Post on 03-Feb-2016
description
Laurent DoyenLSV, ENS Cachan & CNRS
Quantitative Languages: Weighted Automata and
Beyond
Credits
• K. Chatterjee, H. Edelsbrunner, T. A. Henzinger (IST Austria)• A. Degorre, J.-F. Raskin (ULB Brussels)• R. Gentilini (Uni. Perugia)• S. Torunczyk (Uni. Warsaw) • P. Rannou (ENS Cachan)
(CSL’08, LICS’09, FCT’09, CSL’10, Concur’10)
This talk is based on joint work with…
Model-Checking
Property/ Specification
Yes / No
Satisfaction Relation
Program/ System
-perhaps a proof -perhaps some counterexamples
Model-Checking
Property/ Specification
Yes / No
Trace inclusion
Program/ System
Formula
Every request is followed by a grant
Finite-state machine
Model-Checking
Property/ Specification
Yes / No
Trace inclusion
Program/ System
Model-checking is boolean
Formula
Every request is followed by a grant
- a trace is either good or bad
- a system is either good or bad
Finite-state machine
Quantitative Analysis
Property/ Specification
Value (R)
Quantitative Analysis
Program/ System
Formula
Every request is followed by a grant
-Measure of “fit” between system and spec
-e.g. average number of requests immediately granted
Finite-state machine
Distance (R)
Quantitative Analysis
Quantitative Analysis
Program/ System #1
- Comparing two implementations
e.g. cost or quality measure
Program/ System #2
Every request is followed by a grant
Finite-state machine
Quantitative Model-checking
Is there a Quantitative Framework with
- an appealing mathematical formulation, - useful expressive power, robustness and - good algorithmic properties ?
(Like the boolean theory of -regularity.)
Note: “Quantitative” is more than “timed” and “probabilistic”
A language is a boolean function:
Quantitative languages
A language is a boolean function:
Quantitative languages
A quantitative language is a function:
L(w) can be interpreted as:• the amount of some resource needed by the system to produce w (power, energy, time consumption),• a reliability measure (the average number of “faults” in w).
Is LA(w) LB(w) for all words w ?
Quantitative languagesQuantitative language
inclusion
LA(w)peak resource consumptionLong-run average response time
LB(w)resource bound a Average response-time requirement
Is LA(w) LB(w) for all words w ?
Quantitative languagesQuantitative language
inclusion
LA(w)peak resource consumptionLong-run average response time
LB(w)resource bound a Average response-time requirement
Distance:
Outline
• Motivation• Weighted automata
• Decision problems• Expressive power• Closure properties
• Beyond weighted automata
AutomataBoolean languages are generated by finite automata.
Nondeterministic Büchi automaton
AutomataBoolean languages are generated by finite automata.
Nondeterministic Büchi automaton
Value of a run r: Val(r)= 1 if an accepting state occurs -ly often in r 0 otherwise
AutomataBoolean languages are generated by finite automata.
Nondeterministic Büchi automaton
Value of a word w: sup of {values of the runs r over w}
Value of a run r: Val(r)= 1 if an accepting state occurs -ly often in r
AutomataBoolean languages are generated by finite automata.
Nondeterministic Büchi automaton
LA(w) = sup of {Val(r) | r is a run of A over w}
Weighted automataQuantitative languages are generated by weighted automata.
Weight function
Weighted automataQuantitative languages are generated by weighted automata.
Weight functionValue of a word w: sup of {values of the runs r over w}Value of a run r: Val(r)
where is a value function
Some value functions
(reachability)(Büchi)
(coBüchi)
(vi {0,1})
Some value functions
(reachability)(Büchi)
(coBüchi)
(vi {0,1})
Example: a motorSpecification
Deterministic LimAvg automaton
SpecificationImplementation(refined spec.)
Example: a motor
SpecificationImplementation(refined spec.)
Example: a motor
SpecificationImplementation(refined spec.)
Example: a motor
SpecificationImplementation(refined spec.)
Example: a motor
SpecificationImplementation(refined spec.)
Example: a motor
SpecificationImplementation(refined spec.)
Example: a motor
In the long-run, implementation has average cost cheaper than specification (for all traces).
Outline
• Motivation• Weighted automata
• Decision problems• Expressive power• Closure properties
• Beyond weighted automata
Emptiness
Given , is LA(w) ≥ for some word w ?
• solved by finding the maximal value of an infinite path in the graph of A,
• memoryless strategies exist in the corresponding quantitative 1-player games,• decidable in polynomial time for
Language Inclusion
Is LA(w) LB(w) for all words w ?
• PSPACE-complete for
equivalent to
Language Inclusion
Is LA(w) LB(w) for all words w ?
• PSPACE-complete for
• Solvable in polynomial-time when B is deterministic for and , • undecidable for nondeterministic automata. • open question for nondeterministic automata.
Language Inclusion
Language-inclusion gameLanguage
inclusion as a game
Discounted-sum automata, λ=3/4Is LA(w) LB(w) for all words w ?
Language-inclusion gameLanguage
inclusion as a game
Discounted-sum automata, λ=3/4Is LA(w) LB(w) for all words w ? Yes !
Language-inclusion gameLanguage
inclusion as a game
Is LA(w) LB(w) for all words w ?
• turn-based, two players;• Challenger wins iff
Language-inclusion gameLanguage
inclusion as a game
Is LA(w) LB(w) for all words w ?
• turn-based, two players;• Challenger wins iff
winning strategy
Language-inclusion game
Tokens on the initial states
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Challenger constructs a run r1 of A,Simulator constructs a run r2 of B.Challenger wins if Val(r1) > Val(r2).
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Language inclusion as a
game
Language-inclusion game
Challenger:
Simulator:
Challenger wins since 4>2.
Language inclusion as a
game
However, LA(w) LB(w) for all w.
Language-inclusion gameThe game is blind if the Challenger cannot observe the state of the Simulator.
Challenger has no winning strategy in the blind game
if and only if LA(w) LB(w) for all words w.
Language-inclusion gameThe game is blind if the Challenger cannot observe the state of the Simulator.
Challenger has no winning strategy in the blind game
if and only if LA(w) LB(w) for all words w.
When the game is not blind, we say that B simulates A if the Challenger has no winning strategy.
Simulation implies language inclusion.
Simulation is decidable
Universality and Equivalence
Is LA(w) = LB(w) for all words w ?
Language equivalence problem:
Universality problem:Given , is LA(w) ≥ for all words w ?
Complexity/decidability: same situation as Language inclusion.
Undecidability proof
Quantitative language universality is undecidable for LimAvg automata.
Theorem
Proof:Using a reduction from the halting problem of 2-counter machines.
2-counter machines
q1: inc c1 goto q2
q2: inc c1 goto q3
q3: if c1 == 0 goto q6 else dec c1 goto q4
q4: inc c2 goto q5
q5: inc c2 goto q3
q6: halt
• 2 counters c1, c2
• increment, decrement, zero test
2-counter machines
q1: inc c1 goto q2
q2: inc c1 goto q3
q3: if c1 == 0 goto q6 else dec c1 goto q4
q4: inc c2 goto q5
q5: inc c2 goto q3
q6: halt
• 2 counters c1, c2
• increment, decrement, zero test
Reduction
q1: inc c1 goto q2
q2: inc c1 goto q3
q3: if c1 == 0 goto q6 else dec c1 goto q4
q4: inc c2 goto q5
q5: inc c2 goto q3
q6: halt
Reduction:Given M, construct LimAvg-automaton AM such that M halts iff AM is not universal (for threshold 0).
! • Deterministic machine• Nonnegative counters
Given M and state qhalt, decide if qhalt is reachable (i.e., M halts).
Halting problem:
Reductionq1: inc c1 goto q2
q2: inc c1 goto q3
q3: if c1 == 0 goto q6 else dec c1 goto q4
q4: inc c2 goto q5
q5: inc c2 goto q3
q6: halt
• Initial nondeterministic jump to several gadgets• Witness word (with negative value) = (#AcceptingRun)ω
Gadgets
Reminder: Witness word = #AcceptingRun#AcceptingRun#...
Gadget 1:« First symbol is # »
Gadgets
Gadget 2:« Every σ1 is followed by σ2 »
Reminder: Witness word = #AcceptingRun#AcceptingRun#...
Gadgets
Gadget 3:« Infinitely many # »
Guess: this is the last #
Reminder: Witness word = #AcceptingRun#AcceptingRun#...
Gadgets
Gadget 4:« Counter correctness »
Check zero tests on c
# # # #...
-1 -1 -1 -1
Gadgets
Gadget 4:« Counter correctness »
Check zero tests on c
# # # #...
-1 -1 -1 -1cheat? ≥1
cheat? ≥1
cheat? ≥1
Gadgets
Gadget 4:« Counter correctness »
Check zero tests on c
Check non-zero test on c
Gadgets
Gadget 4:« Counter correctness »
Check zero tests on c
Check non-zero test on c
Correctnessq1: inc c1 goto q2
q2: inc c1 goto q3
q3: if c1 == 0 goto q6 else dec c1 goto q4
q4: inc c2 goto q5
q5: inc c2 goto q3
q6: halt
• If M halts, then (#AcceptingRun)ω is a witness word (with LimAvg value -1/Length(AcceptingRun).• If there exists a witness word, then # occurs infinitely often, and finitely many cheats occur. Hence, M has an accepting run.
Outline
Outline
• Motivation• Weighted automata
• Decision problems• Expressive power• Closure properties
• Beyond weighted automata
ReducibilityA class C of weighted automata can be reduced to a class C’ of weighted automata iffor all A C, there is A’ C’ such that LA = LA’.
ReducibilityA class C of weighted automata can be reduced to a class C’ of weighted automata iffor all A C, there is A’ C’ such that LA = LA’.
E.g. for boolean languages:• Nondet. coBüchi can be reduced to nondet. Büchi• Nondet. Büchi cannot be reduced to det. Büchi (nondet. Büchi cannot be determinized)
ReducibilityA class C of weighted automata can be reduced to a class C’ of weighted automata iffor all A C, there is A’ C’ such that LA = LA’.
NBW
DBW DCW=NCW
Some easy facts
and cannot be reduced to and
and can define quantitative languages with infinite range, and cannot.
Some easy factsFor discounted-sum, prefixes provide good approximations of the value.
For LimSup, LimInf and LimAvg, suffixes determine the value.
and cannot be reduced to
cannot be reduced to and
Büchi does not reduce to LimAvg
“infinitely many ’’Deterministic Büchi automaton
Assume that L1 is definable by a LimAvg automaton A.Then, all -cycles in A have average weight 0.
Büchi does not reduce to LimAvg
Hence, the maximal average weight of a run over any word in tends to (at most) 0 when
“infinitely many ’’Deterministic Büchi automaton
All -cycles in A have average weight 0.
Büchi does not reduce to LimAvg
Let We have where for sufficienly large
“infinitely many ’’Deterministic Büchi automaton
where for sufficienly large Hence,
Büchi does not reduce to LimAvg
Let We have
and A cannot exist !
“infinitely many ’’Deterministic Büchi automaton
(co)Büchi and LimAvg
cannot be reduced to By analogous arguments, cannot be reduced to
“finitely many ’’Deterministic coBüchi automaton
(co)Büchi and LimAvgDet. coBüchi automaton
L2 is defined by the following nondet. LimAvg automaton:
(co)Büchi and LimAvgDet. coBüchi automaton
L2 is defined by the following nondet. LimAvg automaton:
Hence, cannot be determinized.
Reducibility relations
Reducibility relations
Reducibility relations
is reducible to .
Expressive power of {0,1}-automata
is not reducible to .
is reducible to .
Expressive power of {0,1}-automata
Store the value
AB
is reducible to .
Expressive power of {0,1}-automata
AB
Key: can take finitely many different values.
in the example,
Store the value
is reducible to .
Expressive power of {0,1}-automata
AB
is reducible to .
Expressive power of {0,1}-automata
AB
is reducible to .
Expressive power of {0,1}-automata
AB
is reducible to .
Expressive power of {0,1}-automata
BA
Therefore for
is reducible to .
Expressive power of {0,1}-automata
A B
for all
Reducibility relations
What about Discounted Sum ?
Last result
cannot be determinized.
λ=3/4
This automaton can be determinized for λ ≤ 1/2,
not for rational λ > 1/2.
Discλ cannot be determinized
This automaton can be determinized for λ ≤ 1/2,
not for rational λ > 1/2.
Discλ cannot be determinized
Discλ cannot be determinizedValue of a word :
disc. sum of ’s
disc. sum of ’s
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
Discλ cannot be determinized
Let
If
then
Discλ cannot be determinized
Let
If
then
Discλ cannot be determinized
Discλ cannot be determinized
Discλ cannot be determinized
How many different values can take ?
Discλ cannot be determinized
How many different values can take ?
infinitely many if for all
Discλ cannot be determinized
How many different values can take ?
infinitely many if for all
By a careful analysis of the shape of the family of equations, it can be proven that no rational can be a solution.
Last result
cannot be determinized.
λ=3/4
Reducibility relations
Outline
• Motivation• Weighted automata
• Decision problems• Expressive power• Closure properties
• Beyond weighted automata
Operations
Operations on quantitative languages:
• shift(L1,c)(w) = L1(w) + c• scale(L1,c)(w) = c·L1(w) (c>0)
Operations
Operations on quantitative languages:
• shift(L1,c)(w) = L1(w) + c• scale(L1,c)(w) = c·L1(w) (c>0)• max(L1,L2)(w) = max(L1(w),L2(w)) • min(L1,L2)(w) = min(L1(w),L2(w)) • complement(L1)(w) = 1-L1(w)
Operations
Operations on quantitative languages:
• shift(L1,c)(w) = L1(w) + c• scale(L1,c)(w) = c·L1(w) (c>0)• max(L1,L2)(w) = max(L1(w),L2(w)) • min(L1,L2)(w) = min(L1(w),L2(w)) • complement(L1)(w) = 1-L1(w)• sum(L1,L2)(w) = L1(w) + L2(w)
Closure propertiesAll classes of weighted automata are closed under shift and scale.
All classes of nondeterministic weighted automata are closed under max.
Closure properties
Closure properties
Analogous results for boolean languages.
Closure propertiesThere is no nondeterministic LimAvg automaton for the language Lm = min(La,Lb).
Closure propertiesThere is no nondeterministic LimAvg automaton for the language Lm = min(La,Lb).
Assume that Lm = min(La,Lb) is definable by a LimAvg automaton C.
Closure propertiesThere is no nondeterministic LimAvg automaton for the language Lm = min(La,Lb).
Assume that Lm = min(La,Lb) is definable by a LimAvg automaton C.Then, some a-cycle or b-cycle in C has average weight >0.(consider the word for large)
Closure properties
Then, some a-cycle (or b-cycle) in C has average weight >0.Then, some word gets value >0…
There is no nondeterministic LimAvg automaton for the language Lm = min(La,Lb).
Assume that Lm = min(La,Lb) is definable by a LimAvg automaton C.
Closure propertiesThere is no nondeterministic LimAvg automaton for the language Lm = min(La,Lb).
There is no nondeterministic Discounted automaton for the language Lm = min(La,Lb).
Proof: analogous argument.
Closure properties
Closure properties
min(L1,L2) = 1-max(1-L1,1-L2)
Closure properties
By analogous arguments (analysis of cycles).
Outline
• Motivation• Weighted automata
• Decision problems• Expressive power• Closure properties
• Beyond weighted automata
Alternating weighted automata
Weight function
Alternating transition relation
Value of word outcome of two-player game:
Maximizer choosesMinimizer chooses
Alternating weighted automata
Value of word outcome of two-player game:
Maximizer choosesMinimizer chooses
Alternating weighted automata
2
Value of word outcome of two-player game:
Alternating weighted automata
2
-1
LimAvg Automata
LimAvg Automata
LimAvg Automata
E ::= A | max(E,E) | min(E,E) | Sum(E,E)
LimAvg Automaton ExpressionsLimAvg-automaton expressions are defined by:
E.g.: max(A1 + A2, min (A3, A4))
where A is a deterministic Lim{sup/inf}Avg-automaton.
E ::= A | max(E,E) | min(E,E) | Sum(E,E)
LimAvg Automaton ExpressionsLimAvg-automaton expressions are defined by:
where A is a deterministic Lim{sup/inf}Avg-automaton.Closure properties:
• Closed under max, min, sum• Deterministic automata are closed under complement• -max(E1,E2) = min(-E1,-E2)• -min(E1,E2) = max(-E1,-E2)• -sum(E1,E2) = sum (-E1,-E2)
E ::= A | max(E,E) | min(E,E) | Sum(E,E)
LimAvg Automaton ExpressionsLimAvg-automaton expressions are defined by:
Closure properties:
where A is a deterministic Lim{sup/inf}Avg-automaton.
E ::= A | max(E,E) | min(E,E) | Sum(E,E)
LimAvg Automaton ExpressionsLimAvg-automaton expressions are defined by:
Expressive power:
where A is a deterministic Lim{sup/inf}Avg-automaton.
E ::= A | max(E,E) | min(E,E) | Sum(E,E)
LimAvg Automaton ExpressionsLimAvg-automaton expressions are defined by:
Decision problems: all questions reduce to quant. emptiness
where A is a deterministic Lim{sup/inf}Avg-automaton.
Given , is LE(w) ≥ for some word w ?
Value setSolve decision problems using the value set:
E.g.: max(A1 + A2, min (A3, A4))
Value set = { (LA1(w),LA2(w),LA3(w),LA4(w)) | w Σω} R4
How to compute this set ?
Solve decision problems using the value set:
E.g.: max(A1 + A2, min (A3, A4))
A1 A2 A3 A4
Synchronized product is deterministicWeights are vectors in R4
Value set
Solve decision problems using the value set:
E.g.: max(A1 + A2, min (A3, A4))
A1 A2 A3 A4
Synchronized product is deterministicWeights are vectors in R4
Alur/Degorre/Maler/Weiss/09. On Omega-Languages Defined by Mean-Payoff Conditions.
Value set
where A1 and A2 are LimInfAvg-automata.
Value set
Value set
Consider a ‘crazy’ word:
Value set
Accumulation points
sum is 1 !
Value set
Accumulation points
sum is 1 !
Value set
Accumulation points
According to E = A1+A2, value is 0
sum is 1 !
sum is 0 !
Value set
• [ADMW09] considers accumulation points• we need individual limits
Value set
• [ADMW09] considers accumulation points• we need individual limitsThe two notions coincide for lasso-
words !
Value set
Accumulation set
Corners of accumulation set correspond to simple cycles in A1 A2
E = A1+A2
Value set
≠Accumulation set Value
set
E = A1+A2
Corners of accumulation set correspond to simple cycles in A1 A2
Value set
≠Accumulation set Value
set
E = A1+A2
Points in value set are fmin(points in accumulation set) where fmin(x,y,z,…) = u if ui = min(xi,yi,zi,…) 1 ≤ i ≤ n
Corners of accumulation set correspond to simple cycles in A1 A2
Value set
≠Accumulation set Value
set
E = A1+A2
Points in value set are fmin(points in accumulation set) where fmin(x,y,z,…) = u if ui = min(xI,yi,zi,…) 1 ≤ i ≤ n
Corners of accumulation set correspond to simple cycles in A1 A2
Conjecture: Corners in value set are fmin(corners in accumulation set).
Value set
Lemma: Fmin(conv(S)) is a convex set.
Points in value set are fmin(points in accumulation set)
Conjecture: Corners in value set are fmin(corners in accumulation set)
ValueSet = Fmin(AccSet) where
Fmin(A) = {fmin(x1,…,xn) | x1,…,xn A} for A Rn
Conjecture: Fmin(conv(S)) = conv(Fmin(S))
Value set
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))This holds in two dimensions (R2),
conv(S)
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))This holds in two dimensions (R2),
conv(S)
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))This holds in two dimensions (R2),
conv(S)
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))This holds in two dimensions (R2),
conv(S)
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))This holds in two dimensions (R2), but it is false in R3 !
Counter-example:S = {q,r,s} with q=(0,1,0) r=(-1,-1,1) s=(1,1,1)fmin(r,s) = rfmin(q,r) = fmin(q,r,s) = t = (-1,-1,0)fmin(q,s) = qFmin(S) = {q,r,s,t}
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))This holds in two dimensions (R2), but it is false in R3 !
Counter-example:S = {q,r,s} with q=(0,1,0) r=(-1,-1,1) s=(1,1,1)Fmin(S) = {q,r,s,t}Let p = (r+s)/2 = (0,0,1)fmin(p,q) = (0,0,0) Fmin(conv(S)) but (0,0,0) conv(Fmin(S))
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))
How to compute Fmin(conv(S)) ? (given finite set S)
conv(S)
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))
How to compute Fmin(conv(S)) ? (given finite set S)
conv(S)
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))
How to compute Fmin(conv(S)) ? (given finite set S)
conv(S)
Set of points that agree with some p conv(S) on one coordinate, and have other coordinates smaller
pu
Fmin(conv(S))Conjecture: Fmin(conv(S)) = conv(Fmin(S))
How to compute Fmin(conv(S)) ? (given finite set S)
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
Fmin(conv(S))
conv(S)
EmptinessSolve decision problems using the value set:
E.g.: E =max(A1 + A2, min (A3, A4))
Value set = { (LA1(w),LA2(w),LA3(w),LA4(w)) | w Σω} R4
LE(Σω) = { max(x+y, min(z,t)) | (x,y,z,t) Value Set}is a union of intervals.Find maximum of LE to solve emptiness
Distance
LEF(Σω) = { (LE(w),LF(w)) | w Σω}
Distance
and maximize |x-y| in this set.
LimAvg Automaton Expressions
Conclusion• Quantitative generalization of languages to model programs/systems more accurately.
• Decision problems, expressive power, closure properties.• Mean-payoff automaton expressions: robust and decidable. Distance computable.• Other results (not shown): probabilistic extension, cut-point languages, stability/robustness.
• Outlook: open questions for discounted sum synthesis question quantitative logic
Thank you !
Questions ?
The end