Model Checking Games for a Fair Branching-Time Temporal Epistemic - - PowerPoint PPT Presentation

model checking games for a fair branching time temporal
SMART_READER_LITE
LIVE PREVIEW

Model Checking Games for a Fair Branching-Time Temporal Epistemic - - PowerPoint PPT Presentation

Feb 15, 2023 214 likes •435 views

Model Checking Games for a Fair Branching-Time Temporal Epistemic Logic Xiaowei Huang and Ron van der Meyden The University of New South Wales, Australia. The 22nd Australasian Joint Conference on Artificial Intelligence X. Huang & R. van

slide-1
SLIDE 1

Model Checking Games for a Fair Branching-Time Temporal Epistemic Logic

Xiaowei Huang and Ron van der Meyden

The University of New South Wales, Australia.

The 22nd Australasian Joint Conference on Artificial Intelligence

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 1 / 20

slide-2
SLIDE 2

Outline

1

Model Checking Knowledge

2

Motivation: Counterexample

3

Model Checking Games

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 2 / 20

slide-3
SLIDE 3

Model Checking

System: Kripke Structure M = (S, I, →, π) Property: Temporal Logic Formula φ

1

branching time temporal logics, e.g., CTL

2

linear time temporal logics, e.g., LTL Model Checking Problem: decide if M |= φ

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 3 / 20

slide-4
SLIDE 4

Epistemic Property on Model Checking

A simplified version of Byzantine-General protocol

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 4 / 20

slide-5
SLIDE 5

Epistemic Property on Model Checking

Running properties

φ1

Once General 2 receives the message, General 1 will know that General 2 knows his plan.

φ2

General 2 always thinks that it is possible that the message is lost but received.

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 5 / 20

slide-6
SLIDE 6

Epistemic + Branching Time Temporal logic

Syntax of CTLKn

φ :== p | ¬φ | φ1 ∨ φ2 | EXφ | E[φ1Uφ2] | EGφ | Kiφ | CGφ

Interpreted System

A run over S is a function r : N → S An interpreted system for n agents is a tuple I = (R, ∼1, . . . , ∼n, π)

◮ R: a set of runs over S ◮ ∼i: indistinguishability relation on S w.r.t. agent i ◮ π : S → P(Prop)

A point of I is a pair (r, m) where r ∈ R and m ∈ N

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 6 / 20

slide-7
SLIDE 7

Epistemic + Branching Time Temporal logic (Cont.)

Bundle semantics [J. Burgess, 1979; R. van der Meyden, 2003]

I, (r, m) |= EFφ if there exists a run r ′ ∈ R equivalent to r up to time m and m′ ≥ m such that I, (r ′, m′) |= φ.

Observational semantics

I, (r, m) |= Kiφ if for all points (r ′, m′) of I such that r(m) ∼i r ′(m′) we have I, (r ′, m′) |= φ

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 7 / 20

slide-8
SLIDE 8

Epistemic + Branching Time Temporal logic (Cont.)

Kripke Structure

M = (S, I, →, ∼1, . . . , ∼n, π, α)

Fairness Condition

α: generalised B¨ uchi fairness, defined with several sets of states. A run is accepting if it passes through at least one state of every set of states infinitely often. can express some properties like ‘whenever A occurs, B occurs at some later time’ or ‘A occurs infinitely often’.

Running Example

1

Fairness = sndack, where proposition sndack denotes the set of states on which ack is sent.

2

Fairness = sndmsg.

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 8 / 20

slide-9
SLIDE 9

Epistemic Property on Model Checking

φ1 = AG(rcvmsg ⇒ K1K2sndmsg)

Once General 2 receives the message, General 1 will know that General 2 knows his plan.

φ2 = AG(¬K2¬(msglost ∧ rcvmsg))

General 2 always thinks that it is possible that the message is lost but received.

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 9 / 20

slide-10
SLIDE 10

Workflow on MCK

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 10 / 20

slide-11
SLIDE 11

Counterexample of formula φ1

φ1 = AG(rcvmsg ⇒ K1K2sndmsg) (universal fragment of CTLKn) φ1 = EF(rcvmsg ∧ K1 K2¬sndmsg)

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 11 / 20

slide-12
SLIDE 12

Counterexample of formula φ2 ?

φ2 = AG(¬K2¬(msglost ∧ rcvmsg)) φ2 = EF(K2(msglost ∧ rcvmsg)) I, (r, m) |= Kiφ if for all points (r ′, m′) of I such that r(m) ∼i r ′(m′) we have I, (r ′, m′) |= φ “we can expect to have simple natural counterexamples only for universal specifications.” [E.M. Clarke and H. Veith, 2003]

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 12 / 20

slide-13
SLIDE 13

Game Scenario

Players:

Sys and Usr

Roles:

verifier (V) and refuter (R)

Configurations:

Initial configuration: Usr :φ. Intermediate configuration: p : {(s1, φ1), ..., (sm, φm)} Final configuration: “p wins”

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 13 / 20

slide-14
SLIDE 14

Game Rules

CurrentConfiguration NextConfiguration Role (Condition) “if the game is in the CurrentConfiguration and the Condition holds, then it is the turn of the player in role Role to move, and one of the choices available to this player is to move the game into configuration NextConfiguration.”

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 14 / 20

slide-15
SLIDE 15

Simple Rules

p : (s, φ1 ∨ φ2) p : (s, φi) V (i ∈ {1, 2}) p : (s, φ1 ∧ φ2)

  • pp(p) : (s, ¬φi) R

(i ∈ {1, 2})

Without Fairness

p : (s, EFφ) p : (sm, φ) V (s = s1 → ... → sm)

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 15 / 20

slide-16
SLIDE 16

Game Rules with Fairness

p : (s, EFφ) p : {(sm, φ), (sm, Fair)} V (s = s1 → ... → sm) p : {(s1, φ1), ..., (sm, φm)} p : (sk, φk) R (1 ≤ k ≤ m) p : (s, Fair) p : {(sl1, χ1), ..., (slN, χN)} V (s = s1 → ... → sm, sm = sk, k ≤ l1, ..., lN < m)

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 16 / 20

slide-17
SLIDE 17

Game Rules with Fairness and Reachability

p : (s, Kiφ)

  • pp(p) : {(t, ¬φ), (t, Fair), (t, Reach)} R

(t ∈ S, s ∼i t) p : (s, Reach) p : (s1, Init) V (s1 → ... → sm = s) p : (s, Init) p wins (s ∈ I) p : (s, Init)

  • pp(p) wins

(s I)

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 17 / 20

slide-18
SLIDE 18

Strategy and Winning Strategy

A strategy of a player is a function mapping the set of configurations in which it is the players’ turn, to the set of possible next configurations according to the game rules. A winning strategy for player p is a strategy σp, such that for all strategies σopp(p) for the opponent, all plays of the game according to (σp, σopp(p)) are finite and end in the configuration “p wins”.

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 18 / 20

slide-19
SLIDE 19

Theoretical Results

Finitness of Game

If M is a finite state system and φ is any CTLKn formula, then all plays

  • f the game for (M, φ) are finite.

Main Theorem

For all finite state systems M and formulas φ of CTLKn, we have M |= φ iff there exists a winning strategy for Sys in the game for (M, φ).

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 19 / 20

slide-20
SLIDE 20

Conclusion and Future Works

Provide a debugging facility for the epistemic model checker MCK.

Current Implementation

1

Abstract winning strategy from the result of model checking.

◮ explicit-states model checker ◮ bounded model checker 2

A logic combining CTL and epistemic opeartors

Future

1

Abstract winning strategy from symbolic model checker

2

More expressive logics, e.g., a logic including µ-calculus operators

3

...

  • X. Huang & R. van der Meyden (UNSW)

Model Checking Games AI’09 20 / 20