Monte Carlo Model Checking Scott Smolka SUNY at Stony Brook Joint work with Radu Grosu Main source of support: ARO – David Hislop.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Advertisements

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Monte Carlo Model Checking Radu Grosu SUNY at Stony Brook Joint work with Scott A. Smolka.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Timed Automata.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
1 The Monte Carlo method. 2 (0,0) (1,1) (-1,-1) (-1,1) (1,-1) 1 Z= 1 If  X 2 +Y 2  1 0 o/w (X,Y) is a point chosen uniformly at random in a 2  2 square.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
On the Use of Automata Techniques to Decide Satisfiability Mia Minnes May 3, 2005.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Review of the automata-theoretic approach to model-checking.
k r Factorial Designs with Replications r replications of 2 k Experiments –2 k r observations. –Allows estimation of experimental errors Model:
1 Completeness and Complexity of Bounded Model Checking.
Experimental Evaluation
Monte Carlo Analysis of Security Protocols: Needham-Schroeder Revisited Radu Grosu SUNY at Stony Brook Joint work with Xiaowan Huang, Scott Smolka, & Ping.
The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.
LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
Jun. Sun Singapore University of Technology and Design Songzheng Song and Yang Liu National University of Singapore.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
Deep Random Search for Efficient Model Checking of Timed Automata Stony Brook University Radu Grosu Joint work with: X. Huang, S.A. Smolka, W. Tan and.
Robust Network Supercomputing with Malicious Processes (Reliably Executing Tasks Upon Estimating the Number of Malicious Processes) Kishori M. Konwar*
1 Completeness and Complexity of Bounded Model Checking.
1 MCMC Style Sampling / Counting for SAT Can we extend SAT/CSP techniques to solve harder counting/sampling problems? Such an extension would lead us to.
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Languages of nested trees Swarat Chaudhuri University of Pennsylvania (with Rajeev Alur and P. Madhusudan)
Maximum Likelihood Estimator of Proportion Let {s 1,s 2,…,s n } be a set of independent outcomes from a Bernoulli experiment with unknown probability.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Computation Model and Complexity Class. 2 An algorithmic process that uses the result of a random draw to make an approximated decision has the ability.
Static and Runtime Verification A Monte Carlo Approach State University of New York at Stony Brook Radu Grosu.
Monte Carlo Model Checking Radu Grosu SUNY at Stony Brook Joint work with Scott A. Smolka.
Quantitative Model Checking Radu Grosu SUNY at Stony Brook Joint work with Scott A. Smolka.
Recognizing safety and liveness Presented by Qian Huang.
Verification & Validation By: Amir Masoud Gharehbaghi
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Expectation-Maximization (EM) Algorithm & Monte Carlo Sampling for Inference and Approximation.
The Unscented Particle Filter 2000/09/29 이 시은. Introduction Filtering –estimate the states(parameters or hidden variable) as a set of observations becomes.
Linear Model Measurements with Application to Bird Flocking Scott A. Smolka Linear Model Measurements with Application to Bird Flocking Scott A. Smolka.
CS Statistical Machine learning Lecture 25 Yuan (Alan) Qi Purdue CS Nov
Monte Carlo Linear Algebra Techniques and Their Parallelization Ashok Srinivasan Computer Science Florida State University
Chapter 8 Estimation ©. Estimator and Estimate estimator estimate An estimator of a population parameter is a random variable that depends on the sample.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
Random Sampling Algorithms with Applications Kyomin Jung KAIST Aug ERC Workshop.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Monte Carlo Linear Algebra Techniques and Their Parallelization Ashok Srinivasan Computer Science Florida State University
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Systematic errors of MC simulations Equilibrium error averages taken before the system has reached equilibrium  Monitor the variables you are interested.
15-820A 1 LTL Model Checking A Flavio Lerda.
Formal methods: Lecture
FORA: Simple and Effective Approximate Single­-Source Personalized PageRank Sibo Wang, Renchi Yang, Xiaokui Xiao, Zhewei Wei, Yin Yang School of Information.
Automatic Verification
Statistical Model-Checking of “Black-Box” Probabilistic Systems VESTA
On Statistical Model Checking of Stochastic Systems
Translating Linear Temporal Logic into Büchi Automata
Presentation transcript:

Monte Carlo Model Checking Scott Smolka SUNY at Stony Brook Joint work with Radu Grosu Main source of support: ARO – David Hislop

Model Checking ? Is system S a model of formula φ?

Automata-Theoretic Approach [Vardi & Wolper LICS’86] Büchi automaton is an automaton over infinite words. Acceptance condition: a final state must be visited infinitely often. Every LTL formula  can be translated to a Büchi automaton whose language is set of infinite words satisfying . State transition graph of S can also be viewed as a Büchi automaton.

LTL Model Checking Take product B S  B  of: –Büchi automaton for S ’s state transition graph, –Büchi automaton for LTL formula  . Check for emptiness: –L ( B S  B  )   iff L ( B S )  L ( B  )

Emptiness Checking Checking non-emptiness is equivalent to finding an accepting cycle reachable from initial state. Double Depth-First Search (DDFS) algorithm can be used to search for such cycles, and this can be done on-the-fly! s1s1 s2s2 s3s3 sksk s k-2 s k-1 s k+1 s k+2 s k+3 snsn DFS 2 DFS 1

Monte Carlo Approximation Problem: Compute the mean value μ Z of a random variable Z distributed in [0,1] when an exact computation of μ Z proves intractable. with error margin  and confidence ratio . Solution: Compute an ( ,  )-approximation of  Z : Has been used to: approximate permanent of 0-1 valued matrices, volume of convex bodies, and, now, probability that S ⊨  !

Original Solution [Karp, Luby & Madras: Journal of Algorithms 1989] Compute as the mean value of N independent random variables (samples) identically distributed according to Z : Compute N using the Zero-One estimator theorem: Problems: is unknown and can be large.

Optimal Approx Algorithm (OOA) [Dagum, Karp, Luby & Ross: SIAM J Comput 2000] Compute N using generalized Zero-One estimator: Apply sequential analysis (prediction/correction): 1. Assume  2 is small and compute with SRA( ) 2. Compute  using and 3. Use to correct N and. Expected number of samples is optimal to within a constant factor!

Monte Carlo Model Checking Input: Büchi automaton B=(Σ,Q,Q 0,δ,F) Sample Space: lasso-like reachable cycles: –Let U be the set of all lassos, –Let G be the set of all accepting lassos. Probability: p = |G|/|U| of an accepting lasso. Random variable Z having: –outcome 0 with probability p –outcome 1 with probability 1-p

Monte Carlo Model Checking Use OAA to produce an ( ε,δ )-approximation of μ Z If B = B S  B  then μ Z is expectation that S ⊨  ! Obtain sample by random walk through B, storing indices of states encountered in hash table. Accepting lasso is a counter-example => One-sided error! We call resulting algorithm MC 2.

Monte Carlo Model Checking Theorem: Given a Büchi automaton B, error margin ε, and confidence ratio δ, MC 2 computes an ( ε,δ )- approximation of probability that L(B) = Ø. Theorem: For the model-checking problem S ╞ φ, MC 2 runs in expected time O(N∙(| S | + |φ|)) and uses expected space O(| S | + |φ|). Cf. DDFS which runs in O(2 | S |+|φ| ) time and space.

Implementation Implemented DDFS and MC 2 in jMocha model checker for synchronous systems specified using Reactive Modules. Performance and scalability of MC 2 compares very favorably to DDFS. Observed in Dining Philosophers that probability of deadlock freedom increases linearly with number of philosophers.

Deadlock freedom: G~(pc1 = wait &…& pcn = wait) Experimental Results

Conclusions MC 2 is first randomized, Monte Carlo algorithm for the classical problem of temporal-logic model checking. Future Work: Use BDDs to improve run time. Also, take samples in parallel! Open Problem: Branching-Time Temporal Logic (e.g. CTL, modal mu-calculus).

Stopping Rule Algorithm (SRA) [Dagum, Karp, Luby & Ross: SIAM J Comput 2000] Innovation: computes correct N without using Theorem: E[ N ] ≤ 4 ln(2/  ) / μ Z  2 ;  = 4 ln(2/  ) /  2 ; for (N=0, S=0; S≤  ; N++) S=S+Z N ; = S/N; return ; Problem: is in most interesting cases too large.

Related Work Heimdahl et al.’s Lurch debugger. Mihail & Papidimitriou (and others) use random walks to sample system state space. Herault et al. use bounded model checking to compute an (ε,δ)-approximation for “positive LTL”. Probabilistic Model Checking of Markov Chains: ETMCC, PRISM, PIOAtool, and other.

Starvation freedom: G F (pc1 = eat) Experimental Results

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.