Game-theoretic approach to the simulation checking problem

1
Game-theoretic approach to the simulation
checking problem

• Peter Bulychev
• Vladimir Zakharov
• Lomonosov Moscow State University

2
Model Checking

• The main goal of model checking is to verify
  whether a given model satisfies a required
  property (specification).
• Simulation relations preserve satisfiability of
  specifications given in the form of temporal
  logic formulas.
• Simulation is used to prove that one model is a
  refinement/abstraction of the other.

3
Varieties of simulation

• Various types of simulation
• Strong simulation (preserves CTL)
• Weak simulation (preserves LTL-X)
• Quasi-block simulation (is monotonic w.r.t.
  parallel composition)
• Stuttering simulation (preserves CTL-X)
• Equivalence relations and preorders (simulations
  and bisimulations)
• Models with fair constraints

4
(Bi)simulation checking approaches

• Relational coarsest partition (bisimulations
  only)
• Fixed-point approach
• Game-theoretic
• Universal (fair/unfair, simulation/bisimulation)
• Efficient (strong simulation)

5
Game-theoretic approach
6
Game for strong simulation
7
Game for strong simulation
8
Game for strong simulation
9
Game for strong simulation
10
Game for strong simulation
11
Reduction to game rules

• In some cases reduction can be obtained
  automatically,
• For more complex relations it is necessary to
  write game rules by hand. We have written game
  rules for stuttering (bi)simulation and proved
  their correctness.

12
Theoretical results
Stuttering simulation Stuttering bisimulation
Non fair O(m2) time O(m2) space O(mn) time O(m) space
Fair O(m2n2) time O(m2) space O(m2n2) time O(m2) space
13
Game-theoretic language

• Observation
• Games for computing different kinds of simulation
  have much in common.
• Result
• We designed the language for describing rules of
  simulation checking games.

14
Game-theoretic language example

• The game for checking strong simulation on LTS
  with labeled transitions
• types
• S (S1, S2)
• D (S1, S2, A)
• rules
• (A s1)(E s2) S(s1, s2)
• steps
• S(s1, s2) -gt D(s1', s2, a) t(s1,a,s1')
• D(s1, s2', a) -gt S(s1, s2) t(s2',a,s2)

15
Game-theoretic language

• We have described a number of (bi)simulations in
  our language
• Strong
• Weak
• Block
• Stuttering

16
Simulation checking tool

• Our simulation checking tool checks whether there
  exists a simulation defined in game-theoretic
  terms between two models.

Models
Models BDDs
Games BDD
Game solver
Answer (counterexample)
Game rules
17
BDD

• We have used BDD to describe symbolically game
  graph and models to be checked.
• When we tested our tool with models that consist
  of 105 states, we ran out of memory BDD of the
  game was too large
• Therefore, we decided to construct BDD of the
  game on-the-fly.
• However, BDD of the models must be in explicit
  form.

18
Where are we now?

• We are trying to answer the following questions
• If there is a winning strategy, how can we find
  it as fast as possible?
• Otherwise, how can we maximally fast find a
  counterexample?
• What is the optimal order for BDD variables?

19
Timed automatons

• Timed automatons are used to model continuous and
  monotonous processes
• UPPAAL tool developed by K.G.Larsen group at
  Aaalborg University (Denmark) can be used to
  analyze timed automatons

press?
Model of two-level light controller user should
press it twice quickly to turn on bright light or
press once to turn on soft light.
press? X0
press? Xlt3
Off
Soft
Bright
press? Xgt3
20
Timed simulations

• We defined several timed simulations and proposed
  game-theoretic algorithms for solving them
  jointly with the K.G.Larsen group
• The sets of winning clock valuations are stored
  in the symbolic form in the game states
• These algorithms will be implemented in the
  UPPAAL tool

21

• Questions?