Presentation is loading. Please wait.

Presentation is loading. Please wait.

Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. Younes Carnegie Mellon University.

Published byErick Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. Younes Carnegie Mellon University."— Presentation transcript:

1 Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. Younes Carnegie Mellon University

2 Introduction Verify properties of continuous-time discrete event systems Model independent approach Time-bounded probabilistic properties expressed using CSL Acceptance sampling Guaranteed error bounds

3 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 Dependable workstation cluster Components may fail at any point in time Failed components can be repaired

4 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 Property of interest: Probability at most 0.1 that QoS drops below minimum within 50 time units

5 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 all working

6 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 all workingL 2 failed L 2 fails 3.6

7 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 all workingL 2 failedrepairing L 2 L 2 failsrepair L 2 3.61.5

8 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 all workingL 2 failedrepairing L 2 switch failed L 2 failsrepair L 2 right switch fails 3.61.52.8

9 Motivating Example Switch Backbone Switch Left clusterRight cluster L1L1 L2L2 L3L3 R3R3 R2R2 R1R1 all workingL 2 failedrepairing L 2 switch failed repairing L 2 switch failed L 2 failsrepair L 2 right switch failsL 2 repaired 3.61.52.84.2

10 Sample Execution Paths all workingL 2 failedrepairing L 2 switch failed repairing L 2 switch failed L 2 failsrepair L 2 right switch failsL 2 repaired 3.61.52.84.2 all workingL 1 failedrepairing L 2 bb failedall working L 1 failsrepair L 2 L 1 repairedbackbone fails 2645.317

11 Properties of Interest Time-bounded probabilistic properties “The probability is at most 0.1 that QoS drops below minimum within 50 time units”

12 Properties of Interest Time-bounded probabilistic properties “The probability is at most 0.1 that QoS drops below minimum within 50 time units” ¬Pr ≥0.1 (true U ≤50 ¬Minimum QoS) CSL formula:

13 Continuous Stochastic Logic (CSL) State formulas Truth value is determined in a single state Path formulas Truth value is determined over an execution path

14 State Formulas Standard logic operators: ¬ ,  1   2 … Probabilistic operator: Pr ≥  (  ) True iff probability is at least  that  holds

15 Path Formulas Until:  1 U ≤t  2 Holds iff  2 becomes true in some state along the execution path before time t, and  1 is true in all prior states

16 Verifying Path Formulas true U ≤50 ¬Minimum QoS True! all workingL 2 failedrepairing L 2 switch failed repairing L 2 switch failed repairing L 2 switch failed L 2 failsrepair L 2 right switch failsL 2 repaired 3.61.52.84.2 ++≤50

17 Verifying Path Formulas true U ≤50 ¬Minimum QoS False! all workingL 1 failedrepairing L 2 bb failedall working L 1 failsrepair L 2 L 1 repairedbackbone fails 2645.317 +++≥50

18 Verifying Probabilistic Properties “The probability is at least  that  ” Symbolic Methods Pro: Exact solution Con: Works only for restricted class of systems Sampling Pro: Works for any system that can be simulated Con: Uncertainty in correctness of solution

19 Our Approach Use simulation to generate sample execution paths Use sequential acceptance sampling to verify probabilistic properties

20 Error Bounds Probability of false negative: ≤  We say that  is false when it is true Probability of false positive: ≤  We say that  is true when it is false

21 Acceptance Sampling Hypothesis: Pr ≥  (  )

22 Performance of Test Actual probability of  holding Probability of accepting Pr ≥  (  ) as true  1 –  

23 Ideal Performance Actual probability of  holding Probability of accepting Pr ≥  (  ) as true  1 –   False negatives False positives

24 Actual Performance  –  +  Indifference region Actual probability of  holding Probability of accepting Pr ≥  (  ) as true  1 –   False negatives False positives

25 Sequential Acceptance Sampling Hypothesis: Pr ≥  (  ) True, false, or another sample?

26 Graphical Representation of Sequential Test Number of samples Number of positive samples

27 Graphical Representation of Sequential Test We can find an acceptance line and a rejection line given , , , and  Reject Accept Continue sampling Number of samples Number of positive samples A , , ,  (n) R , , ,  (n)

28 Graphical Representation of Sequential Test Reject hypothesis Reject Accept Continue sampling Number of samples Number of positive samples

29 Graphical Representation of Sequential Test Accept hypothesis Reject Accept Continue sampling Number of samples Number of positive samples

30 Verifying Probabilistic Properties Verify Pr ≥  (  ) with error bounds  and  Generate sample execution paths using simulation Verify  over each sample execution path If  is true, then we have a positive sample If  is false, then we have a negative sample Use sequential acceptance sampling to test the hypothesis Pr ≥  (  )

31 Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements Error bounds  ’ and  ’ when verifying 

32 Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements True, false, or another sample?

33 Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: Reject Accept Continue sampling With  ’ and  ’ = 0 Number of samples Number of positive samples A , , ,  (n) R , , ,  (n)

34 Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: With  ’ and  ’ > 0 Reject Accept Continue sampling Number of samples Number of positive samples

35 Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: Reject Accept Continue sampling Number of samples Number of positive samples A  ’,  ’, ,  (n) R  ’,  ’, ,  (n)  ’ –  ’ = 1 – (1 – (  –  ))(1 –  ’)  ’ +  ’ = (  +  )(1 –  ’)

36 Verification of Negation To verify ¬  with error bounds  and  Verify  with error bounds  and 

37 Verification of Conjunction Verify  1   2  …   n with error bounds  and  Verify each  i with error bounds  and  /n

38 Verification of Path Formulas To verify  1 U ≤t  2 with error bounds  and  Convert to disjunction  1 U ≤t  2 holds if  2 holds in the first state, or if  2 holds in the second state and  1 holds in all prior states, or …

39 More on Verifying Until Given  1 U ≤t  2, let n be the index of the first state more than t time units away from the current state Disjunction of n conjunctions c 1 through c n, each of size i Simplifies if  1 or  2, or both, do not contain any probabilistic statements

40 Sampling-Based vs. Symbolic Methods Sampling-based methods… use less memory scale better with size of state space adapt to difficulty of problem (sequential) Symbolic methods… give exact results handle time-unbounded and steady-state properties

41 Dependable Workstation Cluster (results) 10 2 10 3 10 4 10 5 10 6 10 7 10 8 10 910 10 −1 10 0 10 1 10 2 10 3 10 4 Size of state space Verification time (seconds) ¬Pr ≥0.1 (true U ≤t ¬Min QoS)  =  =10 −2  =10 −2

42 Dependable Workstation Cluster (results) 101001000 10 0 10 1 10 2 10 3 10 4 10 5 Verification time (seconds) t  =  =10 −2  =10 −2 ¬Pr ≥0.1 (true U ≤t ¬Min QoS)

43 Tandem Queuing Network M/Cox 2 /1 queue sequentially composed with M/M/1 queue Each queue has capacity n State space of size O(n 2 ) 11 22 a …… 1−a 

44 Tandem Queuing Network (property) When empty, probability is less than 0.5 that system becomes full within t time units: ¬Pr ≥0.5 (true U ≤t full) in state “empty” …………

45 Tandem Queuing Network (results) 10 1 10 2 10 3 10 4 10 5 10 6 10 7 10 8 10 910 10 −2 10 −1 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Size of state space Verification time (seconds) ¬Pr ≥0.5 (true U ≤t full)  =  =10 −2  =10 −2

46 Tandem Queuing Network (results) 101001000 10 −2 10 −1 10 0 10 1 10 2 10 3 10 4 10 5 Verification time (seconds) t ¬Pr ≥0.5 (true U ≤t full)  =  =10 −2  =10 −2

47 Symmetric Polling System Single server, n polling stations Stations are attended in cyclic order Each station can hold one message State space of size O(n·2 n ) Server … Polling stations

48 Symmetric Polling System (property) When full and serving station 1, probability is at least 0.5 that station 1 is polled within t time units: Pr ≥0.5 (true U ≤t poll1) in state “full, srv 1” … serving 1polling 1 …

49 Symmetric Polling System (results) Verification time (seconds) Size of state space 10 2 10 4 10 6 10 810 10 12 10 14 10 −2 10 −1 10 0 10 1 10 2 10 3 10 4 10 5 Pr ≥0.5 (true U ≤t poll1)  =  =10 −2  =10 −2

50 Symmetric Polling System (results) Verification time (seconds) 101001000 t 10 5 10 0 10 1 10 2 10 3 10 4 10 6 Pr ≥0.5 (true U ≤t poll1)  =  =10 −2  =10 −2

51 Symmetric Polling System (results)  =  =10 −10  =  =10 −8  =  =10 −6  =  =10 −4  =  =10 −2 10 0 10 1 10 2 Verification time (seconds)  0.0010.01 Pr ≥0.5 (true U ≤t poll1) n=10 t=50

52 Summary Model independent probabilistic verification of discrete event systems Sample execution paths generated using simulation Probabilistic properties verified using sequential acceptance sampling Easy to trade accuracy for efficiency

53 Future Work Develop heuristics for formula ordering and parameter selection Use in combination with symbolic methods Apply to hybrid dynamic systems Use verification to aid controller synthesis for discrete event systems

54 Verification to Aid Probabilistic Planning Plan verification using discrete event simulation and acceptance sampling Plan repair using sample path analysis Heuristics to guide repair selection Hill-climbing search for satisfactory plan Fast sampling-based plan comparison

55 Generic Repair Procedure 1. Select some state along some negative sample path 2. Change the action planned for the selected state Develop heuristics to make informed state/action choices

Download ppt "Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. Younes Carnegie Mellon University."

Similar presentations

Chapter 7 Hypothesis Testing

Chapter 7 Hypothesis Testing
Introduction to Hypothesis Testing

Introduction to Hypothesis Testing
How Fast and Fat Is Your Probabilistic Model Checker? an experimental performance comparison David N. Jansen 3,1, Joost-Pieter Katoen 1,2, Marcel Oldenkamp.

How Fast and Fat Is Your Probabilistic Model Checker? an experimental performance comparison David N. Jansen 3,1, Joost-Pieter Katoen 1,2, Marcel Oldenkamp.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introduction to Theorem Proving

Introduction to Theorem Proving
SAT-Based Planning Using Propositional SAT- Solvers to Search for Plans.

SAT-Based Planning Using Propositional SAT- Solvers to Search for Plans.
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
1 Combinational Logic Design&Analysis. 2 Introduction We have learned all the prerequisite material: – Truth tables and Boolean expressions describe functions.

1 Combinational Logic Design&Analysis. 2 Introduction We have learned all the prerequisite material: – Truth tables and Boolean expressions describe functions.
Situation Calculus for Action Descriptions We talked about STRIPS representations for actions. Another common representation is called the Situation Calculus.

Situation Calculus for Action Descriptions We talked about STRIPS representations for actions. Another common representation is called the Situation Calculus.
7 Chapter Hypothesis Testing with One Sample

7 Chapter Hypothesis Testing with One Sample
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.

Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
Hypothesis Testing A hypothesis is a claim or statement about a property of a population (in our case, about the mean or a proportion of the population)

Hypothesis Testing A hypothesis is a claim or statement about a property of a population (in our case, about the mean or a proportion of the population)
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.

Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.
Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.

Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)
1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.

1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.

Similar presentations

Ads by Google