Short Accepting Lassos & Witnesses in -automata R udiger - - PowerPoint PPT Presentation

Short Accepting Lassos & Witnesses in ω-automata

R¨ udiger Ehlers

Saarland University, Reactive Systems Group

LATA 2010 – May 27, 2010

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 1 / 20

ω-automata

Basic properties

Similar to ordinary finite automata Accept/reject infinite words w ∈ Σω Typical acceptance condition types: Safety, B¨ uchi, Rabin, Streett, Muller, . . .

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 2 / 20

Automata theory & model checking

Overview

System to be checked

• Neg. of the

property to be checked Safety automaton B¨ uchi automaton Product B¨ uchi automaton Emptiness result Example acc. word/lasso

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 3 / 20

An example system

A conveyor belt merger controller

init w1 w2 t1 t2 1 0 · 0

• 0 0

1 0

• 0 0

0 0

• · 0

1 0

• 1 0

· 0

• · 0

0 0

• 0 0

· 0

• · 1

· 0

• · 0

· 1

• Setting

g2 g1

r1 r2

Alphabet semantics

r1 g1 r2 g2

• First belt

Second belt Grants Requests

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 4 / 20

An example system

An example property

The system is starvation-free.

The corresponding neg. automaton

e d f · · · ·

• · ·

· ·

• · 0

· 0

• 1 0

· 0

• ,
• · 0

1 0

• · 0

· 0

• Setting

g2 g1

r1 r2

Alphabet semantics

r1 g1 r2 g2

• First belt

Second belt Grants Requests

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 4 / 20

The product

(w1, e) (t1, e) (t1, f ) (w1, f ) (w2, f ) (w2, d) (w2, e) (t1, d) (init, e) (init, d) (w1, d) (t2, f ) (t2, e) (t2, d)

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 5 / 20

Short lassos: an example

(w1, e) (t1, e) (t1, f ) (w1, f ) (w2, f ) (w2, d) (w2, e) (t1, d) (init, e) (init, d) (w1, d) (t2, f ) (t2, e) (t2, d)

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 6 / 20

Short lassos: an example

(w1, e) (t1, e) (t1, f ) (w1, f ) (w2, f ) (w2, d) (w2, e) (t1, d) (init, e) (init, d) (w1, d) (t2, f ) (t2, e) (t2, d)

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 6 / 20

An alternative point of view – short witnesses

A different kind of counter-examples

Often, it is enough for the designer to know one erroneous example trace of the system. Such a trace can often be represented in a much shorter way.

An example

The conveyor belt merger behaves incorrectly with the following input/output: 1 1 ω

Conclusion

A “witness” is often much simpler to understand by the system designer.

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 7 / 20

Defining the size of a counter-example

Lassos

(w1, e) (t1, e) (t1, f ) (w1, f ) (w2, f ) (w2, d) (w2, e) (t1, d) (init, e) (init, d) (w1, d) (t2, f ) (t2, e) (t2, d)

This lasso is of size 3.

Witnesses

For uwω being the witness for u, w ∈ Σ∗, we define the size to be |u| + |w|.

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 8 / 20

Applications of short lassos & witnesses

Some examples:

Model checking Certificates for the satisfiability of a formula in logics such as S1S Sanity checks of specification automata . . .

Consequences

It makes sense to consider this problem for all commonly used types of acceptance conditions. The main question we ask here is: what is the complexity of this problem?

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 9 / 20

Previously known results

Direct results on the complexity of these problems previously known

• Acc. cond. type

Short lassos Short witnesses Safety B¨ uchi O(|Q|2) [SE05] NP-complete [KSF06] co-B¨ uchi Parity Rabin

• Gen. B¨

uchi NP-complete [CGMZ95] Streett Muller

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 10 / 20

Previously known results

Implicit results on the complexity of these problems previously known

• Acc. cond. type

Short lassos Short witnesses Safety O(|Q|2) B¨ uchi O(|Q|2) NP-complete co-B¨ uchi in PTIME Parity in PTIME NP-complete Rabin in PTIME NP-complete

• Gen. B¨

uchi NP-complete NP-complete Streett NP-complete NP-complete Muller

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 11 / 20

Our completion of the landscape

All results now known

• Acc. cond. type

Short lassos Short witnesses Safety B¨ uchi co-B¨ uchi in PTIME Parity NP-complete Rabin

• Gen. B¨

uchi Streett NP-complete Muller

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 12 / 20

On approximating shortest witnesses & lassos

In practice

For practical application, approximate shortest witnesses and lassos would usually suffice! Important question: For those problems that are not in PTIME (assuming NP=PTIME), can they be approximated well in polynomial time?

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 13 / 20

On finding approximate short lassos

Overview

• Acc. cond. type

Short lassos Safety B¨ uchi co-B¨ uchi in PTIME Parity Rabin

• Gen. B¨

uchi Streett Muller

Generalised B¨ uchi & Streett

Not approximable within any constant in polynomial time (unless P=NP).

Proof idea

Reduction to the Ek-Vertex-Cover problem This case

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 14 / 20

On finding approximate short lassos

Overview

• Acc. cond. type

Short lassos Safety B¨ uchi co-B¨ uchi in PTIME Parity Rabin

• Gen. B¨

uchi Streett Muller

The Muller case

Not approximable within

321 320 − ǫ (unless P=NP),

approximable within log2 |Q| in polynomial time.

Proof idea

Using the connection to the asymmetric metric travelling salesman problem.

This case

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 14 / 20

On finding approximate short witnesses

Overview

• Acc. cond. type

Short witnesses Safety B¨ uchi co-B¨ uchi Parity NP-complete Rabin

• Gen. B¨

uchi Streett Muller

The safety case

Not approximable within any polynomial function in polynomial time (unless P=NP).

Proof idea

Reduction from the satisfiability problem using the gap technique.

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 15 / 20

Proof idea for the shortest witness case

Reduction from the SAT-problem

Idea: Encode potential solutions to a SAT problem as words over {0, 1, #} For every clause in the SAT problem, build a block requiring that a part of the word “satisfies” the clause. For every clause, put k of these blocks in a line (for some k ∈ N) and plug together the lines for all clauses.

Example block for the clause ¬v1 ∨ v2

1 1 0, 1 0, 1 0, 1 . . . . . . # #

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 16 / 20

Shortest witness case - An example

SAT instance

(v1 ∨ v2 ∨ ¬v3) ∧ (¬v1 ∨ v2) ∧ (¬v2 ∨ v3)

Safety automaton

1 1 0, 1 1 0, 1 # . . . . . . . . . . . . 1 1 0, 1 # 1 1 0, 1 1 0, 1 1 1 0, 1 0, 1 0, 1 # . . . . . . . . . . . . 1 0, 1 0, 1 # 1 1 0, 1 0, 1 0, 1 0, 1 1 0, 1 1 0, 1 # . . . . . . . . . . . . 0, 1 1 0, 1 # 0, 1 1 0, 1 1 0, 1 0, 1, # # # #

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 17 / 20

Implications for practice

Counter-example generation for model checking

We can either: stick to the shortest lasso case (when applicable) try to use potentially slow techniques develop & use suitable heuristics

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 18 / 20

Outlook

Implications for synthesis of open systems

Finding a small implementation satisfying a specification is a hard problem, even for safety games!

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 19 / 20

References

[CGMZ95] Edmund M. Clarke, Orna Grumberg, Kenneth L. McMillan, and Xudong Zhao. Efficient generation of counterexamples and witnesses in symbolic model checking. In DAC, pages 427–432, 1995. [KSF06] Orna Kupferman and Sarai Sheinvald-Faragy. Finding shortest witnesses to the nonemptiness of automata on infinite words. In Christel Baier and Holger Hermanns, editors, CONCUR, volume 4137 of LNCS, pages 492–508. Springer, 2006. [SE05] Stefan Schwoon and Javier Esparza. A note on on-the-fly verification algorithms. In Nicolas Halbwachs and Lenore D. Zuck, editors, TACAS, volume 3440 of LNCS, pages 174–190, 2005.

R¨ udiger Ehlers (SB) Short Lassos & Witnesses LATA 2010 – May 27, 2010 20 / 20