Games for discrete-time Markov chain and their application to - PowerPoint PPT Presentation

Games for discrete-time Markov chain and their application to verification Shota Nakagawa The University of Tokyo

Outline ● What model-checking is ● Applications of GTP to model-checking – Fairness theorem – Simulation ● Conclusion and future work Shota Nakagawa 2

Outline ● What model-checking is ● Applications of GTP to model-checking – Fairness theorem – Simulation ● Conclusion and future work Shota Nakagawa 3

Example: Traffic Lights GO S T O P Shota Nakagawa 4

Example: Traffic Lights Shota Nakagawa 5

Example: Traffic Lights “If one is green, the other is red.” Shota Nakagawa 6

Model-Checking System Specification Shota Nakagawa 7

Model-Checking “If one is green, the other is red.” System Specification Shota Nakagawa 8

Model-Checking “If one is green, the other is red.” System Specification informal Modeling Formalizing formal Model Formula Shota Nakagawa 9

Model-Checking “If one is green, the other is red.” System Specification informal Modeling Formalizing formal Model Formula red 1 , □ ( green 1 ⇒ red 2 ) green 2 ∧ □ ( green 2 ⇒ red 1 ) Temporal logic [A.Pnueli] Shota Nakagawa 10

Model-Checking “If one is green, the other is red.” System Specification informal Modeling Formalizing formal Model Formula red 1 , □ ( green 1 ⇒ red 2 ) green 2 Model-Checking ∧ □ ( green 2 ⇒ red 1 ) Satisfy or not? Temporal logic [A.Pnueli] Shota Nakagawa 11

Probabilistic Model-Checking “...” with prob. 1 Prob. System Specification informal Modeling Formalizing formal Model Formula Model-Checking DTMC Satisfy or not? Shota Nakagawa 12

Discrete-Time Markov Chain ● As a random process Def. A (finite or countable) state space S and random variables X 1 , X 2 , X 3 , … such that Pr( X n+ 1 = s | X 1 = s 1 , …, X n = s n ) = Pr( X 2 = s | X 1 = s n ) Shota Nakagawa 13

Discrete-Time Markov Chain ● As a random process Def. A (finite or countable) state space S and random variables X 1 , X 2 , X 3 , … such that Pr( X n+ 1 = s | X 1 = s 1 , …, X n = s n ) = Pr( X 2 = s | X 1 = s n ) ● As a transition system Def. A pair (S, P) of ● a (finite or countable) state space S and ● a stochastic matrix P : S×S → [0,1] (transition) ● Connection between two definitions: P(s,s') = Pr( X 2 = s' | X 1 = s) Shota Nakagawa 14

Discrete-Time Markov Chain ● As a random process Def. A (finite or countable) state space S and random variables X 1 , X 2 , X 3 , … such that Pr( X n+ 1 = s | X 1 = s 1 , …, X n = s n ) = Pr( X 2 = s | X 1 = s n ) ● As a transition system Def. A pair (S, P) of ● a (finite or countable) state space S and ● a stochastic matrix P : S×S → [0,1] (transition) ● Connection between two definitions: P(s,s') = Pr( X 2 = s | X 1 = s') Shota Nakagawa 15

Outline ● What model-checking is ● Applications of GTP to model-checking – Fairness theorem – Simulation ● Conclusion and future work Shota Nakagawa 16

Applications to model-checking ● Connection between GTP and model-checking – One step of transitions ⇔ One round of games. – Shota Nakagawa 17

Applications to model-checking ● Connection between GTP and model-checking – One step of transitions ⇔ One round of games. – ● Long term goals – Get efficient model-checking algorithms, models or expressions of specifications – Shota Nakagawa 18

Applications to model-checking ● Connection between GTP and model-checking – One step of transitions ⇔ One round of games. – ● Long term goals – Get efficient model-checking algorithms, models or expressions of specifications – ● In my BSc thesis – Formulate DTMC in terms of GTP and – Give proofs of some known theorems by using GTP Shota Nakagawa 19

Game for DTMC Shota Nakagawa 20

Game for DTMC Skeptic bets f n (s) for “ s will be the next state.” Shota Nakagawa 21

Outline ● What model-checking is ● Applications of GTP to model-checking – Fairness theorem – Simulation ● Conclusion and future work Shota Nakagawa 22

Fairness Theorem Thm. If a state t can be reached from a state s, Pr( □ ◇ s ⇒ □ ◇ t) = 1. s is visited Infinitely often Shota Nakagawa 23

Fairness Theorem Thm. If a state t can be reached from a state s, Pr( □ ◇ s ⇒ □ ◇ t) = 1. … Shota Nakagawa 24

Fairness Theorem Thm. If a state t can be reached from a state s, Pr( □ ◇ s ⇒ □ ◇ t) = 1. … All transitions occur Infinitely often Shota Nakagawa 25

Strategy of Skeptic ● Aim: Pr( □ ◇ s ∧ ¬ □ ◇ t) = 0 (complementary event.) ● In case that P(s,t) > 0, … s t Shota Nakagawa 26

Strategy of Skeptic ● Aim: Pr( □ ◇ s ∧ ¬ □ ◇ t) = 0 (complementary event.) ● In case that P(s,t) > 0, ● Skeptic bets on all states except for t bet ● s is visited infinitely often and t is visited only finitely often ⇒ Skeptic wins … s t bet Shota Nakagawa 27

Outline ● What model-checking is ● Applications of GTP to model-checking – Fairness theorem – Simulation ● Conclusion and future work Shota Nakagawa 28

Simulation ● Probabilistic variant [R. Segala and N. Lynch, 1995] Def. (weight function) Let μa n d ν be distributions on S 1 and S 2 , respectively. A function δ : S 1 ×S 2 → [0,1] is a weight function for μ and ν w.r.t. R ⊆ S 1 × S 2 if: ● for each s ∈ S 1 , Σ S 2 δ (s, s') = μ (s), s' ∈ ● for each s' ∈ S 2 , Σ (s, s') = S 1 δ ν (s'), and s ∈ ● if (s, s') > 0 then (s, s') ∈ δ R. Shota Nakagawa 29

Simulation ● Probabilistic variant [R. Segala and N. Lynch, 1995] Def. (simulation) R ⊆ S 1 × S 2 is a simulation between D 1 = (S 1 , P 1 ) and D 2 = (S 2 , P 2 ) ⇔ there exists a weight function δ for P(s 1 , -) and P(s 2 , -) s 1 ,s 2 w.r.t. R for each (s 1 , s 2 ) ∈ R. Thm. R ⊆ S 1 × S 2 is a simulation between D 1 = (S 1 , P 1 ) and D 2 = (S 2 , P 2 ) ⇒ R. Pr D (s 1 ╞ E) ≤ Pr D (s 2 ╞ E ↑ R ) ∀ (s 1 , s 2 ) ∈ 1 2 Shota Nakagawa 30

Simulation ● Two games: G 1 for (S 1 , P 1 ) and G 2 for (S 2 , P 2 ) ● Suppose that there exists a weight function δ for s 1 ,s 2 P(s 1 , -) and P(s 2 , -) w.r.t. R. – Skeptic's move f 1 in G 1 can be constructed from a weight function δ and Skeptic's move f 2 in G 2 : s 1 ,s 2 f 1 (s) = Σδ (s, s') f 2 (s') / P(s 1 , s) s 1 ,s 2 s' ∈ S 2 – ∀ s 1 ' ∈ S 1 . ∃ s 2 ' ∈ S 2 . (s 1 , s 2 ) ∈ R ∧ f 1 (s 1 ') – Σ f 1 (s)P 1 (s 1 , s) ≧ f 2 (s 2 ') – Σ f 2 (s')P 2 (s 2 , s') s ∈ s' ∈ S 1 S 2 Shota Nakagawa 31

Outline ● What model-checking is ● Applications of GTP to model-checking – Fairness theorem – Simulation ● Conclusion and future work Shota Nakagawa 32

Conclusion ● Application of GTP to model-checking – Formulation of DTMC in terms of GTP – Give proofs of some known theorems by using GTP Future work ● Formulate other models – Markov decision process (which have both probabilistic and non-deterministic behavior) ● Use GTP and get model-checking algorithms, models or expressions of specifications Shota Nakagawa 33

References ● E.M. Clarke, O. Grumberg, and D.A. Peled. Model Checking. MIT Press, 1999 ● Christel Baier and Joost-Pieter Katoen. Principles of Model Checking. MIT Press, 2007. ● Shota Nakagawa. Games for Discrete-time Markov Chain and Their Application to Verification. BSc thesis, University of Tokyo, 2014. Shota Nakagawa 34