• Keine Ergebnisse gefunden

Summaries for Context-Free Games

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2021

Aktie "Summaries for Context-Free Games"

Copied!
193
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 193 Seite )

Volltext

(1)Summaries for Context-Free Games. Lukáš Holı́k1 , Roland Meyer2 , and Sebastian Muskalla2 Nikolausvorlesung 1 Brno University of Technology, holik@fit.vutbr.cz 2 TU Braunschweig, {roland.meyer, s.muskalla}@tu-braunschweig.de.

(2) Language-Theoretic Verification.

(3) Verification. Verification problem: Given: Source code of program P and specification ϕ . Question: Does runtime behavior of P satisfy ϕ ?. 1.

(4) Verification. Verification problem: Given: Source code of program P and specification ϕ . Question: Does runtime behavior of P satisfy ϕ ? Language-theoretic approach: LP = possible program executions Lϕ = valid executions Decide: LP ⊆ Lϕ. 1.

(5) Language-theoretic verification. LP = possible program executions Lϕ = valid executions. 2.

(6) Language-theoretic verification. LP = possible program executions Lϕ = valid executions Good: Lϕ usually easy (regular) Bad: LP usually not even context free. 2.

(7) Language-theoretic verification. LP = possible program executions Lϕ = valid executions Good: Lϕ usually easy (regular) Bad: LP usually not even context free Problem is undecidable Need to approximate LP. 2.  .

(8) Language-theoretic verification Semantics: LP = LCF ∩ LData. 3.

(9) Language-theoretic verification Semantics: LP = LCF ∩ LData = LCF ∩. \. Lx. x∈Var. 3.

(10) Language-theoretic verification Semantics: LP = LCF ∩ LData = LCF ∩. \. Lx. x∈Var. LCF is context free. 3.

(11) Language-theoretic verification Semantics: LP = LCF ∩ LData = LCF ∩. \. Lx. x∈Var. LCF is context free LData is anything: Var is infinite and Lx is arbitrary. 3.

(12) Language-theoretic verification Semantics: LP = LCF ∩ LData = LCF ∩. \. Lx. x∈Var. LCF is context free LData is anything: Var is infinite and Lx is arbitrary Lessons in life: Handle control flow using techniques from automata theory Handle data using techniques from logic. 3.

(13) Language-theoretic verification Semantics: LP = LCF ∩ LData = LCF ∩. \. Lx. x∈Var. LCF is context free LData is anything: Var is infinite and Lx is arbitrary Lessons in life: Handle control flow using techniques from automata theory Handle data using techniques from logic Need to combine them. 3.

(14) Language-theoretic verification Semantics: LP = LCF ∩ LData = LCF ∩. \. Lx. x∈Var. LCF is context free LData is anything: Var is infinite and Lx is arbitrary Lessons in life: Handle control flow using techniques from automata theory Handle data using techniques from logic Need to combine them CEGAR loop [Podelski et al. since 2010] 3.

(15) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(16) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(17) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(18) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(19) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(20) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(21) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. 4.

(22) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ?. Algorithmic challenges. yes return P 6|= ϕ. 4.

(23) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS Lw , Lw ∩ LP = ∅. no. w ∈ LP ? yes return P 6|= ϕ. Algorithmic challenges 1. Inclusion LCF ⊆ LS Automata theory . w. 4.

(24) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS no. w ∈ LP ? yes return P 6|= ϕ. Algorithmic challenges 1. Inclusion LCF ⊆ LS Automata theory 2. Membership w ∈ LP Hoare logic . Lw , Lw ∩ LP = ∅. . w. 4.

(25) Counterexample-guided abstraction refinement. Init LS := Lϕ LS := LS ∪ Lw. LCF ⊆ LS ?. yes. return P |= ϕ. no, w ∈ LCF \ LS no. w ∈ LP ? yes return P 6|= ϕ. Algorithmic challenges 1. Inclusion LCF ⊆ LS Automata theory 2. Membership w ∈ LP Hoare logic . Lw , Lw ∩ LP = ∅. . w. 3. Extrapolation w. Lw 4.

(26) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(27) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(28) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(29) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(30) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(31) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(32) Counterexample-guided abstraction refinement Lw1. Lϕ Lw2 LCF w2 w1. LP w3 Lw3. 5.

(33) Language-Theoretic Synthesis.

(34) Synthesis. 6.

(35) Synthesis. 6.

(36) Synthesis. Synthesis problem: Given: Program template T and specification ϕ . Decide: Is there an instantiation T @i of T satisfying ϕ ?. 7.

(37) Synthesis. Synthesis problem: Given: Program template T and specification ϕ . Decide: Is there an instantiation T @i of T satisfying ϕ ? Approach: Language-theoretic synthesis CEGAR loop. 7.

(38) Language-theoretic synthesis Model the control flow of a template as a grammar Two types of non-determinism. 8.

(39) Language-theoretic synthesis Model the control flow of a template as a grammar Two types of non-determinism Demonic / Uncontrollable non-determinism proc F() if (x == 0) G() else H() F. →. read(x,0)G | read(x,1)H. 8.

(40) Language-theoretic synthesis Model the control flow of a template as a grammar Two types of non-determinism Demonic / Uncontrollable non-determinism proc F() if (x == 0) G() else H() F. →. read(x,0)G | read(x,1)H. Angelic / Controllable non-determinism proc F() if ??? G() else H() F. →. G | H. 8.

(41) Language-theoretic synthesis Algorithmically: Model as a (context-free) two player perfect information game. 9.

(42) Language-theoretic synthesis Algorithmically: Model as a (context-free) two player perfect information game Player. represents uncontrollable non-determinism. 9.

(43) Language-theoretic synthesis Algorithmically: Model as a (context-free) two player perfect information game Player represents uncontrollable non-determinism Player  represents controllable non-determinism. 9.

(44) Language-theoretic synthesis Algorithmically: Model as a (context-free) two player perfect information game Player represents uncontrollable non-determinism Player  represents controllable non-determinism. Is there a strategy s for player  to resolve the controllable non-determinism so that L(G @s) ⊆ L(A) ?. 9.

(45) Language-theoretic synthesis Algorithmically: Model as a (context-free) two player perfect information game Player represents uncontrollable non-determinism Player  represents controllable non-determinism. Is there a strategy s for player  to resolve the controllable non-determinism so that L(G @s) ⊆ L(A) ?. From language-theoretic verification to synthesis: Replace the inclusion check L(G ) ⊆ L(A) in the CEGAR loop by a strategy synthesis 9.

(46) Language-theoretic synthesis. Init LS := Lϕ LS := LS ∪ Lw. ∃s : L(CF @s) ⊆ LS ?. yes. return P@s |= ϕ. no, ∃sopp : w ∈ L(CF @sopp ) \ LS w. Lw , Lw ∩ LP = ∅. no. w ∈ LP ?. Algorithmic challenges. yes return ∀s : P@s 6|= ϕ. 1. Solve game: ∃s : L(CF @s) ⊆ LS ? 2. Membership w ∈ LP 3. Extrapolation w. Lw 10.

(47) Context-Free Games.

(48) Context-free games - Input Input: Context-free grammar with ownership partitioning of the non-terminals X → aY Y → bX. | ε. 11.

(49) Context-free games - Input Input: Context-free grammar with ownership partitioning of the non-terminals X → aY Y → bX. | ε. Finite automaton over terminals TG a q0. q1. b. 11.

(50) Context-free games - Game arena Game arena: Y. X → aY | ε Y → bX. bX. baY. b. 12.

(51) Context-free games - Game arena Game arena: Y. X → aY | ε Y → bX. bX. baY. b. Vertices: Sentential forms ϑ = (NG ∪ TG )∗. 12.

(52) Context-free games - Game arena Game arena: Y. X → aY | ε Y → bX. bX. baY. b. Vertices: Sentential forms ϑ = (NG ∪ TG )∗ Arcs: Left derivations. wX γ ⇒L w ηγ if X → η ∈ PG. 12.

(53) Context-free games - Game arena Game arena: Y. X → aY | ε Y → bX. bX. baY. b. Vertices: Sentential forms ϑ = (NG ∪ TG )∗ Arcs: Left derivations. wX γ ⇒L w ηγ if X → η ∈ PG. Ownership: Owner of wX γ is the owner of X. 12.

(54) Context-free games - Winning conditions Winning conditions: Inclusion game: Derive a terminal word w ∈ L(A) or infinite derivation Safety Game. . 13.

(55) Context-free games - Winning conditions Winning conditions: Inclusion game: Derive a terminal word w ∈ L(A) or infinite derivation Safety Game. . Non-Inclusion game: Derive a terminal word w 6∈ L(A) after finitely many steps Reachability game. . 13.

(56) Context-free games - Winning conditions Winning conditions: Inclusion game: Derive a terminal word w ∈ L(A) or infinite derivation Safety Game. . Non-Inclusion game: Derive a terminal word w 6∈ L(A) after finitely many steps Reachability game.  Here:. Consider inclusion game for player prover  Consider non-inclusion game for player refuter 13.

(57) Context-free games - Algorithms State-of-the-art in verification:. 14.

(58) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language. 14.

(59) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp. 14.

(60) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis:. 14.

(61) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games. 14.

(62) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games Problem \ Algorithm Verification Synthesis. Saturation. Summarization 14.

(63) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games Problem \ Algorithm Verification Synthesis. Saturation. Summarization [SP78] [RHS95] 14.

(64) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games Problem \ Algorithm Verification Synthesis. Saturation [BEM97] [FWW97]. Summarization [SP78] [RHS95] 14.

(65) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games Problem \ Algorithm Verification Synthesis. Saturation [BEM97] [FWW97] [C02] [MSS05] [HO09]. Summarization [SP78] [RHS95] 14.

(66) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games Problem \ Algorithm Verification Synthesis. Saturation [BEM97] [FWW97] [C02] [MSS05] [HO09]. Summarization [SP78] [RHS95] ???. 14.

(67) Context-free games - Algorithms State-of-the-art in verification: Saturation Compute state space of a pushdown Stack content represented as a regular language Summarization Compute effect of function calls as input output relation Stack content not represented Used more often in SVComp State-of-the-art in synthesis: No summaries for games Problem \ Algorithm Verification Synthesis. Saturation [BEM97] [FWW97] [C02] [MSS05] [HO09]. Summarization [SP78] [RHS95] ??? Next. 14.

(68) Summaries for context-free games. How to decide which player wins the game? Fixed-point iteration over a suitable summary domain. Now: 1. Explain & define domain 2. Explain fixed-point iteration. 15.

(69) Formulas over the Transition Monoid.

(70) The tree of plays. How to decide whether refuter can win from a given position? Consider the tree of plays!. Y. X → aY | ε Y → bX. bX. baY. b. .. .. Refuter wins non-inclusion in (ab)∗ by picking X → ε Y is a winning position for refuter 16.

(71) The tree of plays - Example X X → aY | ε Y → bX ε. aY. abX. abaY. ab. ababX. .. .. abab. 17.

(72) The tree of plays - Example X X → aY | ε Y → bX ε. aY. abX. Picking X → ε results in word in (ab)∗ refuter loses non-inclusion . abaY. ab. Always picking X → aY results in infinite play loses by definition . ababX. X is a winning position for prover  .. .. abab. 17.

(73) Formulas Problem: Tree is usually infinite. 18.

(74) Formulas Problem: Tree is usually infinite Observation 1: Labels of inner nodes do not matter for inclusion. 18.

(75) Formulas Problem: Tree is usually infinite Observation 1: Labels of inner nodes do not matter for inclusion Only ownership is important. 18.

(76) Formulas Problem: Tree is usually infinite Observation 1: Labels of inner nodes do not matter for inclusion Only ownership is important Replace inner nodes of refuter by ∨. 18.

(77) Formulas Problem: Tree is usually infinite Observation 1: Labels of inner nodes do not matter for inclusion Only ownership is important Replace inner nodes of refuter by ∨ Replace inner nodes of prover by ∧. 18.

(78) Formulas Problem: Tree is usually infinite Observation 1: Labels of inner nodes do not matter for inclusion Only ownership is important Replace inner nodes of refuter by ∨ Replace inner nodes of prover by ∧. Understand tree as (infinite) positive Boolean formula over words. 18.

(79) Formulas - Example ∨. ε. ∧. ∨. ∧. ab. ∨. .. .. abab. 19.

(80) Formulas. Remaining problems: 1. Formulas are still infinite 2. Even the set of atomic propositions TG ∗ is infinite Tackle 2. first. 20. .

(81) Equivalence relation. Observation 2: The words are not important — only the state changes matter. 21.

(82) Equivalence relation. Observation 2: The words are not important — only the state changes matter Define equivalence relation ∼A such that words are equivalent iff they induce the same state changes on A. 21.

(83) Equivalence relation. Observation 2: The words are not important — only the state changes matter Define equivalence relation ∼A such that words are equivalent iff they induce the same state changes on A w ∼A v iff. 21.

(84) Equivalence relation. Observation 2: The words are not important — only the state changes matter Define equivalence relation ∼A such that words are equivalent iff they induce the same state changes on A w ∼A v iff ∀q, q 0 ∈ Q :. 21.

(85) Equivalence relation. Observation 2: The words are not important — only the state changes matter Define equivalence relation ∼A such that words are equivalent iff they induce the same state changes on A w ∼A v iff ∀q, q 0 ∈ Q :. w. q → q0. iff. v. q → q0. 21.

(86) Equivalence relation. Observation 2: The words are not important — only the state changes matter Define equivalence relation ∼A such that words are equivalent iff they induce the same state changes on A w ∼A v iff ∀q, q 0 ∈ Q :. w. q → q0. iff. v. q → q0. MA is the set of all equivalence classes [w ] of ∼A TG ∗ is partitioned into equivalence classes of ∼A 21.

(87) Transition monoid. Represent equivalence classes by boxes: n o w box(w ) = (q, q 0 ) ∈ Q × Q q → q 0 ∈ P(Q × Q). 22.

(88) Transition monoid. Represent equivalence classes by boxes: n o w box(w ) = (q, q 0 ) ∈ Q × Q q → q 0 ∈ P(Q × Q) Boxes correspond to procedure summaries for programs (in a precise sense). 22.

(89) Transition monoid - Example. n box(w ) = (q, q 0 ) ∈ Q × Q. w. q → q0. o. a q0. q1. b. id = [ε]. [a]. [b]. [ab]. [ba]. [aa] = [bb]. All other boxes represent empty equivalence classes. 23.

(90) Relational composition of boxes Boxes can be composed using relational composition ;. ; [a]. = [b]. [ab]. 24.

(91) Relational composition of boxes Boxes can be composed using relational composition ;. ; [a]. = [b]. [ab]. Monoids are isomorphic:  MA , . , [ε] ∼ =.  box(TG ∗ ), ; , box(ε) | {z } ⊆ P(Q×Q). 24.

(92) Relational composition of boxes Boxes can be composed using relational composition ;. ; [a]. = [b]. [ab]. Monoids are isomorphic:  MA , . , [ε] ∼ =.  box(TG ∗ ), ; , box(ε) | {z } ⊆ P(Q×Q). 2. Up to |MA | ≤ 2|Q| equivalence classes 24. .

(93) Back to games. Previously: (Infinite) positive Boolean formulas over words. 25.

(94) Back to games. Previously: (Infinite) positive Boolean formulas over words Now: (Infinite) positive Boolean formulas over MA. 25.

(95) Back to games. Previously: (Infinite) positive Boolean formulas over words Now: (Infinite) positive Boolean formulas over MA Down to finitely many atomic propositions. 25.

(96) Back to games. Previously: (Infinite) positive Boolean formulas over words Now: (Infinite) positive Boolean formulas over MA Down to finitely many atomic propositions. Remaining problem: Formulas themselves are infinite. 25.

(97) Formulas - Example ∨. ∧. [ε]. ∨. ∧. [ab]. ∨. .. .. [abab]. 26.

(98) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula. 27.

(99) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula Infinite formulas define functions F : 2MA → {0, 1}. 27.

(100) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula Infinite formulas define functions F : 2MA → {0, 1} All such functions can be represented by finite formulas. 27.

(101) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula Infinite formulas define functions F : 2MA → {0, 1} All such functions can be represented by finite formulas Restrict to finite positive Boolean formulas over MA. 27.

(102) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula Infinite formulas define functions F : 2MA → {0, 1} All such functions can be represented by finite formulas Restrict to finite positive Boolean formulas over MA Domain: Finite positive Boolean formulas over MA (up to ⇔) Least element: false Partial order: Implication ⇒ 27.

(103) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula Infinite formulas define functions F : 2MA → {0, 1} All such functions can be represented by finite formulas Restrict to finite positive Boolean formulas over MA In the example:  Infinite formula: [ε] ∨ [ab] ∨ ([abab] ∨ . . .) Note: [ab] = [abab] = [ababab] = . . . Finite formula: [ε] ∨ [ab]. 27.

(104) From infinite to finite formulas Observation 3: Every infinite formula over MA is logically equivalent (under suitable evaluation semantics) to some finite formula Infinite formulas define functions F : 2MA → {0, 1} All such functions can be represented by finite formulas Restrict to finite positive Boolean formulas over MA In the example:  Infinite formula: [ε] ∨ [ab] ∨ ([abab] ∨ . . .) Note: [ab] = [abab] = [ababab] = . . . Finite formula: [ε] ∨ [ab] How to compute these finite formulas in general? 27.

(105) Fixed-Point Iteration.

(106) Fixed point iteration. Problem: How to compute the formulas? Fixed-point iteration: Translate the grammar into a system of equations Solve using Kleene iteration. 28.

(107) Fixed-point iteration - Example. Grammar X → aY Y → bX. | ε. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 29.

(108) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. FX. FY. | ε. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 29.

(109) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. 0. FX. FY. false. false. | ε. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 29.

(110) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. | ε. 0 1. FX. FY. false [ε]. false false. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 29.

(111) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. | ε. 0 1 2. FX. FY. false [ε] [ε]. false false [b] = [b]; [ε]. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 29.

(112) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. | ε. 0 1 2 3. FX. FY. false [ε] [ε] [ab] ∨ [ε]. false false [b] = [b]; [ε] [b]. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 29.

(113) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. | ε. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 0 1 2 3 4. FX. FY. false [ε] [ε] [ab] ∨ [ε] [ab] ∨ [ε]. false false [b] = [b]; [ε] [b] [b]; ([ab] ∨ [ε]). 29.

(114) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. | ε. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 0 1 2 3 4. FX. FY. false [ε] [ε] [ab] ∨ [ε] [ab] ∨ [ε]. false false [b] = [b]; [ε] [b] [b]; ([ab] ∨ [ε]) = [bab] ∨ [b]. 29.

(115) Fixed-point iteration - Example. Iteration: Nr. Grammar X → aY Y → bX. | ε. System of equations FX = [a]; FY ∨ [ε] FY = [b]; FX. 0 1 2 3 4. FX. FY. false [ε] [ε] [ab] ∨ [ε] [ab] ∨ [ε]. false false [b] = [b]; [ε] [b] [b]; ([ab] ∨ [ε]) = [bab] ∨ [b] ⇔ [b]. 29.

(116) Winning Regions.

(117) Rejecting Define the evaluation ϕ by ϕ : MA → {0, ( 1} 1 (q0 , qf ) 6∈ box(w ) for all qf ∈ Qf [w ] 7→ 0 else. 30.

(118) Rejecting Define the evaluation ϕ by ϕ : MA → {0, ( 1} 1 (q0 , qf ) 6∈ box(w ) for all qf ∈ Qf [w ] 7→ 0 else ϕ([w ]) = 1. iff. w 6∈ L(A). 30.

(119) Rejecting Define the evaluation ϕ by ϕ : MA → {0, ( 1} 1 (q0 , qf ) 6∈ box(w ) for all qf ∈ Qf [w ] 7→ 0 else ϕ([w ]) = 1. iff. w 6∈ L(A). iff. [w ] ⊆ L(A). 30.

(120) Rejecting Define the evaluation ϕ by ϕ : MA → {0, ( 1} 1 (q0 , qf ) 6∈ box(w ) for all qf ∈ Qf [w ] 7→ 0 else ϕ([w ]) = 1. iff. w 6∈ L(A). ϕ([ε]) = 0. iff. [w ] ⊆ L(A). ϕ([b]) = 1. ϕ([ab]) = 0. 30.

(121) Rejecting Define the evaluation ϕ by ϕ : MA → {0, ( 1} 1 (q0 , qf ) 6∈ box(w ) for all qf ∈ Qf [w ] 7→ 0 else ϕ([w ]) = 1. iff. w 6∈ L(A). ϕ([ε]) = 0. iff. [w ] ⊆ L(A). ϕ([b]) = 1. ϕ([ab]) = 0. Sentential form α ∈ ϑ is called rejecting if ϕ(Fα ) = 1 30.

(122) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game.. 31.

(123) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 1. 31.

(124) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 1 ⇒ L(A) ∩ W ⊆ = ∅. 31.

(125) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 1 ⇒ L(A) ∩ W ⊆ = ∅ Show: If the current position is non-rejecting and it is the turn of. 31.

(126) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 1 ⇒ L(A) ∩ W ⊆ = ∅ Show: If the current position is non-rejecting and it is the turn of (1) Prover: There is a move to a non-rejecting position,. 31.

(127) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 1 ⇒ L(A) ∩ W ⊆ = ∅ Show: If the current position is non-rejecting and it is the turn of (1) Prover: There is a move to a non-rejecting position, (2) Refuter: All moves go to non-rejecting positions. 31.

(128) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 1 ⇒ L(A) ∩ W ⊆ = ∅ Show: If the current position is non-rejecting and it is the turn of (1) Prover: There is a move to a non-rejecting position, (2) Refuter: All moves go to non-rejecting positions. Since the inclusion game is a safety game, staying in W ⊆ suffices.. 31.

(129) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. In the example, starting from X : Both [ab], [ε] contain (q0 , q0 ). 31.

(130) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. In the example, starting from X : Both [ab], [ε] contain (q0 , q0 ) ϕ([ab]) = 0, ϕ([ε]) = 0. 31. .

(131) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. In the example, starting from X : Both [ab], [ε] contain (q0 , q0 ) ϕ([ab]) = 0, ϕ([ε]) = 0 ϕ(FX ) = ϕ([ab] ∨ [ε]) = 0. 31.  .

(132) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. In the example, starting from X : Both [ab], [ε] contain (q0 , q0 ) ϕ([ab]) = 0, ϕ([ε]) = 0 ϕ(FX ) = ϕ([ab] ∨ [ε]) = 0 X is non-rejecting. 31.   .

(133) Winning region of prover Theorem The set of non-rejecting positions W ⊆ = {α ∈ ϑ | ϕ(Fα ) = 0} is the winning region of prover  for the inclusion game. In the example, starting from X : Both [ab], [ε] contain (q0 , q0 ) ϕ([ab]) = 0, ϕ([ε]) = 0 ϕ(FX ) = ϕ([ab] ∨ [ε]) = 0 X is non-rejecting.   . Indeed, prover wins inclusion from X 31.

(134) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. 32.

(135) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 0. 32.

(136) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 0 ⇒ L(A) ∩ W 6⊆ = ∅. 32.

(137) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 0 ⇒ L(A) ∩ W 6⊆ = ∅ Show: If the current position is rejecting and it is the turn of. 32.

(138) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 0 ⇒ L(A) ∩ W 6⊆ = ∅ Show: If the current position is rejecting and it is the turn of (1) Refuter: There is a move to a rejecting position,. 32.

(139) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 0 ⇒ L(A) ∩ W 6⊆ = ∅ Show: If the current position is rejecting and it is the turn of (1) Refuter: There is a move to a rejecting position, (2) Prover: All moves go to rejecting positions. 32.

(140) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. Proof Position w ∈ L(A) has formula Fw = [w ] with ϕ([w ]) = 0 ⇒ L(A) ∩ W 6⊆ = ∅ Show: If the current position is rejecting and it is the turn of (1) Refuter: There is a move to a rejecting position, (2) Prover: All moves go to rejecting positions. Not sufficient to win reachability game, need to minimize distance to L(A) in every step.. 32.

(141) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. In the example, starting from Y : [b] does not contain (q0 , q0 ). 32.

(142) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. In the example, starting from Y : [b] does not contain (q0 , q0 ) ϕ(FY ) = ϕ([b]) = 1. 32. .

(143) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. In the example, starting from Y : [b] does not contain (q0 , q0 ) ϕ(FY ) = ϕ([b]) = 1 Y is rejecting. 32.  .

(144) Winning region of refuter Theorem The set of rejecting positions W 6⊆ = {α ∈ ϑ | ϕ(Fα ) = 1} is the winning region of refuter. for the non-inclusion game.. In the example, starting from Y : [b] does not contain (q0 , q0 ) ϕ(FY ) = ϕ([b]) = 1 Y is rejecting.  . Indeed, refuter wins non-inclusion from Y. 32.

(145) Composition.

(146) Composition. How to define the composition operator ; that replaces concatenation . in the system of equations?. 33.

(147) Composition Plays from XY decompose: XY. .... wY. wv. wv 0. w 0Y. w 0v. w 0v 0 34.

(148) Composition Plays from XY decompose: XY. play from X (with suffix Y ). .... wY. wv. wv 0. w 0Y. w 0v. w 0v 0 34.

(149) Composition Plays from XY decompose: XY. play from X (with suffix Y ). .... wY. w 0Y. play from Y (with prefix w /w 0 ) wv. wv 0. w 0v. w 0v 0 34.

(150) Composition F. G. ; [w ]. .... =. [w 0 ]. [v ]. .... [v 0 ]. F;G. (F ∗ F 0 ); G = F ; G ∗ F 0 ; G. [w ]; G. .... [w 0 ]; G. [w ]; (G ∗ G 0 ) = [w ]; G ∗ [w ]; G 0. [w ]; [v ]. [w ]; [v 0 ]. [w 0 ]; [v ]. [w 0 ]; [v 0 ]. 35.

(151) Complexity & Performance.

(152) Algorithm. Given: Game G , A and initial position α Algorithm for solving non-inclusion:. 36.

(153) Algorithm. Given: Game G , A and initial position α Algorithm for solving non-inclusion: (1) Set FX = false for all X ∈ N. 36.

(154) Algorithm. Given: Game G , A and initial position α Algorithm for solving non-inclusion: (1) Set FX = false for all X ∈ N (2) Do until FXold ⇔ FXnew for all X ∈ N: F = rhs(F ). 36.

(155) Algorithm. Given: Game G , A and initial position α Algorithm for solving non-inclusion: (1) Set FX = false for all X ∈ N (2) Do until FXold ⇔ FXnew for all X ∈ N: F = rhs(F ) (3) Compute Fα , and return true iff ϕ(Fα ) = 1. 36.

(156) Algorithm. Given: Game G , A and initial position α Algorithm for solving non-inclusion: (1) Set FX = false for all X ∈ N (2) Do until FXold ⇔ FXnew for all X ∈ N: F = rhs(F ) (3) Compute Fα , and return true iff ϕ(Fα ) = 1 Compose solutions FX for non-terminals to obtain the solutions for all sentential forms α = α1 . . . αk ∈ ϑ: Fα = Fα1 ; . . . ; Fαk. 36.

(157) Algorithm. Given: Game G , A and initial position α Algorithm for solving non-inclusion: (1) Set FX = false for all X ∈ N (2) Do until FXold ⇔ FXnew for all X ∈ N: F = rhs(F ) (3) Compute Fα , and return true iff ϕ(Fα ) = 1 Compose solutions FX for non-terminals to obtain the solutions for all sentential forms α = α1 . . . αk ∈ ϑ: Fα = Fα1 ; . . . ; Fαk Solve system once and decide game for any position α 36.

(158) Complexity. Theorem 1. Deciding non-inclusion games is 2EXPTIME-complete.. 37.

(159) Complexity. Theorem 1. Deciding non-inclusion games is 2EXPTIME-complete. 2. The algorithm solves non-inclusion games in   |Q|c1 |Q|c2 O |G |2 · 22 + |α| · 22 where c1 , c2 ∈ N are constants.. 37.

(160) Complexity. Theorem 1. Deciding non-inclusion games is 2EXPTIME-complete. 2. The algorithm solves non-inclusion games in   |Q|c1 |Q|c2 O |G |2 · 22 + |α| · 22 where c1 , c2 ∈ N are constants. 3. Hardness by reduction from acceptance in alternating Turing machines with exponential space.. 37.

(161) Related Work Cachat [C02]:. 38.

(162) Related Work Cachat [C02]: Consider pushdown system with ownership partitioning of control states. 38.

(163) Related Work Cachat [C02]: Consider pushdown system with ownership partitioning of control states Can one player enforce a configuration such that the stack content is accepted by an alternating finite automaton (AFA)?. 38.

(164) Related Work Cachat [C02]: Consider pushdown system with ownership partitioning of control states Can one player enforce a configuration such that the stack content is accepted by an alternating finite automaton (AFA)? Solve by saturating the transitions of the AFA. 38.

(165) Related Work Cachat [C02]: Consider pushdown system with ownership partitioning of control states Can one player enforce a configuration such that the stack content is accepted by an alternating finite automaton (AFA)? Solve by saturating the transitions of the AFA Saturated AFA accepts the winning region. 38.

(166) Related Work Cachat [C02]: Consider pushdown system with ownership partitioning of control states Can one player enforce a configuration such that the stack content is accepted by an alternating finite automaton (AFA)? Solve by saturating the transitions of the AFA Saturated AFA accepts the winning region EXPTIME. 38.

(167) Related Work Cachat [C02]: Consider pushdown system with ownership partitioning of control states Can one player enforce a configuration such that the stack content is accepted by an alternating finite automaton (AFA)? Solve by saturating the transitions of the AFA Saturated AFA accepts the winning region EXPTIME Our game can be reduced to Cachat 38. .

(168) Related Work Walukiewicz [W96/01]:. 39.

(169) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states. 39.

(170) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states Pushdown parity game. 39.

(171) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states Pushdown parity game Reduce to a parity game on a finite graph. 39.

(172) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states Pushdown parity game Reduce to a parity game on a finite graph On push, one player guesses the effect of the push. 39.

(173) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states Pushdown parity game Reduce to a parity game on a finite graph On push, one player guesses the effect of the push Other player decides to verify the guess or skip it. 39.

(174) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states Pushdown parity game Reduce to a parity game on a finite graph On push, one player guesses the effect of the push Other player decides to verify the guess or skip it. EXPTIME. 39.

(175) Related Work Walukiewicz [W96/01]: Consider pushdown system with ownership partitioning and priorities of control states Pushdown parity game Reduce to a parity game on a finite graph On push, one player guesses the effect of the push Other player decides to verify the guess or skip it. EXPTIME Similar technique can be applied to our problem 39. .

(176) Related Work Muscholl, Schwentick, Segoufin [MSS05]:. 40.

(177) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar. 40.

(178) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar One player picks position that should be replaced Other player picks rule. 40.

(179) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar One player picks position that should be replaced Other player picks rule Can one player enforce a sentential form in a regular language over NG ∪ TG ?. 40.

(180) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar One player picks position that should be replaced Other player picks rule Can one player enforce a sentential form in a regular language over NG ∪ TG ? Undecidable. 40.

(181) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar One player picks position that should be replaced Other player picks rule Can one player enforce a sentential form in a regular language over NG ∪ TG ? Undecidable 2EXPTIME for left-to-right strategies. 40.

(182) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar One player picks position that should be replaced Other player picks rule Can one player enforce a sentential form in a regular language over NG ∪ TG ? Undecidable 2EXPTIME for left-to-right strategies Similar to our game. 40.

(183) Related Work Muscholl, Schwentick, Segoufin [MSS05]: Consider context-free grammar One player picks position that should be replaced Other player picks rule Can one player enforce a sentential form in a regular language over NG ∪ TG ? Undecidable 2EXPTIME for left-to-right strategies Similar to our game Hardness proof carries over 40.

(184) Performance. Comparison of 2EXPTIME algorithms: Input Our algorithm System of equations P Reduction to Cachat [C02] Determinized automaton EXP Idea of Walukiewicz [W01] Finite reachability game 2EXP |. {z. guaranteed blow-up. }. Computation Fixed-point iteration. 2EXP. Saturation. EXP. Saturation. P. |. {z. may be lucky. }. 41.

(185) Performance. We have implemented and compared: Our algorithm with naive Kleene iteration Our algorithm with worklist-based Kleene iteration Reduction to Cachat’s pushdown games Problems with Cachat’s algorithm: Automaton A needs to be determinized Guaranteed blow-up . Algorithmic tricks for Cachat (worklist, ...) not suitable for the instances generated by the reduction. 42.

(186) Performance. |Q|/|N|/|T | 5/ 5/ 5 5/ 5/10 5/10/ 5 5/ 5/15 5/10/10 5/15/ 5 5/ 5/20 5/10/15 10/ 5/ 5 10/ 5/10 15/ 5/ 5 10/10/ 5 10/15/15 10/15/20. naive Kleene avg. time % timeout 65.2 5.4 13.9 6.0 32.0 44.5 3.4 217.7 8.8 9.0 30.7 9.7 252.3 12.9. 2 4 0 0 2 0 0 0 2 6 0 0 0 0. worklist Kleene avg. time % timeout 0.8 7.4 0.3 1.1 122.1 0.2 1.4 7.4 0.6 69.8 0.2 0.2 1.9 1.8. 0 0 0 0 0 0 0 0 0 0 0 0 0 0. Cachat avg. time % timeout 94.7 701.7 375.7 1618.6 2214.4 620.7 3434.6 5263.0 2737.8 6484.9 5442.4 7702.1 n/a n/a. 0 0 0 0 0 0 4 16 2 66 52 92 100 100. Experiments executed on i7-6700K, 4GHz, times in milliseconds, timeout 10 seconds 43.

(187) Future Work.

(188) Future work. Liveness synthesis (infinite words). 44.

(189) Future work. Liveness synthesis (infinite words) Synthesis for systems with branching behavior (trees). 44.

(190) Future work. Liveness synthesis (infinite words) Synthesis for systems with branching behavior (trees) Games on higher-order systems. 44.

(191) Future work. Liveness synthesis (infinite words) Synthesis for systems with branching behavior (trees) Games on higher-order systems Applications in hardware synthesis. 44.

(192) Future work. Liveness synthesis (infinite words) Synthesis for systems with branching behavior (trees) Games on higher-order systems Applications in hardware synthesis Solver technology for systems of equations (Newton iteration). 44.

(193) Questions?. 44.

(194)

Referenzen

Jetzt herunterladen ( PDF - 193 Seite - 745.80 KB )

ÄHNLICHE DOKUMENTE

Die Hollander-Pushdown-Maschine

(Mit dem Zusatz"N- 11 sind die von den entsprechenden nicht- deterministischen Maschinen definierten Transduktionen- klassen gemeint.).. Im nächsten Ka- pitel wird

Graph Searching, Parity Games and Imperfect Information

On the other hand, finding winning strategies for player 0 in parity games with imperfect information is Exptime -complete in general [12] and it has been shown that this remains

Parity Games with Partial Information Played on Graphs of Bounded Complexity

For games with bounded partial information we obtain that the powerset construction, while neither preserving boundedness of entanglement nor of (undirected) tree-width, does

Correction to: Game of Cruxes: co‑designing a game for scientists and stakeholders for identifying joint problems

Open Access This article is licensed under a Creative Commons Attri- bution 4.0 International License, which permits use, sharing, adapta- tion, distribution and reproduction in

2 Parity Games and Fixed-Point

2.2 Algorithms for parity games The most naïve way to build a referee for a parity game is to just remember, for each position v visited during the play, the minimal priority seen

2 Parity Games and Fixed-Point Logics

For first-order logic (FO) and modal logic (ML) we have only finite plays with positional winning conditions, and, as we will see, the winning regions are computable in linear time

A Note on Low Density Parity Check Codes for Erasures and Errors

For example, consider the case of the regular code with message nodes having degree 3 and check nodes having degree 6 (a rate 1/2 code), using the decoding algorithm of Section 2.

A Game with Program Control and Variable Terminal Moment

(The case of coordinate in somewhat similar problems was studied in [10, 11], where the feedback assigned points were not time moments but coordinates of point heat sources on a