1 / 30

Statistical Probabilistic Model Checking

Statistical Probabilistic Model Checking. Håkan L. S. Younes Carnegie Mellon University. Introduction. Model checking for stochastic processes Stochastic discrete event systems Probabilistic time-bounded properties Model independent approach Discrete event simulation

washi
Download Presentation

Statistical Probabilistic Model Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. StatisticalProbabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University

  2. Introduction • Model checking for stochastic processes • Stochastic discrete event systems • Probabilistic time-bounded properties • Model independent approach • Discrete event simulation • Statistical hypothesis testing

  3. Example:Tandem Queuing Network arrive route depart q1 q2 q1 = 0q2 = 0 q1 = 0q2 = 0 q1 = 1q2 = 0 q1 = 1q2 = 0 q1 = 2q2 = 0 q1 = 2q2 = 0 q1 = 1q2 = 1 q1 = 1q2 = 1 q1 = 1q2 = 0 q1 = 1q2 = 0 t = 0 t = 1.2 t = 3.7 t = 3.9 t = 5.5 With both queues empty, is the probability less than 0.5that both queues become full within 5 seconds?

  4. Probabilistic Model Checking • Given a model M, a state s, and a property , does  hold in s for M? • Model: stochastic discrete event system • Property: probabilistic temporal logic formula

  5. Continuous Stochastic Logic (CSL) • State formulas • Truth value is determined in a single state • Path formulas • Truth value is determined over a path Discrete-time analogue: PCTL

  6. State Formulas • Standard logic operators: , 1  2, … • Probabilistic operator: P≥ () • Holds in state s iff probability is at least  that  holds over paths starting in s • P< ()  P≥1– ()

  7. Path Formulas • Until: 1U≤T 2 • Holds over path iff 2 becomes true in some state along  before time T, and 1 is true in all prior states

  8. CSL Example • With both queues empty, is the probability less than 0.5 that both queues become full within 5 seconds? • State: q1 = 0  q2 = 0 • Property: P<0.5(true U≤5 q1 = 2  q2 = 2)

  9. Model Checking Probabilistic Time-Bounded Properties • Numerical Methods • Provide highly accurate results • Expensive for systems with many states • Statistical Methods • Low memory requirements • Adapt to difficulty of problem (sequential) • Expensive if high accuracy is required

  10. Statistical Solution Method [Younes & Simmons 2002] • Use discrete event simulation to generate sample paths • Use acceptance sampling to verify probabilistic properties • Hypothesis: P≥ () • Observation: verify  over a sample path Not estimation!

  11. Error Bounds • Probability of false negative: ≤  • We say that  is false when it is true • Probability of false positive: ≤  • We say that  is true when it is false

  12. Performance of Test 1 –  Probability of acceptingP≥() as true   Actual probability of  holding

  13. False negatives False positives Ideal Performance of Test 1 –  Unrealistic! Probability of acceptingP≥() as true   Actual probability of  holding

  14. False negatives Indifference region p1 p0 False positives Realistic Performance of Test 2 1 –  Probability of acceptingP≥() as true   Actual probability of  holding

  15. SequentialAcceptance Sampling [Wald 1945] True, false, or another observation?

  16. Number of positiveobservations Number of observations Graphical Representation of Sequential Test

  17. Number of positiveobservations Number of observations Graphical Representation of Sequential Test • We can find an acceptance line and a rejection line given , , , and  acceptance line Continue untilline is crossed accept continue Verify  oversample paths rejection line Start here reject

  18. Special Case • p0 = 1 and p1 = 1 – 2 • Reject at first negative observation • Accept at stage m if p1m ≤  • Sample size at most dlog  / log p1e • “Five nines”: p1 = 1 – 10–5

  19.  a 1 2 … … 1 − a Case Study:Tandem Queuing Network • M/Cox2/1 queue sequentially composed with M/M/1 queue • Each queue has capacity n • State space of size O(n2)

  20. Tandem Queuing Network (results) [Younes et al. 2004] P≥0.5(true U≤T full) 106 105 104  = 10−6 = = 10−2 = 0.5·10−2 103 Verification time (seconds) 102 101 100 10−1 10−2 101 102 103 104 105 106 107 108 109 1010 1011 Size of state space

  21. Tandem Queuing Network (results) [Younes et al. 2004] P≥0.5(true U≤T full) 106 105 104  = 10−6 = = 10−2 = 0.5·10−2 103 Verification time (seconds) 102 101 100 10−1 10−2 101 102 103 104 T

  22. Server Case Study:Symmetric Polling System • Single server, n polling stations • Stations are attended in cyclic order • Each station can hold one message • State space of size O(n·2n)     Polling stations

  23. Symmetric Polling System (results) [Younes et al. 2004] serv1  P≥0.5(true U≤T poll1) 106 105 104  = 10−6 = = 10−2 = 0.5·10−2 103 Verification time (seconds) 102 101 100 10−1 10−2 102 104 106 108 1010 1012 1014 Size of state space

  24. Symmetric Polling System (results) [Younes et al. 2004] serv1  P≥0.5(true U≤T poll1) 106 105 104  = 10−6 = = 10−2 = 0.5·10−2 103 Verification time (seconds) 102 101 100 10−1 10−2 101 102 103 T

  25. Symmetric Polling System (results) [Younes et al. 2004] serv1  P≥0.5(true U≤T poll1) 102 n = 10 T = 40 101 Verification time (seconds) ==10−10 100 ==10−8 ==10−6 ==10−4 10−1 ==10−2 (=10−6) 10−4 10−3 10−2 

  26. Tandem Queuing Network: Distributed Sampling • Use multiple machines to generate samples • m1: Pentium IV 3GHz • m2: Pentium III 733MHz • m3: Pentium III 500MHz

  27. Summary • Acceptance sampling can be used to verify probabilistic properties of systems • Sequential acceptance sampling adapts to the difficulty of the problem • Statistical methods are easy to parallelize

  28. Other Research • Failure trace analysis • “failure scenario” [Younes & Simmons 2004a] • Planning/Controller synthesis • CSL goals [Younes & Simmons 2004a] • Rewards (GSMDPs) [Younes & Simmons 2004b]

  29. Tools • Ymer • Statistical probabilistic model checking • Tempastic-DTP • Decision theoretic planning with asynchronous events

  30. References Wald, A. 1945. Sequential tests of statistical hypotheses. Ann. Math. Statist. 16: 117-186. Younes, H. L. S., M. Kwiatkowska, G. Norman, and D. Parker. 2004. Numerical vs. statistical probabilistic model checking: An empirical study. In Proc. TACAS-2004. Younes, H. L. S., R. G. Simmons. 2002. Probabilistic verification of discrete event systems using acceptance sampling. In Proc. CAV-2002. Younes, H. L. S., R. G. Simmons. 2004a. Policy generation for continuous-time stochastic domains with concurrency. In Proc. ICAPS-2004. Younes, H. L. S., R. G. Simmons. 2004b. Solving generalized semi-Markov decision processes using continuous phase-type distributions. In Proc. AAAI-2004.

More Related