Learning Nominal Automata Joshua Moerman Matteo Sammartino , - PowerPoint PPT Presentation

Learning Nominal Automata Joshua Moerman Matteo Sammartino , Alexandra Silva (Radboud University) (University College London) Bartek Klin, Micha ł Szynwelski (Warsaw University) POPL 2017 Paris

Active learning queries System Learner black-box answers S automaton builds model of S 1

Active learning queries System Learner black-box answers S automaton builds model of S No formal specification available? Learn it! 1

L* algorithm (D.Angluin ’87) Finite alphabet of system’s actions A L ⊆ A � set of system behaviors is a regular language 2

L* algorithm (D.Angluin ’87) Finite alphabet of system’s actions A L ⊆ A � set of system behaviors is a regular language Teacher Learner L 2

L* algorithm (D.Angluin ’87) Finite alphabet of system’s actions A L ⊆ A � set of system behaviors is a regular language Q: w ∈ L ? A: Y/N Teacher Learner L 2

L* algorithm (D.Angluin ’87) Finite alphabet of system’s actions A L ⊆ A � set of system behaviors is a regular language Q: w ∈ L ? A: Y/N L ( H ) = L ? Teacher Q: Learner A: Y / N + counterexample L H H = hypothesis automaton 2

L* algorithm (D.Angluin ’87) Finite alphabet of system’s actions A L ⊆ A � set of system behaviors is a regular language Q: w ∈ L ? A: Y/N L ( H ) = L ? Teacher Q: Learner A: Y / N + counterexample L H H = hypothesis automaton builds Minimal DFA L accepting L 2

Observation table E a aa � row : S ∪ S · A → 2 E  S 0 0 1 � ∪  a 0 1 0 S · A row ( s )( e ) = 1 ⇐ ⇒ se ∈ L b 0 0 0 S, E ⊆ A � A = { a, b } 3

Observation table E a aa � row : S ∪ S · A → 2 E  S 0 0 1 � ∪  a 0 1 0 S · A row ( s )( e ) = 1 ⇐ ⇒ se ∈ L b 0 0 0 S, E ⊆ A � A = { a, b } Hypothesis automaton { states = { row ( s ) | s ∈ S } { row ( s ) | s ∈ S, row ( s )( � ) = 1 } final states = initial state = row ( � ) a transition function row ( s ) → row ( sa ) − 3

Observation table E a aa � row : S ∪ S · A → 2 E  S 0 0 1 � ∪  a 0 1 0 S · A row ( s )( e ) = 1 ⇐ ⇒ se ∈ L b 0 0 0 S, E ⊆ A � A = { a, b } Hypothesis automaton { states = { row ( s ) | s ∈ S } { row ( s ) | s ∈ S, row ( s )( � ) = 1 } final states = Why is this correct? initial state = row ( � ) a transition function row ( s ) → row ( sa ) − 3

Table properties Closed row ( t ) = row ( s ). ∀ t ∈ S · A ∃ s ∈ S next state exists Consistent row ( s 1 ) = row ( s 2 ) = ⇒ ∀ a ∈ A row ( s 1 a ) = row ( s 2 a ) ∀ s 1 , s 2 ∈ S next state is unique 4

Table properties a row ( s ) → row ( sa ) − Closed row ( t ) = row ( s ). ∀ t ∈ S · A ∃ s ∈ S next state exists Consistent row ( s 1 ) = row ( s 2 ) = ⇒ ∀ a ∈ A row ( s 1 a ) = row ( s 2 a ) ∀ s 1 , s 2 ∈ S next state is unique 4

Table properties a row ( s ) → row ( sa ) − Closed row ( t ) = row ( s ). ∀ t ∈ S · A ∃ s ∈ S next state exists Fixed by extending the table Consistent A = { a, b } row ( s 1 ) = row ( s 2 ) = ⇒ ∀ a ∈ A row ( s 1 a ) = row ( s 2 a ) ∀ s 1 , s 2 ∈ S next state is unique 4

Pros of L* … simple is POWERFUL & beautiful Applications : Hardware verification, security/network protocols… Generalizations : Mealy machines, I/O automata, … 6

… and shortcomings L* learns control-flow What if program model needs to express data-flow? operations on data values comparisons between data values FIFO pop(y) push(x) y = front element 7

Automata over infinite alphabets (nominal automata) 8

Automata over infinite alphabets (nominal automata) A = { a, b, c, d, . . . } infinite alphabet L = { aa, bb, cc, dd, . . . } 8

Automata over infinite alphabets (nominal automata) A = { a, b, c, d, . . . } infinite alphabet L = { aa, bb, cc, dd, . . . } ̸ = a q a a a b A q 0 q b q 3 q 4 A b ̸ = b . . . infinite automaton 8

Automata over infinite alphabets (nominal automata) A = { a, b, c, d, . . . } infinite alphabet L = { aa, bb, cc, dd, . . . } ̸ = a q a a a 8 x 2 A b A q 0 q b q 3 q 4 x x A A q 0 q x q 3 q 4 A b ̸ = b 6 = x . . . infinite automaton but with a finite representation 8

How to learn them? 9

How to learn them? Ad-hoc algorithm? NO! 9

How to learn them? Ad-hoc algorithm? NO! • table needs to be infinite Challenges: • code operates on infinite sets row ( t ) = row ( s ). ∀ t ∈ S · A ∃ s ∈ S row ( s 1 ) = row ( s 2 ) = ⇒ ∀ a ∈ A row ( s 1 a ) = row ( s 2 a ) ∀ s 1 , s 2 ∈ S 9

How to learn them? Ad-hoc algorithm? NO! • table needs to be infinite Challenges: • code operates on infinite sets row ( t ) = row ( s ). ∀ t ∈ S · A ∃ s ∈ S Everything is “finitely representable” row ( s 1 ) = row ( s 2 ) = ⇒ ∀ a ∈ A row ( s 1 a ) = row ( s 2 a ) ∀ s 1 , s 2 ∈ S 9

A paradigm shift (finite) sets (orbit-finite) nominal sets functions equivariant functions (change category from Set to Nom ) Nominal automata theory Nominal Programming languages Mikolaj Bojanczyk, Bartek Klin, Slawomir Lasota: Bartek Klin, Michal Szynwelski: Automata with Group Actions . LICS 2011 SMT Solving for Functional Programming over Infinite Structures . MSFP 2016 10

A paradigm shift (finite) sets (orbit-finite) nominal sets functions equivariant functions (change category from Set to Nom ) Nominal L* Nominal automata theory Nominal Programming languages Mikolaj Bojanczyk, Bartek Klin, Slawomir Lasota: Bartek Klin, Michal Szynwelski: Automata with Group Actions . LICS 2011 SMT Solving for Functional Programming over Infinite Structures . MSFP 2016 10

A paradigm shift (finite) sets (orbit-finite) nominal sets functions equivariant functions (change category from Set to Nom ) Nominal L* Nominal automata theory Nominal Programming languages First non-trivial application of a new programming paradigm ( NLambda ) Mikolaj Bojanczyk, Bartek Klin, Slawomir Lasota: Bartek Klin, Michal Szynwelski: Automata with Group Actions . LICS 2011 SMT Solving for Functional Programming over Infinite Structures . MSFP 2016 10

A paradigm shift (finite) sets (orbit-finite) nominal sets functions equivariant functions (change category from Set to Nom ) Works with any (suitable) data domain Nominal L* Nominal automata theory Nominal Programming languages First non-trivial application of a new programming paradigm ( NLambda ) Mikolaj Bojanczyk, Bartek Klin, Slawomir Lasota: Bartek Klin, Michal Szynwelski: Automata with Group Actions . LICS 2011 SMT Solving for Functional Programming over Infinite Structures . MSFP 2016 10

A paradigm shift (finite) sets (orbit-finite) nominal sets functions equivariant functions (change category from Set to Nom ) Works with any (suitable) data domain Nominal L* Nominal automata theory Nominal Programming languages First non-trivial application of a new programming paradigm ( NLambda ) Mikolaj Bojanczyk, Bartek Klin, Slawomir Lasota: Bartek Klin, Michal Szynwelski: Automata with Group Actions . LICS 2011 SMT Solving for Functional Programming over Infinite Structures . MSFP 2016 Eryk Kopczynski, Szymon Torunczyk: LOIS: syntax and semantics. POPL 2017 10

Correctness and termination 11

Correctness and termination NLambda guarantees that each line of code terminates 11

Correctness and termination NLambda guarantees that each line of code terminates Algorithm correctness and termination from scratch ? 11

Correctness and termination NLambda guarantees that each line of code terminates Algorithm correctness and termination from scratch ? Not really Set-based proofs as guidelines L* enjoys a nice category-theoretic generalization Bart Jacobs, Alexandra Silva Automata Learning: A Categorical Perspective, Horizons of the Minds 2014 11

What we’ve done • Nominal L* • More in the paper : variations, Nominal NL* • NLambda (Haskell) Implementation • Experimental results 12

What’s next… • Improve NLambda • Other active learning algorithms • Other optimizations • Applications: large-scale software, crypto protocols… 13

Try it yourself https://www.mimuw.edu.pl/~szynwelski/nlambda/ f a i c t t r A C o m * p * l e t t n e e * A t https://github.com/Jaxan/nominal-lstar * s W i s E n e o L l l C C P D * o * O c e u s P u m e E e R n * o t e v t d y s a * E a d l e u t a