Presentation is loading. Please wait.

Presentation is loading. Please wait.

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)

Published byMartina Franklin Modified over 9 years ago

Similar presentations

Presentation on theme: "Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)"— Presentation transcript:

1 Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)

2 May 30, 2002Carnegie Mellon Introduction Goal: Verify temporal properties of general discrete event systems Probabilistic, real-time properties Expressed using CSL Approach: Acceptance sampling Guaranteed error bounds Any-time properties

3 May 30, 2002Carnegie Mellon “The Hungry Stork” System “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

4 May 30, 2002Carnegie Mellon “The Hungry Stork” as a Discrete Event System hungry

5 May 30, 2002Carnegie Mellon “The Hungry Stork” as a Discrete Event System hungry hungry, hunting 40 secstork sees frog

6 May 30, 2002Carnegie Mellon “The Hungry Stork” as a Discrete Event System hungry 40 secstork sees frog hungry, hunting, seen hungry, hunting 19 secfrog sees stork

7 May 30, 2002Carnegie Mellon “The Hungry Stork” as a Discrete Event System hungry, hunting, seen not hungry hungry, hunting hungry 40 sec19 sec2 sec stork sees frogfrog sees storkstork eats frog

8 May 30, 2002Carnegie Mellon “The Hungry Stork” as a Discrete Event System hungry, hunting, seen not hungry hungry, hunting hungry 40 sec19 sec2 sec stork sees frogfrog sees storkstork eats frog For this execution path, at least, the property holds… (total time < 180 sec)

9 May 30, 2002Carnegie Mellon Verifying Probabilistic Properties Properties of the form: Pr ≥  (X) Symbolic Methods + Exact solutions - Works for a restricted class of systems Sampling + Works for all systems that can be simulated - Solutions not guaranteed

10 May 30, 2002Carnegie Mellon Our Approach: Acceptance Sampling Use simulation to generate sample execution paths Samples based on stochastic discrete event models How many samples are “enough”? Probability of false negatives ≤  Probability of false positives ≤ 

11 May 30, 2002Carnegie Mellon Performance of Test Actual probability of X holding Probability of accepting Pr ≥  (X) as true  1 –  

12 May 30, 2002Carnegie Mellon Ideal Performance Actual probability of X holding Probability of accepting Pr ≥  (X) as true  1 –   False negatives False positives

13 May 30, 2002Carnegie Mellon Actual Performance  –  +  Indifference region Actual probability of X holding Probability of accepting Pr ≥  (X) as true  1 –   False negatives False positives

14 May 30, 2002Carnegie Mellon Sequential Acceptance Sampling True, false, or another sample? Hypothesis: Pr ≥  (X)

15 May 30, 2002Carnegie Mellon Graphical Representation of Sequential Test Number of samples Number of positive samples

16 May 30, 2002Carnegie Mellon Graphical Representation of Sequential Test We can find an acceptance line and a rejection line given , , , and  Reject Accept Continue sampling Number of samples Number of positive samples

17 May 30, 2002Carnegie Mellon Graphical Representation of Sequential Test Reject Accept Continue sampling Number of samples Number of positive samples

18 May 30, 2002Carnegie Mellon Graphical Representation of Sequential Test Reject Accept Continue sampling Number of samples Number of positive samples

19 May 30, 2002Carnegie Mellon Verifying Properties Verify Pr ≥  (  ) with error bounds  and  Generate sample execution paths using simulation Verify  over each sample execution path If  is true, then we have a positive sample If  is false, then we have a negative sample Use sequential acceptance sampling to test the hypothesis Pr ≥  (  ) How to express probabilistic, real-time temporal properties as acceptance tests?

20 May 30, 2002Carnegie Mellon Continuous Stochastic Logic (CSL) State formulas Standard logic operators: ¬ ,  1   2 … Probabilistic operator: Pr ≥  (  ) Path formulas Time-bounded Until:  1 U ≤t  2 Pr ≥0.7 (true U ≤180 ¬hungry) Pr ≥0.9 (Pr ≤0.1 (queue-full) U ≤60 served)

21 May 30, 2002Carnegie Mellon Verification of Conjunction Verify  1   2  …   n with error bounds  and  What error bounds to choose for the  i ’s? Naïve:  i =  /n,  i =  /n Accept if all conjuncts are true Reject if some conjunct is false

22 May 30, 2002Carnegie Mellon “Fast reject” Verification of Conjunction Verify  1   2  …   n with error bounds  and  1. Verify each  i with error bounds  and  ’ 2. Return false as soon as any  i is verified to be false 3. If all  i are verified to be true, verify each  i again with error bounds  and  /n 4. Return true iff all  i are verified to be true

23 May 30, 2002Carnegie Mellon Verification of Conjunction “Rigorous accept” Verify  1   2  …   n with error bounds  and  1. Verify each  i with error bounds  and  ’ 2. Return false as soon as any  i is verified to be false 3. If all  i are verified to be true, verify each  i again with error bounds  and  /n 4. Return true iff all  i are verified to be true

24 May 30, 2002Carnegie Mellon Verification of Path Formulas To verify  1 U ≤t  2 with error bounds  and  Convert to disjunction  1 U ≤t  2 holds if  2 holds in the first state, or if  2 holds in the second state and  1 holds in all prior states, or …

25 May 30, 2002Carnegie Mellon More on Verifying Until Given  1 U ≤t  2, let n be the index of the first state more than t time units away from the current state Disjunction of n conjunctions c 1 through c n, each of size i Simplifies if  1 or  2, or both, do not contain any probabilistic statements

26 May 30, 2002Carnegie Mellon Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements True, false, or another sample?

27 May 30, 2002Carnegie Mellon Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements Pr ≥0.9 (Pr ≤0.1 (queue-full) U ≤60 served) How to specify the error bounds  ’ and  ’ when verifying  ?

28 May 30, 2002Carnegie Mellon Modified Test find an acceptance line and a rejection line given , , , ,  ’, and  ’: Reject Accept Continue sampling With  ’ and  ’ = 0 Number of samples Number of positive samples

29 May 30, 2002Carnegie Mellon Modified Test find an acceptance line and a rejection line given , , , ,  ’, and  ’: With  ’ and  ’ > 0 Reject Accept Continue sampling Number of samples Number of positive samples

30 May 30, 2002Carnegie Mellon Performance  =0.9  =0.7  =0.5 p log E p [n]

31 May 30, 2002Carnegie Mellon Performance p log E p [n]  =0.005  =0.01  =0.02

32 May 30, 2002Carnegie Mellon Performance p log E p [n]  =  =0.001  =  =0.01  =  =0.1

33 May 30, 2002Carnegie Mellon Summary Algorithm for probabilistic verification of discrete event systems Sample execution paths generated using simulation Probabilistic properties verified using sequential acceptance sampling Properties specified using CSL

34 May 30, 2002Carnegie Mellon Future Work Apply to hybrid dynamic systems Develop heuristics for formula ordering and parameter selection Use verification to aid policy generation for real-time stochastic domains

Download ppt "Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)"

Similar presentations

Tests of Hypotheses Based on a Single Sample

Tests of Hypotheses Based on a Single Sample
Chapter 7 Hypothesis Testing

Chapter 7 Hypothesis Testing
Introduction to Hypothesis Testing

Introduction to Hypothesis Testing
MaC Monitoring and Checking at Runtime (Continue) Presented By Usa Sammapun CIS 700 Oct 12, 2005.

MaC Monitoring and Checking at Runtime (Continue) Presented By Usa Sammapun CIS 700 Oct 12, 2005.
SAT-Based Planning Using Propositional SAT- Solvers to Search for Plans.

SAT-Based Planning Using Propositional SAT- Solvers to Search for Plans.
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.

Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Lesson 5 - Decision Structure By: Dan Lunney

Lesson 5 - Decision Structure By: Dan Lunney
Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.

Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.
CS 355 – Programming Languages

CS 355 – Programming Languages
Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.

Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.
A Hybridized Planner for Stochastic Domains Mausam and Daniel S. Weld University of Washington, Seattle Piergiorgio Bertoli ITC-IRST, Trento.

A Hybridized Planner for Stochastic Domains Mausam and Daniel S. Weld University of Washington, Seattle Piergiorgio Bertoli ITC-IRST, Trento.
Symbolic Logic. Objectives Determine if a sentence or question is a statement or not. Write a sentence that represents the negation of a given statement.

Symbolic Logic. Objectives Determine if a sentence or question is a statement or not. Write a sentence that represents the negation of a given statement.
Planning under Uncertainty

Planning under Uncertainty
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.

Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.

1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.

Similar presentations

Ads by Google