Martin Leucker Institut fur¤ Informatik TU...
Transcript of Martin Leucker Institut fur¤ Informatik TU...
![Page 1: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/1.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning meets VerificationMartin Leucker
Institut fur Informatik
TU Munchen
![Page 2: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/2.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
The idea
Learning meets Verification — 2
![Page 3: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/3.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning
Learning here means:
Given exemplifying behavior of a system
in terms of words
Learn a model conforming to the given behavior
in terms of a deterministic finite automaton (DFA)
Learning meets Verification — 3
![Page 4: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/4.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning
Learning here means:
Given exemplifying behavior of a systemin terms of words
Learn a model conforming to the given behaviorin terms of a deterministic finite automaton (DFA)
Learning meets Verification — 3
![Page 5: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/5.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Examples?
All given behavior must be accepted by the model
Exactly the given behavior must be accepted by the model
Give positive and negative examples
All given positive behavior must be accepted by the model and
All given negative behavior must be rejected by the model
Occam’s razor: In case of different explanations, choose thesimplest one
Here: Learn the minimal DFA conforming to the given examples
Learning meets Verification — 4
![Page 6: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/6.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Examples?
All given behavior must be accepted by the model
Exactly the given behavior must be accepted by the model
Give positive and negative examples
All given positive behavior must be accepted by the model and
All given negative behavior must be rejected by the model
Occam’s razor: In case of different explanations, choose thesimplest one
Here: Learn the minimal DFA conforming to the given examples
Learning meets Verification — 4
![Page 7: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/7.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Examples?
All given behavior must be accepted by the model
Exactly the given behavior must be accepted by the model
Give positive and negative examples
All given positive behavior must be accepted by the model and
All given negative behavior must be rejected by the model
Occam’s razor: In case of different explanations, choose thesimplest one
Here: Learn the minimal DFA conforming to the given examples
Learning meets Verification — 4
![Page 8: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/8.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Examples?
All given behavior must be accepted by the model
Exactly the given behavior must be accepted by the model
Give positive and negative examples
All given positive behavior must be accepted by the model and
All given negative behavior must be rejected by the model
Occam’s razor: In case of different explanations, choose thesimplest one
Here: Learn the minimal DFA conforming to the given examples
Learning meets Verification — 4
![Page 9: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/9.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Plan
Biermann’s approach
Angluin’s learning algorithm
Angluin’s + Biermann’s
Extensions to regularrepresentative systems
Application scenarios
Learning meets Verification — 5
![Page 10: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/10.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Biermann’s algorithm
Learning meets Verification — 6
![Page 11: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/11.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Setting
A sample is as a partial function O : Σ∗ → {+,−, ?}, defined onprefix-closed domain.
Goal: Given a sample O , find automaton conforming to O .
Learning meets Verification — 7
![Page 12: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/12.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning as Constraint Satisfaction (CSP)
Let A = (Q, q0, δ,Q+) conforming to O . For u ∈ D(O),
Su = δ(q0, u). Obviously:
q0 = Sε,
O(u) = + implies Su ∈ Q+
O(u) = − implies Su 6∈ Q+
Su = Sv implies ∀a ∈ Σ Sua = Sva
We can understand the Su as variables.
Learning meets Verification — 8
![Page 13: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/13.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning as Constraint Satisfaction (CSP) (2)
Let CSP(O) denote the set of equationsWhen O(u) = +, O(v) = − or O(u) = −, O(v) = + then
Su 6= Sv
For a ∈ Σ, ua, va ∈ D(O), we get
Su = Sv ⇒ Sua = Sva
Lemma(Learning as CSP, [Biermann,72])For a sample O , a DFA with N states conforming to O existsiff CSP(O) is solvable over {1, . . . , N}.
Further constraints can be added to speed up CSP solution.
Learning meets Verification — 9
![Page 14: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/14.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning as Constraint Satisfaction (CSP) (2)
Let CSP(O) denote the set of equationsWhen O(u) = +, O(v) = − or O(u) = −, O(v) = + then
Su 6= Sv
For a ∈ Σ, ua, va ∈ D(O), we get
Su = Sv ⇒ Sua = Sva
Lemma(Learning as CSP, [Biermann,72])For a sample O , a DFA with N states conforming to O existsiff CSP(O) is solvable over {1, . . . , N}.
Further constraints can be added to speed up CSP solution.
Learning meets Verification — 9
![Page 15: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/15.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning as Constraint Satisfaction (CSP) (2)
Let CSP(O) denote the set of equationsWhen O(u) = +, O(v) = − or O(u) = −, O(v) = + then
Su 6= Sv
For a ∈ Σ, ua, va ∈ D(O), we get
Su = Sv ⇒ Sua = Sva
Lemma(Learning as CSP, [Biermann,72])For a sample O , a DFA with N states conforming to O existsiff CSP(O) is solvable over {1, . . . , N}.
Further constraints can be added to speed up CSP solution.
Learning meets Verification — 9
![Page 16: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/16.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Constraint Solving as SAT problem
Equations to translate
1. Su ∈ {1, . . . , N}
2. Su 6= Su′
3. Su = Su′ ⇒ Sua = Su′a
4. Su = i for some i ∈ {1, . . . N}.
Learning meets Verification — 10
![Page 17: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/17.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Binary encoding
Su = S1u . . . Sm
u
for Su taking a value in {1, . . . , N}, m := dlog2 Ne
Su 6= Su′ holds iff ∨
k∈{1,...,m}
Sku 6= Sk
u′
. . .
Binary SAT encoding yields O(n2N log N) clauses over O(log N)variables.
Learning meets Verification — 11
![Page 18: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/18.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Unary encoding
Su = S1u . . . SN
u — exactly one is bit is 1for Su taking a value in {1, . . . , N}
Unary SAT encoding yields O(n2N2) clauses over O(N) variables.
Learning meets Verification — 12
![Page 19: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/19.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning with Biermann
Learner
Oracle
Is A equivalent to system to learn?
Yes/Counterexample
Learning meets Verification — 13
![Page 20: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/20.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Angluin’s learning algorithm
Learning meets Verification — 14
![Page 21: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/21.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Overview
Learner
Teacher
Oracle
Is A equivalent to system to learn?
Is “aaba” a member of the language?
Yes/No
Yes/Counterexample
Learning meets Verification — 15
![Page 22: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/22.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b
{ε}{ε, a, b, ba}
{a, ba}{ε}
{b}{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}∅
00
11
22
error
Learning meets Verification — 16
![Page 23: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/23.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b{ε}
{ε, a, b, ba}
{a, ba}
{ε}
{b}
{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}
∅00
11
22
error
Learning meets Verification — 16
![Page 24: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/24.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b{ε}{ε, a, b, ba}
{a, ba}{ε}
{b}{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}∅
00
11
22
error
ε b a
ε T T Ta T F Fb T F T
aa F F F
Learning meets Verification — 16
![Page 25: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/25.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b{ε}{ε, a, b, ba}
{a, ba}{ε}
{b}{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}∅
0
0
11
22
error
ε b a
ε T T Ta T F Fb T F T
aa F F F
Learning meets Verification — 16
![Page 26: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/26.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b{ε}{ε, a, b, ba}
{a, ba}{ε}
{b}{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}∅
00
1
1
22
error
ε b a
ε T T Ta T F Fb T F T
aa F F F
Learning meets Verification — 16
![Page 27: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/27.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b{ε}{ε, a, b, ba}
{a, ba}{ε}
{b}{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}∅
00
11
2
2
error
ε b a
ε T T Ta T F Fb T F T
aa F F F
Learning meets Verification — 16
![Page 28: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/28.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm (2)
0
1
2
a
b
a error
b
a,b a,b{ε}{ε, a, b, ba}
{a, ba}{ε}
{b}{ε, a}
{bb(a + b)?+
(ba + a)(a + b)+}∅
00
11
22
error
ε b a
ε T T Ta T F Fb T F T
aa F F F
Learning meets Verification — 16
![Page 29: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/29.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
0
1
2
a
b
a error
b
a,b a,b
Learning meets Verification — 17
![Page 30: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/30.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
ε
ε T
a Tb T
Learning meets Verification — 17
![Page 31: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/31.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
ε
ε T
a Tb T
ε
a,b
Counterexample is bb.
Learning meets Verification — 17
![Page 32: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/32.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
ε
ε T
a Tb T
ε
ε Tb Tbb F
a Tba Tbba Fbbb F
Learning meets Verification — 17
![Page 33: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/33.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
ε
ε T
a Tb T
ε
ε Tb Tbb F
a Tba Tbba Fbbb F
Inconsistent since row(ε · b · ε) 6= row(b · b · ε).
Learning meets Verification — 17
![Page 34: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/34.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
ε
ε T
a Tb T
ε
ε Tb Tbb F
a Tba Tbba Fbbb F
ε bε
ε T Tb T Fbb F F
a T Fba T Fbba F Fbbb F F
Learning meets Verification — 17
![Page 35: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/35.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Algorithm - Example
ε
ε T
a Tb T
ε
ε Tb Tbb F
a Tba Tbba Fbbb F
ε bε
ε T Tb T Fbb F F
a T Fba T Fbba F Fbbb F F
ε b bba,b b
a a,b
Counterexample is aa.
Learning meets Verification — 17
![Page 36: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/36.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Angluin + Biermann
Learning meets Verification — 18
![Page 37: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/37.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Overview
Learner
Teacher
Oracle
Is A equivalent to system to learn?
Is “aaba” a member of the language?
Yes/No/?
Yes/Counterexample
Learning meets Verification — 19
![Page 38: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/38.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Biermann + Angluin
Make Angluin’s table weakly closed and weakly consistent
Translate table to sample
Use Biermann’s aprroach
Learning meets Verification — 20
![Page 39: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/39.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Angluin + Biermann
A different view:
Speed up Biermanns approach by asking queries
queries may be answered by don’t know
Use Biermann’s aprroach
but erlage sample by using queries
following Angluin’s algorithm
Learning meets Verification — 21
![Page 40: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/40.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning Regular Representative Objects
Learning meets Verification — 22
![Page 41: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/41.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Overview
Regular Languages Objects
D
D
u ≈ u′
w′′w ≈ w′
obj
∼
Learning meets Verification — 23
![Page 42: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/42.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning Setup
DefinitionLet O be a set of objects and ∼ ⊆ O ×O be an equivalencerelation. A learning setup for (O,∼) is a quintuple (Σ,D,≈,`, obj )where
Σ is an alphabet,
D ⊆ Σ∗ is the domain,
≈ ⊆ D ×D is an equivalence relation such that, for any w ∈ D,[w]≈ is finite,
` ⊆ 2D × 2Σ∗ such that, for any (L1, L2) ∈ `, L1 is both finiteand ≈-closed, and L2 is a nonempty decidable language,
obj : RminDFA(Σ,D,≈,`) → [O]∼ is a bijective effectivemapping in the sense that, for L ∈ RminDFA(Σ,D,≈,`), arepresentative of obj (L) can be computed.
Learning meets Verification — 24
![Page 43: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/43.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning Setup (continued)
Furthermore, we require that the following hold for DFA A over Σ:
(D1) The problem whether L(A) ⊆ D is decidable . If, moreover,L(A) 6⊆ D, one can compute w ∈ L(A) \ D. We then say thatINCLUSION(Σ,D) is constructively decidable.
(D2) If L(A) ⊆ D, it is decidable whether L(A) is ≈-closed. If not,one can compute w,w′ ∈ D such that w ≈ w′, w ∈ L(A), andw′ 6∈ L(A). We then say that the problemEQCLOSURE(Σ,D,≈) is constructively decidable.
(D3) If L(A) ⊆ D is closed under ≈, it is decidable whether L(A) is`-closed. If not, we c an compute (L1, L2) ∈ ` (hereby, L2 shallbe given in terms of a decision algorithm that checks a word formembership) such that L1 ⊆ L(A) and L(A) ∩ L2 = ∅. Wethen say that INFCLOSURE(Σ,D,≈,`) is constructivelydecidable.
Learning meets Verification — 25
![Page 44: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/44.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Applications
Used for learning
prefix-closed languages
closed under independence relation
symmetry-closed languages
Used for learning message-passing automata acceptingmessage sequence charts
Learning meets Verification — 26
![Page 45: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/45.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Applications
Used for learning
prefix-closed languages
closed under independence relation
symmetry-closed languages
Used for learning message-passing automata acceptingmessage sequence charts
Learning meets Verification — 26
![Page 46: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/46.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning Timed Systems
Learning meets Verification — 27
![Page 47: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/47.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Event Recording Automata as DFAs
A Deterministic Event-Recording Automaton over Σ and guards G
is a DFA over Σ × G
0
1
2
3
4
5
6
7
b
a
c
b
c [xb ≥ 3]
b [xc ≤ 3]
a [xb ≥ 2]
a [xb ≥ 1]
c
Learning meets Verification — 28
![Page 48: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/48.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Learning DERAs
Main problem to solve:
Queries of guarded word has to be answered by checkingtimed words
Learning meets Verification — 29
![Page 49: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/49.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Applications
Learning meets Verification — 30
![Page 50: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/50.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Minimizing of automata
Minimization of Incompletely Specified Finite-State Machine
Incremental Learning(Angluin+Biermann)
Equivalence Check
report minimalsystem
Big systemcurrent model
no counterexample
counter example
Learning meets Verification — 31
![Page 51: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/51.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Black-box Checking
BlackBox
|= ϕ
Learning meets Verification — 32
![Page 52: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/52.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Black-box Checking
Incremental Learning(Angluin)
Model Checkingwrt. current model
Check equivalence(VC algorithm)
Comparecounterexample
with system
reportno error found
reportcounterexample
No counterexample Counterexample found
Conformance established Counterexample confirmed
Model and system do not conform Counterexample refuted
Learning meets Verification — 33
![Page 53: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/53.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Testing
Model-based test generation is to
generate test cases based on given model
Use Learning to learn approximation of the system
Learning meets Verification — 34
![Page 54: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/54.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Conformance Testing versus Learning
Conformance Testing:Test Suite
Specification Implementation=
Assumptions
Conformance
Regular Inference:Observations
Hypothesis Implementation=
Assumptions
Queries
Learning meets Verification — 35
![Page 55: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/55.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Testing versus Learning II
Theorem
if O is a conformance test suite for Mthen M is uniquely inferred from O, and
if A is uniquely inferred from O
then O is a conformance test suite for A.
Learning meets Verification — 36
![Page 56: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/56.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Verification by Invariants
∀n S[n] := P ‖ . . . P?
|= ϕ
∀n S[n] := P ‖ . . . P?
v ϕ
Solution: Find proper network invariant I such thatP v I
P ‖ I v I
I v ϕ
⇒ P ‖ . . . ‖ P v I v ϕ
Use Learning to find proper invariant I
Learning meets Verification — 37
![Page 57: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/57.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Verification by Invariants
∀n S[n] := P ‖ . . . P?
|= ϕ
∀n S[n] := P ‖ . . . P?
v ϕ
Solution: Find proper network invariant I such thatP v I
P ‖ I v I
I v ϕ
⇒ P ‖ . . . ‖ P v I v ϕ
Use Learning to find proper invariant I
Learning meets Verification — 37
![Page 58: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/58.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Verification by Invariants
∀n S[n] := P ‖ . . . P?
|= ϕ
∀n S[n] := P ‖ . . . P?
v ϕ
Solution: Find proper network invariant I such thatP v I
P ‖ I v I
I v ϕ
⇒ P ‖ . . . ‖ P v I v ϕ
Use Learning to find proper invariant I
Learning meets Verification — 37
![Page 59: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/59.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Verification by Invariants II
Incremental Learning(Angluin+Biermann)
current model
yesno
reportproper invariant
Pϕ
spawn
w ∈ I | w /∈ P ‖ I
Check current I
P ‖ I v I
Learning meets Verification — 38
![Page 60: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/60.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Further applications
Learning Assumptions in assume-guarantee reasoning
Learning transitive closure of transducers in regular modelchecking
Learning to verify branching time properties
Learning message passing automata based on messagesequence charts to incrementally derive a specification (model)
Learning used for getting strategies in games
. . .
Learning meets Verification — 39
![Page 61: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/61.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Conclusion – TO DOs
Learning meets Verification — 40
![Page 62: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/62.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
Thanks. . .
Bengt Jonsson
Agha, Alur, Angluin, Berg, Biermann, Bol-lig, Gold, Groce, Grinchtein, Katoen, Kern,Madhusudan, Maler, Peled, Piterman, Pnueli,Oliveira, Raffelt, Sen, Silva, Steffen, Vardhan,Vardi, Viswanathan, Yannakakis, . . .
Learning meets Verification — 41
![Page 63: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/63.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
TO DOs
efficient implementations of Angluin’s algorithm
efficient implementations ofBiermann’s+Angluin’s algorithm
Learning of Büchi automata
Can different kinds of learning algorithms helpfor verification tasks?
Learning meets Verification — 42
![Page 64: Martin Leucker Institut fur¤ Informatik TU Munchen¤liacs.leidenuniv.nl/~bonsanguemm/fmco/2006/leucker.pdf · MUNCHEN¤ Examples? All given behavior must be accepted by the model](https://reader036.fdocuments.net/reader036/viewer/2022062510/611f4b30e9f9ef34cf3aa00c/html5/thumbnails/64.jpg)
TECHNISCHEUNIVERSITATMUNCHEN
TO DOs
efficient implementations of Angluin’s algorithm
efficient implementations ofBiermann’s+Angluin’s algorithm
Learning of Büchi automata
Can different kinds of learning algorithms helpfor verification tasks?
Learning meets Verification — 42