Approximate Simulations for Task-Structured Probabilistic I/O Automata

Probabilistic Automata and Logics (PAuL) 2006Probabilistic Automata and Logics (PAuL) 2006

Approximate Simulations for Task-Approximate Simulations for Task-Structured Probabilistic I/O AutomataStructured Probabilistic I/O Automata

Sayan Mitra and Nancy LynchSayan Mitra and Nancy Lynch

CSAIL, MITCSAIL, MIT

MIT, Computer Sc. and AI Lab

Probabilistic Automata and Logics (PAuL) 2006Probabilistic Automata and Logics (PAuL) 2006Sayan Mitra

Implementation

Implementation or simulation is a fundamental notion in concurrency theory

“traces” or observable behavior, e.g. sequence of events, timing of events, probabilities

A implements B if traces(A) traces(B) A is equivalent to B if they implement each

other, i.e., traces(A) = traces(B)



Fragility

waitd(x) = 1

x ≤ a

stopd(x) = 0

Jump

x = a

waitd(x) = 1x ≤ a + ε

stopd(x) = 0

Jump

x = a + ε



Unequal, but similar

A metric d on the space T of traces of A (and B) (T,d) is a metric space A approximately implements B if the one-sided Hausdorff

distance from traces(A) to traces(B) is small.

A is approximately equivalent to B if the Hausdorff distance from traces(A) to traces(B) is small.

traces(A) traces(B)

traces(B)



Previously

Metric-based approximate simulations and bisimultions PIOA [Jou and Smolka 1990] Labelled Markov Processes [Desharnais, et. al.

2004] [Breugel, Mislove 2003] Hybrid Systems [Girard, Julius, Pappas 2005] GSMP [Gupta, Jagadeesan, Panagaden 2004] Linear stochastic hybrid automata [Julius 2006]



Outline

Background

Task PIOA vocabulary

Definitions: metrics and simulations

Soundness (sketch)

Discussions Generalization

Applications

Future directions



Task PIOA

A = (Q,v,A,D,R) [Canetti, et. al. 2006] Countable set of states Q Initial distribution on states v Countable set of actions A = I O H

If I = then A is closed O H set of locally controlled actions

Set of (q,a,µ) transitions D An equivalence R relation on locally controlled actions

Each equivalence class of R is a task

Input enabled: for every state q and input action a, there exists (q,a,µ) Transition deterministic: for every state q and action a, there is at most one (q,a,µ) Action deterministic: for every state q and task T, there is at most one a in T enabled

at q

Nondeterministic choice over tasks.



Task PIOA Vocabulary

Execution fragment α = q0a1q1a2… α is an execution if q0 in supp(v) trace(α) is obtained by deleting all q’s and the a’s in H.

trace is a measurable function Scheduler for resolving nondeterminism

In general a scheduler is a mapping from execution fragments to (sub-) distributions over transitions

Task scheduler σ is a sequence of tasks T1 T2 T3… apply(µ,σ) gives a probability distribution over fragments (sigma

algebra generated by cones of fragments) tdist(µ) is the corresponding measure on traces tdists(A) = {tdist(apply(v, σ)): σ is a task scheduler for A}



Example: Consensus protocol



Previously in PIOA: Exact implementations

Exact implementation for task-PIOAs tdists(A1) tdists(A2) Exact simulation relation A1 and A2 are comparable, closed task-PIOAs.

Let R Disc(Execs*(A1)) × Disc(Execs*(A1)). R is a simulation relation if: µ1R µ2 implies tdist(µ1) = tdist(µ2) v1Rv2 If µ1R µ2, there exists a function c:R1

* × R1 R2* such that for any task T

of A1 and any schedule σ of A1 if µ1 is consistent σ and µ2 is consistent with the sequence of tasks corresponding to σ then apply(µ1,T) E(R) apply(µ1,c(σ,T)).

E(R) is defined using lifting and flattening Needed for simulation proofs in the verification of OT protocol [Canetti, et. al. 2006]



Approximate implementations

Uniform metric on traces

A1 δ-implements A2 if for every µ1 there is a µ2 with

du(µ1,µ2) ≤ δ

This implies for every µ1 of A1 there exists µ2 of A2

with

|)()(|),( 2121 sup CCTracesFC

u

d

|)()(| 21 CC FC Traces



Chains and limits

µ1 ≤ µ2 if for every finite trace ß µ1(Cβ) ≤µ2(Cβ)

µ1 ≤ µ2 ≤ µ3 …≤ µn is a chain

µ(Cβ) := Ltn∞ µn(Cβ) limit of a chain

µ can be uniquely extended to a probability measure on the σ-algebra generated by the cones of finite traces

Lemma 1: If µ = Ltn∞ µn then tdist(µ) = Ltn∞ tdist(µn).

Lemma 2: If µ1i µ1 and µ2i µ2 then du(µ1i,,µ2i) du(µ1,,µ2).



Approximate simulation, roughly

A function on pairs of distributions over execution fragments is an (ε, δ)-approximate simulation function if:

))tdist(),(tdist( implies ),( : Trace

),( implies ),( : Step

),( :Start

2121

2121

21

ud



Given

Phi and Phi Hat

}{),( 0 YX

yxyx

y

xyx

YXD

),(),( maxmin)supp(y)(x,

][][

)(11

1

1

EE

yxyxyyxyxyxx

yx

YXD yx

,1

,1

)supp(yx,

11

),( and ),(

),(

such that

)(),(ˆ

max

witnessing distribution



Expansion

),( yx

),( 11 yx

x

y

),( yx

11 , yx Witnessing joint distribution is the dirac mass at x1,y1

),( 11 yx

),( 11 yx



),( yx

),( 11 yx

x

),( yx

x

y

),( yx

),( yx

y

Expansion



2. There exists a function c:R1* × R1 R2

* such that for any task T of A1

and any schedule σ of A1 if µ1 is consistent σ and µ2 is consistent with full(c)(σ) then

Approximate simulation

),(, ),(

),(, ),(

yxyx

yxyx

),( ),( yxyx

Weaker requirement in the definition of approximate simulation.

Stronger soundness theorem.

is an (ε, δ)-approximate simulation function from A1 to A2 if:

),( .1 21

))),(,apply(),,(apply( implies ),( 2121 TcT

))tdist(),(tdist( implies ),( 3. 2121 ud



2. There exists a function c:R1* × R1 R2

* such that for any task T of A1

and any schedule σ of A1 if µ1 is consistent σ and µ2 is consistent with full(c)(σ) then

Approximate simulation

),(, ),(

),(, ),(

yxyx

yxyx

),( ),( yxyx

Weaker requirement in the definition of approximate simulation.

Stronger soundness theorem.

is an (ε, δ)-approximate simulation function from A1 to A2 if:

),( .1 21

))),(,apply(),,(apply( implies ),( 2121 TcT

))tdist(),(tdist( implies ),( 3. 2121 ud



Key Lemmas

Lemma 3:

.))(),((then

))(),(( ),supp(, If

functions. vedistributi are )Disc(X)Disc(X:

. ess with witn),( },{)Disc(X)Disc(X:

2211

221121

ii

1111

ff

ff

fi

.))(),((for joint g witnessin thebe let ),supp(,each For 2211,21 1 ff

),( : ' Define21

21

,21)supp(,

i21,

),(' )( :Show21

iif ),( ),'supp(, and 2121



Key Lemmas

Lemma 4:

Lemma 1: If µ = Ltn∞ µn then tdist(µ) = Ltn∞ tdist(µn).

Lemma 2: If µ1i µ1 and µ2i µ2 then du(µ1i,,µ2i) du(µ1,,µ2).

))tdist(),(tdist( implies ),( 2121 ud



Soundness

Theorem: Let A1 and A2 be two closed comparable task-PIOAs. If there exists an (ε, δ)-approximate simulation function from A1 to A2, then A1 δ-implements A2.

Construct a chain of distributions for A1 applying one task at a time. Construct the corresponding chain for A2.

Induction on the length of the chain Base case from start condition Induction step from Lemma 2

Show that f1 = apply( . ,Tj) is distributive and

Use Lemmas 2 & 4 for n∞

))(),(( )supp(, implies ess with witn),( 221121,2,1 ffjj



Probabilistic Safety

X be a random variable on (T, FT). If A1 is δ-equivalent to A2 and for every trace distribution µ2 of A2 , µ2[X=x] = p then µ1[X=x]≤ p + δ

Xu: T {0,1} defined as Xu(β) :=1 if some unsafe action U occurs in β. If A2 is safe with probability p then A1 is safe with probability at least p + δ



Task-PIOAs

An environment E for a task PIOA A is another task-PIOA such that E||A is closed

External behavior of A is a function mapping each environment E of A to the set of trace distributions of E||A

A1 δ-implements A2 if for every environment E, for every trace distribution µ1 in extbehA(E) there is a trace distribution µ2 in extbehA(E).

Suppose for every environment E, there exists a (εE, δ)-approximate simulation function from A1||E to A2||E, then A1 δ-implements A2.



Applications: Consensus protocol



Future directions

Applications: randomized consensus protocols, Approximate implementations and simulation relations

for task-PIOAs with continuous state spaces. Simulations as functions of distributions over states (as

opposed to distributions over fragments). Explore the possibility of automating simulation proofs

by solving optimization problems. See thesis

Documents

Approximate Simulations for Task-Structured Probabilistic I/O Automata