1 / 61

Models and Theory of Computation (MTC) EPFL

Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman

mona-lucas
Télécharger la présentation

Models and Theory of Computation (MTC) EPFL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Models and Theory of Computation (MTC)EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological systems Vasu Singh: Software interface derivation Gregory Theoduloz: Combining model checking and program analysis Arindam Chakrabarti: Web service interfaces Krishnendu Chatterjee: Stochastic games Slobodan Matic: Time-triggered programming Vinayak Prabhu: Robust hybrid systems

  2. Model Checking: From Graphs to Games Tom Henzinger EPFL

  3. Graph Models of Systems vertices = states edges = transitions paths = behaviors

  4. Game Models of Systems vertices = states edges = transitions paths = behaviors players = components

  5. Game Models of Systems FAIRNESS: -automaton -regular game INDEPENDENT COMPONENTS: game graph stochastic game PROBABILITIES: Markov decision process

  6. Graphs vs. Games a a a b a b

  7. Game Models enable -synthesis [Church, Rabin, Ramadge/Wonham, Pnueli/Rosner et al.] -receptiveness [Dill, Abadi/Lamport] -semantics of interaction [Abramsky] -reasoning about adversarial behavior -interface-based design -modular reasoning [Kupferman/Vardi et al.] -early error detection [deAlfaro/H/Mang] -model-based testing [Gurevich et al.] -scheduling [Sifakis et al.] -reasoning about security [Raskin et al.] -etc.

  8. Game Models Always about open systems: -players = processes / components / agents -input vs. output -demonic vs. angelic nondeterminism

  9. Game Models • Always about open systems: • -players = processes / components / agents • -input vs. output • -demonic vs. angelic nondeterminism • Output games: input demonic (adversarial) • Input games: output demonic

  10. Output Games P1: init x := 0 loop choice | x := x+1 mod 2 | x := 0 end choice end loop S1: (x ¸ y ) P2: init y := 0 loop choice | y := x | y := x+1 mod 2 end choice end loop S2:even(y)

  11. Graph Questions 8  (x ¸ y) 9  (x ¸ y)

  12. Graph Questions 8  (x ¸ y) 9  (x ¸ y) X 00 01  10 11

  13. Zero-Sum Game Questions hhP1ii (x ¸ y) hhP2ii even(y)

  14. Zero-Sum Game Questions 00 00 00 hhP1ii (x ¸ y) hhP2ii even(y) X  10 01 10 01 10 01 11 ATL [Alur/H/Kupferman] 11 11

  15. Nonzero-Sum Game Questions 00 hhP1ii (x ¸ y)  hhP2ii even(y) 00 00 10 01 10 01 10 01 11 11 11

  16. Nonzero-Sum Game Questions 00 hhP1ii (x ¸ y)  hhP2ii even(y) 00 00  10 01 10 01 10 01 11 Secure equilibrium [Chatterjee/H/Jurdzinski] 11 11

  17. Classical Notion of Rationality Nash equilibrium:none of the players gains by deviation. 3,1 1,0 (row, column) 3,2 4,2

  18. Refined Notion of Rationality Nash equilibrium:none of the players gains by deviation. Secure equilibrium:none hurts the opponent by deviation. 3,1 1,0 (row, column) 3,2 4,2

  19. Secure Equilibrium • Natural notion of rationality for multi-component systems: • First, a component tries to meet its specification. • Second, a component may obstruct the other components. • A secure equilibrium is a contract: if one player deviates to lower the other player’s payoff, then her own payoff decreases as well, and vice versa.

  20. Theorem W00 W01 hhP2ii (S2Æ:S1) W11 W10 hhP1ii (S1Æ:S2) hhP1iiS1  hhP2iiS2

  21. Generalization of Determinacy Zero-sum games: S1 = :S2 Nonzero-sum games: S1, S2 W00 W1 hhP1iiS1 W01 W11 W2 hhP2iiS2 W10

  22. Game Models • Always about open systems: • -players = processes / components / agents • -input vs. output • -demonic vs. angelic nondeterminism • Output games: input demonic (adversarial) • Input games: output demonic

  23. Input Games Control objective: : z x! y! x! z! b? a? a? b?

  24. Input Games Control objective: : z x! y! x! z! b? a? a? b?

  25. Input Games Control objective: : z x! y! x! z! b? a? a? b?

  26. Input Games Controller: x! y! x! z! x? y? b? a? a? b? a! b! [Ramadge/Wonham et al.]

  27. Input Games x! y! Not input enabling x! z! a? a? b?

  28. Input Games Environment avoids deadlock = Input assumption x! y! x! z! a? a? b? Interface automata [deAlfaro/H]

  29. Input Games x! y! x,y? x! z! a? a? a! b? Legal environment

  30. Input Games x! y! x,y? x! z! a? a? b! b? Illegal environment

  31. Interface Compatibility File server open close open? close? read read? data! data

  32. Interface Compatibility Good client File server open open! close open? close? read! close! read read? data! data? data

  33. Interface Compatibility Bad client File server open close open? close? open! read read? data! open! data

  34. Incremental Design

  35. Incremental Design

  36. Incremental Design

  37. Incremental Design Input assumption Input assumption

  38. Incremental Design Propagated weakest input assumption

  39. Input Assumption Propagation a b a? y! x x! a? b? a? b? y x! y! y! x!

  40. Input Assumption Propagation a b a b a? a? y! x x! x,y? a? b? a? b? a,b? y x! y! y! x! y?

  41. Input Assumption Propagation a b a b a? a? y! x x! x,y? a? b? a? b? a,b? y x! y! y! x! y?

  42. Two interfaces are compatible if they can be used together in someenvironment. a b a b a? a? y! x x! x,y? a? b? a? b? a,b? y x! y! y! x! y?

  43. The Composite Interface a b a? x! y! b? a? y! y! x y

  44. Refinement x! y! x,y? x! y! z! a? a? a! b? y? x,z? Every legal environment should be a legal environment of the refined process.

  45. Refinement x! y! x,y? x! y! z! a? a? a! b? y? x,z? Every legal environment should be a legal environment of the refined process.

  46. Refinement x! y! x,y? x! y! z! b? a? a? a! b? y? x,z? Every legal environment should be a legal environment of the refined process.

  47. Refinement x! y! x,y? x! y! z! a? a? a! b? y? x,z? Every legal environment should be a legal environment of the refined process.

  48. Refinement z! x! y! x,y? x! y! z! a? a? a! b? y? x,z? Every legal environment should be a legal environment of the refined process.

  49. Interface Refinement: I/O Alternating Simulation A’  A iff 1. for all inputs i, if A –i?-> B , then there exists B’ such that A’ –i?-> B’ and B’  B , and 2. for all outputs o, if A’ –o!-> B’ , then there exists B such that A –o!-> B and B’  B .

  50. Interface Refinement: I/O Alternating Simulation A’  A iff 1. for all inputs i, if A –i?-> B , then there exists B’ such that A’ –i?-> B’ and B’  B , and 2. for all outputs o, if A’ –o!-> B’ , then there exists B such that A –o!-> B and B’  B .

More Related