Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.

Slides:



Advertisements
Similar presentations
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Advertisements

Many useful applications, especially in queueing systems, inventory management, and reliability analysis. A connection between discrete time Markov chains.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Friday, April 17, PTR: A Probabilistic Transaction Logic Julian Fogel A logic for reasoning about action under uncertainty. A mathematically sound.
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
Hypothesis Testing A hypothesis is a claim or statement about a property of a population (in our case, about the mean or a proportion of the population)
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.
Markov Chains 1.
Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)
1 Copyright © 2005 Brooks/Cole, a division of Thomson Learning, Inc. Chapter 8 Sampling Variability & Sampling Distributions.
Planning under Uncertainty
Business 205. Review Sampling Continuous Random Variables Central Limit Theorem Z-test.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
MAE 552 – Heuristic Optimization Lecture 6 February 6, 2002.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Chapter 4: Stochastic Processes Poisson Processes and Markov Chains
ESE601: Hybrid Systems Introduction to verification Spring 2006.
VESTA: A Statistical Model- checker and Analyzer for Probabilistic Systems Authors: Koushik Sen Mahesh Viswanathan Gul Agha University of Illinois at Urbana-Champaign.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
A Framework for Planning in Continuous-time Stochastic Domains Håkan L. S. Younes Carnegie Mellon University David J. MuslinerReid G. Simmons Honeywell.
Policy Generation for Continuous-time Stochastic Domains with Concurrency Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
Fundamentals of Python: From First Programs Through Data Structures
Predicates and Quantifiers
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Fundamentals of Python: First Programs
Planning with Concurrency in Continuous-time Stochastic Domains (thesis proposal) Håkan L. S. Younes Thesis Committee: Reid G. Simmons (chair) Geoffrey.
1 Performance Evaluation of Computer Networks: Part II Objectives r Simulation Modeling r Classification of Simulation Modeling r Discrete-Event Simulation.
Planning and Verification for Stochastic Processes with Asynchronous Events Håkan L. S. Younes Carnegie Mellon University.
Generalized Semi-Markov Processes (GSMP)
ACPN2010, Rostock, September 22nd Advanced solution methods for Stochastic Petri Nets Prof.ssa Susanna Donatelli Universita’ di Torino, Italy
Maximum Likelihood Estimator of Proportion Let {s 1,s 2,…,s n } be a set of independent outcomes from a Bernoulli experiment with unknown probability.
1 Gil McVean Tuesday 24 th February 2009 Markov Chain Monte Carlo.
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
Simulated Annealing.
Chapter 8 Sampling Variability and Sampling Distributions.
Selecting Input Probability Distribution. Simulation Machine Simulation can be considered as an Engine with input and output as follows: Simulation Engine.
Generalized Semi- Markov Processes (GSMP). Summary Some Definitions The Poisson Process Properties of the Poisson Process  Interarrival times  Memoryless.
Slide Slide 1 Copyright © 2007 Pearson Education, Inc Publishing as Pearson Addison-Wesley. Overview.
Extending PDDL to Model Stochastic Decision Processes Håkan L. S. Younes Carnegie Mellon University.
Decision-Theoretic Planning with Asynchronous Events Håkan L. S. Younes Carnegie Mellon University.
Hypothesis Testing with One Sample Chapter 7. § 7.1 Introduction to Hypothesis Testing.
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. Younes Carnegie Mellon University.
Some Common Discrete Random Variables. Binomial Random Variables.
The generalization of Bayes for continuous densities is that we have some density f(y|  ) where y and  are vectors of data and parameters with  being.
Introduction to discrete event systems
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.
A Formalism for Stochastic Decision Processes with Asynchronous Events Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
Symbolic Logic The Following slide were written using materials from the Book: The Following slide were written using materials from the Book: Discrete.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
1 Section 8.2 Basics of Hypothesis Testing Objective For a population parameter (p, µ, σ) we wish to test whether a predicted value is close to the actual.
 Simulation enables the study of complex system.  Simulation is a good approach when analytic study of a system is not possible or very complex.  Informational,
Håkan L. S. YounesDavid J. Musliner Carnegie Mellon UniversityHoneywell Laboratories Probabilistic Plan Verification through Acceptance Sampling.
Discrete-Event System Simulation in Java. Discrete Event Systems New dynamic systems New dynamic systems Computer and communication networks Computer.
Statistical probabilistic model checking
STAT 312 Chapter 7 - Statistical Intervals Based on a Single Sample
V5 Stochastic Processes
Discrete Event Simulation - 4
CSEP590 – Model Checking and Automated Verification
Statistical Model-Checking of “Black-Box” Probabilistic Systems VESTA
On Statistical Model Checking of Stochastic Systems
Statistical Probabilistic Model Checking
Introduction to verification
Program correctness Linear Time Temporal Logic
Presentation transcript:

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes

The Problem Given a model of a discrete event system, check if certain properties hold The model is a stochastic process (GSMP) Properties are expressed using a logic formalism (CSL)

Probabilistic Verification Verification of probabilistic properties “The probability of reaching a failure state within 60 minutes is less than 0.1” Probabilistic verification of properties “The probability of property P holding is at least 0.95”

Discrete Event System (DES) Event-driven system Discrete state changes at the occurrence of events Examples: Manufacturing systems Queueing systems Communication protocols

Why Probabilistic Verification? The dynamics of a DES is too complex for symbolic methods Use simulation to generate sample paths Use acceptance sampling to verify probabilistic properties

Stochastic Processes A stochastic process consists of a set of transitions (or events) a set of states S1S1 S2S2 S3S3 S4S4

Markov Processes The Markov assumption There is enough information in the current state to determine the future behavior S1S1 S2S2 S3S3 S4S

Holding Times The holding time is the time spent in a state before an event occurs Holding times are positive random variables Can be discrete or continuous

Holding times are governed by exponential distributions S1S1 S2S2 S4S4 S3S State Time Continuous-time Markov Chain (CTMC)

Semi-Markov Process Holding times are governed by arbitrary (positive) distributions S2S2 S3S3 S1S1 S4S4

Generalized Semi-Markov Process (GSMP) Holding times can depend on the history State Time E2E2 E3E3 S2S2 S3S3 E1E1 E2E2 S1S1 E1E1 S4S E1E1 E2E2 E3E

Properties Qualitative “P will eventually hold on all future execution paths” Quantitative “P will hold before time t with probability at least  on future execution paths”

Problem Space GSMP CTMC Model QualitativeQuantitative [ACD91] [ASSB96],[BKH99] My Work Properties [EMSS89]* *Discrete time

Continuous Stochastic Logic (CSL) State formulas: a, ¬ ,  1   2, Pr  (  ) Truth value is determined in a single state Path formulas: X ,  1 U  t  2 Truth value is determined over an execution path

Execution Paths Current state + current clock settings = internal state The internal state contains enough information to determine the future behavior A sequence of internal states is an execution path S 0,C 0 S 1,C 1 S 2,C 2 t0t0 t2t2 t1t1

CSL Semantics (State Formulas) Atomic proposition: a Negation: ¬  Holds iff  does not hold in current state Conjunction:  1   2 Holds iff both  1 and  2 hold in current state

CSL Semantics (More State Formulas) Probabilistic statement: Pr  (  ) Holds iff  is true over at most a  proportion of execution paths starting in the current state

CSL Semantics (Path Formulas) Next state: X  Holds iff  holds in the next state along the current execution path Until:  1 U  t  2 Holds iff  2 becomes true in some state along the current execution path before time t, and  1 is true in all prior states

More on Until Consider the formula a U  17 b a,¬ba,¬ba,¬ba,¬ba,¬ba,¬bbb a,¬ba,¬b¬a,¬b¬a,¬ba,¬ba,¬bbb 234 a,¬ba,¬ba,¬ba,¬ba,¬ba,¬ba,¬ba,¬bb 234

Verifying Probabilistic Statements Verify Pr  (  ) Generate sample execution paths using discrete event simulation Verify  over each sample path If  is true, then we have a positive sample If  is false, then we have a negative sample Based on the proportion of positive samples, determine if Pr  (  ) holds

Sequential Hypothesis Testing True, false, or another sample? Hypothesis: Pr  (  )

Error Bounds Probability of false negative:  We say that Pr  (  ) is false when it is true Probability of false positive:  We say that Pr  (  ) is true when it is false

False negatives False positives Indifference Region  –  +  Indifference region False negatives False positives Actual probability of  holding Probability of accepting Pr  (  ) as true  1 –  

Accept Reject Continue sampling Accept Reject Continue sampling Graphical Representation of Statistical Test We can find an acceptance line and a rejection line given , , , and  Number of samples Number of positive samples

Verification of Nested Probabilistic Statements Suppose , in Pr  (  ), contains probabilistic statements True, false, or another sample?

Indirect Sampling Want samples from random variable X Can only get samples from Y such that Pr[Y=1|X=1]  1 –  ’ Pr[Y=0|X=1]   ’ Pr[Y=1|X=0]   ’ Pr[Y=0|X=0]  1 –  ’

Modified Test find an acceptance line and a rejection line given , , , ,  ’, and  ’: Accept Reject Continue sampling Number of samples Number of positive samples

Verification of Compound State Formulas To verify ¬  with error bounds  and  Verify  with error bounds  and  To verify  1   2  …   n with error bounds  and  Verify  1 though  n with error bounds  /n and  /n

Sequential Verification of Conjunction To verify  1   2  …   n with error bounds  and  1. Verify each  i with error bounds  and  ’ 2. Return false as soon as any  i is verified to be false 3. If all  i are verified to be true, verify each  i again with error bounds  and  /n 4. Return true iff all  i are verified to be true

Verification of Path Formulas To verify X  with error bounds  and  Verify  with error bounds  and  in the next state To verify  1 U  t  2 with error bounds  and  Convert to conjunction  1 U  t  2 holds if  2 holds in the first state, or if  2 holds in the second state and  1 holds in all prior state, …

More on Verifying Until Given  1 U  t  2, let n be the index of the first state more than t time units away from the current state Conjunction of n conjuncts c 1 through c n, each of size i Simplifies if  1 or  2, or both, do not contain any probabilistic statements

Example Verify Pr  0.05 (true U  200 dead) in S 1 S 1 : S 2 S 3 S 4 S 1 : Safe, at rest S 2 : Under attack, at rest S 3 : Under attack, jumping S 4 : Safe, jumping E 1 : Stork attacking E 2 : Frog killed E 3 : Start jumping E 4 : Stork retreats E 5 : Stop jumping E1E1 S1S1 E2E2 E4E4 S3S3 E2E2 E3E3 S2S2 E5E5 S4S E 1 : E 2 : E 3 : E 4 : E 5 : t:

Summary Algorithm for probabilistic verification of discrete event systems Sample execution paths generated using discrete event simulation Probabilistic properties verified using acceptance sampling Algorithm can be used in an anytime manner

Future Work Apply to hybrid dynamic systems Develop heuristics for formula ordering and parameter selection Use verification to aid policy generation for real-time stochastic domains

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.