From Qualitative to Quantitative Theories of Software Tom Henzinger - - PowerPoint PPT Presentation

From Qualitative to Quantitative Theories of Software

Tom Henzinger

IST Austria

Qualitative Software Theories

Property Yes/No

Analysis

Program

Qualitative Software Theories

Yes/No

Analysis

Property Program

 (R ) } G) Kripke Structure

Qualitative Software Theories

Quantitative Program Quantitative Property Yes/No

Analysis

Timed Automaton  (R ) }· 5 G)

Qualitative Software Theories

Yes/No

Analysis

8 (R ) Pr(} G) ¸ 0.5) Markov Process

Quantitative Program Quantitative Property

Quantitative Software Theories

R

• measure of “fit” between program and property
• could involve cost, quality, performance, etc.

Analysis

Quantitative Program Quantitative Property

Quantitative Software Theories

R

Analysis

 (R ) } G) The less time between R and G, the better.

Quantitative Program Quantitative Property

• measure of “fit” between program and property
• could involve cost, quality, performance, etc.

Quantitative Software Theories

R

Analysis

The fewer “unnecessary” grants G, the better.

Quantitative Program Quantitative Property

• measure of “fit” between program and property
• could involve cost, quality, performance, etc.

 (R ) } G)

Qualitative Software Theories

S1 S’1 S2 S’’2 S’2 P1 P2 P3

Qualitative Software Theories

S1 S’1 S2 S’’2 S’2 P1 P2 P3

Quantitative Software Theories

S1 S’1 S2 S’’2 S’2 P1 P2 P3 0.9 0.8 0.5 0.7

Quantitative Software Theories

S1 S’1 S2 S’’2 S’2 P1 P2 P3 0.9 0.8 0.5 0.7 0.2

Quantitative Software Models

Q1 Assign values to program behaviors Boolean case: correct vs. incorrect behaviors Q2 Assign values to programs/properties Boolean case: sets of behaviors (nondeterminism) Q3 Assign values to pairs of programs/properties Boolean case: preorders (refinement)

Q1 Assign Values To Program Behaviors

• a. Probabilities

Q1 Assign Values To Program Behaviors

• a. Probabilities
• b. Resource use

worst case (sup) vs. average case (limavg) vs. accumulative (sum)

(e.g., response time, power consumption)

Q1 Assign Values To Program Behaviors

• a. Probabilities
• b. Resource use

worst case (sup) vs. average case (limavg) vs. accumulative (sum)

(e.g., response time, power consumption)

• c. Quality measures

discounting vs. long-run averaging

Q1 Example: Reliability Values

a: ok b: fail Discounted value (0 < d < 1):  a aaaaaaaaaa... 1 aaaaaaaab... 1 - d8 aaab... 1 - d3 b...

Q1 Example: Reliability Values

a: ok b: fail Discounted value (0 < d < 1):  a aaaaaaaaaa... 1 aaaaaaaab... 1 - d8 aaab... 1 - d3 b... Long-run average value: limavg a aaaaaaaaaa... 1 abaabaaab... 1 aaabaaabaaab... 3/4 babbabbba... aaaaaabbb...

sup or limavg sup or exp

Q2 Assign Values To Programs

relative to input distribution

a a a b b

Q3 Assign Distances To Programs

a a a a b b

Q3 Example: Correctness Distance

a a a a b b 1 b

Q3 Example: Correctness Distance

a a a b b b 1/3

Q3 Example: Correctness Distance

a a a b b b b 1/3 1/4 b b a

Q3 Example: Correctness Distance

a a a a b b 2/3

Q3 Example: Robustness Distance

a a a a b b a a b 2/3 1/3

Q3 Example: Robustness Distance

References

1 Simulation and bisimulation distances

[CONCUR 2010 Cerny et al.]

2 Quantitative languages

[CSL 2008, LICS 2009, CSL 2011 Boker et al.]

3 Quantitative synthesis

[CAV 2009, CAV 2010, CAV 2011 Cerny et al.]

Qualitative Software Theories

Property Yes/No

Analysis

Program

Qualitative Software Theories

Property Correct Program

Synthesis

Qualitative Software Theories

ω-Regular Automaton Correct Program = Winning Strategy

Graph Game with ω-Regular Objective

Quantitative Synthesis

Optimal Program

Synthesis

Quantitative Property

Quantitative Synthesis

Optimal Program = Optimal Strategy Weighted Automaton

Graph Game with Quantitative Objective

worst case

Quantitative Synthesis

Optimal Program = Optimal Strategy Weighted Automaton

Stochastic Graph Game with Quantitative Objective

avg case

Games for Quantitative Synthesis

1 Optimizing Resource Use / Performance

• costs refer to resource use

(e.g., power consumption, context switch)

• optimize peak or accumulative or average resource use
• formalized using sup or sum or limavg objectives
• synthesize schedules, routes, lock placement

Fine grained vs. coarse grained locks:

• fine grained locks allow more interleavings,

and therefore cause less waiting of threads

• coarse grained locks cause fewer context switches,

which are expensive Process 1: loop access x; access y end. Process 2: loop access x; access y end.

Fine grained vs. coarse grained locks:

• fine grained locks allow more interleavings,

and therefore cause less waiting of threads

• coarse grained locks cause fewer context switches,

which are expensive Process 1: loop access x; access y end. Process 2: loop access x; access y end.

Fine grained vs. coarse grained locks:

• fine grained locks allow more interleavings,

and therefore cause less waiting of threads

• coarse grained locks cause fewer context switches,

which are expensive Process 1: loop access x; access y end. Process 2: loop access x; access y end.

Games for Quantitative Synthesis

1 Optimizing Resource Use / Performance 2 Preference between Different Programs

• qualitative property, but some programs preferred over others
• can be formalized using lexicographic objectives

h f, g1, ... gn i

qualitative specification quantitative objectives

Request-Grant Buchi Automaton

Every request is followed by a grant. RG rg rG Rg Rg rg RG rG

Request-Grant limavg Automaton 1

Following a request, all steps until the next grant are penalized. RG: 0 rg: 0 rG: 0 Rg: 1 Rg: 1 rg: 1 RG: 0 rG: 0

Request-Grant limavg Automaton 2

All unnecessary grants are penalized. RG: 0 rg: 0 rG: 1 Rg: 0 Rg: 0 rg: 0 RG: 0 rG: 0

Conclusions

• We need to move from boolean program correctness criteria to

quantitative program preference metrics.

Conclusions

• We need to move from boolean program correctness criteria to

quantitative program preference metrics.

• “Quantitative” is more than “timed” and “probabilistic.”

Conclusions

• We need to move from boolean program correctness criteria to

quantitative program preference metrics.

• “Quantitative” is more than “timed” and “probabilistic.”
• Weighted automata over infinite words offer a quantitative

specification language: Limit average Sum/ energy Discounting

Conclusions

• We need to move from boolean program correctness criteria to

quantitative program preference metrics.

• “Quantitative” is more than “timed” and “probabilistic.”
• Weighted automata over infinite words offer a quantitative

specification language: Limit average Sum/ energy Discounting

• Games with quantitative objectives offer algorithmic solutions:

Quantitative synthesis Simulation distances