Sound auction specification and implementation Marco Caminati 1 - - PowerPoint PPT Presentation

sound auction specification and implementation
SMART_READER_LITE
LIVE PREVIEW

Sound auction specification and implementation Marco Caminati 1 - - PowerPoint PPT Presentation

Jun 21, 2023 247 likes •514 views

Sound auction specification and implementation Marco Caminati 1 Manfred Kerber 1 Christoph Lange 2 Colin Rowat 3 1 Computer Science, University of Birmingham 2 Fraunhofer IAS and University of Bonn 3 Economics, University of Birmingham 18 June,

slide-1
SLIDE 1

Sound auction specification and implementation

Marco Caminati1 Manfred Kerber1 Christoph Lange2 Colin Rowat3

1Computer Science, University of Birmingham 2Fraunhofer IAS and University of Bonn 3Economics, University of Birmingham

18 June, 2015 EC’15 https://github.com/formare/auctions

1 / 24

slide-2
SLIDE 2

Introduction

Outline

1

Introduction

2

Successes of mechanised reasoning

3

Combinatorial Vickrey’s auctions

4

Sound specification

5

Code extraction

6

Conclusions

2 / 24

slide-3
SLIDE 3

Introduction

Two problems & a unified solution

How can we be sure that:

1

an auction design is soundly specified, possessing the properties that its designers wish it to have?

2

an actual auction faithfully implements the intended design? failure on either front can be very costly typical solution: playtest the design

Dijkstra: “testing shows the presence, not the absence of bugs”

  • ur unified solution

1

use mechanised reasoning to prove properties on the design

2

extract verified executable code to run it

mechanised reasoners perform logical operations

1

check existing proofs / codify knowledge

2

search for new proofs

we work with Isabelle, a higher-order logic theorem prover

3 / 24

slide-4
SLIDE 4

Successes of mechanised reasoning

Outline

1

Introduction

2

Successes of mechanised reasoning

3

Combinatorial Vickrey’s auctions

4

Sound specification

5

Code extraction

6

Conclusions

4 / 24

slide-5
SLIDE 5

Successes of mechanised reasoning

Pure maths

Example (Four colour-map theorem [AH77; AHK77; Gon08])

exhaustive computations required to originally prove the theorem in doing so, corrected some human experts’ calculations mechanized proof checkers have confirmed these results formally

Example (Kepler’s conjecture (1611) [Hal05; Hal12])

Hales’ original proof: 120 pages and > 500MB of computer code 12 referees took five years to become “99% certain” he was right Hales founds Project Flyspeck to establish a formal proof 2014: Flyspeck complete

Example (Robbins’ conjecture [HMT71; McC97])

beguilingly simple, but open for 60 years, a favourite of Tarski McCune’s solver generated a 17-step proof, later reduced to eight

5 / 24

slide-6
SLIDE 6

Successes of mechanised reasoning

Software verification [Woo+09]

a computer programme defines a logical universe within which certain statements may or may not be true proof assistants can seek to prove or disprove these statements as theorems

Example (commuter rail systems)

No two trains shall occupy the same location at the same time.

Example (financial transactions software)

Transactions do not create or destroy value, but merely transfer it.

6 / 24

slide-7
SLIDE 7

Successes of mechanised reasoning

Hardware verification

Example (1994: Pentium floating point division bug)

worst known relative error 0.006% Intel calculated typical user would be affected once in 9 billion division operations cost Intel $475mn model chips as logical systems (AND, OR, etc. gates) prove theorem for each property to be implemented [Har06]

7 / 24

slide-8
SLIDE 8

Successes of mechanised reasoning

Economic theory

Example (Subsuming Arrow’s impossibility theorem [TL09])

manual induction proof: Arrow’s theorem holds if it holds on a base case of 2 agents and 3 alternatives computer exhaustively verifies the theorem on all base cases manual inspection of the computationally generated base cases identified a new theorem subsuming Arrow’s Chatterjee and Sen [CS14]: “As far as we know . . . the only Arrow-type result . . . that does not use an axiom other than IIA”

Example (Ranking sets of objects [GE11])

which axioms are mutually incompatible [BBP04]? computational sweep of small domains for each set of axioms generated 84 impossibility theorems & resolved an open question can also make statistical observations

8 / 24

slide-9
SLIDE 9

Combinatorial Vickrey’s auctions

Outline

1

Introduction

2

Successes of mechanised reasoning

3

Combinatorial Vickrey’s auctions

4

Sound specification

5

Code extraction

6

Conclusions

9 / 24

slide-10
SLIDE 10

Combinatorial Vickrey’s auctions

A combinatorial Vickrey’s auction [q.v. AM06]

agents: {0, . . . , N}, with 0 the seller, the rest bidders seller’s endowment: Ω ∅, indivisible goods allocation: pairwise disjoint subsets of Ω, X0, . . . , XN bids: bn (X) , ∀X ⊆ Ω solve for allocations, prices in the winner determination problem: X∗ ∈ arg max

X1,...,XN N

  • n=1

bn (Xn) s.t.

N

  • n=1

Xn ⊆ Ω & Xn ∩ Xn′ = ∅ for n n′ pn ≡ αn −

  • mn

bm (X∗

m)

(1) where αn ≡ max

Xm m=1,...,N

      

  • mn

bm (Xm)

  • mn

Xm ⊆ Ω & Xm ∩ Xm′ = ∅ for m m′        is the value when solved without n’s bids. rerun the WDP over random bids to break ties

10 / 24

slide-11
SLIDE 11

Sound specification

Outline

1

Introduction

2

Successes of mechanised reasoning

3

Combinatorial Vickrey’s auctions

4

Sound specification

5

Code extraction

6

Conclusions

11 / 24

slide-12
SLIDE 12

Sound specification

Formally defining a VCG auction

1

the set of possible allocations

2

f (), which solves the WDP

3

vcga applies f () twice, the 2nd time with random bids to break ties

4

vcgp solves for prices (1) abbreviation “vcgas N Ω b r == Outside{seller}‘ ((argmax ◦ setsum) (randomBids N Ω b r) ((argmax ◦ setsum) b (allAllocations ({seller} ∪ N) (set Ω))))” abbreviation expands “vcgas” (like a preprocessor macro) vcgas takes N, Ω, b and r as arguments

3

applies f () to bids b, returning the value-maximizing allocations

2

applies f () to the value-maximising allocations, using randomBids

1

“Outside{seller}” excludes {seller} from the domain

12 / 24

slide-13
SLIDE 13

Sound specification

VCG auctions are functions

Theorem

Consider a combinatorial VCG auction. Given any set of goods and feasible bid vectors, and a random number, r, there is exactly one solution to the WDP at prices pn as defined in equation (1). as Isabelle accepts vcgas, it is a (total) function, mapping from every element of its domain to a unique result it remains to prove that vcgas returns a singleton theorem vcgaDefiniteness : assumes “distinct Ω” and “set Ω {}” and “finite N” shows “card (vcgas N Ω b r) = 1” “distinct” states that Ω contains each good exactly once “card” returns the cardinality of finite sets (n.b. 0 for ∅, ∞ sets)

13 / 24

slide-14
SLIDE 14

Sound specification

Proving that vcgas returns a singleton

1 proof− 2 have “card ((argmax ◦ setsum) (randomBids N Ω b r) 3 ((argmax ◦ setsum) b (allAllocations (N ∪ seller) (set Ω)))) = 1” 4 (is “card ?X = 1”) using assms lm08 by blast 5 moreover have “(Outside′{seller}) ‘ ?X = vcgas N Ω b r” by blast 6 ultimately show ?thesis using cardOneImageCardOne by blast 7 qed proof begins the proof; the − switch selects manual inference have . . . using . . . by structures the proof:

have asserts the expressions to be proved using introduces the facts to be used in discharging the proof

  • bligation

by invokes a specified proof method

14 / 24

slide-15
SLIDE 15

Sound specification

Proving that vcgas returns a singleton

lines 2, 3: claims the cardinality of the set of solutions to the second WDP (prior to removing the seller’s allocation) is 1 line 4: establishes it by applying a proof method called blast to the theorem’s assumptions, assms, and a pre-existing lemma

blast manipulates ‘simple’ objects in higher-order logic Lemma cardOneImageCardOne can quantify over all functions and sets, but need only do so over function Outside′{seller} and set of allocations ?X

line 5: Outside′{seller}‘A is a singleton whenever A is line 6: ultimately refers to previously established results prefixed by moreover show notes that we next seek to establish ?thesis, the proof

  • bligation at the current level of reasoning

15 / 24

slide-16
SLIDE 16

Sound specification

Other theorems formally proved

Theorem

Consider a combinatorial VCG auction. Then the sets X∗

1, . . . , X∗ N are

pairwise disjoint.

Theorem

Consider a combinatorial VCG auction. Then g ∈ X∗

m implies g ∈ Ω.

Theorem

For a VCG auction, the prices defined in (1) are non-negative ∀n ∈ N.

16 / 24

slide-17
SLIDE 17

Code extraction

Outline

1

Introduction

2

Successes of mechanised reasoning

3

Combinatorial Vickrey’s auctions

4

Sound specification

5

Code extraction

6

Conclusions

17 / 24

slide-18
SLIDE 18

Code extraction

Classical and constructive definitions

1

classical definitions

  • ften intuitive, expressed in terms of characterising properties

no information on how to compute

Example (Classical set maximum)

MaxX ≡

  • x ∈ X
  • ∄y ∈ X s.t. y > x
  • 2

constructive definitions

less useful in proving theorems as no mention of characterising properties computable

Example (Computable set maximum)

define the helper function max in the usual way on pairs of objects define the base case for the inductively defined Max {a} = a define the recursive step Max ({a} ∪ A) = max (a, Max a)

18 / 24

slide-19
SLIDE 19

Code extraction

Bridging theorems

  • ur classical definition of injections is non-computable

“injections X Y = {R. DomainR = X ∧ Range R ⊆ Y ∧ runiq R ∧ runiq(R−1)}”. for finite sets, we define a computable version fun injections_alg where “injections_alg [] Y = [{}]” | “injections_alg (x#xs) Y = concat [[R + ∗{(x, y)}. y ← sorted_list_of_set(Y − Range R)]. R ← injections_alg xs Y]” a bridging theorem shows their equivalence theorem injections_equiv : assumes “finite Y” and “distinct X” shows “set (injections_alg X Y) = injections (set X) Y”

19 / 24

slide-20
SLIDE 20

Conclusions

Outline

1

Introduction

2

Successes of mechanised reasoning

3

Combinatorial Vickrey’s auctions

4

Sound specification

5

Code extraction

6

Conclusions

20 / 24

slide-21
SLIDE 21

Conclusions

we apply mechanised reasoning to a well-known auction design

1

formally prove basic ‘soundness’ properties of that design

2

extract verified code from the sound design to execute it

3

easily alter definitions (e.g. replace vcgp with a 1st price function)

all proofs above go through immediately, except non-negative prices (which becomes easier)

in doing so, we are building an auction theory toolbox: https://github.com/formare/auctions next steps?

1

apply the above techniques to novel auctions

more valuable in more complex auctions

2

automated search for new results in auction theory

21 / 24

slide-22
SLIDE 22

Appendix References

References I

[AH77] Kenneth Appel and Wolfgang Haken. “Every Planar Map is Four Colorable Part I: Discharging”. In: Illinois Journal of Mathematics 21.3 (1977), pp. 429–490. [AHK77] Kenneth Appel, Wolfgang Haken, and John Koch. “Every Planar Map is Four Colorable Part II: Reducibility”. In: Illinois Journal of Mathematics 21.3 (1977), pp. 491–567. [AM06] Lawrence M. Ausubel and Paul Milgrom. “The Lovely but Lonely Vickrey Auction”. In: Combinatorial auctions. Ed. by Peter Cramton, Yoav Shoham, and Richard Steinberg. MIT Press, 2006. Chap. 1,

  • pp. 17–40.

[BBP04] Salvador Barberà, Walter Bossert, and Prasanta K. Pattanaik. “Ranking sets of objects”. In: Handbook of Utility Theory. Ed. by Salvador Barberà, Peter J. Hammond, and C. Seidl. Vol. II. Dordrecht: Kluwer Academic Publishers, 2004, pp. 893–977.

22 / 24

slide-23
SLIDE 23

Appendix References

References II

[CS14] Siddharth Chatterjee and Arunava Sen. “Automated Reasoning In Social Choice Theory – Some Remarks”. In: Mathematics in Computer Science 8.1 (2014), pp. 5–10. [GE11] Christian Geist and Ulle Endriss. “Automated search for impossibility theorems in social choice theory: ranking sets of objects”. In: Journal of Artificial Intelligence Research 40 (2011), pp. 143–174. [Gon08] Georges Gonthier. “Formal proof – the four color theorem”. In: Notices of the AMS 55.11 (2008), pp. 1382–1393. [Hal05] Thomas C. Hales. “A proof of the Kepler conjecture”. In: Annals of Mathematics 162.3 (2005), pp. 1065–1185. [Hal12] Thomas Hales. Dense Sphere Packings. A Blueprint for Formal Proofs. London Mathematical Society Lecture Note Series 400. Cambridge University Press, Sept. 6, 2012. [Har06] John Harrison. Floating-Point Verification using Theorem Proving. Ed. by Marco Bernardo and Alessandro Cimatti. Bertinoro, Italy, 2006.

23 / 24

slide-24
SLIDE 24

Appendix References

References III

[HMT71] Léon Henkin, James Donald Monk, and Alfred Tarski. Cylindric algebras, Part I. Vol. 64. Studies in Logic. North Holland, 1971. [McC97] William McCune. “Solution of the Robbins problem”. In: Journal of Automated Reasoning 19.3 (1997), pp. 263–276. [TL09] Pingzhong Tang and Fangzhen Lin. “Computer-aided proofs of Arrow’s and other impossibility theorems”. In: Artificial Intelligence 173.11 (2009),

  • pp. 1041–1053.

[Woo+09] Jim Woodcock et al. “Formal method: practice and experience”. In: ACM Computing Surveys 41.4 (2009), pp. 1–40.

24 / 24