a pex an analyzer for open probabilistic programs
play

A PEX : An analyzer for open probabilistic programs Stefan Kiefer 1 - PowerPoint PPT Presentation

A PEX : An analyzer for open probabilistic programs Stefan Kiefer 1 Andrzej S. Murawski 2 el Ouaknine 1 Jo orn Wachter 1 James Worrell 1 Bj 1 University of Oxford, UK 2 University of Leicester, UK CAV 2012, Berkeley 11 July 2012 Stefan


  1. A PEX : An analyzer for open probabilistic programs Stefan Kiefer 1 Andrzej S. Murawski 2 el Ouaknine 1 Jo¨ orn Wachter 1 James Worrell 1 Bj¨ 1 University of Oxford, UK 2 University of Leicester, UK CAV 2012, Berkeley 11 July 2012 Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  2. A PEX Overview open = program may have unspecified variables or functions A PEX key technology: game semantics translates probabilistic programs to probabilistic automata automaton represents the observable behavior of an algorithm or protocol observable: input, output, maybe timing, . . . unobservable: internal computation, maybe timing, . . . A PEX can analyze: dining cryptographers Hibbard’s algorithm for random tree insertion Herman’s self-stabilization protocol . . . Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  3. Equivalence Verification of open programs reduces to checking program equivalence. Theorem (Murawski, Ouaknine, CONCUR’05) Two open probabilistic program are equivalent if and only if the corresponding prob. automata are language equivalent. Language equivalence of prob. automata reduces to a linear algebra problem with efficient solutions, see [KMOWW, CAV’12] A PEX also performs the language equivalence check. Provides a counterexample in case of inequivalence. Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  4. Example: The Grades Protocol Students want to find out the sum of their grades. No student wants to reveal anything about her/his own grade. S 1 S 2 S 6 S 3 S 5 S 4 Each student announces ( g + ℓ − r ) mod N . The sum is telescoping equals the sum of grades (mod N ). But maybe individual grades leak? Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  5. Example: The Grades Protocol \\ Implementation \\ Specification const N := S * (G-1) + 1; const N := S * (G-1) + 1; grade: int %G, out: var %N |- grade: int %G, out: var %N |- var %(S+1) i; i := 0; var %S i; var %N first; first := rand [N]; var %N total; var %N r; r := first; i := 1; while (i<S) do { var %N l; while (i) do { i := succ(i); total := grade + total; i f (i=S) then var %N r; r := rand [N]; l := first else out := r; l := rand [N]; total := total - r; out := (grade + l) - r; i := succ(i) r := l; }; } out := grade + total Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  6. Example: The Grades Protocol Implementation: 0 grade : 1/3 write(0) out : 1 0 grade : 1 write(1) out : 1 1 grade : 1/3 1 grade : 1 write(0) out : 1 1 grade : 1 0 grade : 1/3 write(1) out : 1 write(1) out : 1 1 grade : 1/3 write(2) out : 1 0 grade : 1 write(2) out : 1 1 grade : 1/3 0 grade : 1 write(0) out : 1 1 grade : 1 0 grade : 1/3 write(2) out : 1 Specification: write(0) out : 1/3 1 grade : 1 0 grade : 1 write(2) out : 1/3 write(2) out : 1 1 grade : 1 0 grade : 1 write(2) out : 1/3 write(1) out : 1 1 grade : 1 write(1) out : 1/3 write(0) out : 1 0 grade : 1 write(1) out : 1/3 1 grade : 1 write(0) out : 1/3 0 grade : 1 Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  7. Example: The Grades Protocol Implementation: 0 grade : 1/3 write(0) out : 1 0 grade : 1 write(1) out : 1 1 grade : 1/3 1 grade : 1 write(0) out : 1 1 grade : 1 0 grade : 1/3 write(1) out : 1 write(1) out : 1 1 grade : 1/3 write(2) out : 1 0 grade : 1 write(2) out : 1 1 grade : 1/3 0 grade : 1 write(0) out : 1 1 grade : 1 0 grade : 1/3 write(2) out : 1 A PEX reports: Equivalent. Specification: anonymity write(0) out : 1/3 1 grade : 1 0 grade : 1 write(2) out : 1/3 write(2) out : 1 1 grade : 1 0 grade : 1 write(2) out : 1/3 write(1) out : 1 1 grade : 1 write(1) out : 1/3 write(0) out : 1 0 grade : 1 write(1) out : 1/3 1 grade : 1 write(0) out : 1/3 0 grade : 1 Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  8. A PEX Architecture program 1 program 2 Parser AST 1 AST 2 Automata Construction conditional while sequence ... automaton 1 automaton 2 Equivalence Checker yes no word Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

  9. A PEX Online Tool Demo Try our online tool demo at cs.ox.ac.uk/apex Stefan Kiefer , A.S. Murawski, J. Ouaknine, B. Wachter, J. Worrell A PEX : An analyzer for open probabilistic programs

Recommend


More recommend