1 / 34

Probabilistic Verification of Discrete Event Systems

Probabilistic Verification of Discrete Event Systems. Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001). Introduction. Goal : Verify temporal properties of general discrete event systems Probabilistic, real-time properties Expressed using CSL

nicola
Download Presentation

Probabilistic Verification of Discrete Event Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)

  2. Introduction • Goal: Verify temporal properties of general discrete event systems • Probabilistic, real-time properties • Expressed using CSL • Approach: Acceptance sampling • Guaranteed error bounds • Any-time properties Carnegie Mellon

  3. System “The Hungry Stork” “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds” Carnegie Mellon

  4. hungry “The Hungry Stork” as aDiscrete Event System Carnegie Mellon

  5. stork sees frog hungry hungry,hunting 40 sec “The Hungry Stork” as aDiscrete Event System Carnegie Mellon

  6. stork sees frog frog sees stork hungry hungry,hunting hungry,hunting,seen 40 sec 19 sec “The Hungry Stork” as aDiscrete Event System Carnegie Mellon

  7. “The Hungry Stork” as aDiscrete Event System stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 2 sec Carnegie Mellon

  8. “The Hungry Stork” as aDiscrete Event System stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 2 sec For this execution path, at least, the property holds… (total time < 180 sec) Carnegie Mellon

  9. Verifying Probabilistic Properties • Properties of the form: Pr≥(X) • Symbolic Methods + Exact solutions - Works for a restricted class of systems • Sampling + Works for all systems that can be simulated - Solutions not guaranteed Carnegie Mellon

  10. Our Approach: Acceptance Sampling • Use simulation to generate sample execution paths • Samples based on stochastic discrete event models • How many samples are “enough”? • Probability of false negatives ≤ • Probability of false positives ≤ Carnegie Mellon

  11. Performance of Test 1 –  Probability of acceptingPr≥(X) as true   Actual probability of X holding Carnegie Mellon

  12. False negatives False positives Ideal Performance 1 –  Probability of acceptingPr≥(X) as true   Actual probability of X holding Carnegie Mellon

  13. False negatives Indifference region  –   +  False positives Actual Performance 1 –  Probability of acceptingPr≥(X) as true   Actual probability of X holding Carnegie Mellon

  14. True, false,or anothersample? SequentialAcceptance Sampling • Hypothesis: Pr≥(X) Carnegie Mellon

  15. Number ofpositive samples Number of samples Graphical Representation of Sequential Test Carnegie Mellon

  16. Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test • We can find an acceptance line and a rejection line given , , , and  Carnegie Mellon

  17. Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test Carnegie Mellon

  18. Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test Carnegie Mellon

  19. Verifying Properties • Verify Pr≥() with error bounds  and  • Generate sample execution paths using simulation • Verify  over each sample execution path • If  is true, then we have a positive sample • If  is false, then we have a negative sample • Use sequential acceptance sampling to test the hypothesis Pr≥() • How to express probabilistic, real-time temporal properties as acceptance tests? Carnegie Mellon

  20. Continuous Stochastic Logic (CSL) • State formulas • Standard logic operators: ¬, 1  2 … • Probabilistic operator: Pr≥() • Path formulas • Time-bounded Until: 1 U≤t2 • Pr≥0.7(true U≤180 ¬hungry) • Pr≥0.9(Pr≤0.1(queue-full) U≤60 served) Carnegie Mellon

  21. Verification of Conjunction • Verify 12  … n with error bounds  and  • What error bounds to choose for the i’s? • Naïve: i = /n, i = /n • Accept if all conjuncts are true • Reject if some conjunct is false Carnegie Mellon

  22. “Fast reject” Verification of Conjunction • Verify 12  … n with error bounds  and  • Verify each i with error bounds  and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds  and /n • Return true iff all i are verified to be true Carnegie Mellon

  23. “Rigorous accept” Verification of Conjunction • Verify 12  … n with error bounds  and  • Verify each i with error bounds  and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds  and /n • Return true iff all i are verified to be true Carnegie Mellon

  24. Verification of Path Formulas • To verify 1 U≤t2 with error bounds  and  • Convert to disjunction • 1 U≤t2 holds if 2 holds in the first state, or if 2 holds in the second state and 1holds in all prior states, or … Carnegie Mellon

  25. More on Verifying Until • Given 1 U≤t2, let n be the index of the first state more than t time units away from the current state • Disjunction of n conjunctions c1 through cn, each of size i • Simplifies if 1 or 2, or both, do not contain any probabilistic statements Carnegie Mellon

  26. True, false,or anothersample? Verification of Nested Probabilistic Statements • Suppose , in Pr≥(), contains probabilistic statements Carnegie Mellon

  27. Verification of Nested Probabilistic Statements • Suppose , in Pr≥(), contains probabilistic statements • Pr≥0.9(Pr≤0.1(queue-full) U≤60 served) • How to specify the error bounds ’ and ’ when verifying ? Carnegie Mellon

  28. Accept With ’ and ’ = 0 Number ofpositive samples Continue sampling Reject Number of samples Modified Test • find an acceptance line and a rejection line given , , , , ’, and ’: Carnegie Mellon

  29. With ’ and ’ > 0 Number ofpositive samples Number of samples Modified Test • find an acceptance line and a rejection line given , , , , ’, and ’: Accept Continue sampling Reject Carnegie Mellon

  30. Performance =0.5 =0.7 =0.9 log Ep[n] p Carnegie Mellon

  31. Performance =0.005 =0.01 log Ep[n] =0.02 p Carnegie Mellon

  32. Performance ==0.001 ==0.01 log Ep[n] ==0.1 p Carnegie Mellon

  33. Summary • Algorithm for probabilistic verification of discrete event systems • Sample execution paths generated using simulation • Probabilistic properties verified using sequential acceptance sampling • Properties specified using CSL Carnegie Mellon

  34. Future Work • Apply to hybrid dynamic systems • Develop heuristics for formula ordering and parameter selection • Use verification to aid policy generation for real-time stochastic domains Carnegie Mellon

More Related