3Valued Abstractions of Games: Uncertainty, but with Precision

1
3-Valued Abstractions of Games Uncertainty, but
with Precision

• Luca de Alfaro UC Santa Cruz
• Patrice Godefroid Bell Labs, Lucent.
• Radha Jagadeesan DePaul University

2
Context of talk

• Abstractions for open systems

3
Foundations for closed systems

• Model Transition systems
• Property spec Temporal/modal logics
• Abstraction Simulation
• s simulates t Every transition from t is
  matched by a transition from s

4
Foundations for closed systems

• Model Transition systems
• Property spec Temporal/modal logics
• Abstraction Simulation
• Simulation is sound for universal properties

5
Open systems
6
Open systems models

• Games Transition systems
• Player 1
  Player 2

7
Open systems Logics

• Games Transition
  systems
• Alternating-Time Logic Temporal/modal logics
• Game Logics
• Coalition Logics
• We will work with Alternating Mu-calculus
• Alur-Henzinger-Kupferman

8
Open systems logics

• Strategy quantifierAt 1-states
  existence of a moveAt 2-states for all moves

9
Open systems logics

10
Open systems Abstraction

• Games Transition
  systems
• Alternating-time logic Temporal/modal logics
• Alternating simulation Simulation
• Alternating Simulation
• Abramsky
• Alur-Henzinger-Kupferman-Vardi
  

11
Open systems alternating simulation
1-simulated by
Player 1
For each 1-strategy, there is a 1-strategy on the
right
Player 2
12
Open systems Abstraction

• Games Transition
  systems
• Alternating-time logic Temporal/modal logics
• Alternating simulation Simulation
• 1-Alternating simulation preserves

13
Question

• Study of abstraction methods to preserve all
  properties of the alternating mu-calculus.
• Why?

14
Question

• Study of abstraction methods to preserve all
  properties of the alternating mu-calculus
• Compositional verification
• nested strategy quantifiers
• Thus need to preserve
  strategies for all players

15
Question

• Study of abstraction methods to preserve all
  properties of the alternating mu-calculus
• Compositional verification
• Feasible counter-examples
• Pasareanu-Dwyer-Visser00
• Counter-example guided refinement
  Grumberg-Shoham03

16
Results
17
Our results models and logics

• Definition of abstract games
• alternating refinement between states of
  an abstract games

18
Our results models and logics

• Definition of abstract games
• alternating refinement between states of
  an abstract games
• s alternating-refines t
• all AMC formulas satisfied by t are satisfied
  by s
• Strategies for all players are preserved from
  t to s

19
Our results expressiveness

• Are there useful abstractions captured by
  framework?
• Completeness?

20
Our results

• Any abstract interpretation on data-values
• Induces an alternating abstraction of games
• These abstract games are the most precise
  possible, for the given abstraction.
• completeness, in abstract interpretation

21
Our results completeness for safety

• If a state s of satisfies a property, there
  is a finite state abstraction
  that proves this

For transition systems Safety properties,
Maniolis-Treffler01
22
Complexity of refinement and model-checking

• Linear time, logspace reduction to concrete games

23
Rest of the talk
24
Rest of the talk

• Disjunctive Modal transition systems
  Larsen-Li 1991 Namjoshi 03,
  Dams-Namjoshi04, Grumberg-Shoham 2004
• Abstract Games and alternating refinement
• 3-valued semantics of AMC
• Examples of abstraction

25
Disjunctive modal transition systems
26
Modal transition systems

• Larsen90, Larsen-Thomsen91
• Two kinds of transitions MAY, MUST transitions.
• Consistency All MUST transitions are also MAY
  transitions.
• Concrete Systems MAY MUST.

27
Refinement of MTS

• MAY transitions go away or get converted into
  MUST transitions
• MUST transitions are preserved
• A R(efines) A
• A_may simulates A_may via R
• A_must simulates A_must via R-1

28
Predicate abstraction of xz under oddx, zgt0
lt x j, z k gt refines Isodd(j), Is(kgt0)
zgt0
not(zgt0)
x3,z5 x3,z4
oddx
not(oddx)
x4,z3
29
Predicate abstraction of xz under oddx, zgt0
lt x j, z k gt refines Isodd(j), Is(kgt0)
zgt0
not(zgt0)
oddx
x3, z4
not(oddx)
x4, z4
30
Predicate abstraction of xz under oddx, zgt0
lt x j, z k gt refines Isodd(j), Is(kgt0)
zgt0
not(zgt0)
oddx
x3, z5
not(oddx)
x3, z5
31
Predicate abstraction of xz under oddx, zgt0
lt x j, z k gt refines Isodd(j), Is(kgt0),
zgt0
not(zgt0)
oddx
not(oddx)
32
Predicate abstraction of xz under oddx, zgt0
lt x j, z k gt refines Isodd(j), Is(kgt0),
zgt0
not(zgt0)
oddx
x3, z4
not(oddx)
x4, z4
Oops! No must transition ltx3,z4gt
? ltx4,z4gt ltx3,z3gt ? ltx3,z3gt
33
Predicate abstraction of xz under oddx, zgt0
lt x j, z k gt refines Isodd(j), Is(kgt0),
zgt0
not(zgt0)
oddx
not(oddx)
Oops! No must transition ltx3,z4gt
? ltx4,z4gt ltx3,z3gt ? ltx3,z3gt
34
xz under oddx, zgt0
zgt0
not(zgt0)
oddx
not(oddx)
odd(x), not(oddx)
Must hyperedge Source oddx,zgt0
Target odd(x), zgt0,
not(odd(x)), z gt0
35
Disjunctive Modal transition systems

• Two kinds of transitions MAY, MUST transitions.
  Must transitions are hyperedges s ? t1, tn
• Consistency At least one of s ? ti is a may
  transition

36
Abstract Game Structures
37
Abstract Game Structures
38
Abstract Game Structures
39
Abstract Game Structures

• A must transition (to U) achieves an objective in
  next state only if all states in U achieve it.
• Consistency MUST Winning ? MAY winning

40
Three-valued determinacy for linear objectives

• For a linear objective W 1 has a winning must
  strategy for W
• 2 has a winning must strategy for not(W)
  Both 1 and 2 have winning MAY strategies for
  their objectives

41
Refinement
42
Refinement Transitions

• s refines s

a. May transitions decrease from s to s
43
Refinement

• s refines s

a.
Must transitions increase from s to s.
b.
44
Refinement

• s refines s

a.
Must transitions increase from s to s.
b.
45
Refinement

• Symmetric in both players
• 1- Alternating simulation Player 2 has only
  MAY moves. Player 1 has only MUST moves.

a.
Must transitions increase from s to s.
b.
46
3-valued AMC
47
3-valued semantics of AMC
x (OR) y true, if either is true,
false, if both are false
and bottom, otherwise.
48
(No Transcript)
49
s is a player 2 state
s is a player 1 state
50
s is a player 2 state
s is a player 1 state
51
Soundness and completeness of AMC for refinement

• s refines s IFOF

Going from s to s makes values more definite
52
Abstraction an example
53
Predicate Abstraction P1,..,Pn

• Abstract states are bivectors of length n
• s satisfies b1..bn where
• bi 1 iff s satisfies Pi.

54
Transitions

• MAY Transition (b1..bn, b1..bn) if
• EXISTS s such that s satisfies b1..bn
• EXISTS s satisfies b1..bn
  AND (s,s)

55
Transitions

• MUST Transition (b1..bn, c11..c1n..
  cm1,..,cmn) if
• FORALL s such that s satisfies b1..bn,
• EXISTS s EXISTS j s satisfies cj1..cjn
  
• AND (s,s)

56
xz under oddx, zgt0
oddx
not(oddx)
oddx
not(oddx)
odd(x), not(oddx)
Must transition from oddx,zgt0 to
odd(x), zgt0, not(odd(x)),
z gt0
57
A useful abstraction
58
Summary
59
Our results models and logics

• Definition of abstract games
• alternating refinement between states
• s alternating-refines t
• a. all AMC formulas satisfied by t are
  satisfied by s
• b. strategies for all players are preserved
  from t to s

60
Our results expressiveness

• 0. Any abstract interpretation on data-values
• Induces an alternating abstraction of games
• 1. These abstract games are the most precise
  possible, for the given abstraction.
• 2. Compositionality of abstraction
• 3. Finite state abstractions for proving
  safety properties.

61
Questions