# bonn05

Document Sample

```					           From
Monotonic Transition Systems
to
Monotonic Games

Parosh Aziz Abdulla

Uppsala University
Outline

•Model Checking
•Infinite-State Systems
•Methodology:
Monotonicity
Well Quasi-Orderings
•Models
Petri Nets
Lossy Channel Systems
Timed Petri Nets
•Extension to Games
Model Checking
T          sat       f     ?

transition         specification
system
Model Checking
T          sat       f     ?

transition         specification
system

Transition System
Transition System

Reachability
Init

Fin

Init reaches Fin?
Transition Systems

Reachability
Init

Saftey Properties
=
Reachability

Fin

Init reaches Fin?
Forward Reachability Analysis
Forward Reachability Analysis

Post
Forward Reachability Analysis

Post

Forward Reachability Analysis
= computing Post

Init                           Fin
Backward Reachability Analysis
Backward Reachability Analysis

Pre
Backward Reachability Analysis

Pre

Backward Reachability Analysis
= computing Pre

Init                            Fin
Forward Reachability Analysis

Init                            Fin

Backward Reachability Analysis

Init                            Fin
Infinite-State Systems

1. Unbounded Data Structures
• stacks
• queues
• clocks
• counters, etc.

2. Unbounded Control Structures
• Parameterized Systems
• Dynamic Systems
Backward Reachability Analysis

Init                            Fin

infinite
Backward Reachability Analysis

Init                            Fin

infinite

effective symbolic representation
Petri Nets
States = Markings
Transitions
Transitions

t

Firing
t
Transitions

t

t is disabled
Monotonicity
Monotonicity
Monotonicity
Petri Nets: infinite state
Petri Nets: infinite state
Petri Nets: infinite state
Petri Nets: infinite state
Petri Nets: infinite state
Mutual Exclusion
W
R=1?

R:=1
R:=0
C
Mutual Exclusion
W
R=1?

R:=1
R:=0
C

R=1?          R=1?                R=1?
R:=1          R:=1                R:=1

R:=0          R:=0                R:=0
Mutual Exclusion

R=1?          R=1?          R=1?
R:=1          R:=1          R:=1

R:=0          R:=0          R:=0
Mutual Exclusion

R=1?           R=1?                R=1?
R:=1          R:=1           R:=1

R:=0           R:=0                R:=0

Initial states:
• R=1                        Infinitely
• All processes in             many
Mutual Exclusion

R=1?          R=1?                     R=1?
R:=1           R:=1               R:=1

R:=0          R:=0                     R:=0

Initial states:
• R=1                             Infinitely
• All processes in                  many

Bad states:
Two or more processes in
Mutual Exclusion

R=1?          R=1?              R=1?
R:=1              R:=1              R:=1

R:=0          R:=0              R:=0

C                        W   R=1
Mutual Exclusion
C              W   R=1
Set of initial states :

infinite
Mutual Exclusion

C   W   R=1
Mutual Exclusion

C   W   R=1

C   W   R=1
Mutual Exclusion

C   W   R=1
Mutual Exclusion

C   W   R=1

C   W   R=1
Safety Properties
• mutual exclusion:
#tokens in critical section > 1

critical section
Safety Properties
• mutual exclusion:
#tokens in critical section > 1
Ideal = Upward closed set of markings

critical section
Safety Properties
• mutual exclusion:
#tokens in critical section > 1
Ideal = Upward closed set of markings

critical section

safety
=
reachability of ideals
Petri Nets

• Concurrent systems

• Infinite-state: symbolic representation

• Monotonic behaviour

• Safety properties: reachability of ideals
Petri Nets

• Concurrent systems

• Infinite-state: symbolic representation

• Monotonic behaviour

• Safety properties: reachability of ideals
Monotonicity
ideals closed under computing Pre
Monotonicity
ideals closed under computing Pre

I
Monotonicity
ideals closed under computing Pre

I
Monotonicity
ideals closed under computing Pre

I
Monotonicity
ideals closed under computing Pre

Pre(I)                        I
Backward Reachability Analysis

Fin

Ideals
Ideals: Symbolic Representation

i : index (generator)

i : generator of ideal
i : denotes all markings larger than i
Ideals: Symbolic Representation

index (generator)
Ideals: Symbolic Representation

index (generator)
Ideals: Symbolic Representation

index (generator)
Ideals: Symbolic Representation

index (generator)
Ideals: Symbolic Representation

C

Index for bad states
Ideals: Symbolic Representation

C

Index for bad states
Each ideal can be characterized by
a finte set of generators
Index is minimal element
of its ideal

j
If   i   j   then
i
Monotonicity
ideals closed under computing Pre

C

Index for bad states

Indices of Pre
Monotonicity
ideals closed under computing Pre

C

Index for bad states

i: index
Indices of Pre              Pre(i) computable
Backward Reachability Analysis

C

Step 0 :
Backward Reachability Analysis

C

Step 0 :

Step 1 :
Backward Reachability Analysis

C

Step 0 :

Step 1 :
Backward Reachability Analysis

C

Step 0 :

Step 1 :

Step 2 :
Backward Reachability Analysis

C

Step 0 :

Step 1 :

Step 2 :
Backward Reachability Analysis

C

Step 0 :

Step 1 :

Step 2 :

Step 3 :
Backward Reachability Analysis

C

Step 0 :

Step 1 :

Step 2 :

Step 3 :
What did we need?

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Termination -- Ordering is WQO
What did we need?

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Termination -- Ordering is WQO

”nice properties”
Well Quasi-Ordering (WQO)

(A,       ) is WQO if
a0 a1 a2 a3 .......
i,j: i<j   and      ai   aj

WQO : Simple Example

( Nat ,    ) is WQO
x0 x1 x2 x3 ....... : natural numbers
i,j: i<j   and      xi   xj
Properties of WQO

Finite Sets
( A , = ) is WQO if A is finite
a0 a1 a2 b a3 a4 a5 b a6 ..............
Properties of WQO

Words

if ( A ,     ) is WQO
w1 :         a0       a1        a2

*
w2 : b0     b1    b2 b3   b4   b5   b6

then ( A*,        * ) is WQO
Properties of WQO

Multisets

if ( A ,     ) is WQO
then ( AM ,       M   ) is WQO

M1   M   M2

M1                  M2
Methodology

 Start from a finite domain

 Build more complicated data structures:
words, multisets, lists, sets, etc.
Examples -- WQO

( A* ,    )
A : finite alphabet

w1     w2 : w1 subword of w2

e.g.     ab    xaybz
Examples -- WQO

Words of natural numbers

5             2        7   w1

3    7        1   4    2   8   w2

w1       w2
Multisets over a finite alphabet
Words of multisets over a finite alphabet
Lossy Channel Systems
!m
• finite state process
?n   • unbounded lossy channel
• send and receive operations

m n n m ……

• Infinite state space
• Perfect channel = Turing machine
• Motivation: Link protocols
State          !m

mpnm   npn        ?n
Transitions

Send
!m
m
Transitions

Send
!m
m

Receive
?m     m
Transitions

Send
!m
m

Receive
?m               m

Messages may nondeterministically be lost
Example      !m

?n
pnmpn

nmpm

mpm
Ordering
• same colour
• subword

mn       pmpnp

mn       pmpnp

mn       pmp

mn      pmpnp
Ordering
• same colour
• subword

mn       pmpnp
Computable
mn       pmpnp   and WQO

mn       pmp

mn      pmpnp
Monotonicity

w1           w3

w2
Monotonicity

w1              w3

w2

Downward closed
Ideal Index

mnp      denotes all larger states

mnp           mnmp      mmnmp        …………

mnp           mnmp       mmnmp       …………
Each ideal can be characterized by
a finite set of generators

By WQO of
Computing Pre
Pre ( w ) contains the following:
Computing Pre
Pre ( w ) contains the following:
!m
if                     and    w = w’ m
then   w’
Computing Pre
Pre ( w ) contains the following:
!m
if                     and     w = w’ m
then   w’

!m
if                     and   last(w) = m

then   w
Computing Pre
Pre ( w ) contains the following:
!m
if                     and       w = w’ m
then   w’

!m
if                     and     last(w) = m

then   w

?m          then       mw
if
Example

Pre ( a d b )

!b
if                   ad

!d
if                  adb

?d
if                  dadb
Methodology (applied to LCS)

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Ordering is WQO
LCS -- Forward vs Backward Analysis

Pre*(w) is regular and computable

Post*(w) is regular but not computable
Timed Petri Nets

2.1                             0.5
8.5                             6.2
[3,6]               [4,7]         [1,5]

[0,3]
[4,   )
[1,2]
4.6
States = Markings

2.1                      0.5
3.5                      6.2
[3,6]             [4,7]     [1,5]

[0,3]
[4, )
[1,2]
4.6

2.1 3.5 0.5 6.2 4.6
Timed Transitions              2.1                       0.5
3.5                       6.2
[3,6]           [4,7]     [1,5]

2.1 3.5 0.5 6.2 4.6
[0,3]
[4, )                       [1,2]
4.6
Timed Transitions              2.1                       0.5
3.5                       6.2
[3,6]           [4,7]     [1,5]

2.1 3.5 0.5 6.2 4.6
[0,3]
[4, )
increase                                 4.6
[1,2]

age
by
1.3                        3.4                      1.8
4.8                      7.5
[4,7]     [1,5]
3.4 4.8 1.8 7.5 5.9
[0,3]
[4, )
[1,2]
5.9
Discrete Transitions              3.1                      1.5
4.5                      7.2
[3,6]             [4,7]     [1,5]

3.1 4.5 1.5 7.2 5.6                     t
[0,3]
[4, )                         [1,2]
5.6
Discrete Transitions              3.1                           1.5
4.5                           7.2
[3,6]                 [4,7]     [1,5]

3.1 4.5 1.5 7.2 5.6                     t
[0,3]
[4, )                                 [1,2]
5.6

Firing
t
3.1                           7.2

[4,7]        [1,5]

3.1 7.2 0.8 5.6                       t
[0,3]
[4, )                                 [1,2]
0.8
5.6
Timed Petri Nets

• Concurrent timed systems

• Infinite-state: symbolic representation

• Monotonic behaviour

• Safety properties: reachability of ideals
Equivalence on Markings
3.1                     7.2
[3,6]            [4,7]     [1,5]

t
[0,3]
[4, )                        [1,2]
0.8
5.6

• max = 7

• ages > max behave identically
Equivalence on Markings

Markings equivalent if they agree on:
 colours
 integral parts of clock values
 ordering on fractional parts

3.1 4.8 1.5 6.2 5.6

3.2 4.8 1.6 6.4 5.7
Equivalence on Markings

Markings equivalent if they agree on:
 colours
 integral parts of clock values
 ordering on fractional parts

3.1 4.8 1.5 6.2 5.6                3.1 1.5 4.8

3.2 4.8 1.6 6.4 5.7
Equivalence on Markings

Markings equivalent if they agree on:
 colours
 integral parts of clock values
 ordering on fractional parts

3.1 4.8 1.5 6.2 5.6                3.1 1.5 4.8

3.2 4.8 1.6 6.4 5.7                3.2 1.6 4.7
Equivalence on Markings

Markings equivalent if they agree on:
 colours
 integral parts of clock values
 ordering on fractional parts

3.1 4.8 1.5 6.2 5.6
3 6 1 54

3.2 4.8 1.6 6.4 5.7
Equivalence on Markings

Markings equivalent if they agree on:
 colours
 integral parts of clock values
 ordering on fractional parts

3.1 4.8 4.8 1.1 5.4

3       4
5
3.2 4.7 4.7 1.2 5.5                 1       4

words over multisets over a finite alphabet
Ordering on Markings

M1      M2    iff     M3 :
 M1        M3

 M3   <    M2

4.8 6.4 5.7

3.1 4.8 1.5 6.2 5.6
Ordering on Markings

M1      M2    iff     M3 :
 M1        M3

 M3   <    M2

4.8 6.4 5.7
4.8 6.2 5.6

3.1 4.8 1.5 6.2 5.6
4.8 6.4 5.7
4.8 6.2 5.6

3.1 4.8 1.5 6.2 5.6
4.8 6.4 5.7
4.8 6.2 5.6

3.1 4.8 1.5 6.2 5.6

6 5 4
=
subword                        6 5 4
subword
3 6 1 5 4
Ordering on Markings

M1       M2    iff     M3 :
 M1        M3

 M3   <    M2

3.2 1.2 4.7

3.1 4.8 4.8 1.1 5.4
Ordering on Markings

M1       M2    iff     M3 :
 M1        M3

 M3   <    M2

3.2 1.2 4.7

3.1 4.8   1.1

3.1 4.8 4.8 1.1 5.4
3.2 1.2 4.7

3.1 4.8   1.1

3.1 4.8 4.8 1.1 5.4

3
4
1
=
subword                                    3
4
1
subword
3            4
5
1            4
Properties of

=
subword ordering on multisets
over a finite alphabet

is a well quasi-ordering
Properties of   -- Monotonicity

M1                 M3

M2
Properties of        -- Monotonicity

M1                      M3

M4

M2
Properties of        -- Monotonicity

M1                       M3

M4      M5

M2
Properties of        -- Monotonicity

M1                       M3

M4      M5

M2                       M6
Properties of        -- Monotonicity

M1                       M3

M4      M5

M2                       M6
Methodology (applied to TPN)

1. Computable ordering
2. Monotonicity, Computability of Pre
3. Ordering is WQO
Infinite-State Games

Player A :             Player B :

Can B take game to         ?
Backward Reachability Analysis

Characterize losing states for A

B-states                     A-states

=   Pre(          )
Backward Reachability Analysis

Characterize losing states for A

A-states                     B-states

=   Pre(           )
Backward Reachability Analysis

Characterize losing states for A

Pre         Pre        Pre   Pre
Vector Addition Systems with States
(VASS)

y --    x++
x--

• Finite-state automaton operating on variables
• Variables range over natural numbers
• Operations: increment or decrement variable
VASS = Petri nets
y--
x--        x++
VASS

y

Petri net

x
x++
VASS Games
x++
x--
x--

x++
Player A :

Player B :

Can B take game to   ?
0   x++

0   x++
x--
1
x--
2    x++

3

4
0           x++

0           x++
x--
1
x--
2            x++

3
A cannot avoid
4
1       x++

1   0   x++
x--
2
x--
3        x++

4

5
1               x++

1   0           x++
x--
2
x--
3                x++

4
A can avoid
5
2       x++

2   1   x++
x--
3   0
x--
4   1    x++

5   2

6   3
2               x++

2   1           x++
x--
3   0
x--
4   1            x++

5   2
A cannot avoid
6   3
Player A:

0 -- lose
1 -- win
>1 -- lose

Monotonicity does not imply
upward closedness
Backward Reachability Analysis

Characterize losing states for A

Pre         Pre        Pre      Pre

Why scheme does not work for VASS?
Monotonicity does not imply that
ideals are closed under Pre
2-Counter Machines

y--   x++
x--

x=0?

Is       reachable?

Problem undecidable
Simulation of 2-Counter Machines
by
VASS Games

x++
Counter machine

x++                        VASS game
Simulation of 2-Counter Machines
by
VASS Games

x--
Counter machine

x--                        VASS game
Simulation of 2-Counter Machines
by
VASS Games

x=0?
Counter machine

x--
VASS game
Safety undecidable for Monotonic Games

Safety undecidable for VASS Games
B-Downward Closed Games

s1      s3

s2
B-Downward Closed Games

s1     s3

s2

Pre

ideal            any set
Backward Reachability Analysis

B-Downward closed games

Pre       Pre          Pre   Pre

ideal
Backward Reachability Analysis
B-Downward closed games

Pre        Pre         Pre          Pre

”nice ordering”            ideal
characterization of A-losing states
decidability of safety
Backward Reachability Analysis
B-LCS Games                        !m
Player B can
lose messages                       !n
?m
?n

!m

B-LCS: characterization of A-losing states
Safety decidable for B-LCS games
A-Downward Closed Games
A-Downward Closed Games

Post
A-Downward Closed Games

Post
A-Downward Closed Games
A-Downward Closed Games
A-Downward Closed Games

F
A-Downward Closed Games

F
A-Downward Closed Games

T             F
A-Downward Closed Games

T                   F     T       F
Termination
• all leaves closed
• Evaluate tree:          = OR
= AND
A-Downward Closed Games

T                 F   T         F

Termination guaranteed if
is WQO
A-Downward Closed Games

T                 F   T         F

Safety decidable for A-LCS Games

Can we characterize winning states ?
A Problem for LCS                !m

?n

characterize
sf
{w     w                sf   }
• Set regular
• But Not computable
A-LCS Games

• Winning set regular
• But not computable

!m
LCS

!m                      A-LCS game
A-LCS Games

• Winning set regular
• But not computable

?m
LCS

?m                      A-LCS game
A-LCS Games

• Winning set regular
• But not computable

For each         :

A-LCS game
Conclusions and Planned Work

 Define a WQO on state space

 Safety properties: reachability of ideals

 Examples:

Timed Petri nets
Parameterized systems
Broadcast protocols
Cache coherence protocols
Lossy channel systems, etc.
 Extension to Games

 Regular Model Checking

 Stochastic behaviours

```
DOCUMENT INFO
Shared By:
Categories:
Stats:
 views: 2 posted: 2/19/2010 language: English pages: 168