Bounded Model Checking of MPL Systems via Predicate Abstractions - PowerPoint PPT Presentation

Bounded Model Checking of MPL Systems via Predicate Abstractions FORMATS 2019 Muhammad Syifa’ul Mufid 1 , 3 Dieky Adzkiya 2 Alessandro Abate 1 1 Department of Computer Science, University of Oxford, UK 2 Department of Mathematics, ITS Surabaya, Indonesia 3 Indonesia Endowment Fund for Education (LPDP) Amsterdam, 27 August 2019

Outline � Max-Plus-Linear (MPL) systems and time difference � Predicate abstractions of MPL systems � Bounded Model Checking of MPL systems � Conclusion 2 of 20

Max-Plus-Linear Systems � Based on max-plus algebra ( R max , ⊕ , ⊗ ) where R max : = R ∪{− ∞ } . For all a , b ∈ R max a ⊕ b : = max { a , b } , a ⊗ b : = a + b � The operations can be applied to matrices. For A ∈ R n × n max , A ⊗ r to denote A ⊗ ... ⊗ A ( r times) � Defined as x ( k + 1 ) = A ⊗ x ( k ) , where A ∈ R n × n max and x ( k ) ∈ R n . � Applications: transportations, scheduling, biological systems... 3 of 20

Max-Plus-Linear Systems � The precedence graph of A , denoted by G ( A ) , is a weighted directed graph with vertices 1 , 2 ..., n and an edge from j to i with weight A ( i , j ) for each A ( i , j ) � = − ∞ � The average weight of path p = i 0 i 1 ... i k in G ( A ) is equal to A ( i 1 , i 0 )+ ... + A ( i k , i k − 1 ) k � A matrix A ∈ R n × n max is called irreducible if G ( A ) is strongly connected � If A is irreducible then there is only one eigenvalue λ = the maximum average weight of circuits 4 of 20

Max-Plus-Linear Systems Transient Condition * For an irreducible matrix A ∈ R n × n max and its corresponding eigenvalue λ , there exist k 0 , c ∈ N such that A ⊗ k + c = λ c ⊗ A ⊗ k for all k ≥ k 0 . The smallest such k 0 and c are called the transient and the cyclicity of A , respectively. * Baccelli, F., Cohen, G., Olsder, G.J., Quadrat, J.P.: Synchronization and Linear- ity: An Algebra for Discrete Event Systems. Wiley, Chichester (1992) 5 of 20

Max-Plus-Linear Systems Transient Condition * For an irreducible matrix A ∈ R n × n max and its corresponding eigenvalue λ , there exist k 0 , c ∈ N such that A ⊗ k + c = λ c ⊗ A ⊗ k for all k ≥ k 0 . The smallest such k 0 and c are called the transient and the cyclicity of A , respectively. Given x ( k + 1 ) = A ⊗ x ( k ) and an initial x ( 0 ) x ( 0 ) , x ( 1 ) , x ( 2 ) , ... is eventually periodic in max-plus algebraic sense. For all k ≥ k 0 , x ( k + c ) = λ c ⊗ x ( k ) * Baccelli, F., Cohen, G., Olsder, G.J., Quadrat, J.P.: Synchronization and Linear- ity: An Algebra for Discrete Event Systems. Wiley, Chichester (1992) 5 of 20

Max-Plus-Linear Systems Transient Condition * For an irreducible matrix A ∈ R n × n max and its corresponding eigenvalue λ , there exist k 0 , c ∈ N such that A ⊗ k + c = λ c ⊗ A ⊗ k for all k ≥ k 0 . The smallest such k 0 and c are called the transient and the cyclicity of A , respectively. Given x ( k + 1 ) = A ⊗ x ( k ) and an initial x ( 0 ) x ( 0 ) , x ( 1 ) , x ( 2 ) , ... is eventually periodic in max-plus algebraic sense. For all k ≥ k 0 , x ( k + c ) = λ c ⊗ x ( k )       x 1 ( k + c ) λ c x 1 ( k ) . . . .  = .  + .       . . .     x n ( k + c ) λ c x n ( k ) * Baccelli, F., Cohen, G., Olsder, G.J., Quadrat, J.P.: Synchronization and Linear- ity: An Algebra for Discrete Event Systems. Wiley, Chichester (1992) 5 of 20

Max-Plus-Linear Systems � Time differences x i ( k ) − x j ( k ) or x i ( k + 1 ) − x i ( k ) 6 of 20

Max-Plus-Linear Systems � Time differences or x ′ x i − x j i − x i 6 of 20

Max-Plus-Linear Systems � Time differences or x ′ x i − x j i − x i � Time difference propositions x i ′ − x i ∼ α ∼ ∈ { <, ≤ , ≥ ,> } and α ∈ R � Time difference specifications LTL formula over time difference propositions � � ( x i ′ − x i ≥ 5 ) ≡ x i ( 2 ) − x i ( 1 ) ≥ 5 � ♦� ( x i ′ − x i ≤ 8 ) ≡ ∃ k ≥ 0 s.t. ∀ m ≥ k x i ( m + 1 ) − x i ( m ) ≤ 8 6 of 20

Max-Plus-Linear Systems x ( k + 1 ) = A ⊗ x ( k ) set of initial A , I | = ϕ ? vectors I TD spec ϕ 6 of 20

Max-Plus-Linear Systems I = R n x ( k + 1 ) = A ⊗ x ( k ) For all x ( 0 ) ∈ I set of initial A , I | = ϕ ? x ( 0 ) , x ( 1 ) , x ( 2 ) ,... satisfies ϕ vectors I TD spec ϕ 6 of 20

Max-Plus-Linear Systems I = R n x ( k + 1 ) = A ⊗ x ( k ) For all x ( 0 ) ∈ I set of initial A , I | = ϕ ? x ( 0 ) , x ( 1 ) , x ( 2 ) ,... satisfies ϕ vectors I TD spec ϕ � Infinite and continuous state space � The primed variables � This problem is undecidable � Solve the problem by applying predicate abstractions (PA) and bounded model checking (BMC) 6 of 20

PA of MPL Systems � Abstractions: techniques to generate a finite and smaller system from a large or even infinite-space system ˆ S | = ϕ → S | = ϕ 7 of 20

PA of MPL Systems � Abstractions: techniques to generate a finite and smaller system from a large or even infinite-space system ˆ S | = ϕ → S | = ϕ � MPL systems → Piece-Wise Affine (PWA) System Partitioning state space into several convex domains (PWA regions). Each region has corresponding affine dynamics max , the region w.r.t. g ∈ { 1 ,..., n } n is � Given A ∈ R n × n n n � � x ∈ R n | x g i − x j ≥ A ( i , j ) − A ( i , g i ) � � R g = i = 1 j = 1 R g is a Difference-Bound Matrix (DBM) � If R g � = / 0 then the corresponding affine dynamics x i ′ = x g i + A ( i , g i ) , i = 1 ,..., n 7 of 20

PA of MPL Systems � Predicate abstraction: using a set of predicates P = { p 1 ,..., p k } � Predicates are identified from the (concrete) system and specifications � Abstract states are generated from all Boolean assignments w.r.t. P | ˆ S | ≤ 2 k � Predicates also serve as atomic propositions * * Clarke, E., Grumberg, O., Talupur, M., Wang, D.: Making predicate abstraction efficient. In: Hunt, W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 126-140. Springer, Heidelberg (2003). 8 of 20

PA of MPL Systems � Predicates from MPL systems? 9 of 20

PA of MPL Systems � Predicates from MPL systems? n n � � x ∈ R n | x g i − x j ≥ A ( i , j ) − A ( i , g i ) � � R g = i = 1 j = 1 9 of 20

PA of MPL Systems � Predicates from MPL systems? n n � � x ∈ R n | x g i − x j ≥ A ( i , j ) − A ( i , g i ) � � R g = i = 1 j = 1 Predicates are in the form of x k − x j ∼ A ( i , j ) − A ( i , k ) , i = 1 ,..., n , k < j ∈ fin i where fin i = { j | A ( i , j ) � = − ∞ } WLOG ∼ ∈ { >, ≥} 9 of 20

PA of MPL Systems � Predicates from specifications? x i ′ − x i ∼ α { x j + A ( i , j ) }− x i ∼ α max j ∈ fin i 10 of 20

PA of MPL Systems � Predicates from specifications? x i ′ − x i ∼ α { x j + A ( i , j ) }− x i ∼ α max j ∈ fin i Predicates are in the form of x j − x i ∼ α − A ( i , j ) for all j ∈ fin i � If i ∈ fin i i.e. A ( i , i ) � = − ∞ , we can ignore x i − x i ∼ α − A ( i , i ) 10 of 20

PA of MPL Systems Example: � 2 � � x 1 � 5 x ′ = A ⊗ x = and t ≡ x ′ ⊗ 1 − x 1 ≤ 5 3 3 x 2 11 of 20

PA of MPL Systems Example: � 2 � � x 1 � 5 x ′ = A ⊗ x = and t ≡ x ′ ⊗ 1 − x 1 ≤ 5 3 3 x 2 Predicates from MPL system Predicates from TD proposition x k − x j ∼ A ( i , j ) − A ( i , k ) x j − x i ∼ α − A ( i , j ) 11 of 20

PA of MPL Systems Example: � 2 � � x 1 � 5 x ′ = A ⊗ x = and t ≡ x ′ ⊗ 1 − x 1 ≤ 5 3 3 x 2 Predicates from MPL system Predicates from TD proposition x k − x j ∼ A ( i , j ) − A ( i , k ) x j − x i ∼ α − A ( i , j ) x 1 − x 2 ≥ 3 x 2 − x 1 ≤ 0 x 1 − x 2 ≥ 0 11 of 20

PA of MPL Systems Example: � 2 � � x 1 � 5 x ′ = A ⊗ x = and t ≡ x ′ ⊗ 1 − x 1 ≤ 5 3 3 x 2 Predicates from MPL system Predicates from TD proposition x k − x j ∼ A ( i , j ) − A ( i , k ) x j − x i ∼ α − A ( i , j ) x 1 − x 2 ≥ 3 x 2 − x 1 ≤ 0 x 1 − x 2 ≥ 0 There are two predicates, P = P mat ∪ P time = { p 1 , p 2 } where p 1 ≡ x 1 − x 2 ≥ 3 p 2 ≡ x 1 − x 2 ≥ 0 11 of 20

PA of MPL Systems Example: There are four possible Boolean assignments ¬ p 1 ¬ p 2 ≡ ( x 1 − x 2 < 3 ) ∧ ( x 1 − x 2 < 0 ) ¬ p 1 p 2 ≡ ( x 1 − x 2 < 3 ) ∧ ( x 1 − x 2 ≥ 0 ) p 1 ¬ p 2 ≡ ( x 1 − x 2 ≥ 3 ) ∧ ( x 1 − x 2 < 0 ) empty set ≡ ( x 1 − x 2 ≥ 3 ) ∧ ( x 1 − x 2 ≥ 0 ) p 1 p 2 but only three abstracts states: s 0 ) = { x ∈ R 2 | x 1 − x 2 < 0 } s 0 ≡ ¬ p 1 ¬ p 2 DBM ( ˆ ˆ s 1 ) = { x ∈ R 2 | 0 ≤ x 1 − x 2 < 3 } s 1 ≡ ¬ p 1 p 2 DBM ( ˆ ˆ s 2 ) = { x ∈ R 2 | x 1 − x 2 ≥ 3 } s 2 ≡ p 1 p 2 ˆ DBM ( ˆ 11 of 20