13 research outputs found
Near-Optimal Scheduling for LTL with Future Discounting
We study the search problem for optimal schedulers for the linear temporal
logic (LTL) with future discounting. The logic, introduced by Almagor, Boker
and Kupferman, is a quantitative variant of LTL in which an event in the far
future has only discounted contribution to a truth value (that is a real number
in the unit interval [0, 1]). The precise problem we study---it naturally
arises e.g. in search for a scheduler that recovers from an internal error
state as soon as possible---is the following: given a Kripke frame, a formula
and a number in [0, 1] called a margin, find a path of the Kripke frame that is
optimal with respect to the formula up to the prescribed margin (a truly
optimal path may not exist). We present an algorithm for the problem; it works
even in the extended setting with propositional quality operators, a setting
where (threshold) model-checking is known to be undecidable
The Adversarial Stackelberg Value in Quantitative Games
In this paper, we study the notion of adversarial Stackelberg value for
two-player non-zero sum games played on bi-weighted graphs with the mean-payoff
and the discounted sum functions. The adversarial Stackelberg value of Player 0
is the largest value that Player 0 can obtain when announcing her strategy to
Player 1 which in turn responds with any of his best response. For the
mean-payoff function, we show that the adversarial Stackelberg value is not
always achievable but epsilon-optimal strategies exist. We show how to compute
this value and prove that the associated threshold problem is in NP. For the
discounted sum payoff function, we draw a link with the target discounted sum
problem which explains why the problem is difficult to solve for this payoff
function. We also provide solutions to related gap problems.Comment: long version of an ICALP'20 pape
The Lean mathematical library
This paper describes mathlib, a community-driven effort to build a unified
library of mathematics formalized in the Lean proof assistant. Among proof
assistant libraries, it is distinguished by its dependently typed foundations,
focus on classical mathematics, extensive hierarchy of structures, use of
large- and small-scale automation, and distributed organization. We explain the
architecture and design decisions of the library and the social organization
that has led us here
Synthesizing Adaptive Test Strategies from Temporal Logic Specifications
Constructing good test cases is difficult and time-consuming, especially if
the system under test is still under development and its exact behavior is not
yet fixed. We propose a new approach to compute test strategies for reactive
systems from a given temporal logic specification using formal methods. The
computed strategies are guaranteed to reveal certain simple faults in every
realization of the specification and for every behavior of the uncontrollable
part of the system's environment. The proposed approach supports different
assumptions on occurrences of faults (ranging from a single transient fault to
a persistent fault) and by default aims at unveiling the weakest one. Based on
well-established hypotheses from fault-based testing, we argue that such tests
are also sensitive for more complex bugs. Since the specification may not
define the system behavior completely, we use reactive synthesis algorithms
with partial information. The computed strategies are adaptive test strategies
that react to behavior at runtime. We work out the underlying theory of
adaptive test strategy synthesis and present experiments for a safety-critical
component of a real-world satellite system. We demonstrate that our approach
can be applied to industrial specifications and that the synthesized test
strategies are capable of detecting bugs that are hard to detect with random
testing
On the complexity of heterogeneous multidimensional quantitative games
In this paper, we study two-player zero-sum turn-based games played on a
finite multidimensional weighted graph. In recent papers all dimensions use the
same measure, whereas here we allow to combine different measures. Such
heterogeneous multidimensional quantitative games provide a general and natural
model for the study of reactive system synthesis. We focus on classical
measures like the Inf, Sup, LimInf, and LimSup of the weights seen along the
play, as well as on the window mean-payoff (WMP) measure. This new measure is a
natural strengthening of the mean-payoff measure. We allow objectives defined
as Boolean combinations of heterogeneous constraints. While multidimensional
games with Boolean combinations of mean-payoff constraints are undecidable, we
show that the problem becomes EXPTIME-complete for DNF/CNF Boolean combinations
of heterogeneous measures taken among {WMP, Inf, Sup, LimInf, LimSup} and that
exponential memory strategies are sufficient for both players to win. We
provide a detailed study of the complexity and the memory requirements when the
Boolean combination of the measures is replaced by an intersection.
EXPTIME-completeness and exponential memory strategies still hold for the
intersection of measures in {WMP, Inf, Sup, LimInf, LimSup}, and we get
PSPACE-completeness when WMP measure is no longer considered. To avoid
EXPTIME-or PSPACE-hardness, we impose at most one occurrence of WMP measure and
fix the number of Sup measures, and we propose several refinements (on the
number of occurrences of the other measures) for which we get polynomial
algorithms and lower memory requirements. For all the considered classes of
games, we also study parameterized complexity
Fragility and Robustness in Mean-payoff Adversarial Stackelberg Games
Two-player mean-payoff Stackelberg games are nonzero-sum infinite duration
games played on a bi-weighted graph by a leader (Player~0) and a follower
(Player~1). Such games are played sequentially: first, the leader announces her
strategy, second, the follower chooses his strategy. This pair of strategies
defines a unique infinite path in the graph and both players receive their
respective payoff computed as the mean of the rewards that they receive when
traversing edges along the infinite path.
As a consequence, if we assume that the follower is rational then we can
deduce that the follower's response to the leader strategy is a strategy that
maximizes his payoff against the strategy proposed by the leader; it is thus a
best-response to this strategy. Knowing that, the leader should choose a
strategy that maximizes the payoff that she receives when the follower chooses
a best-response to her strategy. If we cannot impose which best-response is
chosen by the follower, we say that the follower, though strategic, is
\emph{adversarial} towards the leader. The maximal value that the leader can
get in this nonzero-sum game is called the {\em adversarial Stackelberg value}
of the game.
First, we show that the nonzero-sum nature of the mean-payoff Stackelberg
game makes it fragile against modelling imprecisions. This is in contrast with
mean-payoff games in the zero-sum setting which are robust. Second, we show how
robustness is recovered when considering -best responses of the
follower instead of best-responses only. This lead to the notion of
-adversarial Stackelberg value. Third, we provide algorithms to
decide the threshold problem for this robust value as well as ways to compute
it effectively. Finally, we characterize the memory needed by the strategies of
the leader and the follower in these games.Comment: Added discussion on fragility and robustness of mean-payoff games for
both non-zero sum and zero-sum cases, and new results on NP-completeness of
games restricted to memoryless strategies of the leade
JaVerT: JavaScript verification toolchain
The dynamic nature of JavaScript and its complex semantics make it a difficult target for logic-based verification. We introduce JaVerT, a semi-automatic JavaScript Verification Toolchain, based on separation logic and aimed at the specialist developer wanting rich, mechanically verified specifications of critical JavaScript code. To specify JavaScript programs, we design abstractions that capture its key heap structures (for example, prototype chains and function closures), allowing the developer to write clear and succinct specifications with minimal knowledge of the JavaScript internals. To verify JavaScript programs, we develop JaVerT, a verification pipeline consisting of: JS-2-JSIL, a well-tested compiler from JavaScript to JSIL, an intermediate goto language capturing the fundamental dynamic features of JavaScript; JSIL Verify, a semi-automatic verification tool based on a sound JSIL separation logic; and verified axiomatic specifications of the JavaScript internal functions. Using JaVerT, we verify functional correctness properties of: data-structure libraries (key-value map, priority queue) written in an object-oriented style; operations on data structures such as binary search trees (BSTs) and lists; examples illustrating function closures; and test cases from the official ECMAScript test suite. The verification times suggest that reasoning about larger, more complex code using JaVerT is feasible