LCS -- Forward vs Backward Analysis




  Pre*(w) is regular and computable

  Post*(w) is regular but not computable
                  Timed Petri Nets

          2.1                             0.5
            8.5                             6.2
[3,6]               [4,7]         [1,5]



                              [0,3]
    [4,   )
                                            [1,2]
                            4.6
States = Markings

           2.1                      0.5
            3.5                      6.2
[3,6]             [4,7]     [1,5]



                          [0,3]
        [4, )
                                      [1,2]
                      4.6




    2.1 3.5 0.5 6.2 4.6
Timed Transitions              2.1                       0.5
                                3.5                       6.2
                       [3,6]           [4,7]     [1,5]

 2.1 3.5 0.5 6.2 4.6
                                               [0,3]
                               [4, )                       [1,2]
                                           4.6
Timed Transitions              2.1                       0.5
                                3.5                       6.2
                       [3,6]           [4,7]     [1,5]

 2.1 3.5 0.5 6.2 4.6
                                               [0,3]
                               [4, )
  increase                                 4.6
                                                           [1,2]

    age
    by
     1.3                        3.4                      1.8
                                 4.8                      7.5
                                       [4,7]     [1,5]
 3.4 4.8 1.8 7.5 5.9
                                               [0,3]
                           [4, )
                                                           [1,2]
                                           5.9
Discrete Transitions              3.1                      1.5
                                   4.5                      7.2
                       [3,6]             [4,7]     [1,5]

 3.1 4.5 1.5 7.2 5.6                     t
                                                 [0,3]
                               [4, )                         [1,2]
                                             5.6
Discrete Transitions              3.1                           1.5
                                   4.5                           7.2
                       [3,6]                 [4,7]     [1,5]

 3.1 4.5 1.5 7.2 5.6                     t
                                                      [0,3]
                               [4, )                                 [1,2]
                                                 5.6

   Firing
      t
                                 3.1                           7.2

                                         [4,7]        [1,5]

   3.1 7.2 0.8 5.6                       t
                                                     [0,3]
                           [4, )                                 [1,2]
                                                0.8
                                                5.6
 Timed Petri Nets


• Concurrent timed systems

• Infinite-state: symbolic representation

• Monotonic behaviour

• Safety properties: reachability of ideals
Equivalence on Markings
                                      3.1                     7.2
                           [3,6]            [4,7]     [1,5]

                                            t
                                                    [0,3]
                                   [4, )                        [1,2]
                                                0.8
                                                5.6

  • max = 7

  • ages > max behave identically
Equivalence on Markings

 Markings equivalent if they agree on:
   colours
   integral parts of clock values
   ordering on fractional parts


 3.1 4.8 1.5 6.2 5.6


 3.2 4.8 1.6 6.4 5.7
Equivalence on Markings

 Markings equivalent if they agree on:
   colours
   integral parts of clock values
   ordering on fractional parts


 3.1 4.8 1.5 6.2 5.6                3.1 1.5 4.8


 3.2 4.8 1.6 6.4 5.7
Equivalence on Markings

 Markings equivalent if they agree on:
   colours
   integral parts of clock values
   ordering on fractional parts


 3.1 4.8 1.5 6.2 5.6                3.1 1.5 4.8


 3.2 4.8 1.6 6.4 5.7                3.2 1.6 4.7
Equivalence on Markings

 Markings equivalent if they agree on:
   colours
   integral parts of clock values
   ordering on fractional parts


 3.1 4.8 1.5 6.2 5.6
                                    3 6 1 54

 3.2 4.8 1.6 6.4 5.7
Equivalence on Markings

 Markings equivalent if they agree on:
   colours
   integral parts of clock values
   ordering on fractional parts


 3.1 4.8 4.8 1.1 5.4

                                     3       4
                                         5
 3.2 4.7 4.7 1.2 5.5                 1       4


  words over multisets over a finite alphabet
Ordering on Markings

 M1      M2    iff     M3 :
   M1        M3

   M3   <    M2


      4.8 6.4 5.7



 3.1 4.8 1.5 6.2 5.6
Ordering on Markings

 M1      M2    iff     M3 :
   M1        M3

   M3   <    M2


      4.8 6.4 5.7
                              4.8 6.2 5.6

 3.1 4.8 1.5 6.2 5.6
    4.8 6.4 5.7
                      4.8 6.2 5.6

3.1 4.8 1.5 6.2 5.6
    4.8 6.4 5.7
                            4.8 6.2 5.6

3.1 4.8 1.5 6.2 5.6




  6 5 4
                      =
 subword                        6 5 4
                      subword
3 6 1 5 4
Ordering on Markings

 M1       M2    iff     M3 :
    M1        M3

    M3   <    M2


      3.2 1.2 4.7



  3.1 4.8 4.8 1.1 5.4
Ordering on Markings

 M1       M2    iff     M3 :
    M1        M3

    M3   <    M2


      3.2 1.2 4.7

                               3.1 4.8   1.1

  3.1 4.8 4.8 1.1 5.4
    3.2 1.2 4.7

                           3.1 4.8   1.1

3.1 4.8 4.8 1.1 5.4


    3
         4
    1
                  =
subword                                    3
                                               4
                                           1
                      subword
3            4
     5
1            4
 Properties of


  =
subword ordering on multisets
over a finite alphabet

   is a well quasi-ordering
Properties of   -- Monotonicity


    M1                 M3




    M2
Properties of        -- Monotonicity


    M1                      M3



                M4


    M2
Properties of        -- Monotonicity


    M1                       M3



                M4      M5


    M2
Properties of        -- Monotonicity


    M1                       M3



                M4      M5


    M2                       M6
Properties of        -- Monotonicity


    M1                       M3



                M4      M5


    M2                       M6
Methodology (applied to TPN)

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Ordering is WQO
Infinite-State Games




Player A :             Player B :

Can B take game to         ?
Backward Reachability Analysis

Characterize losing states for A




      B-states                     A-states



                 =   Pre(          )
Backward Reachability Analysis

Characterize losing states for A




      A-states                     B-states



                 =   Pre(           )
Backward Reachability Analysis

Characterize losing states for A


       Pre         Pre        Pre   Pre
Vector Addition Systems with States
              (VASS)


                          y --    x++
              x--




 • Finite-state automaton operating on variables
 • Variables range over natural numbers
 • Operations: increment or decrement variable
VASS = Petri nets
                              y--
             x--        x++
                                        VASS




                                    y

                                          Petri net

                    x
                         x++
VASS Games
                         x++
                                x--
                          x--

                          x++
Player A :

Player B :

Can B take game to   ?
0   x++

0   x++
           x--
1
     x--
2    x++

3

4
0           x++

0           x++
                     x--
1
             x--
2            x++

3
    A cannot avoid
4
1       x++

1   0   x++
               x--
2
         x--
3        x++

4

5
1               x++

1   0           x++
                       x--
2
                 x--
3                x++

4
        A can avoid
5
2       x++

2   1   x++
               x--
3   0
         x--
4   1    x++

5   2

6   3
2               x++

2   1           x++
                         x--
3   0
                 x--
4   1            x++

5   2
        A cannot avoid
6   3
Player A:

  0 -- lose
  1 -- win
  >1 -- lose


Monotonicity does not imply
upward closedness
Backward Reachability Analysis

Characterize losing states for A


       Pre         Pre        Pre      Pre




  Why scheme does not work for VASS?
         Monotonicity does not imply that
         ideals are closed under Pre
2-Counter Machines

                        y--   x++
           x--

                 x=0?


          Is       reachable?

         Problem undecidable
Simulation of 2-Counter Machines
                by
          VASS Games

          x++
                           Counter machine




   x++                        VASS game
Simulation of 2-Counter Machines
                by
          VASS Games

          x--
                           Counter machine




   x--                        VASS game
Simulation of 2-Counter Machines
                by
          VASS Games

         x=0?
                           Counter machine




           x--
                              VASS game
Safety undecidable for Monotonic Games


  Safety undecidable for VASS Games
B-Downward Closed Games

          s1      s3

          s2
B-Downward Closed Games

           s1     s3

           s2

                  Pre




         ideal            any set
Backward Reachability Analysis

B-Downward closed games


     Pre       Pre          Pre   Pre




                          ideal
Backward Reachability Analysis
B-Downward closed games


       Pre        Pre         Pre          Pre




”nice ordering”            ideal
                  characterization of A-losing states
                  decidability of safety
Backward Reachability Analysis
B-LCS Games                        !m
Player B can
lose messages                       !n
                                                 ?m
                                     ?n

                                     !m

        B-LCS: characterization of A-losing states
           Safety decidable for B-LCS games
A-Downward Closed Games
A-Downward Closed Games




                   Post
A-Downward Closed Games




                 Post
A-Downward Closed Games
A-Downward Closed Games
A-Downward Closed Games




                  F
A-Downward Closed Games




                  F
A-Downward Closed Games




    T             F
A-Downward Closed Games




    T                   F     T       F
        Termination
        • all leaves closed
        • Evaluate tree:          = OR
                                  = AND
A-Downward Closed Games




    T                 F   T         F


        Termination guaranteed if
            is WQO
A-Downward Closed Games




    T                 F   T         F


        Safety decidable for A-LCS Games

     Can we characterize winning states ?
A Problem for LCS                !m

                                      ?n

characterize
                                 sf
{w     w                sf   }
 • Set regular
 • But Not computable
A-LCS Games

• Winning set regular
• But not computable

              !m
                        LCS




      !m                      A-LCS game
A-LCS Games

• Winning set regular
• But not computable

              ?m
                        LCS




      ?m                      A-LCS game
A-LCS Games

• Winning set regular
• But not computable


  For each         :




                        A-LCS game
Conclusions and Planned Work

 Define a WQO on state space

 Safety properties: reachability of ideals

 Examples:

     Timed Petri nets
     Parameterized systems
     Broadcast protocols
     Cache coherence protocols
     Lossy channel systems, etc.
 Extension to Games

 Regular Model Checking

 Stochastic behaviours

				
DOCUMENT INFO