Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.

Slides:



Advertisements
Similar presentations
Chapter 7 Hypothesis Testing
Advertisements

Introduction to Hypothesis Testing
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Friday, April 17, PTR: A Probabilistic Transaction Logic Julian Fogel A logic for reasoning about action under uncertainty. A mathematically sound.
7 Chapter Hypothesis Testing with One Sample
Hypothesis Testing A hypothesis is a claim or statement about a property of a population (in our case, about the mean or a proportion of the population)
Lesson 5 - Decision Structure By: Dan Lunney
Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.
Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)
1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.
G. Cowan Lectures on Statistical Data Analysis 1 Statistical Data Analysis: Lecture 8 1Probability, Bayes’ theorem, random variables, pdfs 2Functions of.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
A Framework for Planning in Continuous-time Stochastic Domains Håkan L. S. Younes Carnegie Mellon University David J. MuslinerReid G. Simmons Honeywell.
Policy Generation for Continuous-time Stochastic Domains with Concurrency Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
Predicates and Quantifiers
Software Systems Verification and Validation Laboratory Assignment 3
Overview of Statistical Hypothesis Testing: The z-Test
Hypothesis Tests In statistics a hypothesis is a statement that something is true. Selecting the population parameter being tested (mean, proportion, variance,
Sections 8-1 and 8-2 Review and Preview and Basics of Hypothesis Testing.
Testing Hypotheses Tuesday, October 28. Objectives: Understand the logic of hypothesis testing and following related concepts Sidedness of a test (left-,
Planning with Concurrency in Continuous-time Stochastic Domains (thesis proposal) Håkan L. S. Younes Thesis Committee: Reid G. Simmons (chair) Geoffrey.
Planning and Verification for Stochastic Processes with Asynchronous Events Håkan L. S. Younes Carnegie Mellon University.
Overview Basics of Hypothesis Testing
1 Power and Sample Size in Testing One Mean. 2 Type I & Type II Error Type I Error: reject the null hypothesis when it is true. The probability of a Type.
Chapter 7 Hypothesis testing. §7.1 The basic concepts of hypothesis testing  1 An example Example 7.1 We selected 20 newborns randomly from a region.
Copyright 2013, 2010, 2007, Pearson, Education, Inc. Section 3.7 Switching Circuits.
Hypothesis Tests In statistics a hypothesis is a statement that something is true. Selecting the population parameter being tested (mean, proportion, variance,
Logic Disjunction A disjunction is a compound statement formed by combining two simple sentences using the word “OR”. A disjunction is true when at.
Statistical Hypotheses & Hypothesis Testing. Statistical Hypotheses There are two types of statistical hypotheses. Null Hypothesis The null hypothesis,
1 Chapter 8 Hypothesis Testing 8.2 Basics of Hypothesis Testing 8.3 Testing about a Proportion p 8.4 Testing about a Mean µ (σ known) 8.5 Testing about.
5.1 Chapter 5 Inference in the Simple Regression Model In this chapter we study how to construct confidence intervals and how to conduct hypothesis tests.
Slide Slide 1 Copyright © 2007 Pearson Education, Inc Publishing as Pearson Addison-Wesley. Overview.
Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall 9-1 σ σ.
Extending PDDL to Model Stochastic Decision Processes Håkan L. S. Younes Carnegie Mellon University.
Thinking Mathematically
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. Younes Carnegie Mellon University.
Chapter 2 Logic 2.1 Statements 2.2 The Negation of a Statement 2.3 The Disjunction and Conjunction of Statements 2.4 The Implication 2.5 More on Implications.
Statistical Techniques
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.
1 Section 8.2 Basics of Hypothesis Testing Objective For a population parameter (p, µ, σ) we wish to test whether a predicted value is close to the actual.
Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.
G. Cowan Lectures on Statistical Data Analysis Lecture 9 page 1 Statistical Data Analysis: Lecture 9 1Probability, Bayes’ theorem 2Random variables and.
Hypothesis Testing Steps for the Rejection Region Method State H 1 and State H 0 State the Test Statistic and its sampling distribution (normal or t) Determine.
Håkan L. S. YounesDavid J. Musliner Carnegie Mellon UniversityHoneywell Laboratories Probabilistic Plan Verification through Acceptance Sampling.
Slide Slide 1 Hypothesis Testing 8-1 Overview 8-2 Basics of Hypothesis Testing Chapter 8.
 Conjunctive Normal Form: A logic form must satisfy one of the following conditions 1) It must be a single variable (A) 2) It must be the negation of.
Chapter 7. Propositional and Predicate Logic
Statistical probabilistic model checking
AND.
Review and Preview and Basics of Hypothesis Testing
CHAPTER 3 Logic.
Truth Tables for Negation, Conjunction, and Disjunction
COMP 1380 Discrete Structures I Thompson Rivers University
(CSC 102) Discrete Structures Lecture 2.
When we free ourselves of desire,
Chapter 9: Hypothesis Testing
Partly Verifiable Signals (c.n.)
Statistical Model-Checking of “Black-Box” Probabilistic Systems VESTA
On Statistical Model Checking of Stochastic Systems
Discrete Mathematics Lecture 2: Propositional Logic
Chapter 7. Propositional and Predicate Logic
More About Tests Notes from
Section 3.7 Switching Circuits
COMP 1380 Discrete Structures I Thompson Rivers University
Statistical Probabilistic Model Checking
Introduction to verification
CHAPTER 3 Logic.
Presentation transcript:

Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University

Introduction Verify properties of discrete event systems Model independent approach Probabilistic real-time properties expressed using CSL Acceptance sampling Guaranteed error bounds

DES Example Triple modular redundant system Three processors Single majority voter CPU 1CPU 2CPU 3 Voter

DES Example CPU 1CPU 2CPU 3 Voter 3 CPUs up voter up

DES Example CPU 1CPU 2CPU 3 Voter 3 CPUs up voter up 2 CPUs up voter up CPU fails 40

DES Example CPU 1CPU 2CPU 3 Voter 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up CPU failsrepair CPU

DES Example CPU 1CPU 2CPU 3 Voter 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up 1 CPU up repairing CPU voter up CPU failsrepair CPUCPU fails

DES Example CPU 1CPU 2CPU 3 Voter 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up 1 CPU up repairing CPU voter up 2 CPUs up voter up CPU failsrepair CPUCPU failsCPU repaired …

Sample Execution Paths 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up 1 CPU up repairing CPU voter up 2 CPUs up voter up CPU failsrepair CPUCPU failsCPU repaired … 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up 3 CPUs up voter up 3 CPUs up voter down CPU failsrepair CPUCPU repairedvoter fails …

Properties of Interest Probabilistic real-time properties “The probability is at least 0.1 that the voter fails within 120 time units while at least 2 CPUs have continuously remained up”

Properties of Interest Probabilistic real-time properties “The probability is at least 0.1 that the voter fails within 120 time units while at least 2 CPUs have continuously remained up” Pr ≥0.1 (“2 CPUs up”  “3 CPUs up” U ≤120 “voter down”) CSL formula:

Continuous Stochastic Logic (CSL) State formulas Truth value is determined in a single state Path formulas Truth value is determined over an execution path

State Formulas Standard logic operators: ¬ ,  1   2 … Probabilistic operator: Pr ≥  (  ) True iff probability is at least  that  holds

Path Formulas Until:  1 U ≤t  2 Holds iff  2 becomes true in some state along the execution path before time t, and  1 is true in all prior states

Verifying Real-time Properties “2 CPUs up”  “3 CPUs up” U ≤120 “voter down” 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up 1 CPU up repairing CPU voter up 2 CPUs up voter up CPU failsrepair CPUCPU failsCPU repaired … False!

Verifying Real-time Properties “2 CPUs up”  “3 CPUs up” U ≤120 “voter down” 3 CPUs up voter up 2 CPUs up voter up 2 CPUs up repairing CPU voter up 3 CPUs up voter up 3 CPUs up voter down CPU failsrepair CPUCPU repairedvoter fails … True! ++≤ 120+

Verifying Probabilistic Properties “The probability is at least 0.1 that  ” Symbolic Methods Pro: Exact solution Con: Works only for restricted class of systems Sampling Pro: Works for any system that can be simulated Con: Uncertainty in correctness of solution

Our Approach Use simulation to generate sample execution paths Use sequential acceptance sampling to verify probabilistic properties

Error Bounds Probability of false negative: ≤  We say that  is false when it is true Probability of false positive: ≤  We say that  is true when it is false

Acceptance Sampling Hypothesis: Pr ≥  (  )

Performance of Test Actual probability of  holding Probability of accepting Pr ≥  (  ) as true  1 –  

Ideal Performance Actual probability of  holding Probability of accepting Pr ≥  (  ) as true  1 –   False negatives False positives

Actual Performance  –  +  Indifference region Actual probability of  holding Probability of accepting Pr ≥  (  ) as true  1 –   False negatives False positives

Sequential Acceptance Sampling Hypothesis: Pr ≥  (  ) True, false, or another sample?

Graphical Representation of Sequential Test Number of samples Number of positive samples

Graphical Representation of Sequential Test We can find an acceptance line and a rejection line given , , , and  Reject Accept Continue sampling Number of samples Number of positive samples A , , ,  (n) R , , ,  (n)

Graphical Representation of Sequential Test Reject hypothesis Reject Accept Continue sampling Number of samples Number of positive samples

Graphical Representation of Sequential Test Accept hypothesis Reject Accept Continue sampling Number of samples Number of positive samples

Verifying Probabilistic Properties Verify Pr ≥  (  ) with error bounds  and  Generate sample execution paths using simulation Verify  over each sample execution path If  is true, then we have a positive sample If  is false, then we have a negative sample Use sequential acceptance sampling to test the hypothesis Pr ≥  (  )

Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements Error bounds  ’ and  ’ when verifying 

Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements True, false, or another sample?

Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: Reject Accept Continue sampling With  ’ and  ’ = 0 Number of samples Number of positive samples A , , ,  (n) R , , ,  (n)

Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: With  ’ and  ’ > 0 Reject Accept Continue sampling Number of samples Number of positive samples

Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: Reject Accept Continue sampling Number of samples Number of positive samples A  ’,  ’, ,  (n) R  ’,  ’, ,  (n)  ’ –  ’ = 1 – (1 – (  –  ))(1 –  ’)  ’ +  ’ = (  +  )(1 –  ’)

Verification of Negation To verify ¬  with error bounds  and  Verify  with error bounds  and 

Verification of Conjunction Verify  1   2  …   n with error bounds  and  Verify each  i with error bounds  and  /n

Verification of Path Formulas To verify  1 U ≤t  2 with error bounds  and  Convert to disjunction  1 U ≤t  2 holds if  2 holds in the first state, or if  2 holds in the second state and  1 holds in all prior states, or …

More on Verifying Until Given  1 U ≤t  2, let n be the index of the first state more than t time units away from the current state Disjunction of n conjunctions c 1 through c n, each of size i Simplifies if  1 or  2, or both, do not contain any probabilistic statements

Performance  = 0.9  =  = Actual probability of  holding Average number of samples  =  =  = 0.01

Performance  =0.05 Actual probability of  holding Average number of samples  = 0.9  =  =  =0.02  =0.01  =0.005  =0.002  =0.001

Summary Model independent probabilistic verification of discrete event systems Sample execution paths generated using simulation Probabilistic properties verified using sequential acceptance sampling Easy to trade accuracy for efficiency

Future Work Develop heuristics for formula ordering and parameter selection Use in combination with symbolic methods Apply to hybrid dynamic systems Use verification to aid controller synthesis for discrete event systems

ProVer: Probabilistic Verifier

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.