Examining Classical GraphTheory Problems From The Viewpoint of
Examining Classical Graph-Theory Problems From The Viewpoint of Formal-Verification Methods Orna Kupferman Hebrew University Danny Hefetz, Amir Lellouche, Rachel Minkov, Tamir, Gal Vardi, Moshe Vardi
Examining Classical Graph-Theory Problems From The Viewpoint of Formal-Verification Methods Advice #1: Never give long titles to your papers and talks. Corollary #1: People love to give advices. Orna Kupferman Hebrew University Danny Hefetz, Amir Lellouche, Rachel Minkov, Tamir, Gal Vardi, Moshe Vardi
Examining Classical Graph-Theory Problems From The Viewpoint of Formal-Verification Methods Advice #2: Try to collaborate with your twin sister. Corollary #2: People love to give advices that fit their very own experience and situation. Orna Kupferman Hebrew University Danny Hefetz, Amir Lellouche, Rachel Minkov, Tamir, Gal Vardi, Moshe Vardi
Examining Classical Graph-Theory Problems From The Viewpoint of Formal-Verification Methods Main advice: Ignore advices in mentoring workshops. Orna Kupferman Hebrew University Danny Hefetz, Amir Lellouche, Rachel Minkov, Tamir, Gal Vardi, Moshe Vardi
Is the system correct? Undecidable!
Is the system correct? 1960+ Testing, Simulation 1980+ Formal Verification
Formal Verification, the idea: System A mathematical model M Desired behavior A formal specification The system has the desired behavior M satisfies model checking
A mathematical model of the system: req grant Labeled graphs. A formal specification of the desired behavior: - Temporal logic formulas. ALWAYS(req EVENTUALLY grant) - Automata on infinite words or trees. req grant
Model checking: Input: A labeled graph G and a property P. Output: Does G satisfy P? The mother of all graph algorithms! Gets as input both the graph and the property! erexample G P G satisfies P? no yes 3 -colorable? max-flow > 50? planar?
Limited specification formalisms Model checking: Very rich graphs. Input: A labeled graph G and a property P. Output: Does G satisfy P? trade-off expressiveness /complexity G P G satisfies P? no yes automata, logics what’s the specification formalism?
The graph: • Labeled. • Huge. req grant • Has an internal structure. • A game board. The state-explosion problem. �� How to handle huge (possibly infinite) systems? Symbolic methods (BDD, SAT), abstraction, compositionality…
The graph: • Labeled. • Huge. • Has an internal structure. • A game board. req grant
Internal structure: - Parallel composition || - Sequential composition 1. Semantics. 2. Complexity (the state-space of the flat system is exponentially bigger).
The graph: • Labeled. • Huge. • Has an internal structure. • A game board. req grant
Games in formal verification open A correct system: a winning strategy in a game in which the environment tries to generate a computation that does not satisfy the specification.
The graph: • Labeled. • Huge. 40 years of research in the formal-verification community on reasoning about rich graphs! • Has an internal structure. • A game board. In the context of the model-checking problem. This talk: Examining classical graph-theory problems with respect to rich graphs.
The graph: • Labeled. • Huge. req grant • Has an internal structure. • A game board. This talk: Examining classical graph-theory problems with respect to rich graphs.
Reasoning about labeled graphs The idea: Add a specification to the desired output. A labeled graph: G=〈 , V, E, 〉 alphabet a labeling function : E Each path =e 1, e 2, …, ek induces a word ( )= (e 1), (e 2), …, (ek) * A specification: L * A path satisfies a specification L iff ( ) L
Example 1: Shortest-path. Classical version: Input: graph G, vertices s and t. Output: shortest path in G from s to t. Labeled version: Input: labeled graph G, vertices s and t, specification L. Output: shortest path in G from s to t that satisfies L. Given by a DFA or a regular expression
Example 1: Shortest-path. a classical version: Input: graph G, vertices s and t. a c Output: shortest path in G from s to t. c a a c c a Labeled version: Input: labeled graph G, vertices s and t, specification L. Output: shortest path in G from s to t that satisfies L. ={a, c}. L=(c+ac)*(a+ ) (no two successive a’s)
Example 1: Shortest-path. a Classical version: Input: graph G, vertices s and t. a c Output: shortest path in G from s to t. c a a c c a Labeled version: Input: labeled graph G, vertices s and t, specification L. Output: shortest path in G from s to t that satisfies L. Complexity: Classical version: polynomial. Labeled version: ? ? ? (two parameters…)
Example 1: Shortest-path. a Classical version: Input: graph G, vertices s and t. a c Output: shortest path in G from s to t. c a a c c a Labeled version: Input: labeled graph G, vertices s and t, specification L. Output: shortest path in G from s to t that satisfies L. Complexity: easy, polynomial [Barrett, Jacob, Marathe 00] Find a shortest path from <s, q 0> to <t, qacc> for some accepting state qacc in the product G A. DFA for L
Example 2: Maximal flow Classical version: Input: network N, with s and t. Output: maximal flow from s to t. Labeled version: [Kupferman, Tamir 14] Input: labeled network N, with s and t, specification L. Output: maximal flow, only along routes that satisfy L. a, 1 b, 1 s t c, 1 d, 1 max flow = 2
Example 2: Maximal flow Classical version: Input: network N, with s and t. Output: maximal flow from s to t. Labeled version: [Kupferman, Tamir 14] Input: labeled network N, with s and t, specification L. Output: maximal flow, only along routes that satisfy L. a, 1 b, 1 s t c, 1 d, 1 L={ab, cb} max flow = 1
Example 2: Maximal flow Classical version: Input: network N, with s and t. Output: maximal flow from s to t. Labeled version: [Kupferman, Tamir 14] Input: labeled network N, with s and t, specification L. Output: maximal flow, only along routes that satisfy L. Complexity: Classical version: polynomial. Labeled version: ? ? ?
Example 2: Maximal flow Classical version: Input: network N, with s and t. Output: maximal flow from s to t. Labeled version: [Kupferman, Tamir 14] Input: labeled network N, with s and t, specification L. Output: maximal flow, only along routes that satisfy L. “constant approximation” is NP-hard Complexity: Classical version: polynomial. Reduction from k Labeled version: APX-hard. -dimensional matching
Example 3: Labeled Eulerian path Classical version: Input: graph G. Output: is G Eulerian? Labeled version: [Kupferman Vardi 16] Input: labeled graph G, specification L. Output: is there an Eulerian path that satisfies L?
Example 3: Labeled Eulerian path Classical version: Input: graph G. Output: is G Eulerian? Labeled version: [Kupferman Vardi 16] Input: labeled graph G, specification L. Output: is there an Eulerian path that satisfies L? c c a a c c ={a, c}. L=(c+ac)*(a+ ) (no two successive a’s) Complexity: Classical version: linear (even degrees). Labeled version: ? ? ? (degrees in the product? ? ? ) a a c c
Labeled Eulerian path, complexity Easy to see: NP-complete in the general case. A reduction from Hamiltonian path H: 4 3 1 The specification 0 6 2 5 - View H as an automaton over the alphabet V - L(H): paths in H.
Labeled Eulerian path, complexity Easy to see: NP-complete in the general case. A reduction from Hamiltonian path H: 1 3 4 3 The specification 1 6 2 0 1 2 - View H as an automaton over the alphabet V - L(H): paths in H. 5
Labeled Eulerian path, complexity Easy to see: NP-complete in the general case. A reduction from Hamiltonian path H: 4 3 1 The graph 0 5 The specification 0 6 6 2 5 - View H as an automaton over the alphabet V - L(H): paths in H. 1 4 2 3 An Eulerian path in G: a permutation of V.
Labeled Eulerian path, complexity What if the specification is of a fixed size? An Eulerian path in G that satisfies L(H): an Hamiltonian path in H. H: 4 3 1 The graph 0 5 The specification 0 6 6 2 5 - View H as an automaton over the alphabet V - L(H): paths in H. 1 4 2 3 An Eulerian path in G: a permutation of V.
The graph: • Labeled. • Huge. req • Has an internal structure. • A game board. Classical graph algorithms: full control on all steps of the algorithm. Game setting: some steps are performed by a hostile environment. grant
Example 1: Reachability Classical version: Input: graph G, source s and target T. Output: is there a path in G from s to T. Game version (a. k. a. alternating reachability): Input: and-or graph G, source s and target T. Output: does the or-player have a strategy to reach T from s in G.
Example 1: Reachability classical version: Input: graph G, source s and target T. Output: is there a path in G from s to T. Game version (a. k. a. alternating reachability): Input: and-or graph G, source s and target T. Output: does the or-player have a strategy to reach T from s in G.
Example 1: Reachability classical version: Input: graph G, source s and target T. Output: is there a path in G from s to T. Game version (a. k. a. alternating reachability): Input: and-or graph G, source s and target T. Output: does the or-player have a strategy to reach T from s in G. determine the successor in -vertices
Example 1: Reachability classical version: Input: graph G, source s and target T. Output: is there a path in G from s to T. Game version (a. k. a. alternating reachability): Input: and-or graph G, source s and target T. Output: does the or-player have a strategy to reach T from s in G. determine the successor in -vertices Loosing strategy: the -player would loop.
Example 1: Reachability classical version: Input: graph G, source s and target T. Output: is there a path in G from s to T. Game version (a. k. a. alternating reachability): Input: and-or graph G, source s and target T. Output: does the or-player have a strategy to reach T from s in G. determine the successor in -vertices Winning strategy: T is reached.
Example 1: Reachability classical version: Input: graph G, source s and target T. Output: is there a path in G from s to T. Game version (a. k. a. alternating reachability): Input: and-or graph G, source s and target T. Output: does the or-player have a strategy to reach T from s in G. Complexity: classical version: NLOGSPACE-complete. Game version: PTIME-complete. - Backward reachability - Alternation… [Chandra, Kozen, Stockmeyer 81]
Example 1. 5: shortest path…
Example 2: Min/Max spanning tree Classical version: Input: weighted graph G Output: min/max spanning tree Game version: [Hefetz, Lellouche, Kupferman, Vardi] Two players, alternate moves. MAX: aims at maximizing the weight of the spanning tree. MIN: aims at minimizing the weight of the spanning tree. Strategies for MAX and MIN: , : forests edges valmax(G) = max min outcome( , ) The heaviest tree that MAX can guarantee
Example 2: Min/Max spanning tree Designing optimal strategies. Classical (one player) version: greedy strategy works. Game version: does a greedy strategy work? 1 1000 999 1
Example 2: Min/Max spanning tree Designing optimal strategies. Classical (one player) version: greedy strategy works. Game version: does a greedy strategy work? Greedy: 1 1000 999 1 3002
Example 2: Min/Max spanning tree Designing optimal strategies. Classical (one player) version: greedy strategy works. Game version: does a greedy strategy work? Optimal: 1000 999 1 4000 Same as Max ST (max spanning tree)…
Example 2: Min/Max spanning tree Theorem: The greedy strategy 2 -approximates Max. ST. Proof: (1) value of the greedy strategy Max. ST 2 Since the greedy strategy chooses at least half of the (heaviest) edges in the Max. ST. (2) May collect only Max. ST 2 1 1 0
Example 2: Min/Max spanning tree Theorem: The greedy strategy 2 -approximates Max. ST. Proof: (1) value of the greedy strategy Max. ST 2 Since the greedy strategy chooses at least half of the (heaviest) edges in the Max. ST. (2) May collect only Max. ST=2 Max. ST 2 1 1 0
Example 2: Min/Max spanning tree Theorem: The greedy strategy 2 -approximates Max. ST. Proof: (1) value of the greedy strategy Max. ST 2 Since the greedy strategy chooses at least half of the (heaviest) edges in the Max. ST. (2) May collect only Max. ST 2 Max. ST=2 1 1 Greedy = 1 In fact, valmax(G)=1 0
Example 2: Min/Max spanning tree Theorem: The greedy strategy 2 -approximates Max. ST. Proof: (1) value of the greedy strategy Max. ST 2 Since the greedy strategy chooses at least half of the (heaviest) edges in the Max. ST. (2) May collect only A nicer example: Max. ST=2+ Gready = 1+ valmax(G)=2+ Max. ST 2 A nicer question… 1 1+ 0
Example 2: Min/Max spanning tree Theorem: The greedy strategy 2 -approximates Max. ST. Proof: (1) value of the greedy strategy Max. ST 2 Since the greedy strategy chooses at least half of the (heaviest) edges in the Max. ST. (2) May collect only Max. ST 2 A nicer question… A nicer example: How well does the greedy strategy perform with respect to an optimal one?
Example 2: Min/Max spanning tree Theorem: The greedy strategy 1. 5+o(1)-approximates an optimal strategy. After normalizing weights to be in [0, 1] Proof: Bounding the extra weight that MAX can gain by deviating from the greedy strategy. There is a strategy for MIN, such that for every strategy for MAX, we have outcome( , ) 1 1. 5 + Max. ST value of the greedy
Example 2: Min/Max spanning tree More: - Richer scheduling (not turn-based, concurrent, scheduler as a player…). - Asymptotic behavior of the greedy algorithm on random graphs (uniformly distributed weights in [0, 1]). Motivation: Advice #3: Fun is a great motivation. - Hmmmm. - Alternating matroids. - Alternating matching, knapsak, vertex cover, …
Example 3: Maximal flow 1 u 2 1 1 s 1 t v 1
Example 3: Maximal flow 0/1 u 1/2 s 1/1 0/1 t v 1/1 maxflow=2
Example 3: Maximal flow 0/1 u 2/2 s 0/1 1/1 t v 1/1 maxflow=2
Flow Games Sinks [Kupferman, Vardi 17] Vertices controlled by a hostile environment 1 u 2 1 1 s 1 t v 1
Example 3: Maximal flow 1 u 2/2 s 0/1 1 1 t v 1
Example 3: Maximal flow 1/1 u 2/2 s 0/1 1/1 0/1 t v 1
Example 3: Maximal flow 1/1 u 2/2 s 0/1 1/1 0/1 t v 0/1 flow=1
Example 3: Maximal flow 1 u 2/2 s 1/1 1 1 t v 1
Example 3: Maximal flow 1/1 u 2/2 s 1/1 0/1 1/1 t v 1/1 flow=1
Flow games 1/1 2/2 s u 0/1 t 1/1 v 1/1 Eu: edges that leave u such that fs(e) c(e) for every edge e Es,
A strategy for MAX: policies for all ○-vertices A strategy for MIN: policies for all ☐-vertices Eu: edges that enter u value(G) = max min outcome( , ) The game: 1. MAX comes and fix her valves. 2. MIN comes and fix her valves.
Example (with a moral): 1/ 1 s 2/2 u 0/ 1 1/1 v 0 t 0/ 1 v 2 0/ 1 Let’s find an optimal strategy for MAX. How to direct a flow of 1 that enters v 0? Up to v 1? The outcome is 1…
Example (with a moral): 0/ 1 s 2/2 u 1/ 1 0/1 1/1 v 1 0/1 v 0 t 1/ 1 v 2 1/ 1 Let’s find an optimal strategy for MAX. How to direct a flow of 1 that enters v 0? Down to v 2? The outcome is 1…
Example (with a moral): 0/ 1 s 2/2 u 1/ 1 ½/1 1/1 v 1 ½/1 v 0 t ½/ 1 v 2 1/ 1 Let’s find an optimal strategy for MAX. How to direct a flow of 1 that enters v 0? Partition between v 2 and v 2? Moral: non-integral flow is better! The outcome is 1½.
Flow Games, results: Properties: Non-integral strategies are better! Complexity: Finding value(G) is 2 P-complete. For integral strategies. Non-integral: ? ? ? Open: How much do we lose working with integrals? Special cases: The unfortunate-flow problem. Multi-player, multi-target setting. Labeled version.
To sum up: - Formal verification: Graphs with a rich structure. - What happens to classical graph algorithms when applied to rich graphs? - Labeled: shortest-path, max flow, Eulerian path. - Games: spanning tree, max flow. - More to take from formal verification: abstraction, timed graphs, symbolic methods, …
- Slides: 67