1 / 34

Probabilistic Verification of Discrete Event Systems

Probabilistic Verification of Discrete Event Systems. H åkan L. S. Younes. The Problem. Given a model of a discrete event system, check if certain properties hold The model is a stochastic process (GSMP) Properties are expressed using a logic formalism (CSL). Probabilistic Verification.

jenaya
Download Presentation

Probabilistic Verification of Discrete Event Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Probabilistic Verification of Discrete Event Systems Håkan L. S. Younes

  2. The Problem • Given a model of a discrete event system, check if certain properties hold • The model is a stochastic process (GSMP) • Properties are expressed using a logic formalism (CSL)

  3. Probabilistic Verification • Verification of probabilistic properties • “The probability of reaching a failure state within 60 minutes is less than 0.1” • Probabilistic verification of properties • “The probability of property P holding is at least 0.95”

  4. Discrete Event System (DES) • Event-driven system • Discrete state changes at the occurrence of events • Examples: • Manufacturing systems • Queueing systems • Communication protocols

  5. Why Probabilistic Verification? • The dynamics of a DES is too complex for symbolic methods • Use simulation to generate sample paths • Use acceptance sampling to verify probabilistic properties

  6. a set of states • a set of transitions (or events) S2 S1 S3 S4 Stochastic Processes • A stochastic process consists of

  7. 1.0 S2 0.2 0.4 S1 S3 0.8 0.6 1.0 S4 Markov Processes • The Markov assumption • There is enough information in the current state to determine the future behavior

  8. Holding Times • The holding time is the time spent in a state before an event occurs • Holding times are positive random variables • Can be discrete or continuous

  9. 4 1.0 3 State S2 2 0.4 1 S1 1.0 S3 Time 0.6 S4 0.8 0.2 Continuous-timeMarkov Chain (CTMC) • Holding times are governed by exponential distributions

  10. 1.0 S2 0.4 S3 S1 1.0 0.6 S4 0.8 0.2 Semi-Markov Process • Holding times are governed by arbitrary (positive) distributions

  11. 4 E2 1.0 S2 3 State E3 2 0.4 1 E1 S3 S1 0.5 0.5 E2 Time E1 3.5 3.5 - - - 0.6 E1 S4 E2 5.0 5.0 1.5 1.5 - 1.0 0.7 0.3 E3 - - 2.0 2.0 - Generalized Semi-Markov Process (GSMP) • Holding times can depend on the history

  12. Properties • Qualitative • “P will eventually hold on all future execution paths” • Quantitative • “P will hold before time t with probability at least  on future execution paths”

  13. [EMSS89]* *Discrete time Problem Space Properties Qualitative Quantitative [ASSB96],[BKH99] CTMC Model [ACD91] My Work GSMP

  14. Continuous Stochastic Logic (CSL) • State formulas: a, ¬, 12, Pr() • Truth value is determined in a single state • Path formulas: X , 1Ut2 • Truth value is determined over an execution path

  15. t0 t1 t2 S0,C0 S1,C1 S2,C2 Execution Paths • Current state + current clock settings = internal state • The internal state contains enough information to determine the future behavior • A sequence of internal states is an execution path

  16. CSL Semantics(State Formulas) • Atomic proposition: a • Negation: ¬ • Holds iff  does not hold in current state • Conjunction: 12 • Holds iff both 1 and 2 hold in current state

  17. CSL Semantics(More State Formulas) • Probabilistic statement: Pr() • Holds iff  is true over at most a  proportion of execution paths starting in the current state

  18. CSL Semantics(Path Formulas) • Next state: X  • Holds iff  holds in the next state along the current execution path • Until: 1Ut2 • Holds iff 2 becomes true in some state along the current execution path before time t, and 1 is true in all prior states

  19. 2 3 4 11 a,¬b a,¬b a,¬b b b 2 3 4 11 a,¬b ¬a,¬b a,¬b b b 2 3 4 11 a,¬b a,¬b a,¬b a,¬b b More on Until • Consider the formula aU17b

  20. Verifying Probabilistic Statements • Verify Pr() • Generate sample execution paths using discrete event simulation • Verify  over each sample path • If  is true, then we have a positive sample • If  is false, then we have a negative sample • Based on the proportion of positive samples, determine if Pr() holds

  21. True, false,or anothersample? Sequential Hypothesis Testing • Hypothesis: Pr()

  22. Error Bounds • Probability of false negative:  • We say that Pr() is false when it is true • Probability of false positive:  • We say that Pr() is true when it is false

  23. False negatives False negatives Indifference region 1 –  Probability of acceptingPr() as true False positives False positives   –    +  Actual probability of  holding Indifference Region

  24. Reject Reject Number ofpositive samples Continue sampling Continue sampling Accept Accept Number of samples Graphical Representation of Statistical Test • We can find an acceptance line and a rejection line given , , , and 

  25. True, false,or anothersample? Verification of Nested Probabilistic Statements • Suppose , in Pr(), contains probabilistic statements

  26. Indirect Sampling • Want samples from random variable X • Can only get samples from Y such that • Pr[Y=1|X=1]  1 – ’ • Pr[Y=0|X=1] ’ • Pr[Y=1|X=0] ’ • Pr[Y=0|X=0]  1 – ’

  27. Reject Number ofpositive samples Continue sampling Accept Number of samples Modified Test • find an acceptance line and a rejection line given , , , , ’, and ’:

  28. Verification of Compound State Formulas • To verify ¬ with error bounds  and  • Verify  with error bounds  and • To verify 12  … n with error bounds  and  • Verify 1 though n with error bounds /n and /n

  29. Sequential Verification of Conjunction • To verify 12  … n with error bounds  and  • Verify each i with error bounds  and ’ • Return false as soon as any i is verified to be false • If all i are verified to be true, verify each i again with error bounds  and /n • Return true iff all i are verified to be true

  30. Verification of Path Formulas • To verify X with error bounds  and  • Verify  with error bounds  and  in the next state • To verify 1Ut2 with error bounds  and  • Convert to conjunction • 1Ut2 holds if 2 holds in the first state, or if 2 holds in the second state and 1holds in all prior state, …

  31. More on Verifying Until • Given 1Ut2, let n be the index of the first state more than t time units away from the current state • Conjunction of n conjuncts c1 through cn, each of size i • Simplifies if 1 or 2, or both, do not contain any probabilistic statements

  32. E5 S4 S1: Safe, at restS2: Under attack, at restS3: Under attack, jumpingS4: Safe, jumping 6 4 E4 2 E2 S1 S3 26.3----0.0 89.9----0.0 89.9----0.0 -124.544.3--26.3 -124.544.3--26.3 -155.848.3--89.9 -155.848.3--89.9 -107.5-61.0-138.2 -107.5-61.0-138.2 -80.2-95.2-70.6 -80.2-95.2-70.6 ----36.2199.2 ----36.2199.2 -----150.8 59.4----235.4 E1 20 40 60 80 100 E1: Stork attackingE2: Frog killed E3: Start jumpingE4: Stork retreatsE5: Stop jumping E1:E2: E3: E4: E5: t: E3 E2 S2 Example • Verify Pr0.05(true U200dead) in S1 26.3----0.0

  33. Summary • Algorithm for probabilistic verification of discrete event systems • Sample execution paths generated using discrete event simulation • Probabilistic properties verified using acceptance sampling • Algorithm can be used in an anytime manner

  34. Future Work • Apply to hybrid dynamic systems • Develop heuristics for formula ordering and parameter selection • Use verification to aid policy generation for real-time stochastic domains

More Related