logique approchée michel de rougemont université paris ii vera: mdr/vera.htm correct: mdr/xml

Logique approchée

Michel de Rougemont

Université Paris II

VERA: http://www.lri.fr/~mdr/vera.htm

CORRECT: http://www.lri.fr/~mdr/xml/

1. Classical approximation for a function f:

• Knapsack

• Maxcut

2. Decision problem (boolean function)

Complexity and Approximation

: is farf(x)

1 then 1 If A(x)f(x)

1)]1).(()()1).(([Pr xfxAxfob

1]0 Prob[ then is If A(x)farf(x)

U'U ]0[ then if and ]0[ f(x))dist(U, U'f(x)

1. Satisfiability : Tree |= F

2. Approximate satisfiability

Tree |= F

Image on a class K of trees

Approximate satisfiability

F FF

F fromfar -

1. Kripke structure, Execution Tree, Specification F

Tree |= F

2. Approximate verification (LICS 2002)

Tree |= F is much easier than Tree |= F

3. XML data: (ICALP 2004)• Verify that a large XML file is valid.

(Satisfies a DTD).

• Estimate distance from a file to a DTD

• Rank documents on the Web

Approximate verification

VERA: Vérification approchée

1. Logique, Testeurs et Correcteurs• Testeurs et Correcteurs• Arbres réguliers

2. Abstraction probabiliste de programmes

• Bornes inférieures sur OBDDs et automates

• Abstraction en Model Checking

3. Mécanismes et Jeux • Calcul d’équilibre

Logique, testeurs, correcteurs

Un Testeur decide |= pour une formule F.

Un Correcteur prend une structure U proche de K en entrée et calcule U’ dans K, proche de U.

Problème: Une classe K définissable dans une logique L admet-elle un testeur et un correcteur?

Théorème. (Alon and al. FOCS2000) Les mots reguliers sont testables pour la distance d’Edition.

Généralisation aux arbres réguliers.

Application au test de fichiers XML et à la correction XML.

• Programme P

• Spécification F (X,Y)

• Structure de donnée OBDDO = O

• Problème : taille des structures explose

• Complexité en Communication montre des bornes inférieures exponentielles.

P F

Vérification par Modèle

• La spécification admet un testeurP (A) =1 ssi A est 3 coloriable

• Problème : comment appliquer le test à un programme?

A est 3-coloriable  est 3-coloriable

Testeurs et Vérification

P(A). Enumerate C:

While (x <= n){

While (y <= n){

If A(x,y) check C(x)=C(y)}}

• Define an abstraction

Abstraction probabiliste

)3,2,1( Dn

DnP(A). Enumerate C:

While (x <= m){

While (y <= m){

If A(x,y) check C(x)=C(y)}}

)3,2,1(

Peut-on trouver une abstraction?

• Toute propriété

Admet un testeur.

• Comment trouver une abstraction à partir d’un programme P?

• Difficulté algorithmique.

)),,(( zyxPzyx

Programmes probabilistes

? 5.0] [Pr pUqob

a

b

c

d

0

1 (0.6)1 (0.4)

a

ppp

p

q

Random sampling may approximate this probability. (Peyronnet’s thesis)

? 5.0] [Pr pUqobT

Protocoles et jeux

Mécanismes et Jeux

• Calcul d’équilibre• Comment vérifier qu’un programme

distribué atteindra un équilibre satisfaisant une propriété P?

• Agents interagissent selon un modèle économique.

• Véracité du protocole (Truthfulness)

• Nash est approximable (Lipton 2003)• Mécanismes de sécurité et de

régulation

Let K be a class of finite structures and

Examples:1. Words

– Edit distance– Edit distance with moves– Edit distance with moves, Cut, Paste

2. Trees

3. Graphs

Distances on structures

K of structureson distance a )Dist(U, U'

)U',UMax(nn

)Dist(U, U')dist(U, U' a if

)dist(U, U'Mindist(U, K) KU '

1. Classical Edit Distance:

Insertions, Deletions, Modifications

2. Edit Distance with moves

0111000011110011001

0111011110000011001

Edit distance on Words

Tree-Edit-Distance

a

e

b

c d

a

e

b

c

a

e

b

c

df

e

DeletionEdge

InsertionNode andLabel

Tree Edit distance with moves:

a

e

b

c d

a

e

b

c d

1 move

Binary trees : Distance with moves allows permutations

Tree-Edit-Distance on binary trees

Distance(T1,T2) =4 p-Distance (T1,T2) =2

1. Words • P algorithm• for small distances• Efficent algorithms for Edit Distance

with moves

2. Trees• P algorithm • NP complete, non-approximable for

Edit Distance with moves.• Efficient solution for small distances

Estimating distances

)( nO

CORRECT: XML files

XML file= Tree automaton (DTD) + Colored Tree

1. Test if a large file is « valid ».

Solution: O(1) !!

2. If the distance to a DTD is small, correct the file.

Solution O(n).

3. Rank the Web: For DTDs find the distances.

Solution: less than O(n)!!!

kMM ....1

XML

<?xml version="1.0"?><!DOCTYPE a [<!ELEMENT a (l,r)><!ELEMENT r ((l,r)|q ) ><!ELEMENT l (#PCDATA) ><!ELEMENT q (#PCDATA) >]>

<a><l></l><r><l></l><r><l></l> <r>><l></l> <r>….. <l></l> <r><q></q></r> </r> </r>….. </r></a>

XML corrector : http://www.lri.fr/~mdr/xml/

• (q0, q0) q1• (q0,q1) q1

Tree automata

q0 q0

q0

q0

q0

q0

q1

q1

q1

q1

q1

q0 q0

q0q1

q2

(q1,q1)q2

(q1,q0)q2

(q2,-) q2

(-,q2) q2)1,,0,( qqQA

Definition : a subtree t is feasible for L if there are subtrees (for its leaves) which reach states (q1...ql) such that the state of the root q=t(q1...ql) can reach an accepting state (in the automaton for L).

A subtree is infeasible if it is not feasible

Feasible and infeasible subtrees

feasible

infeasible

Fact . If then the number of unfeasible subtrees of length a is O(n).

Fact. If the distance is small, there are few infeasibles trees.

Intuition : make local corrections at the root of the infeasible trees

Infeasible subtrees

nLT .),(Distance

Phase 1 : (Bottom-up) Marking of * nodes, roots of infeasible subtrees.

Phase 2 : (Top-down) Recursive analysis of the * subtrees to make root accept.

Phase 3 : (Bottom –up) Local corrections

Structure of the correctorTree-Edit Distance

q0

q1

Structure of the corrector Tree-Edit Distance with moves

q0

q1

1 move

Phase 1 : bottom-up marking

Definitions: 1. A terminal *-node is the first sink node of a run2. A * subtree of a node v is the subtree whose root is v reaching leaves or *-node 3. A node v is a *-node if its state is a sink node when all possible reachable states replace the *-nodes of its *-subtree.4. Compute the size of the subtrees

**

Runs withall possible reachable states (q,q’) reach a sink.

*

O(n) procedure.

Phase 2 : top-down possible states

**

Let (q,q’) a possible choice at the top *-subtree.

Let q’’ a possible state for the *-node of the left *-subtree

Lemma 1: If Dist(T,L)<k, there are at most k *-nodes.

*

q1 q2

q’’ instead of *

Hypothesis : q1 in Ci q2 in Cj q’’ in Ck

Case a: P such that Ci < Ck and Cj < Ck

Find t1 and t2 as in case 1.a

General Correction

q1 q2

q’’

q q’

q’’

q1q2

t2t1

Case b,c : P such that Ci >Ck and Cj < Ck Find t2 and let Cp=inf(Ci,Ck). Cut the left

branch until Cp.

Case d: P such that Ci >Ck and Cj > Ck Let Cp=inf(Ci,Ck). Cut the left branch until Cp.

Let Cq=inf(Cj,Ck). Cut the right branch until Cq.

Case 2: b and c

q1 q2

q’’ q’

q’’

q2

t2

q1 q2

q’’ q’’

1. Tree-Edit Distance

Fact 1: finitely many insertionsFact 2: deletions unpredictableConsequences: no easy bound on the distance between T

and T’.

Correction up to a constant distance.

2. Tree-Edit Distance with moves.

Correction up to .Estimate the distance, although the problem is NP-

hard, non-approximable.

Analysis of the corrector

n.

Theorem: If Dist(T,L) <k, the general corrector finds T’ such that Dist(T,T’) <c.k.

Proof :

# *-nodes < k

Case 1: 0 *-node: easy correction

Case 2: at least 1 *-node. Looking at all possible k-variations will correct the errors in the *-subtree and diminish the *-nodes.

General result

Recall:

Which games characterize ?

Game 1: two players I and II.

Game 2: one player II against “nature” (player I)

Approximate structures

VUVU k and

if :Definition U',V'VU

' ' , , VU)dist(V, V')dist(U, U'

VU

Two players I and II on U, V

Phase 1: II choose U’, V’ at distance ε

Phase 2 : I and II play EF of order k on U’,V’

II wins if

Game 1

U

U’

V

V’

' ' VU k

Two players and nature on U, V

Phase 1: nature plays p points in U or V Phase 2 : II answers with p points in V

Phase 3 : I and II play EF(q)

II wins if

Game 2 (p,q)

U V

3/2)],..,( ),..,(Prob[ 11 qpqp vvVuuU

Game 1 Game 2 for p(k, ε), q(k, ε)

Comparisons of Games 1 and 2

3/1)],..,( ),..,(Prob[ 11 qpqpk vvVuuUVU

strategy. winninga has II iff VU k

If there is a FO (k) formula which distinguishes U and V, there is an automaton A which distinguishes U and V. A tester for A would distinguish U and V with high probability.

Let A an automaton which distinguishes U and V.

The tester accepts U and rejects V with high probability.

There is an admissible path Z for which some sample of length at most q is feasible for U and infeasible for V

In a game of order q, I would win with high probability.

Comparisons of Games 1 and 2

3/1] Prob[ winsIIVU k

Conclusion

• Vérifier exactement peut être trop difficile.

• Vérifier approximativement peut être réalisable.

1. Testeurs et Correcteurs

2. Vérification probabiliste de programmes.

• Abstraction probabiliste

• Vérification de programmes probabilistes

• Validité de fichiers XML

3. Vérification approchée d’équilibres de protocole.