Download   Report
  1. sports
  2. boxing

Slides

Parametric Verification of Weighted Systems
April 11, 2015
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T.
Ringsmose, Kim G. Larsen & Radu Mardare
Department of Computer Science
Aalborg University
Denmark
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Motivation
In recent time a lot of effort have been put into capturing important characteristics
of real world systems in various modeling formalisms:
I
Time: timed automata, timed CCS.
I
Uncertainty: probabilistic systems based on markov chains.
I
Costs and resources: weighted systems.
Each modeling formalism is associated with specification languages to verify
requirements.
1
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Motivation
Another important characteristic, usually neglected, is that of incomplete
information:
I
Models containing guesses and estimations for time usage, cost and
probabilistic behavior.
I
Difficult verification of properties as it depend on the inaccurate model.
2
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Related Work
Our work is inspired by:
I
Parametric Kripke Structure and Parametric CTL by Sathawornwichit et al.
I
Symbolic Dependency Graphs by Jensen et al.
3
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Contribution
Based on parametric extensions to weighted transition systems and weighted CTL
we:
I
Define Parametric Dependency Graphs (PDGs) to structurally represent
dependencies.
I
Show how to compute minimal fixed points of assignments to nodes in a PDG
in a finite number of steps.
I
Prove that computing the fixed points solves the model checking problem.
Finally, we have implemented a web-based prototype tool deriving parameter
constraints (pvtool.dk).
4
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Parameters
5
We allow linear expressions over parameters to be used as transition weights and
as upper bounds on path formulae.
Model
{b}
Formula
p + 2q
m
m’
{a}
A>U≤p a
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Parameters
5
We allow linear expressions over parameters to be used as transition weights and
as upper bounds on path formulae.
Model
{b}
Formula
p + 2q
m
m’
{a}
A>U≤p a
This changes the model checking problem into a problem of finding good
parameter values.
Model checking
m satisfies A>U≤p a
if p + 2q ≤ p.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Interpretations
6
We assume a finite set of parameters P and linear expressions in parameters.
Interpretations
i : P −→ N
Interpretations are extended to linear expressions in parameters i.e
if i(p) = 5 and i(q) = 7 then
i(2p + 5q + 1) = 46
The set of all linear expressions is denoted by E.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Parametric Weighted Transition System
7
Definition
A Parametric Weighted Transition System (PTS) M is a triple
M = (M, →
− , `), where
I
M is a finite non-empty set of states.
I
→
− ⊆ M × E × M is the transition relation.
I
` : M −→ 2AP is a labeling function mapping states in M to a set of
atomic propositions
room 1
p + 2q
{ready,clean}
{dirty}
c1
charger 1
q
2
room 2
room 3
p
1
{dirty}
{dirty}
1
{clean}
2
room 4
charger 2
q
{dirty}
{done}
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Parametric Weighted CTL
8
We extend weighted CTL with upper bound parametric constraints:
Definition
The set of PTL state formulae are given by the abstract syntax:
Φ, Ψ ::= > | ⊥ | a | Φ ∧ Ψ | Φ ∨ Ψ | Eϕ | Aϕ
and the set of PTL path formulae are given by the abstract syntax:
ϕ ::= X≤e Φ | ΦU≤e Ψ
where a ∈ AP and e ∈ E.
ρ = m0 e1 m1 · · · ej mj · · ·
Φ
|
Φ
{z
≤e
Ψ
}
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Dependency Graphs
9
Intuition
Dependency graphs are traditionally used to encode dependencies between
properties, where the structure of the graph can be seen as a graphical
representation of a formula’s semantics.
Example
{a, b} m0
2
{a, c} m1
hm0 , a ∨ bi
3
m2
{b, c}
=⇒
hm0 , ai
hm0 , bi
M, m0 |= a ∨ b
Either disjunct must be satisfied, represented by two hyper-edges: one for each
disjunct.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Dependency Graphs
10
Intuition
Dependency graphs are traditionally used to encode dependencies between
properties, where the structure of the graph can be seen as a graphical
representation of a formula’s semantics.
Example
{a, b} m0
2
{a, c} m1
hm0 , a ∧ bi
3
m2
{b, c}
=⇒
hm0 , ai
hm0 , bi
M, m0 |= a ∧ b
Both conjuncts must be satisfied, represented by a single hyper-edge going to
both conjuncts.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Symbolic Dependency Graphs
11
Intuition
Symbolic dependency graphs can be used as an abstraction of problems of
problems with quantitative dependencies.
Example
hm0 , AX≤5 ci
{a, b} m0
2
{a, c} m1
5
3
m2
M, m0 |= AX≤5 c
{b, c}
=⇒
hm0 , AXci
2
hm1 , ci
3
hm2 , ci
The bound is abstracted away by the cover-edge.
The minimal cost of satisfying the (unbounded) formula is accumulated at the
node below the cover-edge and checked against the cover-edge weight.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Parametric Dependency Graphs
12
Intuition
We propose a parametric extension to symbolic dependency graphs called
parametric dependency graphs that allows linear expressions involving
parameters as weights.
Example
hm0 , AX≤r ci
{a, b} m0
5+p
{a, c} m1
r
2q
m2
{b, c}
=⇒
hm0 , AXci
5+p
M, m0 |= AX≤r c
hm1 , ci
2q
hm2 , ci
Besides allowing linear expressions involving parameters, parametric dependency
graphs works just like symbolic dependency graphs.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Parametric Dependency Graphs
13
Definition
Definition
A Parametric Dependency Graph (PDG) is a tuple G = (N, H, C), where
I
N is a finite set of nodes,
I
H ⊆ N × 2E×N is a finite set of hyper-edges and
I
C ⊆ N × E × N is a finite set of cover-edges
Example
Whenever (n, T ) ∈ H we refer to n as the
source node and T as the target-set.
hm0 , AX≤5 ci
5
n0
For each
∈ T we refer to
target-node, or simply target.
n0
as a
hm0 , AXci
5+p
hm1 , ci
2q
hm2 , ci
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Assignments
14
Definition
We use assignments to encode the parametric cost of reaching a truth value in the
PDG.
Definition
Given a PDG G = (N, H, C), an assignment
A : N −→ (I −→ N ∪ {∞})
on G is a mapping from each node n ∈ N to a function that, given a parameter
interpretation, yields a natural number or ∞.
We denote the set of all assignments A.
We use 0 to represent “good” values, i.e. satisfiable, and ∞ to represent “bad”
values, i.e. non-satisfiable.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Assignments
15
Ordering
Definition
(A, v) is a poset such that for A1 , A2 ∈ A:
A1 v A2
iff ∀n ∈ N ∀i ∈ I : A1 (n)(i) ≥ A2 (n)(i)
A∞ denotes the assignment that maps to node a function that assigns the value ∞
regardless of parameter interpretations, i.e.
∀n ∈ N ∀i ∈ I : A∞ (n)(i) = ∞
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Assignments
15
Ordering
Definition
(A, v) is a poset such that for A1 , A2 ∈ A:
A1 v A2
iff ∀n ∈ N ∀i ∈ I : A1 (n)(i) ≥ A2 (n)(i)
A∞ denotes the assignment that maps to node a function that assigns the value ∞
regardless of parameter interpretations, i.e.
∀n ∈ N ∀i ∈ I : A∞ (n)(i) = ∞
(A, v) constitutes a complete lattice with A∞ as bottom element.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Understanding Assignments
6
m00
m
16
hm, EX≤7 ai
4
m0
hm, AX≤7 ai
7
{a}
7
hm, EXai
6
4
hm0 , ai
∅
hm00 , ai
hm, AXai
6
4
hm0 , ai
∅
hm00 , ai
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Understanding Assignments
6
m00
m
17
hm, EX≤7 ai
4
m0
hm, AX≤7 ai
7
{a}
7
hm, EXai
6
4
0 hm0 , ai
∅
∞ hm00 , ai
hm, AXai
6
4
0 hm0 , ai
∅
∞ hm00 , ai
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Understanding Assignments
6
m00
m
18
hm, EX≤7 ai
4
m0
hm, AX≤7 ai
7
{a}
7
hm, EXai min{4, 6 + ∞}
6
4
0 hm0 , ai
∅
∞ hm00 , ai
hm, AXai max{4, 6 + ∞}
6
4
0 hm0 , ai
∅
∞ hm00 , ai
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Understanding Assignments
6
m00
m
4
m0
19
hm, EX≤7 ai 0
hm, AX≤7 ai ∞
7
7
{a}
hm, EXai min{4, 6 + ∞}
6
4
0 hm0 , ai
∅
∞ hm00 , ai
hm, AXai max{4, 6 + ∞}
6
4
0 hm0 , ai
∅
∞ hm00 , ai
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
20
Updating assignments
A global update function iteratively updates the PDG node assignments.
Let min{∅} = ∞ and max{∅} = 0.
Definition
Given a PDG G = (N, H, C), F : A −→ A is a function that given an assignment on G produces a new assignment on G, defined as follows:
(

0 if A(n0 )(i) ≤ i(e)

e


if n 99K n0

 ∞ otherwise
F (A)(n)(i) =





{A(n0 )(i) + i(e)}} otherwise
 min { max
0
(n,T )∈H (e,n )∈T
We let F i (A) denote i repeated applications of F on A.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
21
Example
We encode the model checking problem, M, m0 |= AX≤r c in a PDG.
Example
1 hm0 , AX≤r ci
r
{a, b} m0
5+p
{a, c} m1
2 hm0 , AXci
2q
m2
{b, c}
=⇒
5+p
3 hm1 , ci
2q
hm2 , ci 4
M, m0 |= AX≤r c
∅
∅
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
22
Example
By iteratively applying F on A∞ we compute the fixed point assignment Amin .
Example
n
A∞
1
∞
2
∞
3
∞
4
∞
1 hm0 , AX≤5 ci
r
2 hm0 , AXci
5+p
3 hm1 , ci
∅
2q
hm2 , ci 4
∅
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
22
Example
By iteratively applying F on A∞ we compute the fixed point assignment Amin .
Example
n
A∞
F (A∞ )
1
∞
(
0
if ∞ ≤ r
∞ otherwise
2
∞
3
∞
4
∞
∞
0
0
1 hm0 , AX≤5 ci
r
2 hm0 , AXci
5+p
3 hm1 , ci
∅
2q
hm2 , ci 4
∅
In the first iteration, only nodes with a hyper edge going to an empty target-set
gets updated (nodes 3 and 4).
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
22
Example
By iteratively applying F on A∞ we compute the fixed point assignment Amin .
Example
n
A∞
F (A∞ )
F 2 (A∞ )
1
∞
(
0
if ∞ ≤ r
∞ otherwise
(
0 if ∞ ≤ r
∞ otherwise
2
∞
3
∞
4
∞
∞
0
0
max{5 + p, 2q}
0
0
1 hm0 , AX≤5 ci
r
2 hm0 , AXci
5+p
2q
3 hm1 , ci
∅
In the next iteration, node 2 is updated as it depends on nodes 3 and 4.
hm2 , ci 4
∅
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
22
Example
By iteratively applying F on A∞ we compute the fixed point assignment Amin .
Example
n
A∞
F (A∞ )
F 2 (A∞ )
F
3
(A∞ )
1
∞
(
0
if ∞ ≤ r
∞ otherwise
(
0 if ∞ ≤ r
∞ otherwise
(
0 if max{5 + p, 2q} ≤ r
∞ otherwise
2
∞
3
∞
4
∞
∞
0
0
max{5 + p, 2q}
0
0
1 hm0 , AX≤5 ci
r
2 hm0 , AXci
max{5 + p, 2q}
0
0
5+p
3 hm1 , ci
∅
2q
hm2 , ci 4
∅
Now we have a weight to compare against the bound on the cover-edge, so node
1 gets updated.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
22
Example
By iteratively applying F on A∞ we compute the fixed point assignment Amin .
Example
n
A∞
F (A∞ )
F 2 (A∞ )
F
3
(A∞ )
F 4 (A∞ )
1
∞
(
0
if ∞ ≤ r
∞ otherwise
(
0 if ∞ ≤ r
∞ otherwise
(
0 if max{5 + p, 2q} ≤ r
∞ otherwise
(
0 if max{5 + p, 2q} ≤ r
∞ otherwise
2
∞
3
∞
4
∞
∞
0
0
max{5 + p, 2q}
0
0
1 hm0 , AX≤5 ci
r
2 hm0 , AXci
max{5 + p, 2q}
0
0
max{5 + p, 2q}
0
0
5+p
3 hm1 , ci
∅
2q
hm2 , ci 4
∅
We see that the assignment doesn’t change, and as such a fixed point has been
reached.
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
22
Example
By iteratively applying F on A∞ we compute the fixed point assignment Amin .
Example
n
A∞
F (A∞ )
F 2 (A∞ )
F 3 (A∞ )
F 4 (A∞ )
1
∞
(
0
if ∞ ≤ r
∞ otherwise
(
0 if ∞ ≤ r
∞ otherwise
(
0 if max{5 + p, 2q} ≤ r
∞ otherwise
(
0 if max{5 + p, 2q} ≤ r
∞ otherwise
2
∞
3
∞
4
∞
∞
0
0
max{5 + p, 2q}
0
0
1 hm0 , AX≤5 ci
r
2 hm0 , AXci
max{5 + p, 2q}
0
0
max{5 + p, 2q}
0
0
5+p
3 hm1 , ci
∅
max{5 + p, 2q} ≤ r =⇒ (5 + p ≤ r ) ∧ (2q ≤ r )
2q
hm2 , ci 4
∅
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Model Checking
Fixed point assignments
Lemma
The update function F is monotone on the complete lattice (A, v).
According to Tarski’s Fixed Point Theorem, F must have unique minimal fixed
point which we denote Amin .
Theorem
There exists a natural number i such that Amin = F i (A∞ ).
Termination is guaranteed by the fact that assignments consitute a well-quasi
-ordering and therefore cannot exist infinite antichains.
23
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Prototype Tool
PVTool
As a proof of concept of the method for model checking of PTL on PTS
presented in this work we have implemented a tool on pvtool.dk
24
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Conclusion
We have developed an algorithm for computing minimal fixed points on PDGs and
show that our technique can be used to:
I
Solve model checking using parametric weighted CTL with upper-bound
constraints.
Tool support and preliminary experiments were made to asses the feasibility of our
approach.
25
Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian T. Ringsmose, Kim G. Larsen & Radu Mardare
Future Work
I
Local algorithm instead of global.
I
Other applications of our technique.
I
Minimization of constraints computed by our tool.
I
Proving (non)-existence of solution to parameter constraints.
26
Link to flyer PDF - The Firing Line: AA Group in St. Paul, Minnesota

Link to flyer PDF - The Firing Line: AA Group in St. Paul, Minnesota

Welcome to 6542 Snow Goose Lane

Welcome to 6542 Snow Goose Lane

April 2015 Minutes

April 2015 Minutes

Jessica Mulford & Marisa Hawkins

Jessica Mulford & Marisa Hawkins

MENU Spoonless Design by Murken Hansen

MENU Spoonless Design by Murken Hansen

Haydn Rubelmann Defense of a Doctoral Dissertation Biogeocomplexity of Two Extreme Environments

Haydn Rubelmann Defense of a Doctoral Dissertation Biogeocomplexity of Two Extreme Environments

4-H Sustainable You! Summer Camp-2015

4-H Sustainable You! Summer Camp-2015

How to lead and develop a high-tech company: Experiences from industry Introduction

How to lead and develop a high-tech company: Experiences from industry Introduction

MA Marketing 2006/07 Choosing Your Dissertation Topic Dr Gretchen Larsen Director of Studies

MA Marketing 2006/07 Choosing Your Dissertation Topic Dr Gretchen Larsen Director of Studies

Mycosis Fungoides: Stage IIB

Mycosis Fungoides: Stage IIB

abcdocz.com

© Copyright 2024