1. No category

A Constraint-based Approach to Solving Games on Infinite

A Constraint-based Approach to Solving Games on
Infinite Graphs
Tewodros Beyene1 , Swarat Chaudhuri3 , Corneliu Popeea1 , and
Andrey Rybalchenko1,2
1 Technische
2 Microsoft
Universität München
Research Cambridge
3 Rice
University
PUMA workshop
Alacati, Turkey
October 1, 2013
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
1/1
Motivation
Many fundamental questions reduce to solving turn-based graph
games:
modeling interactions between a controller and its environment
verifying a branching-time property of a system
synthesizing a reactive system from a temporal specification
...
In turn-based graph games
two players take turns
a token is moved along the edges of a graph
Do the visited nodes satisfy a certain winning condition?
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
2/1
Motivation
Many fundamental questions reduce to solving turn-based graph
games:
modeling interactions between a controller and its environment
verifying a branching-time property of a system
synthesizing a reactive system from a temporal specification
...
In turn-based graph games
two players take turns
a token is moved along the edges of a graph
Do the visited nodes satisfy a certain winning condition?
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
2/1
Motivation
Many fundamental questions reduce to solving turn-based graph
games:
modeling interactions between a controller and its environment
verifying a branching-time property of a system
synthesizing a reactive system from a temporal specification
...
In turn-based graph games
two players take turns
a token is moved along the edges of a graph
Do the visited nodes satisfy a certain winning condition?
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
2/1
Motivation (cont)
Majority of algorithmic approaches focus on decidable classes.
such as games on finite graphs
limits the scope of the applications
To analyse and synthese infinite-state systems:
symbolic, abstraction-based algorithms
solve games on infinite state spaces
The talk is about an algorithmic approach based on automated
deduction for solving games over infinite-state symbolic transition
systems.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
3/1
Motivation (cont)
Majority of algorithmic approaches focus on decidable classes.
such as games on finite graphs
limits the scope of the applications
To analyse and synthese infinite-state systems:
symbolic, abstraction-based algorithms
solve games on infinite state spaces
The talk is about an algorithmic approach based on automated
deduction for solving games over infinite-state symbolic transition
systems.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
3/1
A ’Challenge’ Example: Cinderella-Stepmother game
Between Cinderella and her Stepmother.
Involves 5 buckets arranged in a circle.
With a constant c bucket capacity
all buckets empty initially
Stepmother starts each round of play.
Splits 1 unit of additional water among the five buckets
If overflow in any one of the buckets - Stepmother wins
If not, Cinderella empties two adjacent buckets.
If the game goes on forever without overflow - Cinderella wins
More challenging for 1.5 ≤ c < 3.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
4/1
A ’Challenge’ Example: Modeling the game
Set of variables: v = (b1 , b2 , b3 , b4 , b5 ).
Initial condition:
¯ ) = (b1 = 0 ∧ · · · ∧ b5 = 0).
init(v
Transition relation of Stepmother:
stepmother (v , v 0 ) = (b10 + · · · + b50 = b1 + · · · + b5 + 1
∧ b10 ≥ b1 ∧ · · · ∧ b50 ≥ b5 ).
Transition relation of Cinderella:
cinderella(v , v 0 ) =

 0
0
bi = 0 ∧ b(i+1)%5
=0
W
.

V
j 6= i ∧ j 6= (i + 1)%5
∧
0
i∈{1...5}
j∈{1..5}
→ bj = bj
Overflow condition:
overflow (v ) = (b1 > c ∨ · · · ∨ b5 > c).
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
5/1
A ’Challenge’ Example: Type of games
Depending on the objective of the player we compute a strategy for.
Safety games:
requires only states with a certain property to be visited by all the plays
e.g. the property G (¬overflow (v )) for Cinderella
Reachability games:
requires a state with a certain property to be visited eventually by all
the plays
e.g. the property F (overflow (v )) for Stepmother
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
6/1
A ’Challenge’ Example: Type of games
Depending on the objective of the player we compute a strategy for.
Safety games:
requires only states with a certain property to be visited by all the plays
e.g. the property G (¬overflow (v )) for Cinderella
Reachability games:
requires a state with a certain property to be visited eventually by all
the plays
e.g. the property F (overflow (v )) for Stepmother
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
6/1
A ’Challenge’ Example: Type of games
Depending on the objective of the player we compute a strategy for.
Safety games:
requires only states with a certain property to be visited by all the plays
e.g. the property G (¬overflow (v )) for Cinderella
Reachability games:
requires a state with a certain property to be visited eventually by all
the plays
e.g. the property F (overflow (v )) for Stepmother
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
6/1
A ’Challenge’ Example: Type of games (cont)
LTL and Parity games:
winning condition is an LTL property
LTL games are an extremely challenging
solving them on finite graphs is 2EXPTIME-complete
Parity games - an important special case
each state is assigned a color (a number in {1, . . . , N}).
the winning condition - the minimum color seen infinitely often is odd
e.g. no overflow or bucket2 is the only bucket where overflow occurs
infinitely often.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
7/1
Overview
Game syntax and semantics.
Proof rules for each type of game.
Case study on the ’challenge’ example.
Implementation and Experimental results.
Summary and future work.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
8/1
Game syntax
A (two-player, turn-based, graph) game is a pair consisting of a symbolic
transition system and a winning condition.
The symbolic transition system
consists of two players; Adam and Eve
let v be a tuple of variables of the system
system states are valuations of v
assertion init(v ) represents the initial states
the transition relations of Adam and Eve are given by assertions
adam(v , v 0 ) and eve(v , v 0 )
The winning condition
given by a set of infinite sequences of system states
decides the type of game
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
9/1
Game syntax
A (two-player, turn-based, graph) game is a pair consisting of a symbolic
transition system and a winning condition.
The symbolic transition system
consists of two players; Adam and Eve
let v be a tuple of variables of the system
system states are valuations of v
assertion init(v ) represents the initial states
the transition relations of Adam and Eve are given by assertions
adam(v , v 0 ) and eve(v , v 0 )
The winning condition
given by a set of infinite sequences of system states
decides the type of game
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
9/1
Game syntax
A (two-player, turn-based, graph) game is a pair consisting of a symbolic
transition system and a winning condition.
The symbolic transition system
consists of two players; Adam and Eve
let v be a tuple of variables of the system
system states are valuations of v
assertion init(v ) represents the initial states
the transition relations of Adam and Eve are given by assertions
adam(v , v 0 ) and eve(v , v 0 )
The winning condition
given by a set of infinite sequences of system states
decides the type of game
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
9/1
Game semantics
A strategy σ for Eve is a set of infinite trees such that:
each root in σ coincide with the set of initial states
(roots are assumed to be on the first level of the tree)
the set of successors of each tree node s at an odd level consists of the
following set of states.
{s 0 | (s, s 0 ) |= adam(v , v 0 )}
the set of successors of each tree node s at an even level consists of a
non-empty subset of the following set of states.
{s 0 | (s, s 0 ) |= eve(v , v 0 )}
Such an infinite sequence is called a play π determined by σ.
Alternates between universal choices of Adam and existential choices
of Eve.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
10 / 1
Game semantics (cont)
A strategy σ is winning if every play of σ is in the winning condition.
For the given system and a winning condition formula ϕ, we write
(init(v ), eve(v , v 0 ), adam(v , v 0 )) |= ϕ
when Eve has a winning strategy.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
11 / 1
Proof rules
3 proof rules - one for each type of game.
Conclude that Eve has a winning strategy.
Imposes implication and well-foundedness conditions on auxiliary
assertions.
Sound and relatively complete.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
12 / 1
Proof rules: Safety games
Only states from safe(v ) are visited by all plays.
Requires an invariant assertion inv (v ).
S1 : init(v ) → inv (v )
S2 : inv (v ) ∧ adam(v , v 0 ) → safe(v 0 ) ∧ ∃v 00 : eve(v 0 , v 00 ) ∧ inv (v 00 )
S3 : inv (v ) → safe(v )
(init(v ), eve(v , v 0 ), adam(v , v 0 )) |= G safe(v )
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
13 / 1
Proof rules: Reachability games
A certain set of states called dst(v ) is eventually reached by each play.
Requires an invariant assertion inv (v ) together with a binary relation
round(v , v 0 ).
R1 : init(v ) → inv (v )
R2 : inv (v ) ∧ ¬dst(v ) ∧ adam(v , v 0 ) ∧ ¬dst(v 0 ) →
∃v 00 : eve(v 0 , v 00 ) ∧ inv (v 00 ) ∧ round(v , v 00 )
R3 : well-founded(round(v , v 0 ))
(init(v ), eve(v , v 0 ), adam(v , v 0 )) |= F dst(v )
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
14 / 1
Proof rules: Parity/LTL games
To state the winning condition we assume:
the set of all states is partitioned into N subsets p1 (v ), . . . , pN (v )
N is an odd number
p1 (v ) ∨ · · · ∨ pN (v ) is valid
for each 1 ≤ i < j ≤ N, pi (v ) ∧ pj (v ) is unsatisfiable.
The parity winning condition:
the subsets of states that are visited infinitely often are given as
pi1 (v ), . . . , piK (v ), and
the minimal identifier is odd, i.e., min{i1 , . . . , iK } is odd.
... or formally as the LTL formula ϕ.
ϕ = GFp1 (v )
∨ GFp3 (v ) ∧ FG ¬(p1 (v ) ∨ p2 (v ))
···
∨ GFpN (v ) ∧ FG ¬(p1 (v ) ∨ · · · ∨ pN−1 (v ))
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
15 / 1
Proof rules: Parity/LTL games (cont)
Negate ϕ and translate ¬ϕ to the Büchi automaton B.
represented using assertions over the program counter of the
automaton pc B and the system variables v
initial condition given by init B (pc B )
transition relation given by next B (pc B , v , pc 0B ).
acc B (pc B ) represents the accepting states.
Given a play π = s1 , s2 , . . . , run of B on π is defined as q0 , q1 , q2 , . . .
such that:
q0 |= init B (pc B ),
(qi−1 , si , qi ) |= next B (pc B , v , pc 0B ) for each i ≥ 1.
Apply Büchi acceptance condition
B accepts a play π if there exists an accepting run on π.
here, if B accepts π then π 6|= ϕ.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
16 / 1
Proof rules: Parity/LTL games (cont)
Find assertions inv (w ), aux(w , w 0 , v 00 ), round(w , w 0 , w 00 ), and fair (w , w 0 )
where w = (v , pc B ) such that:
B1 : init(v ) ∧ init B (pc B ) ∧ next B (pc B , v , pc 0B ) → inv (v , pc 0B )
B2 : inv (w ) ∧ adam(v , v 0 ) ∧ next B (pc B , v 0 , pc 0B ) →
∃v 00 : eve(v 0 , v 00 ) ∧ aux(w , w 0 , v 00 )
B3 : aux(w , w 0 , v 00 ) ∧ next B (pc 0B , v 00 , pc 00B ) → inv (w 00 ) ∧ round(w , w 0 , w 00 )
B4 : round(w , w 0 , w 00 ) ∧ (acc B (pc B ) ∨ acc B (pc 0B )) → fair (w , w 00 )
B5 : fair (w , w 0 ) ∧ round(w 0 , w 00 , w 000 ) → fair (w , w 000 )
B6 : well-founded(fair (w , w 0 ))
(init(v ), eve(v , v 0 ), adam(v , v 0 )) |= ϕ
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
17 / 1
Case Study: Cinderella-Stepmother game
Safety objective: Round strategy
c = 3 for the bucket capacity.
An auxiliary variable r for a pair of buckets to be emptied.
A user-provided template for Cinderella adds guard for each disjunct
and updates the round variable.
init(v , r )
¯ ) ∧ r = 1)
= (init(v
eve(v , r , v 0 , r 0 )
= cinderella(v , v 0 ) ∧ RelT(rel)(v , r , v 0 , r 0 )
adam(v , r , v 0 , r 0 ) = (stepmother (v , v 0 ) ∧ r 0 = r )
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
18 / 1
Case Study: Cinderella-Stepmother game
Safety objective: Round strategy (cont)
RelT(rel)(v , r , v 0 , r 0 ) = (r = 1 ∧ r 0 =?1 ∧ c1 (v , v 0 ) ∨
r = 2 ∧ r 0 =?2 ∧ c2 (v , v 0 ) ∨
r = 3 ∧ r 0 =?3 ∧ c3 (v , v 0 ) ∨
r = 4 ∧ r 0 =?4 ∧ c4 (v , v 0 ) ∨
r = 5 ∧ r 0 =?5 ∧ c5 (v , v 0 ))
Template parameters are denoted by “?”-marks.
Our tool returns a solution ?1 = 4, ?2 = 1, ?3 = 1, ?4 = 3, ?5 = 1.
The corresponding strategy is 1&2 - 4&5 - 3&4 - 1&2,. . .
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
19 / 1
Case Study: Cinderella-Stepmother game
Safety objective: Second strategy
c = 2 for the bucket capacity.
Template based on the previous move of Cinderella and Stepmother.
inv (v ) ∧ stepmother (v , v 0 ) → safe(v 0 ) ∧ ∃v 00 : cinderella(v 0 , v 00 )
∧ inv (v 00 )
The template looks like
RelT(rel)(v , v 0 , v 00 ) = (b1 = 0 ∧ b2 = 0 ∧ T12 (v 0 , v 00 ) ∨
b2 = 0 ∧ b3 = 0 ∧ T23 (v 0 , v 00 ) ∨
b3 = 0 ∧ b4 = 0 ∧ T34 (v 0 , v 00 ) ∨
b4 = 0 ∧ b5 = 0 ∧ T45 (v 0 , v 00 ) ∨
b5 = 0 ∧ b1 = 0 ∧ T51 (v 0 , v 00 )).
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
20 / 1
Case Study: Cinderella-Stepmother game
Safety objective: Second strategy (cont)
Let us see one part of the template, e.g., T12
In the previous round emptied buckets 1 and 2. (b1 = 0 ∧ b2 = 0)
During the next round empty another pair of buckets.
either the pair of buckets 3 and 4 (b300 = 0 ∧ b400 = 0)
or the pair of buckets 4 and 5 (b400 = 0 ∧ b500 = 0)
Deciding between the two is not straightforward.
The game solving approach handles it using the specified template.
Formalized the formula T12 is provided as follows.
T12 (v 0 , v 00 ) = (b300 = 0 ∧ b400 = 0∧?5 ∗ b50 +?2 ∗ b20 ≤?6 ∗ 1 ∨
b400 = 0 ∧ b500 = 0∧?1 ∗ b10 +?3 ∗ b30 ≤?6 ∗ 1)
Our tool returns a solution ?1 = 1, ?2 = 1, ?3 = 1, ?5 = 1, ?6 = 1.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
21 / 1
Case Study: Cinderella-Stepmother game
Reachability objective
c = 1.4 for the bucket capacity.
Instantiate the proof rule as follows:
eve(v , v 0 )
= stepmother (v , v 0 )
adam(v , v 0 ) = cinderella(v , v 0 )
A template corresponding to the existentially quantified clause.
RelT(rel)(v , v 0 , v 00 ) = (?1 + · · · +?5 = 1 ∧
V
(bi00 = bi0 +?i ) ∧
i∈{1..5}
V
?i ≥ 0)
i∈{1..5}
Our tool returns a solution
?1 = 0.8, ?2 = 0, ?3 = 0.1, ?4 = 0, ?5 = 0.1.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
22 / 1
Case Study: Cinderella-Stepmother game
Parity objective
A state without overflow: (color = 0) ↔ ¬overflow (v ).
A state with overflow such that i is the smallest index from those that
correspond to buckets that have overflown: (color = i).
The resulting state-partitioning groups states with different priority
levels indicated by p(i):
p(i) = (color = i),
for i ∈ {0, . . . , 2}
p(3) = (color = 3 ∨ color = 4 ∨ color = 5).
The winning condition win(i) is defined as follows.
^
win(i) = (GF p(i) ∧
FG ¬p(j))
j∈{0,..,i−1}
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
23 / 1
Case Study: Cinderella-Stepmother game
Parity objective (cont)
we define the objective for the Cinderella player win(0) ∨ win(2).
The formula corresponding to the Cinderella’s objective:
ϕ = (GF p(0) ∨ (GF p(2) ∧ FG ¬p(1) ∧ FG ¬p(0))).
Our tool finds the same strategy as the second winning strategy for
the Cinderella player.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
24 / 1
Other applications
Synthesis of reactive programs from temporal specifications.
Program repair game with safety objective.
Concurrent program repair game with safety and response objectives.
Synthesis of synchronization game with safety objective.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
25 / 1
The EHSF engine
Proof rules are automated using the Ehsf engine
Resolves forall-exists Horn-like clauses extended with well-foundedness
criteria
Example:
x ≥ 0 → ∃y : x ≥ y ∧ rank(x, y ),
rank(x, y ) → ti(x, y ),
ti(x, y ) ∧ rank(y , z) → ti(x, z),
dwf (ti).
Maps each predicate symbol into a constraint over v .
Maps both rank(x, y ) and ti(x, y )) to the constraint
(x ≥ 0 ∧ y ≥ x − 1) for the example.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
26 / 1
The EHSF engine (cont)
Resolves clauses using a CEGAR scheme to discover witnesses for
existentially quantified variables.
space of witnesses is provided by some ’template’
Refinement loop collects a global constraint that declaratively
determines which witnesses to choose.
a chosen witnesses replace existential quantification
the resulting universally quantified clauses are passed to a solver for
such clauses. e.g.,HSF
Such a solver either finds a solution or returns a counterexample.
counterexample are turned into an additional constraint on the set of
witness candidates, and
continues with the next iteration of the refinement loop
Refinement loop conjoins constraints that are obtained for all
discovered counterexamples.
wrong choice of witnesses can be mended
previously handled counterexamples are not rediscovered
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
27 / 1
Experiment
GSolve: a proof-of-concept implementation of the approach.
Implemented in SICStus Prolog.
Relies on an implementation of the E-HSF algorithm to solve Horn
clauses over linear inequalities.
Uses SMT solvers for handling non-linear constraints, i.e., the Z3 and
the Barcelogic solvers.
Experiments run on an Intel Core 2 Duo machine, clocked at 2.53
GHz, with 4 GB of RAM.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
28 / 1
Results
Id
P1
P2
P3
P4
P5
P6
P7
P8
P9
P10
Game
Cinderella (c = 3)
Cinderella (c = 2)
Cinderella (c = 1.4)
Cinderella (c = 1.4)
Cinderella (c = 1.4)
Robot-1d (yr0,yh0,ydst,e=10)
Repair-Lock
Repair-Critical
Repair-Critical
Synth-Synchronization
Player p
Cinderella
Cinderella
Stepmother
Cinderella
Cinderella
Robot
Program
Program
Program
Program
Objective for player p
G ¬overflow
G ¬overflow
F overflow
win(0)
win(0) ∨ win(2)
F at−dest
G ¬error
G ¬error
G (at p → F ¬at p)
G ¬error
Time (z3)
3.2s
1m52s
18s
7m16s
4.7s
T/O
0.3s
17.7s
53.3s
T/O
Time (Barcelogic)
1.2s
1m52s
1m14s
SysError
4.7s
1s
0.3s
16.9s
3m6s
1s
GSolve has always succeeded in finding a strategy using one of the
two solvers.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
29 / 1
Summary and Future work
A new algorithmic approach which comprises:
a set of sound and relatively complete proof rules; and
automation on top of an existing automated deduction engine
Demonstrate the practical promise through a few case studies.
Prototypic and many avenues for future work remain open.
engineering it for greater scalability
applying to reactive synthesis questions in embedded systems and
robotics.
synergy between our approach and abstraction-based and
automata-theoretic approaches.
Tewodros Beyene (PUMA, TUM)
Solving Games on Infinite Graphs
October 1, 2013
30 / 1

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz