1 / 54

Probabilistic Verification of Discrete Event Systems

Probabilistic Verification of Discrete Event Systems. Håkan L. S. Younes. Introduction. Verify properties of discrete event systems Probabilistic and real-time properties Properties expressed using CSL Acceptance sampling Guaranteed error bounds. “The Hungry Stork”. “The Hungry Stork”.

barny
Download Presentation

Probabilistic Verification of Discrete Event Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes

  2. Introduction • Verify properties of discrete event systems • Probabilistic and real-time properties • Properties expressed using CSL • Acceptance sampling • Guaranteed error bounds

  3. “The Hungry Stork”

  4. “The Hungry Stork” System “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

  5. Systems • A stork hunting for frogs • The CMU post office • The Swedish telephone system • The solar system

  6. Discrete Event Systems • Discrete state changes at the occurrence of events • A stork hunting for frogs • The CMU post office • The Swedish telephone system • The solar system

  7. “The Hungry Stork” as aDiscrete Event System hungry

  8. “The Hungry Stork” as aDiscrete Event System stork sees frog hungry hungry,hunting 40 sec

  9. “The Hungry Stork” as aDiscrete Event System stork sees frog frog sees stork hungry hungry,hunting hungry,hunting,seen 40 sec 19 sec

  10. “The Hungry Stork” as aDiscrete Event System stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 1 sec

  11. Sample Execution Paths stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 1 sec

  12. Properties of Interest • Probabilistic real-time properties • “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

  13. Properties of Interest • Probabilisticreal-time properties • “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

  14. + + ≤ 180 sec Verifying Real-time Properties • “The stork satisfies its hunger within 180 seconds” stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 1 sec True!

  15. + > 180 sec Verifying Real-time Properties • “The stork satisfies its hunger within 180 seconds” stork sees frog Stork eats frog hungry hungry,hunting not hungry 165 sec 30 sec False!

  16. Verifying Probabilistic Properties • “The probability is at least 0.7 that X” • Symbolic Methods • Pro: Exact solution • Con: Works for a restricted class of systems • Sampling • Pro: Works for all systems that can be simulated • Con: Uncertainty in correctness of solution

  17. Our Approach • Use simulation to generate sample execution paths • Use sequential acceptance sampling to verify probabilistic properties

  18. Error Bounds • Probability of false negative: ≤ • We say that P is false when it is true • Probability of false positive: ≤ • We say that P is true when it is false

  19. Acceptance Sampling • Hypothesis: “The probability is at least  that X”

  20. Acceptance Sampling • Hypothesis: Pr≥(X)

  21. True, false,or anothersample? SequentialAcceptance Sampling • Hypothesis: Pr≥(X)

  22. 1 –  Probability of acceptingPr≥(X) as true   Actual probability of X holding Performance of Test

  23. 1 –  False negatives Probability of acceptingPr≥(X) as true   False positives Actual probability of X holding Ideal Performance

  24. 1 –  False negatives Probability of acceptingPr≥(X) as true Indifference region   –    +  False positives Actual probability of X holding Actual Performance

  25. Number ofpositive samples Number of samples Graphical Representation of Sequential Test

  26. Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test • We can find an acceptance line and a rejection line given , , , and 

  27. Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test • Reject hypothesis

  28. Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test • Accept hypothesis

  29. Continuous Stochastic Logic (CSL) • State formulas • Truth value is determined in a single state • Path formulas • Truth value is determined over an execution path

  30. State Formulas • Standard logic operators: ¬, 1  2 … • Probabilistic operator: Pr≥() • True iff probability is at least  that  holds • Pr≥0.7(“The stork satisfies its hunger within 180 seconds”)

  31. Path Formulas • Until: 1 U≤t2 • Holds iff 2 becomes true in some state along the execution path before time t, and 1 is true in all prior states • “The stork satisfies its hunger within 180 seconds”: true U≤180 ¬hungry

  32. Expressing Properties in CSL • “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds” • Pr≥0.7(true U≤180 ¬hungry) • “The probability is at least 0.9 that the customer is served within 60 seconds and remains happy while waiting” • Pr≥0.9(happy U≤60 served)

  33. + + ≤ 180 sec Semantics of Until • true U≤180 ¬hungry hungry hungry,hunting hungry,hunting,seen ¬hungry 40 sec 19 sec 1 sec True!

  34. + > 180 sec Semantics of Until • true U≤180 ¬hungry hungry hungry,hunting ¬hungry 165 sec 30 sec False!

  35. + + ≤ 60 sec Semantics of Until • happy U≤60 served happy,¬served ¬happy,¬served happy,¬served served 17 sec 13 sec 5 sec False!

  36. Verifying Probabilistic Statements • Verify Pr≥() with error bounds  and  • Generate sample execution paths using simulation • Verify  over each sample execution path • If  is true, then we have a positive sample • If  is false, then we have a negative sample • Use sequential acceptance sampling to test the hypothesis Pr≥()

  37. Verification of Nested Probabilistic Statements • Suppose , in Pr≥(), contains probabilistic statements • Pr≥0.8(true U≤60 Pr≥0.9(true U≤30 ¬hungry)) • Error bounds ’ and ’ when verifying 

  38. True, false,or anothersample? Verification of Nested Probabilistic Statements • Suppose , in Pr≥(), contains probabilistic statements

  39. Accept With ’ and ’ = 0 Number ofpositive samples Continue sampling Reject Number of samples Modified Test • Find an acceptance line and a rejection line given , , , , ’, and ’:

  40. With ’ and ’ > 0 Number ofpositive samples Number of samples Modified Test • Find an acceptance line and a rejection line given , , , , ’, and ’: Accept Continue sampling Reject

  41. Verification of Negation • To verify ¬ with error bounds  and  • Verify  with error bounds  and 

  42. Verification of Conjunction • Verify 12  … n with error bounds  and  • Accept if all conjuncts are true • Reject if some conjunct is false

  43. Acceptance of Conjunction • Accept if all conjuncts are true • Accept all i with bounds i and i • Probability at most i that i is false • Therefore: Probability at most 1 + … + n that conjunction is false • For example, choose i = /n • Note:i unconstrained

  44. Rejection of Conjunction • Reject if some conjunct is false • Reject some i with boundsi and i • Probability at most i that i is true • Therefore: Probability at most i that conjunction is true • Choose i =  • Note:i unconstrained

  45. Putting it Together • To verify 12  … n with error bounds  and  • Verify each i with error bounds  and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds  and /n • Return true iff all i are verified to be true “Fast reject”

  46. Putting it Together • To verify 12  … n with error bounds  and  • Verify each i with error bounds  and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds  and /n • Return true iff all i are verified to be true “Rigorous accept”

  47. Verification of Path Formulas • To verify 1 U≤t2 with error bounds  and  • Convert to disjunction • 1 U≤t2 holds if 2 holds in the first state, or if 2 holds in the second state and 1holds in all prior states, or …

  48. More on Verifying Until • Given 1 U≤t2, let n be the index of the first state more than t time units away from the current state • Disjunction of n conjunctions c1 through cn, each of size i • Simplifies if 1 or 2, or both, do not contain any probabilistic statements

  49. 15 10 Positive samples 5 15 5 10 Number of samples Example hungry • Verify Pr≥0.7(true U≤180 ¬hungry) inwith  =  = 0.1 and  = 0.1 Simulator

  50. 15 storksees frog 10 Positive samples frogsees stork 5 storkeats frog 15 5 10 Number of samples Example hungry • Verify Pr≥0.7(true U≤180 ¬hungry) inwith  =  = 0.1 and  = 0.1 hungry 40 hungry, hunting 19 hungry, hunting, seen 1 ¬hungry Total time: 40 sec Total time: 0 sec Total time: 59 sec Total time: 60 sec

More Related