Controlling a population of identical MDP

(1)

Controlling a population of identical MDP

Nathalie Bertrand

Inria Rennes

ongoing work with Miheer Dewaskar (CMI), Blaise Genest (IRISA) and Hugo Gimbert (LaBRI)

Trends and Challenges in Quantitative Verification

(2)

Motivation

Control of gene expression for a population of cells

credits: G. Batt

I cell population

I gene expression monitored through fluorescence level

I drug injections affect all cells

I response varies from cell to cell

I obtain a large proportion of cells with desired gene expression level

I arbitrary nb of components

I full observation

I uniform control

I MDP model for single cell

I global quantitative reachability objective

(3)

Motivation

credits: G. Batt

I cell population

I obtain a large proportion of cells

I full observation

I uniform control

(4)

Motivation

credits: G. Batt

I cell population

I obtain a large proportion of cells with desired gene expression level

I full observation

I uniform control

(5)

Markov decision processes

F a,1/2

a,1/2 b

b a b

a,b I non-deterministic actions: {a,b}

I prob. distribution over successors

Schedulerσ:S⁺→Σresolves non-determinism induces Markov chain with probability measurePσ

Theorem: reachability checking for MDP The following problems are in PTIME

∃σ, P^σ(3F) =1? ∃σ, P^σ(3F)> .7? compute maxσP^σ(3F).

(6)

Markov decision processes

F a,1/2

a,1/2 b

b a b

(7)

Markov decision processes

F a,1/2

a,1/2 b

b a b

(8)

Markov decision processes

F a,1/2

a,1/2 b

b a b

(9)

Markov decision processes

a,1/2

a,1/2 b

b a b

(10)

Markov decision processes

a,1/2

a,1/2 b

b a b

(11)

Markov decision processes

a,1/2

a,1/2 b

b a b

(12)

Back to our motivating application

credits: G. Batt

I full observation

I uniform control

(13)

Modelling

I population ofN identical MDP M

I uniform control policy under full observation

F a,1/2

a,1/2 b

a

b a

b

a,b

a,1/4

a,1/2

a,1/2 b

a

b a

b

a,b

Verification questiondoes themaximum probabilitythat agiven proportion of MDPsreach a target set of statesmeet a threshold? FixedN: build the product MDPM^N, identify global target states, compute optimal scheduler

(14)

Modelling

F a,1/2

a,1/2 b

a

b a

b

a,b

a,1/4

a,1/2

a,1/2 b

a

b a

b

a,b

(15)

Modelling

F a,1/2

a,1/2 b

a

b a

b

a,b

a,1/4

a,1/2

a,1/2 b

a

b a

b

a,b

(16)

Modelling

F a,1/2

a,1/2 b

a

b a

b

a,b

a,1/4

a,1/2

a,1/2 b

a

b a

b

a,b

Verification questiondoes themaximum probabilitythat agiven proportion of MDPsreach a target set of statesmeet a threshold?

FixedN: build the product MDPM^N, identify global target states, compute optimal scheduler

(17)

Modelling

F a,1/2

a,1/2 b

a

b a

b

a,b

a,1/4

a,1/2

a,1/2 b

a

b a

b

a,b

FixedN: build the product MDPM^N, identify global target states, compute optimal scheduler

(18)

Parameterized verification

ParameterN: check the global objective for all population sizesN

∀N max

σ Pσ(M^N |=3at least 80% of MDPs inF)≥.7?

Restricted cases

I qualitative: almost-sureconvergence

∀Nmax

σ Pσ(M^N |=3F^N)=1?

I Boolean: sureconvergence

∀N ∃σ, M^N |=∀σ3F^N?

(19)

Parameterized verification

∀N max

∀Nmax

σ Pσ(M^N |=3F^N)=1?

∀N ∃σ, M^N |=∀σ3F^N?

(20)

Parameterized verification

∀N max

∀Nmax

σ Pσ(M^N |=3F^N)=1?

∀N ∃σ, M^N |=∀σ3F^N?

(21)

This talk

Problem setting

I Booleanparameterized verification questions

I uniform control for population ofNFA≡2-player turn-based game

I controller chooses the action (e.g. a)

I opponent chooses how to move each individual copy (a-transition)

I convergenceobjective: all copies in a target setF ⊆Q

∀N ∃σ, M^N |=∀σ3F^N?

∀N ∃σ, ∀τ, (M^N,σ, τ)|=3F^N?

Questions addressed

I decidability

I memory requirements for controllerσ

I admissible values forN

(22)

This talk

Problem setting

I Booleanparameterized verification questions

I uniform control for population ofNFA≡2-player turn-based game

I controller chooses the action (e.g. a)

I opponent chooses how to move each individual copy (a-transition)

I convergenceobjective: all copies in a target setF ⊆Q

∀N ∃σ, M^N |=∀σ3F^N?

∀N ∃σ, ∀τ, (M^N,σ, τ)|=3F^N?

Questions addressed

I decidability

I memory requirements for controllerσ

I admissible values forN

(23)

Monotonicity property

a

a b

a

b a

b

a,b

∀N ∃σ, M^N |=∀σ3F^N?

Monotonicity: harder whenNgrows

∃σ, M^N |=∀_σ3F^N =⇒ ∀M≤N, ∃σ, M^M |=∀_σ3F^M

Cutoff: smallest N for which there is no admissible controllerσ

(24)

Monotonicity property

a

a b

a

b a

b

a,b

∀N ∃σ, M^N |=∀σ3F^N?

∃σ, M^N |=∀_σ3F^N =⇒ ∀M≤N, ∃σ, M^M |=∀_σ3F^M

(25)

Monotonicity property

a

a b

a

b a

b

a,b

∀N ∃σ, M^N |=∀σ3F^N?

∃σ, M^N |=∀_σ3F^N =⇒ ∀M≤N, ∃σ, M^M |=∀_σ3F^M

(26)

A first example and a first question

F a

a b

a

b a

b

a,b

∀N, ∃σ, M^N|=∀σ3F^N

σ(k,0,0, ?) =a σ(0,k_u,k_d, ?) =a σ(0,0,k_d, ?) =b

memoryless support-based controllers suffice on this example

Question 1Are memoryless support-based controllers enough in general?

(27)

A first example and a first question

F a

a b

a

b a

b

a,b

∀N, ∃σ, M^N|=∀σ3F^N

σ(k,0,0, ?) =a σ(0,k_u,k_d, ?) =a σ(0,0,k_d, ?) =b

memoryless support-based controllers suffice on this example Question 1Are memoryless support-based controllers enough in general?

(28)

A second example and a second question

A={a1,· · ·,aM} unspecified edges lead to a sink state

q₁

...

q_M

F b

b b

A\a₁

A\aM

b

A∪{b}

∀N<M, ∃σ, M^N |=∀σ3F^N

Cutoffmin{N|∀σ, M^N 6|=∀σ3F^N} hereO(|M|) Question 2Are cutoffs always polynomial in|M|?

(29)

A second example and a second question

q₁

...

q_M

F b

b b

A\a₁

A\aM

b

A∪{b}

∀N<M, ∃σ, M^N |=∀σ3F^N

Cutoffmin{N|∀σ, M^N 6|=∀_σ3F^N} hereO(|M|)

Question 2Are cutoffs always polynomial in|M|?

(30)

A second example and a second question

q₁

...

q_M

F b

b b

A\a₁

A\aM

b

A∪{b}

∀N<M, ∃σ, M^N |=∀σ3F^N

Cutoffmin{N|∀σ, M^N 6|=∀_σ3F^N} hereO(|M|) Question 2Are cutoffs always polynomial in|M|?

(31)

A first answer

a a

a a b

b b

Assumption: if at least one state is empty, the controller ensures convergence

gadget similar to previous example with actions{a1,· · ·,a4}

Possible controllers

I alwaysa: deterministic behaviour, full support is maintained

I alwaysb: splitting the copies in third state allows opponent to win

I aandbin alternation: leak from first/second states to third

Memoryless support-based controllers are not enough! Exponential memory on top of support may even be needed.

(32)

A first answer

a a

a a b

b b

I aandbin alternation: leak from first/second states to third

(33)

A first answer

a a

a a b

b b

I aandb in alternation: leak from first/second states to third

(34)

A first answer

a a

a a b

b b

(35)

A first answer

a a

a a b

b b

Memoryless support-based controllers are not enough!

(36)

A second answer

F

··· 2M bottom states (here 6) a

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

accumulate copies in bottom states, thenu/d to converge

I forN>2^M controller cannot avoid reaching the sink state

CutoffO(2^|M|)

Cutoff can even be doubly exponential!

(37)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(38)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(39)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(40)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(41)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(42)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(43)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(44)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|)

(45)

A second answer

F

a b

u

d d

u c

b c

a,b,c

u,d u,d u,d a,b,c

I ∀N≤2^M, ∃σ, M^N|=∀σ3F^N

CutoffO(2^|M|) Cutoff can even be doubly exponential!

(46)

Lessons learnt so far

Boolean problem is harder than expected

I supports are not enough

I doubly exponential lower bound on cutoffs

somehow prevents from building the product MDP

I the more copies the harder, the larger support the harder

I looking at whether supports can be maintained seems promising

(47)

Lessons learnt so far

(48)

Lessons learnt so far

(49)

Support game

1 2 3 4

a a

a a b

b b

2-player game on possible supports

I 2 Eve chooses action

I 3Adam chooses transfer relation

1,2,3,4

1,3,4 1,2,3

a b

simple winning condition for Eve: reach{F}

→sufficient condition, not sound in general

(50)

Support game

1 2 3 4

a a

a a b

b b

1,2,3,4

1,3,4 1,2,3

a b

(51)

Support game

1 2 3 4

a a

a a b

b b

1,2,3,4

1,3,4 1,2,3

a b

(52)

Refined winning condition

Intuition: allow Eve to monitor some copies and pinpoint leaks

→along a play only finitely many leaks are possible

Playρ=S₀−→^a¹ −→^R¹ S₁· · · winning for Eveif there exists(T_i)_i∈_N s.t. (1) ∀i, ∅ 6=Ti⊆Si

(2) ∀i, Pre[Ri+1](Ti+1)⊆Ti

(3) ∃^∞j, T_j+1(Post[R_j+1](T_j)

1,2,3,4

a b

S_i

S_i+1

S_i+2 b

a

w w w

Eve wins support game with refined winning condition iff

∀N controller has a strategy to reachwinning supports

(53)

Refined winning condition

Playρ=S₀−→^a¹ −→^R¹ S₁· · · winning for Eveif there exists(T_i)_i∈_N s.t.

(1) ∀i, ∅ 6=Ti⊆Si

(2) ∀i, Pre[Ri+1](Ti+1)⊆Ti

(3) ∃^∞j, T_j+1(Post[R_j+1](T_j)

1,2,3,4

a b

S_i

S_i+1

S_i+2 b

a

w w w

(54)

Refined winning condition

Playρ=S₀−→^a¹ −→^R¹ S₁· · · winning for Eveif there exists(T_i)_i∈_N s.t.

(1) ∀i, ∅ 6=Ti⊆Si

(2) ∀i, Pre[Ri+1](Ti+1)⊆Ti

(3) ∃^∞j, T_j+1(Post[R_j+1](T_j)

1,2,3,4

a b

S_i

S_i+1

S_i+2 b

a

w w w

(55)

Solving support game w. refined winning condition

Transformation into 2-player partial observation game with B¨uchi winning condition

I exponential blowup of game arena

states(S,T)for all possibleT ⊆S

I Adam shall not observe the subsets monitored by Eve

he only observesS-component of state (S,T)

Theorem: Decidability and complexity(still to be checked) Boolean parameterized convergence is decidable in 3EXPTIME. Cutoff is at most triply exponential in|M|.

Theorem: (far from matching)Lower-bounds

PSPACE-hardness for Boolean parameterized convergence. Doubly exponential lower-bound on the cutoff.

(56)

Solving support game w. refined winning condition

he only observesS-component of state (S,T) Theorem: Decidability and complexity(still to be checked)

Boolean parameterized convergence is decidable in 3EXPTIME.

Cutoff is at most triply exponential in|M|.

PSPACE-hardness for Boolean parameterized convergence. Doubly exponential lower-bound on the cutoff.

(57)

Solving support game w. refined winning condition

he only observesS-component of state (S,T) Theorem: Decidability and complexity(still to be checked)

Boolean parameterized convergence is decidable in 3EXPTIME.

Cutoff is at most triply exponential in|M|.

PSPACE-hardness for Boolean parameterized convergence.

Doubly exponential lower-bound on the cutoff.

(58)

Contributions

Uniform control of a population of identical MDP

I parameterized verification problem

I Boolean convergence: bring all MDP at the same time in F

I surprisingly quite involved!

I beyond support-based optimal controllers

I 3EXPTIME-decision procedure

I cutoff between doubly exponential and triply exponential

(59)

Back to motivations

Motivation 1: practical motivation

credits: G. Batt

I need for truely probabilistic model

→MDP instead of NFA

I need for truely quantitative questions

→proportions and probabilities instead of convergence and (almost)-sure

∀N max

(60)

Back to motivations

Motivation 1: practical motivation

credits: G. Batt

I need for truely probabilistic model

→MDP instead of NFA

I need for truely quantitative questions

→proportions and probabilities instead of convergence and (almost)-sure

∀N max

σ P^σ(M^N |=3at least 80% of MDPs inF)≥.7?

(61)

Back to motivations

Motivation 2: theoretical motivation

Discrete approximation of probabilistic automata

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

Arguable: optimal reachability probability not continuous whenN→ ∞

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

I In the PA, the maximum probability to reachF is.5.

Good news? hope for alternativemore decidablesemantics for PA

(62)

Back to motivations

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

(63)

Back to motivations

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

(64)

Back to motivations

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

(65)

Back to motivations

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

(66)

Back to motivations

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

(67)

Back to motivations

a,1/2

b

a,1/2 a

a,1/2

b

a,1/2 a

F a,1/2

a,1/2

b u

d d

b u

a,b

I ∀N,∃σ, Pσ(3F^N) =1.

(68)

Controlling a population of identical MDP