Presentation is loading. Please wait.

Presentation is loading. Please wait.

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.

Published byPrudence McLaughlin Modified over 9 years ago

Similar presentations

Presentation on theme: "Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes."— Presentation transcript:

1 Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes

2 Introduction Verify properties of discrete event systems Probabilistic and real-time properties Properties expressed using CSL Acceptance sampling Guaranteed error bounds

3 “The Hungry Stork”

4 System “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

5 Systems A stork hunting for frogs The CMU post office The Swedish telephone system The solar system

6 Discrete Event Systems Discrete state changes at the occurrence of events A stork hunting for frogs The CMU post office The Swedish telephone system The solar system

7 “The Hungry Stork” as a Discrete Event System hungry

8 “The Hungry Stork” as a Discrete Event System hungry, hunting hungry 40 sec stork sees frog

9 “The Hungry Stork” as a Discrete Event System hungry, hunting, seen hungry, hunting hungry 40 sec19 sec stork sees frogfrog sees stork

10 “The Hungry Stork” as a Discrete Event System hungry, hunting, seen not hungry hungry, hunting hungry 40 sec19 sec1 sec stork sees frogfrog sees storkstork eats frog

11 Sample Execution Paths hungry, hunting, seen not hungry hungry, hunting hungry 40 sec19 sec1 sec stork sees frogfrog sees storkstork eats frog

12 Properties of Interest Probabilistic real-time properties “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

13 Properties of Interest Probabilistic real-time properties “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”

14 Verifying Real-time Properties “The stork satisfies its hunger within 180 seconds” True! hungry, hunting, seen not hungry hungry, hunting hungry 40 sec19 sec1 sec stork sees frogfrog sees storkstork eats frog ++≤ 180 sec

15 Verifying Real-time Properties “The stork satisfies its hunger within 180 seconds” False! not hungry hungry, hunting hungry 165 sec30 sec stork sees frogStork eats frog +> 180 sec

16 Verifying Probabilistic Properties “The probability is at least 0.7 that X” Symbolic Methods Pro: Exact solution Con: Works for a restricted class of systems Sampling Pro: Works for all systems that can be simulated Con: Uncertainty in correctness of solution

17 Our Approach Use simulation to generate sample execution paths Use sequential acceptance sampling to verify probabilistic properties

18 Error Bounds Probability of false negative: ≤  We say that P is false when it is true Probability of false positive: ≤  We say that P is true when it is false

19 Acceptance Sampling Hypothesis: “The probability is at least  that X”

20 Acceptance Sampling Hypothesis: Pr ≥  (X)

21 Sequential Acceptance Sampling True, false, or another sample? Hypothesis: Pr ≥  (X)

22 Performance of Test Actual probability of X holding Probability of accepting Pr ≥  (X) as true  1 –  

23 Ideal Performance Actual probability of X holding Probability of accepting Pr ≥  (X) as true  1 –   False negatives False positives

24 Actual Performance  –  +  Indifference region Actual probability of X holding Probability of accepting Pr ≥  (X) as true  1 –   False negatives False positives

25 Graphical Representation of Sequential Test Number of samples Number of positive samples

26 Graphical Representation of Sequential Test We can find an acceptance line and a rejection line given , , , and  Reject Accept Continue sampling Number of samples Number of positive samples

27 Graphical Representation of Sequential Test Reject hypothesis Reject Accept Continue sampling Number of samples Number of positive samples

28 Graphical Representation of Sequential Test Accept hypothesis Reject Accept Continue sampling Number of samples Number of positive samples

29 Continuous Stochastic Logic (CSL) State formulas Truth value is determined in a single state Path formulas Truth value is determined over an execution path

30 State Formulas Standard logic operators: ¬ ,  1   2 … Probabilistic operator: Pr ≥  (  ) True iff probability is at least  that  holds Pr ≥0.7 (“The stork satisfies its hunger within 180 seconds”)

31 Path Formulas Until:  1 U ≤t  2 Holds iff  2 becomes true in some state along the execution path before time t, and  1 is true in all prior states “The stork satisfies its hunger within 180 seconds”: true U ≤180 ¬hungry

32 Expressing Properties in CSL “The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds” Pr ≥0.7 (true U ≤180 ¬hungry) “The probability is at least 0.9 that the customer is served within 60 seconds and remains happy while waiting” Pr ≥0.9 (happy U ≤60 served)

33 Semantics of Until true U ≤180 ¬hungry True! hungry, hunting, seen ¬hungry hungry, hunting hungry 40 sec19 sec1 sec++≤ 180 sec

34 Semantics of Until true U ≤180 ¬hungry False! ¬hungry hungry, hunting hungry 165 sec30 sec+> 180 sec

35 Semantics of Until happy U ≤60 served False! happy, ¬served served ¬happy, ¬served happy, ¬served 17 sec13 sec5 sec++≤ 60 sec

36 Verifying Probabilistic Statements Verify Pr ≥  (  ) with error bounds  and  Generate sample execution paths using simulation Verify  over each sample execution path If  is true, then we have a positive sample If  is false, then we have a negative sample Use sequential acceptance sampling to test the hypothesis Pr ≥  (  )

37 Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements Pr ≥0.8 (true U ≤60 Pr ≥0.9 (true U ≤30 ¬hungry)) Error bounds  ’ and  ’ when verifying 

38 Verification of Nested Probabilistic Statements Suppose , in Pr ≥  (  ), contains probabilistic statements True, false, or another sample?

39 Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: Reject Accept Continue sampling With  ’ and  ’ = 0 Number of samples Number of positive samples

40 Modified Test Find an acceptance line and a rejection line given , , , ,  ’, and  ’: With  ’ and  ’ > 0 Reject Accept Continue sampling Number of samples Number of positive samples

41 Verification of Negation To verify ¬  with error bounds  and  Verify  with error bounds  and 

42 Verification of Conjunction Verify  1   2  …   n with error bounds  and  Accept if all conjuncts are true Reject if some conjunct is false

43 Acceptance of Conjunction Accept if all conjuncts are true Accept all  i with bounds  i and  i Probability at most  i that  i is false Therefore: Probability at most  1 + … +  n that conjunction is false For example, choose  i =  /n Note:  i unconstrained

44 Rejection of Conjunction Reject if some conjunct is false Reject some  i with bounds  i and  i Probability at most  i that  i is true Therefore: Probability at most  i that conjunction is true Choose  i =  Note:  i unconstrained

45 Putting it Together To verify  1   2  …   n with error bounds  and  1. Verify each  i with error bounds  and  ’ 2. Return false as soon as any  i is verified to be false 3. If all  i are verified to be true, verify each  i again with error bounds  and  /n 4. Return true iff all  i are verified to be true “Fast reject”

46 Putting it Together To verify  1   2  …   n with error bounds  and  1. Verify each  i with error bounds  and  ’ 2. Return false as soon as any  i is verified to be false 3. If all  i are verified to be true, verify each  i again with error bounds  and  /n 4. Return true iff all  i are verified to be true “Rigorous accept”

47 Verification of Path Formulas To verify  1 U ≤t  2 with error bounds  and  Convert to disjunction  1 U ≤t  2 holds if  2 holds in the first state, or if  2 holds in the second state and  1 holds in all prior states, or …

48 More on Verifying Until Given  1 U ≤t  2, let n be the index of the first state more than t time units away from the current state Disjunction of n conjunctions c 1 through c n, each of size i Simplifies if  1 or  2, or both, do not contain any probabilistic statements

49 Example Verify Pr ≥0.7 (true U ≤180 ¬hungry) in with  =  = 0.1 and  = 0.1 hungry Simulator 105 15 10 5 15 Number of samples Positive samples

50 Example Verify Pr ≥0.7 (true U ≤180 ¬hungry) in with  =  = 0.1 and  = 0.1 hungry hungry, hunting, seen hungry, hunting hungry ¬hungry 40 19 Total time: 0 secTotal time: 40 sec 1 stork sees frog frog sees stork stork eats frog Total time: 59 secTotal time: 60 sec 105 15 10 5 15 Number of samples Positive samples

51 Example Verify Pr ≥0.7 (true U ≤180 ¬hungry) in with  =  = 0.1 and  = 0.1 hungry, hunting, seen hungry, hunting hungry hungry, tired hungry 63 25 2 93 stork sees frog frog sees stork frog jumps hungry stork rested 105 15 10 5 15 Number of samples Positive samples Total time: 0 secTotal time: 63 sec Total time: 88 secTotal time: 90 secTotal time: 183 sec

52 Example Verify Pr ≥0.7 (true U ≤180 ¬hungry) in with  =  = 0.1 and  = 0.1 hungry 105 15 10 5 15 Number of samples Positive samples Property holds!

53 Summary Algorithm for probabilistic verification of discrete event systems Sample execution paths generated using simulation Probabilistic properties verified using sequential acceptance sampling

54 Future Work Apply to hybrid dynamic systems Develop heuristics for formula ordering and parameter selection Use verification to aid policy generation for real-time stochastic domains

Download ppt "Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes."

Similar presentations

Chapter 7 Hypothesis Testing

Chapter 7 Hypothesis Testing
Introduction to Hypothesis Testing

Introduction to Hypothesis Testing
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
Situation Calculus for Action Descriptions We talked about STRIPS representations for actions. Another common representation is called the Situation Calculus.

Situation Calculus for Action Descriptions We talked about STRIPS representations for actions. Another common representation is called the Situation Calculus.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Friday, April 17, 2015 1 PTR: A Probabilistic Transaction Logic Julian Fogel A logic for reasoning about action under uncertainty. A mathematically sound.

Friday, April 17, PTR: A Probabilistic Transaction Logic Julian Fogel A logic for reasoning about action under uncertainty. A mathematically sound.
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.

Probabilistic Verification of Discrete Event Systems using Acceptance Sampling Håkan L. S. YounesReid G. Simmons Carnegie Mellon University.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.

Statistical Probabilistic Model Checking Håkan L. S. Younes Carnegie Mellon University.
CS 355 – Programming Languages

CS 355 – Programming Languages
Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.

Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001)
A Hybridized Planner for Stochastic Domains Mausam and Daniel S. Weld University of Washington, Seattle Piergiorgio Bertoli ITC-IRST, Trento.

A Hybridized Planner for Stochastic Domains Mausam and Daniel S. Weld University of Washington, Seattle Piergiorgio Bertoli ITC-IRST, Trento.
Planning under Uncertainty

Planning under Uncertainty
Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.

Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.

Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
Introduction to Hypothesis Testing

Introduction to Hypothesis Testing
1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.

1 Discrete Structures CS 280 Example application of probability: MAX 3-SAT.
Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.

Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes.
ESE601: Hybrid Systems Introduction to verification Spring 2006.

ESE601: Hybrid Systems Introduction to verification Spring 2006.

Similar presentations

Ads by Google