1 / 78

From Boolean to Quantitative System Specifications

From Boolean to Quantitative System Specifications. Tom Henzinger EPFL. Outline. The Quantitative Agenda Some Basic Open Problems Some Promising Directions. The Boolean Agenda.

sdrake
Download Presentation

From Boolean to Quantitative System Specifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. From Boolean to Quantitative System Specifications Tom Henzinger EPFL

  2. Outline • The Quantitative Agenda • Some Basic Open Problems • Some Promising Directions

  3. The Boolean Agenda Program/ System Property/ Specification Analysis Yes/No

  4. The Boolean Agenda Program/ System Property/ Specification Analysis Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

  5. The Boolean Agenda Program/ System Property/ Specification Structure Formula Satisfaction Relation Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

  6. The Boolean Agenda Program/ System Property/ Specification Every request is followed by a grant. Transition system. Analysis Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

  7. The Boolean Agenda Quantitative Program/ System Quantitative Property/ Specification Every request is followed by a grant within 5 time units. Timed automaton. Analysis Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

  8. The Boolean Agenda Quantitative Program/ System Quantitative Property/ Specification Every request is followed by a grant within probability 1/2. Markov process. Analysis Yes/No -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

  9. The Boolean Agenda Quantitative Program/ System Quantitative Property/ Specification Every request is followed by a grant within probability 1/2. Markov process. Analysis B -perhaps a proof -perhaps some counterexamples -perhaps even a proposed fix

  10. The Quantitative Agenda Quantitative Program/ System Quantitative Property/ Specification Analysis R -measure of “fit” between system and spec -could be cost, quality, etc.

  11. The Quantitative Agenda Quantitative Program/ System Quantitative Property/ Specification Every request is followed by a grant. Analysis The less time between requests and grants, the better. R -measure of “fit” between system and spec -could be cost, quality, etc.

  12. The Quantitative Agenda Quantitative Program/ System Quantitative Property/ Specification Every request is followed by a grant. Analysis The fewer unnecessary grants, the better. R -measure of “fit” between system and spec -could be cost, quality, etc.

  13. The Quantitative Agenda Q1 Assigning values to behaviors Boolean case: correct vs. incorrect behaviors Q2 Assigning values to systems/properties Boolean case: sets of behaviors (nondeterminism) Q3 Assigning values to pairs of systems Boolean case: preorders on systems

  14. Q1 Assigning Values To Behaviors • a. Probabilities • b. Resource use • -worst case vs. average case (e.g. response time, QoS) -peak vs. accumulative (e.g. power consumption) • c. Quality measures • -discounting vs. long-run averaging (e.g. reliability)

  15. Q1 Assigning Values To Behaviors a: ok b: fail Discounted value (0 < d < 1): aaaaaaaaaa...1aaaaaaab...1 - d8aab...1 - d3b...0 Long-run average value: aaaaaaaaaa...1aaabaaabaaab...1 – ¼abaabaaab...1 babbabbba... 0

  16. Q2, Q3 Assigning Values To Systems x: behaviors w: observations A,B: systems A(w) = supx { val(x) : obs(x) = w } B(w) = expx { val(x) : obs(x) = w }

  17. Q2, Q3 Assigning Values To Systems x: behaviors w: observations A,B: systems A(w) = supx { val(x) : obs(x) = w } B(w) = expx { val(x) : obs(x) = w } diff(A,B) = supw { |A(w) – B(w)| } ? Compositionality: diff(A||B,A’||B) · f(diff(A,A’)) [AFHMS].

  18. Is there a Quantitative Framework with -an appealing mathematical formulation, -useful expressive power, and -good algorithmic properties? (Like the boolean theory of -regularity.)

  19. Outline • The Quantitative Agenda • Some Basic Open Problems • Some Promising Directions

  20. Property = Language Alphabet:   = {a,b,c} Language: L µL = (a+b)+(a[c) [ (a+b) abaabaaabccccc... 2 L abcabc...  L

  21. Boolean Language • Alphabet:   = {a,b,c} • Language: L µL = (a+b)+(a[c) [ (a+b) • abaabaaabccccc... 2 L abcabc...  L L: !B

  22. Specification = Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    Q transition function 0 0,1 A: 1 1 a b c 0  = {0,1}

  23. Specification = Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    Q transition function 0 0,1 A: 1 1 a b c 0  = {0,1} L(A) = (a+b)+(a[c) [ (a+b)

  24. Specification = Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    Q transition function 0 0,1 A: 1 1 a b c 0 “scheduler” 0101111... ! aababccc... “outcome”

  25. Specification = Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    Q transition function Scheduler: x: Q+! S ... set of schedulers Outcome: f(x) = q0q1q2 ... where 8 i : qi+1 = (qi, x(q0...qi)) Language: L = { (f(x)) : x 2 S }

  26. Satisfaction = Language Inclusion Given two automata A and B, is L(A) µ L(B)? i.e. 8 w 2 : L(A)(w) · L(B)(w)

  27. Satisfaction = Language Inclusion Given two automata A and B, is L(A) µ L(B)? i.e. 8 w 2 : L(A)(w) · L(B)(w) For finite automata, PSPACE-complete.

  28. Probabilistic Language Word: element of  Probabilistic Word: probability space on Probabilistic Language: set of probabilistic words w: ab! 1/2 aab! 1/4 aaab! 1/8 ...

  29. Markov Decision Process Q states : Q ! labeling q0 2 Q initial state  choices : Q    D(Q) transition function 0,1 0: 0.5 A: 0: 0.5 1: 1 0: 0.5 1: 1 a b c 0: 0.5

  30. Markov Decision Process Q states : Q ! labeling q0 2 Q initial state  choices : Q    D(Q) transition function 0,1 0: 0.5 A: 0: 0.5 1: 1 0: 0.5 1: 1 a b c 0: 0.5 0101111... ! abccc... ! 1/2 aabccc... ! 1/4 ...

  31. Markov Decision Process Q states : Q ! labeling q0 2 Q initial state  choices : Q    D(Q) transition function Pure scheduler: x: Q+! Probabilistic scheduler: x: Q+! D()

  32. Markov Decision Process Q states : Q ! labeling q0 2 Q initial state  choices : Q    D(Q) transition function 0,1 0: 0.5 A: 0: 0.5 1: 1 0: 0.5 1: 1 a b c 0: 0.5 {0: 0.5, 1: 0.5}! abccc... ! 9/16 aabccc... ! 9/64 ...

  33. Probabilistic Language Inclusion Given two MDPs A and B, is L(A) µ L(B)?

  34. Probabilistic Language Inclusion Given two MDPs A and B, is L(A) µ L(B)? ?

  35. Probabilistic Language Inclusion Given two MDPs A and B, is L(A) µ L(B)? ? Open even if specification B is deterministic (i.e. || = 1) and implementation scheduler required to be pure.If both sides are deterministic, then it can be solved in polynomial time (equivalence of Rabin’s probabilistic automata) [Tzeng, DHR].

  36. Quantitative Language Language: L: !B Quantitative Language: L: !R L(ab) = 1/2 L(aab) = 1/4 L(aaab) = 1/8 ...

  37. Weighted Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    R£ Q transition function 0,1; 0 0; 4 A: 1; 2 1; 1 a b c 0; 0

  38. Weighted Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    R£ Q transition function 0,1; 0 0; 4 A: 1; 2 1; 1 a b c 0; 0 0101111... ! aababccc...; 4 1111111... ! abccc...; 2 Max value:

  39. Weighted Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    R£ Q transition function Outcome: f(x) = q0v1q1v2q2... where 8 i : (vi+1,qi+1) = (qi, x(q0...qi)) Max value: val(q0v1q1v2q2...) = sup{ vi : i ¸ 1 }

  40. Weighted Automaton Q states : Q ! labeling q0 2 Q initial state  choices : Q    R£ Q transition function Outcome: f(x) = q0v1q1v2q2... where 8 i : (vi+1,qi+1) = (qi, x(q0...qi)) Max value: val(q0v1q1v2q2...) = sup{ vi : i ¸ 1 } q-Language: L(w) = sup{ val(f(x)) : x 2 S s.t. (f(x)) = w }

  41. Different Value Functions Max value: val(q0v1q1v2q2...) = sup{ vi : i ¸ 1 } (only 0 and 1 costs: finite automaton) Limsup value: val = limn!1 sup{ vi : i ¸ n } (only 0 and 1 costs: Buechi automaton)

  42. Different Value Functions Max value: val(q0v1q1v2q2...) = sup{ vi : i ¸ 1 } (only 0 and 1 costs: finite automaton) Limsup value: val = limn!1 sup{ vi : i ¸ n } (only 0 and 1 costs: Buechi automaton) Limavg value: val = limn!1 1/n ¢1·i·n vi

  43. Different Value Functions Max value: val(q0v1q1v2q2...) = sup{ vi : i ¸ 1 } (only 0 and 1 costs: finite automaton) Limsup value: val = limn!1 sup{ vi : i ¸ n } (only 0 and 1 costs: Buechi automaton) Limavg value: val = limn!1 1/n ¢1·i·n vi Discounted: val = i¸ 1 di¢ vi for some 0<d<1

  44. Weighted Automaton 0,1; 0 0; 4 A: 1; 2 1; 1 a b c 0; 0 01010101... ! aabababab...; 2 11111111... ! abccc...; 0 Limsup value: 01010101... ! aabababab...; 1 11111111... ! abccc...; 0 Limavg value: 01010101... ! aabababab...; 2.66... 11111111... ! abccc...; 1.25 Discounted: (d = 0.5)

  45. Quantitative Language Inclusion Given two weighted automata A and B, is 8 w 2 : L(A)(w) · L(B)(w) ?

  46. Quantitative Language Inclusion Given two weighted automata A and B, is 8 w 2 : L(A)(w) · L(B)(w) ? For max and limsup values: PSPACE. For limavg and discounted values: Open.

  47. Quantitative Language Inclusion Given two weighted automata A and B, is 8 w 2 : L(A)(w) · L(B)(w) ? For max and limsup values: PSPACE. For limavg and discounted values: Open. If specification B is deterministic, then it can be solved in polynomial time [CDH].

  48. Quantitative Simulation 0 2 B: A: 0 b a 1 1 2 2 1 a a b · 2 0 1 2 0 b a A not simulated by B. Simulation game solvable in P for max, and in NP Å coNP for limsup, limavg, discounted [CDH]. 0

  49. Quantitative Emptiness and Universality Emptiness: Given a weighted automaton A, is L(A)(w) ¸ 1 for some word w 2 ? In P for max, limsup, limavg, and discounted automata. Solvable by finding a path with maximal value [CDH].

  50. Quantitative Emptiness and Universality Emptiness: Given a weighted automaton A, is L(A)(w) ¸ 1 for some word w 2 ? In P for max, limsup, limavg, and discounted automata. Solvable by finding a path with maximal value [CDH]. Universality: Given a weighted automaton A, is L(A)(w) ¸ 1 for all words w 2 ? As hard as language inclusion.

More Related