Automated synthesis of reliable and efficient systems through game - - PowerPoint PPT Presentation

Automated synthesis of reliable and efficient systems through game theory: a case study

Mickael Randour

UMONS - University of Mons

03.09.2012 European Conference on Complex Systems

Context Case study Final words

Background

I must confess. . .

Automated synthesis through game theory Mickael Randour 1 / 20

Context Case study Final words

Background

I must confess. . . I am a computer scientist.

Automated synthesis through game theory Mickael Randour 1 / 20

Context Case study Final words

Background

I must confess. . . I am a computer scientist. But these are the machines I work with. Focus on theoretical computer science.

Automated synthesis through game theory Mickael Randour 1 / 20

Context Case study Final words

Background

I must confess. . . I am a computer scientist. But these are the machines I work with. Focus on theoretical computer science. Turing machine: abstract model of computing device.

Automated synthesis through game theory Mickael Randour 1 / 20

Context Case study Final words

Background

My tools are games [VNM44].

Automated synthesis through game theory Mickael Randour 2 / 20

Context Case study Final words

Background

My tools are games [VNM44]. Our fields are different. Our games also. Could we still enrich each

• ther’s ideas? I certainly hope so!

⇒ high level talk, insight on the problems and concepts.

Automated synthesis through game theory Mickael Randour 2 / 20

Context Case study Final words

1 Context 2 Case study 3 Final words

Automated synthesis through game theory Mickael Randour 3 / 20

Context Case study Final words

1 Context 2 Case study 3 Final words

Automated synthesis through game theory Mickael Randour 4 / 20

Context Case study Final words

Reactive (computer) systems

Continuous interaction with the environment, must react to incoming events. Huge, intricate systems bug- and error-prone.

Automated synthesis through game theory Mickael Randour 5 / 20

Context Case study Final words

Reactive (computer) systems

Continuous interaction with the environment, must react to incoming events. Huge, intricate systems bug- and error-prone.

Testing to detect and correct faults. If there remain faults, we can still issue a patch later. . .

Automated synthesis through game theory Mickael Randour 5 / 20

Context Case study Final words

Critical systems

Some systems do not tolerate bugs.

Testing is not enough!

Small flaws can have disastrous consequences!

Therac-25 radiation therapy: several deaths. Pentium II division unit: ∼ 500 million $. Ariane 5 explosion (large number conversion). Mars Climate Orbiter loss (imperial vs. metric).

Automated synthesis through game theory Mickael Randour 6 / 20

Context Case study Final words

Formal proof of correctness

We need mathematical proof that a system will enforce a correct behavior, regardless of its environment. Specification: states what it should do and what it should not do. Whole systems are too complex: need accurate abstract models to work on. Two approaches:

Automated synthesis through game theory Mickael Randour 7 / 20

Context Case study Final words

Formal proof of correctness

We need mathematical proof that a system will enforce a correct behavior, regardless of its environment. Specification: states what it should do and what it should not do. Whole systems are too complex: need accurate abstract models to work on. Two approaches:

Verification: check if an existing system (model) satisfies a given specification, a posteriori process [AHK02].

Automated synthesis through game theory Mickael Randour 7 / 20

Context Case study Final words

Formal proof of correctness

We need mathematical proof that a system will enforce a correct behavior, regardless of its environment. Specification: states what it should do and what it should not do. Whole systems are too complex: need accurate abstract models to work on. Two approaches:

Verification: check if an existing system (model) satisfies a given specification, a posteriori process [AHK02]. Synthesis: automatically build a correct system from the specification, a priori process [Chu62, PR89, RW87].

Automated synthesis through game theory Mickael Randour 7 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 states and transitions.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Play begins in initial state: imagine a pebble marking the current state.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Players take turns: the owner of the state decides where goes the pebble. Players follow strategies: mappings from histories to choices. May be complex! E.g., randomization, memory.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Players take turns: the owner of the state decides where goes the pebble. Players follow strategies: mappings from histories to choices. May be complex! E.g., randomization, memory.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Players take turns: the owner of the state decides where goes the pebble. Players follow strategies: mappings from histories to choices. May be complex! E.g., randomization, memory.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Players take turns: the owner of the state decides where goes the pebble. Players follow strategies: mappings from histories to choices. May be complex! E.g., randomization, memory.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Players take turns: the owner of the state decides where goes the pebble. Players follow strategies: mappings from histories to choices. May be complex! E.g., randomization, memory.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Play continues ad infinitum. Declared winning for the system if it satisfies the specification. Otherwise, the environment

• wins. Hence, zero-sum games.

E.g., must visit s2 infinitely often.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Play continues ad infinitum. Declared winning for the system if it satisfies the specification. Otherwise, the environment

• wins. Hence, zero-sum games.

E.g., must visit s2 infinitely often.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Play continues ad infinitum. Declared winning for the system if it satisfies the specification. Otherwise, the environment

• wins. Hence, zero-sum games.

E.g., must visit s2 infinitely often.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Play continues ad infinitum. Declared winning for the system if it satisfies the specification. Otherwise, the environment

• wins. Hence, zero-sum games.

E.g., must visit s2 infinitely often.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 Play continues ad infinitum. Declared winning for the system if it satisfies the specification. Otherwise, the environment

• wins. Hence, zero-sum games.

E.g., must visit s2 infinitely often.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Graph games

Model interactions between two players: the system ( ) and its adversary, the uncontrollable environment ( ). s0 s1 s2 A reliable system must win against any strategy of the environment. Finding a winning strategy for the system = synthesizing a correct controller.

Automated synthesis through game theory Mickael Randour 8 / 20

Context Case study Final words

Study of game models: goals

Study various, powerful classes of games, winning objectives, strategies.

Modeling power vs. tractability.

Develop efficient, practically useable synthesis algorithms.

Automated synthesis through game theory Mickael Randour 9 / 20

Context Case study Final words

Study of game models: goals

Study various, powerful classes of games, winning objectives, strategies.

Modeling power vs. tractability.

Develop efficient, practically useable synthesis algorithms. Kind of questions:

Can we decide if the system can win? If it can, how complex need its strategy be? E.g., does it need memory? How much? Does it need to be randomized? How complex is it to build such a strategy? Time and space complexity?

Automated synthesis through game theory Mickael Randour 9 / 20

Context Case study Final words

1 Context 2 Case study 3 Final words

Automated synthesis through game theory Mickael Randour 10 / 20

Context Case study Final words

Synthesis process

system description environment description informal specification model as a game model as winning

• bjectives

synthesis is there a winning strategy ? empower system capabilities

• r weaken

specification requirements strategy = controller no yes Automated synthesis through game theory Mickael Randour 11 / 20

Context Case study Final words

Toy example: the automated lawnmower

Goal: synthesize a controller for a robotized lawnmower. Illustrates recent results of Chatterjee, Randour and Raskin [CRR12] on the synthesis problem for

qualitative behaviors (e.g., always eventually granting requests, never reaching a deadlock), along with multiple quantitative requirements (e.g., maintaining a bound on the mean response time, never running out of energy).

Automated synthesis through game theory Mickael Randour 12 / 20

Context Case study Final words

Modeling as a game

Model the interactions between the lawnmower and its environment as a game. Model the specification to enforce as winning objectives for the lawnmower.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base

The lawnmower starts the game in its base.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny cloudy sunny

The weather can be cloudy or sunny.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny cloudy (0, 0, 0) sunny (0, 0, 0)

Electric battery recharged under sunshine thanks to solar

• panels. Fuel tank filled on the base. Both are unbounded.

Each action takes time.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny rest (0, 2, 20) rest (2, 2, 20) cloudy (0, 0, 0) sunny (0, 0, 0)

Recharge battery (2 battery units) only when sunny. Refuel (2 fuel units) under both weather conditions. Resting takes 20 time units.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny grass cutting go back (0, 0, 0) cloudy (0, 0, 0) sunny (0, 0, 0) rest (0, 2, 20) rest (2, 2, 20)

No bound on the frequency of grass-cuttings. However, the grass must not grow boundlessly the lawnmower should cut the grass infinitely often.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny grass cutting use fuel switch to fuel (0, 0, 0) mow fuel (0, −2, 5) mow battery (−1, 0, 5) cloudy (0, 0, 0) sunny (0, 0, 0) go back (0, 0, 0) rest (0, 2, 20) rest (2, 2, 20)

When cloudy, operate under battery (1 battery unit) or using fuel (2 fuel units). Same speed (5 time units).

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny grass cutting use fuel fast mow (−1, −1, 2) slow mow (0, 0, 10) cloudy (0, 0, 0) sunny (0, 0, 0) go back (0, 0, 0) switch to fuel (0, 0, 0) mow fuel (0, −2, 5) mow battery (−1, 0, 5) rest (0, 2, 20) rest (2, 2, 20)

When sunny, slowly consumes no energy but takes 10 time units. Fast consumes both 1 unit of fuel and 1 unit of battery, but

• nly takes 2 time units.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny grass cutting cat attack use fuel no cat (0, 0, 0) cat (0, 0, 40) cloudy (0, 0, 0) sunny (0, 0, 0) fast mow (−1, −1, 2) go back (0, 0, 0) switch to fuel (0, 0, 0) mow fuel (0, −2, 5) mow battery (−1, 0, 5) slow mow (0, 0, 10) rest (0, 2, 20) rest (2, 2, 20)

Fast makes much noise and may wake up the cat grass-cutting interrupted and 40 time units lost. The cat does not go out if the weather is bad.

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Modeling as a game

base cloudy sunny grass cutting use fuel cat attack cloudy (0, 0, 0) sunny (0, 0, 0) fast mow (−1, −1, 2) go back (0, 0, 0) switch to fuel (0, 0, 0) mow fuel (0, −2, 5) mow battery (−1, 0, 5) slow mow (0, 0, 10) no cat (0, 0, 0) cat (0, 0, 40) rest (0, 2, 20) rest (2, 2, 20)

What is the objective of the lawnmower, i.e., the specification to enforce?

Automated synthesis through game theory Mickael Randour 13 / 20

Context Case study Final words

Winning objectives

Energy objective: fuel and battery must never drop below zero.

Automated synthesis through game theory Mickael Randour 14 / 20

Context Case study Final words

Winning objectives

Energy objective: fuel and battery must never drop below zero. Mean-payoff objective: mean time per action should be less than 10.

Automated synthesis through game theory Mickael Randour 14 / 20

Context Case study Final words

Winning objectives

Energy objective: fuel and battery must never drop below zero. Mean-payoff objective: mean time per action should be less than 10. Infinitely frequent grass-cutting: infinite visits along a play.

grass cutting

Automated synthesis through game theory Mickael Randour 14 / 20

Context Case study Final words

Lawnmower controller: example

cloudy base sunny cat attack grass cutting use fuel cloudy (0, 0, 0) sunny (0, 0, 0) fast mow (−1, −1, 2) go back (0, 0, 0) mow battery (−1, 0, 5) switch to fuel (0, 0, 0) mow fuel (0, −2, 5) slow mow (0, 0, 10) no cat (0, 0, 0) rest (0, 2, 20) rest (2, 2, 20) cat (0, 0, 40)

Simple controller (needs some memory): Start with empty battery and fuel levels. If sunny, mow slowly. If cloudy,

if battery ≥ 1, mow on battery,

• therwise, if fuel ≥ 2, mow on fuel,
• therwise, rest at the base.

Automated synthesis through game theory Mickael Randour 15 / 20

Context Case study Final words

1 Context 2 Case study 3 Final words

Automated synthesis through game theory Mickael Randour 16 / 20

Context Case study Final words

Controller synthesis in a nutshell: 1/2

Result 1 (Induced by [CRR12, Theorem 1]).

Enforcing a specification combining both qualitative and quantitative aspects may require exponential size controllers in terms of memory requirements in the worst case. Some systems require huge controllers.

Automated synthesis through game theory Mickael Randour 17 / 20

Context Case study Final words

Controller synthesis in a nutshell: 2/2

Sound formal bases and practically efficient algorithms for the automated synthesis of provably safe controllers for reactive systems.

Result 2 (Induced by [CRR12, Theorem 2]).

The synthesis of controllers for systems with qualitative and quantitative requirements, such as the lawnmower, is in EXPTIME. Deciding if there exists a good controller is easier: coNP-complete [CDHR10].

Automated synthesis through game theory Mickael Randour 18 / 20

Context Case study Final words

The real world is complex

Our techniques are only as good as our models.

Automated synthesis through game theory Mickael Randour 19 / 20

Context Case study Final words

The real world is complex

Our techniques are only as good as our models. We are always looking for new:

game paradigms (concurrent, n-player, etc), winning objectives (e.g., quantitative measures),

• applications. . .

. . . and questions!

Maybe we can exchange some ideas?

Automated synthesis through game theory Mickael Randour 19 / 20

Context Case study Final words

• Thanks. Questions ?

Automated synthesis through game theory Mickael Randour 20 / 20

Context Case study Final words

• R. Alur, T.A. Henzinger, and O. Kupferman.

Alternating-time temporal logic.

• J. ACM, 49(5):672–713, 2002.
• K. Chatterjee, L. Doyen, T.A. Henzinger, and J.-F. Raskin.

Generalized mean-payoff and energy games. In Proc. of FSTTCS, LIPIcs 8, pages 505–516. Schloss Dagstuhl - LZI, 2010.

• A. Church.

Logic, arithmetic, and automata. In Proceedings of the International Congress of Mathematicians, pages 23–35. Institut Mittag-Leffler, 1962.

• K. Chatterjee, M. Randour, and J.-F. Raskin.

Strategy synthesis for multi-dimensional quantitative

• bjectives.

In Proc. of CONCUR, LNCS. Springer, 2012.

Automated synthesis through game theory Mickael Randour 20 / 20

Context Case study Final words

To appear. Extended version on CoRR: http://arxiv.org/abs/1201.5073.

• A. Pnueli and R. Rosner.

On the synthesis of a reactive module. In Proc. of POPL, pages 179–190, 1989.

• M. Randour.

Automated synthesis of reliable and efficient systems through game theory: a case study. In Proc. of ECCS, 2012. To appear. On CoRR: http://arxiv.org/abs/1204.3283. P.J. Ramadge and W.M. Wonham. Supervisory control of a class of discrete-event processes. SIAM Journal of Control and Optimization, 25(1):206–230, 1987.

• J. Von Neumann and O. Morgenstern.

Theory of games and economic behavior.

Automated synthesis through game theory Mickael Randour 20 / 20

Princeton University Press, 1944.

Automated synthesis through game theory Mickael Randour 20 / 20