Embed Size (px)
Citation preview
Parameterized Model Checking of Rendezvous Systems
B. Aminof, T. Kotek, S. Rubin, F. Spegni, and [email protected]
TU, Wien, ATUnivPM, Ancona, IT
PV : Workshop on Parameterized VerificationCONCUR ’14
6th September 2014, Rome
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 1 / 1
PMC: definition
IN a process template P, a specification φ
OUT true, if ∀n ∈ N . Pn |= φfalse, otherwise
in general undecidable (Apt & Kozen, ’86)
many variations
process structure and topology,specification logic,synchronization primitives,. . .
why CONCUR?
eventually model-check concurrent and distributed algorithms
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 2 / 1
PMC: definition
IN a process template P, a specification φ
OUT true, if ∀n ∈ N . Pn |= φfalse, otherwise
in general undecidable (Apt & Kozen, ’86)
many variations
process structure and topology,specification logic,synchronization primitives,. . .
why CONCUR?
eventually model-check concurrent and distributed algorithms
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 2 / 1
PMC: definition
IN a process template P, a specification φ
OUT true, if ∀n ∈ N . Pn |= φfalse, otherwise
in general undecidable (Apt & Kozen, ’86)
many variations
process structure and topology,specification logic,synchronization primitives,. . .
why CONCUR?
eventually model-check concurrent and distributed algorithms
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 2 / 1
PMC: definition
IN a process template P, a specification φ
OUT true, if ∀n ∈ N . Pn |= φfalse, otherwise
in general undecidable (Apt & Kozen, ’86)
many variations
process structure and topology,specification logic,synchronization primitives,. . .
why CONCUR?
eventually model-check concurrent and distributed algorithms
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 2 / 1
Rendezvous systems
Pairwise Rendezvous (PR):Labeled Transition Systems + interleaving local actions +synchronous send/recv actions
Disjunctive Guards (DG):Labeled Transition Systems + interleaving + inspect neighbors withdisjunctive boolean formulas
Token Passing Systems (TPS):Labeled Transition Systems + bipartite topology + token passingrules
TPS � PR � DG
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 3 / 1
Rendezvous systems
Pairwise Rendezvous (PR):Labeled Transition Systems + interleaving local actions +synchronous send/recv actions
Disjunctive Guards (DG):Labeled Transition Systems + interleaving + inspect neighbors withdisjunctive boolean formulas
Token Passing Systems (TPS):Labeled Transition Systems + bipartite topology + token passingrules
TPS � PR � DG
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 3 / 1
Rendezvous systems
Pairwise Rendezvous (PR):Labeled Transition Systems + interleaving local actions +synchronous send/recv actions
Disjunctive Guards (DG):Labeled Transition Systems + interleaving + inspect neighbors withdisjunctive boolean formulas
Token Passing Systems (TPS):Labeled Transition Systems + bipartite topology + token passingrules
TPS � PR � DG
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 3 / 1
Rendezvous systems
Pairwise Rendezvous (PR):Labeled Transition Systems + interleaving local actions +synchronous send/recv actions
Disjunctive Guards (DG):Labeled Transition Systems + interleaving + inspect neighbors withdisjunctive boolean formulas
Token Passing Systems (TPS):Labeled Transition Systems + bipartite topology + token passingrules
TPS � PR � DG
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 3 / 1
PMC: a space to explore
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 4 / 1
synchronization
PRDGTPS
topology
ring
clique-like
MSO-definable
logic
i-CTL?
k-CTL
?
k-CTL
?d
Synchronization axis
PR Pairwise Rendezvous
DG Disjunctive Guards
TPS Token-Passing Systems
. . .
Note: no linear ordering along the axis, just an intuition ...
PMC: a space to explore
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 4 / 1
synchronization
PRDGTPS
topology
ring
clique-like
MSO-definable
logic
i-CTL?
k-CTL
?
k-CTL
?d
Topology axis
ring, trees, cliques, . . .
clique-like, MSO definable
. . .
Note: no linear ordering along the axis, just an intuition ...
PMC: a space to explore
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 4 / 1
synchronization
PRDGTPS
topology
ring
clique-like
MSO-definable
logic
i-CTL?
k-CTL
?
k-CTL
?d
Logic axis
i-CTL? indexed CTL?
k-CTL? k process quantifiers
k-CTL?d d nested path quantifiers
. . .
Note: no linear ordering along the axis, just an intuition ...
PMC: a space to explore
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 4 / 1
synchronization
PRDGTPS
topology
ring
clique-like
MSO-definable
logic
i-CTL?
k-CTL
?
k-CTL
?d
Questions for each point in space
is PMC decidable?
what is PMC complexity?
does it admit cutoffs?
is the set of traces ω-regular?
what is the size of the NBWA?
Note: no linear ordering along the axis, just an intuition ...
Some interesting answers (1)
Thm: PMC for PR clique(-like) of 1-CTL?2 \ X is undecidable
Proof idea: reduction to halting problem of Turing machine
Thm: PMC for PR clique-like network with controller of 1-LTL \X isEXPSPACE-complete
Thm: PMC for PR clique-like network without controller network of1-LTL \X is PSPACE-complete
extension of existing result for cliquesProof idea: reduce to the repeated reachability of state in a VASS
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 5 / 1
Some interesting answers (1)
Thm: PMC for PR clique(-like) of 1-CTL?2 \ X is undecidable
Proof idea: reduction to halting problem of Turing machine
Thm: PMC for PR clique-like network with controller of 1-LTL \X isEXPSPACE-complete
Thm: PMC for PR clique-like network without controller network of1-LTL \X is PSPACE-complete
extension of existing result for cliquesProof idea: reduce to the repeated reachability of state in a VASS
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 5 / 1
Some interesting answers (2)
Thm: PR cliques don’t admit cutoff
Note: PMC for PR cliques is decidable (German & Sistla, ’92)
Proof idea:
Find a clever process in PRSuppose a cutoff c > 0 existsShow a property φ s.t. ∀n ≤ c .Pn |= φ but Pc+1 6|= φ
q1start q2 q3
τ
!a
?a
τ
φm = ∀i .¬ (q1(i)U . . .U(q2(i)U(q1(i)Uq2(i))) . . . )︸ ︷︷ ︸2m alternations
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 6 / 1
Some interesting answers (2)
Thm: PR cliques don’t admit cutoff
Note: PMC for PR cliques is decidable (German & Sistla, ’92)
Proof idea:
Find a clever process in PRSuppose a cutoff c > 0 existsShow a property φ s.t. ∀n ≤ c .Pn |= φ but Pc+1 6|= φ
q1start q2 q3
τ
!a
?a
τ
φm = ∀i .¬ (q1(i)U . . .U(q2(i)U(q1(i)Uq2(i))) . . . )︸ ︷︷ ︸2m alternations
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 6 / 1
Some interesting answers (3)
Thm: Given any DG clique C 1||Un, EXEC(C) (resp. EXEC(U)) isrecognized by NBW1 of size O(|C | × 2|U|).
Proof idea:
Build abstraction for C 1||Un . . .. . . s.t. abstract configurations in SC × 2SU
Prove abstraction is correct and complete
Previously: Emerson & Kahlon Cutoff theorems, O(|C | × |U|k)states, where k = Θ(|U|)Moral of the story: cutoffs may not yield optimal algorithmic solutions
1non-deterministic Buchi word automatonB.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 7 / 1
Some interesting answers (3)
Thm: Given any DG clique C 1||Un, EXEC(C) (resp. EXEC(U)) isrecognized by NBW1 of size O(|C | × 2|U|).
Proof idea:
Build abstraction for C 1||Un . . .. . . s.t. abstract configurations in SC × 2SU
Prove abstraction is correct and complete
Previously: Emerson & Kahlon Cutoff theorems, O(|C | × |U|k)states, where k = Θ(|U|)Moral of the story: cutoffs may not yield optimal algorithmic solutions
1non-deterministic Buchi word automatonB.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 7 / 1
Some interesting answers (3)
Thm: Given any DG clique C 1||Un, EXEC(C) (resp. EXEC(U)) isrecognized by NBW1 of size O(|C | × 2|U|).
Proof idea:
Build abstraction for C 1||Un . . .. . . s.t. abstract configurations in SC × 2SU
Prove abstraction is correct and complete
Previously: Emerson & Kahlon Cutoff theorems, O(|C | × |U|k)states, where k = Θ(|U|)Moral of the story: cutoffs may not yield optimal algorithmic solutions
1non-deterministic Buchi word automatonB.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 7 / 1
Some interesting answers (3)
Thm: Given any DG clique C 1||Un, EXEC(C) (resp. EXEC(U)) isrecognized by NBW1 of size O(|C | × 2|U|).
Proof idea:
Build abstraction for C 1||Un . . .. . . s.t. abstract configurations in SC × 2SU
Prove abstraction is correct and complete
Previously: Emerson & Kahlon Cutoff theorems, O(|C | × |U|k)states, where k = Θ(|U|)Moral of the story: cutoffs may not yield optimal algorithmic solutions
1non-deterministic Buchi word automatonB.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 7 / 1
Some open questions (1)
PR can simulate DG, PR does not admit cutoff in general, DG does.Why? Where does it “disappear” the “cutoff existence” property?
PR
DG
In DG, the cutoffs of C 1||Un is roughly: cU = |U|+ k, k ∈ {1, 2}.Can we compute more precise cutoffs for the specific processtemplate?
Can we compute the minimal cutoff?still sub-optimal, asymptotically, but . . .useful in practice (reuse model checkers)
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 8 / 1
Some open questions (1)
PR can simulate DG, PR does not admit cutoff in general, DG does.Why? Where does it “disappear” the “cutoff existence” property?
PR
DG
In DG, the cutoffs of C 1||Un is roughly: cU = |U|+ k, k ∈ {1, 2}.Can we compute more precise cutoffs for the specific processtemplate?
Can we compute the minimal cutoff?still sub-optimal, asymptotically, but . . .useful in practice (reuse model checkers)
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 8 / 1
Some open questions (1)
PR can simulate DG, PR does not admit cutoff in general, DG does.Why? Where does it “disappear” the “cutoff existence” property?
PR
DG
In DG, the cutoffs of C 1||Un is roughly: cU = |U|+ k, k ∈ {1, 2}.Can we compute more precise cutoffs for the specific processtemplate?
Can we compute the minimal cutoff?still sub-optimal, asymptotically, but . . .useful in practice (reuse model checkers)
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 8 / 1
Some open questions (1)
PR can simulate DG, PR does not admit cutoff in general, DG does.Why? Where does it “disappear” the “cutoff existence” property?
PR
DG
In DG, the cutoffs of C 1||Un is roughly: cU = |U|+ k, k ∈ {1, 2}.Can we compute more precise cutoffs for the specific processtemplate?
Can we compute the minimal cutoff?still sub-optimal, asymptotically, but . . .useful in practice (reuse model checkers)
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 8 / 1
Some open questions (1)
PR can simulate DG, PR does not admit cutoff in general, DG does.Why? Where does it “disappear” the “cutoff existence” property?
PR
DG
In DG, the cutoffs of C 1||Un is roughly: cU = |U|+ k, k ∈ {1, 2}.Can we compute more precise cutoffs for the specific processtemplate?
Can we compute the minimal cutoff?still sub-optimal, asymptotically, but . . .useful in practice (reuse model checkers)
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 8 / 1
Some open questions (2)
Abstractions required to model check complex algorithms
how to model variables (e.g. PIDs) and their relation?can we exploit topologies (variable-induced topologies)?can we mix topologies (different variables, different topologies)?
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 9 / 1
Some open questions (2)
Abstractions required to model check complex algorithms
how to model variables (e.g. PIDs) and their relation?can we exploit topologies (variable-induced topologies)?can we mix topologies (different variables, different topologies)?
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 9 / 1
Some open questions (2)
Abstractions required to model check complex algorithms
how to model variables (e.g. PIDs) and their relation?can we exploit topologies (variable-induced topologies)?can we mix topologies (different variables, different topologies)?
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 9 / 1
Some open questions (2)
Abstractions required to model check complex algorithms
how to model variables (e.g. PIDs) and their relation?can we exploit topologies (variable-induced topologies)?can we mix topologies (different variables, different topologies)?
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 9 / 1
Thanks :)
Thanksstart
?question
?question
ε
ε/timeout
!answer
ε/timeout
ε
B.Aminof,T.Kotek,S.Rubin,F.Spegni,H.Veith (TUWien (AT), UnivPM (IT))PMC of Rendezvous Systems PV @ Concur ’14 10 / 1
![ON THE PARAMETERIZED COMPLEXITY OF APPROXIMATE …matematicas.uis.edu.co/.../files/p-approx-counting.pdf · 1.1. Parameterized Complexity. Parameterized complexity theory [5], [3]](https://img.dokumen.tips/doc/110x75/5fa9b6c0f3b3624d395da859/on-the-parameterized-complexity-of-approximate-11-parameterized-complexity-parameterized.jpg)
