Analysis of Distributed Probabilistic Systems: Limitations and - PowerPoint PPT Presentation

Analysis of Distributed Probabilistic Systems: Limitations and Possibilities Pedro R. D’Argenio ! Universidad Nacional de Córdoba ! CONICET ! ! Joint work with Sergio Giro, Luis M. Ferrer Fioriti, Georgel Calin, Pepijn Crouzen, Ernst Moritz Hahn, Lijun Zhang, Silvia Pelozo ! ! 19-Jun-2014 - OPCT - Bertinoro

Overview Motivation ! Distributed Schedulers ! Strongly Distributed Schedulers ! Distributed Schedulers under secrecy ! (Un)decidability results ! Concluding remarks

Model Checking ! Probabilistic Concurrent Systems Nondeterminism resolved through schedulers ⅓ ⅓ ⅓ ! " ! " ! "

Model Checking ! Probabilistic Concurrent Systems Nondeterminism resolved through schedulers ⅓ ⅓ ⅓ ! " ! " ! "

Model Checking ! Probabilistic Concurrent Systems Nondeterminism resolved through schedulers ! Quantifies over all possible schedulers sup P(F ! ) = 1 ⅓ ⅓ ⅓ ! " ! " ! "

Model Checking ! Probabilistic Concurrent Systems Nondeterminism resolved through schedulers ! Quantifies over all possible schedulers sup P(F ! ) = 1 inf P(F ! ) = 0 ⅓ ⅓ ⅓ ! " ! " ! "

Model Checking ! Probabilistic Concurrent Systems ⅓ ⅓ choose door ⅓ Monty Hall problem open door keep door switch door ! " ! " ! " sup P(F ! ) = 2/3 inf P(F ! ) = 1/3

Probabilistic model All schedulers Model Checking ! checking provides a safe over- are too many! approximation of the actual Probabilistic Concurrent Systems probability value ⅓ ⅓ choose door ⅓ Monty Hall problem open door keep door switch door ! " ! " ! " sup P(F ! ) = 2/3 inf P(F ! ) = 1/3

c? ⅓ c! ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " You || Monty Hall

Little knowledge about other Local decisions can only be processes internal state taken based on local knowledge c? ⅓ c! ⅓ ⅓ ? o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " You || Monty Hall

c? c! ⅓ ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " A distributed scheduler is a scheduler that respects the local decisions of each component. ! Local decisions are only taken with the information available to each component.

c? c! ⅓ ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " ⅓ ⅓ ⅓ Two different c! choices with the same local o? knowledge!! ! " ! " ! "

Any acceptable c? scheduler can do either c! ⅓ ⅓ ⅓ “keep” or “switch” but not both o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " ⅓ ⅓ ⅓ Two different c! choices with the same local o? knowledge!! ! " ! " ! "

Probabilistic I/O automata ( S, ¯ s, L, → ) set of states ! initial state, s ∈ S ! set of labels partitioned in inputs ( I ) and outputs ( O ) ! is the (probabilistic) → ∈ S × L × Dist ( S ) transition relation input enabled: ! a ∀ a ∈ I : s − → → µ 00 ) → µ 0 = µ 00 → µ 0 ∧ s label deterministic: a a ∀ a ∈ L : ( s − −

Composition of PIOA Two PIOA are compatible if . A 1 , A 2 O 1 ∩ O 2 = ∅ Their parallel composition is defined by A 1 || A 2 = ( S 1 × S 2 , ( s 1 , s 2 ) , L 1 ∪ L 2 , → ) with and , and I = ( L 1 ∪ L 2 ) \ O O = O 1 ∪ O 2 Because of a s 1 − → µ 1 compatibility, at most one a ∈ L 1 \ L 2 a component produces an ( s 1 , s 2 ) −→ µ 1 × δ s 2 output in the composed transition a a s 1 s 2 − → µ 1 − → µ 2 a ∈ L 1 ∩ L 2 a ( s 1 , s 2 ) −→ µ 1 × µ 2 Extends to multiple components as expected

Execution of PIOA ! ! An execution fragment of a PIOA is a sequence ! ! s 0 a 0 µ 0 s 1 a 1 µ 1 s 2 . . . s m − 1 a m − 1 µ m − 1 s m such that and a i µ i ( s i +1 ) > 0 s i − − → µ i

Schedulers A scheduler is a mapping from execution fragments to distributions on transitions enabled in the current state. Two steps to construct distributed schedulers: ! 1. choose the active component A i (i.e. the one that will produce an output), ! 2. let A i choose one output transition according to the local knowledge (suppose its label is a ). All other A j matching a (as an input) will do so in a parallel composition (ensured by input enabledness and determinism)

Schedules output Schedulers transitions provided this component is chosen to execute. For each component we consider an output scheduler A i Θ i : Frag i → Dist ( O i ) , s.t. ! a Θ i ( σ )( a ) > 0 last ( σ ) implies − → i For the system we define the interleaving A 1 || · · · || A n scheduler , s.t. ! I : Frag → Dist ( { 1 , . . . , n } ) a I ( σ )( i ) > 0 ∃ a ∈ O i : last ( σ ) implies − → Selects randomly the component that will execute an output

Projection of an execution The projection on a compnent of an execution A i fragment σ of a system is defined A 1 || · · · || A n inductively by ! ! [(¯ s 1 , . . . , ¯ s n )] i = ¯ s i ! [ σ a ( µ 1 × · · · × µ n ) ( s 1 , . . ., s n )] i = � [ σ ] i a µ i s i if a ∈ L i ! = [ σ ] i if a / ∈ L i It defines the idea of “local knowledge”

Distributed Scheduler A distributed schedulers is a mapping ! η : Frag → Dist ( O ) s.t. there is a family of output schedulers and an { Θ i } i interleaving scheduler so that for all : a g F r I ∈ σ η ( σ )( a ) = P n i =1 I ( σ )( i ) · Θ i ([ σ ] i )( a ) = I ( σ )( j ) · Θ j ([ σ ] j )( a ) provided a ∈ O j

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You Θ Y ( [(•,•)] Y ) = Θ Y (•) = c!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You Θ Y ( [(•,•)] Y ) = Θ Y (•) = c! I ( (•,•)c(•,•)) = MH

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You Θ Y ( [(•,•)] Y ) = Θ Y (•) = c! I ( (•,•)c(•,•)) = MH Θ MH ( [(•,•)c(•,•)] MH ) = Θ MH (•c•) = o!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You Θ Y ( [(•,•)] Y ) = Θ Y (•) = c! I ( (•,•)c(•,•)) = MH Θ MH ( [(•,•)c(•,•)] MH ) = Θ MH (•c•) = o! I ( (•,•)c(•,•)o(•,•) ) = You

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You ! Θ Y ( [(•,•)] Y ) = Θ Y (•) = c! ! I ( (•,•)c(•,•)) = MH ! Θ MH ( [(•,•)c(•,•)] MH ) = Θ MH (•c•) = o! ! I ( (•,•)c(•,•)o(•,•) ) = You ! Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " I ( (•,•) ) = You ! Θ Y ( [(•,•)] Y ) = Θ Y (•) = c! ! I ( (•,•)c(•,•)) = MH ! Θ MH ( [(•,•)c(•,•)] MH ) = Θ MH (•c•) = o! ! I ( (•,•)c(•,•)o(•,•) ) = You ! Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s!

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! s? k? k? s? s? k? s? k? s! k! ! " ! " ! " Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s! Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) =

Example c? c! ⅓ revisited ⅓ ⅓ o? o! o! o! ✗ s? k? k? s? s? k? s? k? s! k! ! " ! " ! " Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) = s! Θ Y ( [(•,•)c(•,•)o(•,•)] Y ) = Θ Y (•c•o•) =