340 likes | 499 Views
Probabilistic Verification of Discrete Event Systems. Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001). Introduction. Goal : Verify temporal properties of general discrete event systems Probabilistic, real-time properties Expressed using CSL
E N D
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)
Introduction • Goal: Verify temporal properties of general discrete event systems • Probabilistic, real-time properties • Expressed using CSL • Approach: Acceptance sampling • Guaranteed error bounds • Any-time properties Carnegie Mellon
System “The Hungry Stork” “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds” Carnegie Mellon
hungry “The Hungry Stork” as aDiscrete Event System Carnegie Mellon
stork sees frog hungry hungry,hunting 40 sec “The Hungry Stork” as aDiscrete Event System Carnegie Mellon
stork sees frog frog sees stork hungry hungry,hunting hungry,hunting,seen 40 sec 19 sec “The Hungry Stork” as aDiscrete Event System Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 2 sec Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System stork sees frog frog sees stork stork eats frog hungry hungry,hunting hungry,hunting,seen not hungry 40 sec 19 sec 2 sec For this execution path, at least, the property holds… (total time < 180 sec) Carnegie Mellon
Verifying Probabilistic Properties • Properties of the form: Pr≥(X) • Symbolic Methods + Exact solutions - Works for a restricted class of systems • Sampling + Works for all systems that can be simulated - Solutions not guaranteed Carnegie Mellon
Our Approach: Acceptance Sampling • Use simulation to generate sample execution paths • Samples based on stochastic discrete event models • How many samples are “enough”? • Probability of false negatives ≤ • Probability of false positives ≤ Carnegie Mellon
Performance of Test 1 – Probability of acceptingPr≥(X) as true Actual probability of X holding Carnegie Mellon
False negatives False positives Ideal Performance 1 – Probability of acceptingPr≥(X) as true Actual probability of X holding Carnegie Mellon
False negatives Indifference region – + False positives Actual Performance 1 – Probability of acceptingPr≥(X) as true Actual probability of X holding Carnegie Mellon
True, false,or anothersample? SequentialAcceptance Sampling • Hypothesis: Pr≥(X) Carnegie Mellon
Number ofpositive samples Number of samples Graphical Representation of Sequential Test Carnegie Mellon
Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test • We can find an acceptance line and a rejection line given , , , and Carnegie Mellon
Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test Carnegie Mellon
Accept Number ofpositive samples Continue sampling Reject Number of samples Graphical Representation of Sequential Test Carnegie Mellon
Verifying Properties • Verify Pr≥() with error bounds and • Generate sample execution paths using simulation • Verify over each sample execution path • If is true, then we have a positive sample • If is false, then we have a negative sample • Use sequential acceptance sampling to test the hypothesis Pr≥() • How to express probabilistic, real-time temporal properties as acceptance tests? Carnegie Mellon
Continuous Stochastic Logic (CSL) • State formulas • Standard logic operators: ¬, 1 2 … • Probabilistic operator: Pr≥() • Path formulas • Time-bounded Until: 1 U≤t2 • Pr≥0.7(true U≤180 ¬hungry) • Pr≥0.9(Pr≤0.1(queue-full) U≤60 served) Carnegie Mellon
Verification of Conjunction • Verify 12 … n with error bounds and • What error bounds to choose for the i’s? • Naïve: i = /n, i = /n • Accept if all conjuncts are true • Reject if some conjunct is false Carnegie Mellon
“Fast reject” Verification of Conjunction • Verify 12 … n with error bounds and • Verify each i with error bounds and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds and /n • Return true iff all i are verified to be true Carnegie Mellon
“Rigorous accept” Verification of Conjunction • Verify 12 … n with error bounds and • Verify each i with error bounds and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds and /n • Return true iff all i are verified to be true Carnegie Mellon
Verification of Path Formulas • To verify 1 U≤t2 with error bounds and • Convert to disjunction • 1 U≤t2 holds if 2 holds in the first state, or if 2 holds in the second state and 1holds in all prior states, or … Carnegie Mellon
More on Verifying Until • Given 1 U≤t2, let n be the index of the first state more than t time units away from the current state • Disjunction of n conjunctions c1 through cn, each of size i • Simplifies if 1 or 2, or both, do not contain any probabilistic statements Carnegie Mellon
True, false,or anothersample? Verification of Nested Probabilistic Statements • Suppose , in Pr≥(), contains probabilistic statements Carnegie Mellon
Verification of Nested Probabilistic Statements • Suppose , in Pr≥(), contains probabilistic statements • Pr≥0.9(Pr≤0.1(queue-full) U≤60 served) • How to specify the error bounds ’ and ’ when verifying ? Carnegie Mellon
Accept With ’ and ’ = 0 Number ofpositive samples Continue sampling Reject Number of samples Modified Test • find an acceptance line and a rejection line given , , , , ’, and ’: Carnegie Mellon
With ’ and ’ > 0 Number ofpositive samples Number of samples Modified Test • find an acceptance line and a rejection line given , , , , ’, and ’: Accept Continue sampling Reject Carnegie Mellon
Performance =0.5 =0.7 =0.9 log Ep[n] p Carnegie Mellon
Performance =0.005 =0.01 log Ep[n] =0.02 p Carnegie Mellon
Performance ==0.001 ==0.01 log Ep[n] ==0.1 p Carnegie Mellon
Summary • Algorithm for probabilistic verification of discrete event systems • Sample execution paths generated using simulation • Probabilistic properties verified using sequential acceptance sampling • Properties specified using CSL Carnegie Mellon
Future Work • Apply to hybrid dynamic systems • Develop heuristics for formula ordering and parameter selection • Use verification to aid policy generation for real-time stochastic domains Carnegie Mellon