probabilistic verification of discrete event systems
DESCRIPTION
Probabilistic Verification of Discrete Event Systems. Håkan L. S. Younes Reid G. Simmons (initial work performed at HTC, Summer 2001). Introduction. Goal : Verify temporal properties of general discrete event systems Probabilistic, real-time properties Expressed using CSL - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/1.jpg)
Probabilistic Verification of Discrete Event Systems
Håkan L. S. YounesReid G. Simmons
(initial work performed at HTC, Summer 2001)
![Page 2: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/2.jpg)
May 30, 2002Carnegie Mellon
Introduction Goal: Verify temporal properties of
general discrete event systems Probabilistic, real-time properties Expressed using CSL
Approach: Acceptance sampling Guaranteed error bounds Any-time properties
![Page 3: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/3.jpg)
May 30, 2002Carnegie Mellon
“The Hungry Stork”
System
“The probability is at least 0.7 that the stork satisfies its hunger within 180 seconds”
![Page 4: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/4.jpg)
May 30, 2002Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System
hungry
![Page 5: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/5.jpg)
May 30, 2002Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System
hungryhungry,hunting
40 sec
stork sees frog
![Page 6: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/6.jpg)
May 30, 2002Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System
hungry
40 sec
stork sees frog
hungry,hunting,
seen
hungry,hunting
19 sec
frog sees stork
![Page 7: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/7.jpg)
May 30, 2002Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System
hungry,hunting,
seennot hungry
hungry,hunting
hungry
40 sec 19 sec 2 sec
stork sees frog
frog sees stork
stork eats frog
![Page 8: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/8.jpg)
May 30, 2002Carnegie Mellon
“The Hungry Stork” as aDiscrete Event System
hungry,hunting,
seennot hungry
hungry,hunting
hungry
40 sec 19 sec 2 sec
stork sees frog
frog sees stork
stork eats frog
For this execution path, at least, the property holds…(total time < 180 sec)
![Page 9: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/9.jpg)
May 30, 2002Carnegie Mellon
Verifying Probabilistic Properties Properties of the form: Pr≥(X)
Symbolic Methods+ Exact solutions- Works for a restricted class of
systems Sampling
+ Works for all systems that can be simulated
- Solutions not guaranteed
![Page 10: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/10.jpg)
May 30, 2002Carnegie Mellon
Our Approach: Acceptance Sampling Use simulation to generate
sample execution paths Samples based on stochastic
discrete event models
How many samples are “enough”? Probability of false negatives ≤ Probability of false positives ≤
![Page 11: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/11.jpg)
May 30, 2002Carnegie Mellon
Performance of Test
Actual probability of X holding
Pro
bab
ility
of
acc
ep
tin
gPr ≥
(X
) as
tru
e
1 –
![Page 12: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/12.jpg)
May 30, 2002Carnegie Mellon
Ideal Performance
Actual probability of X holding
Pro
bab
ility
of
acc
ep
tin
gPr ≥
(X
) as
tru
e
1 –
False negatives
False positives
![Page 13: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/13.jpg)
May 30, 2002Carnegie Mellon
Actual Performance
– +
Indifference region
Actual probability of X holding
Pro
bab
ility
of
acc
ep
tin
gPr ≥
(X
) as
tru
e
1 –
False negatives
False positives
![Page 14: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/14.jpg)
May 30, 2002Carnegie Mellon
SequentialAcceptance Sampling
True, false,or anothersample?
Hypothesis: Pr≥(X)
![Page 15: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/15.jpg)
May 30, 2002Carnegie Mellon
Graphical Representation of Sequential Test
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 16: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/16.jpg)
May 30, 2002Carnegie Mellon
Graphical Representation of Sequential Test
We can find an acceptance line and a rejection line given , , , and
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 17: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/17.jpg)
May 30, 2002Carnegie Mellon
Graphical Representation of Sequential Test
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 18: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/18.jpg)
May 30, 2002Carnegie Mellon
Graphical Representation of Sequential Test
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 19: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/19.jpg)
May 30, 2002Carnegie Mellon
Verifying Properties
Verify Pr≥() with error bounds and Generate sample execution paths using
simulation Verify over each sample execution path
If is true, then we have a positive sample If is false, then we have a negative sample
Use sequential acceptance sampling to test the hypothesis Pr≥() How to express probabilistic, real-time
temporal properties as acceptance tests?
![Page 20: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/20.jpg)
May 30, 2002Carnegie Mellon
Continuous Stochastic Logic (CSL)
State formulas Standard logic operators: ¬, 1 2 … Probabilistic operator: Pr≥()
Path formulas Time-bounded Until: 1 U≤t 2
Pr≥0.7(true U≤180 ¬hungry) Pr≥0.9(Pr≤0.1(queue-full) U≤60 served)
![Page 21: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/21.jpg)
May 30, 2002Carnegie Mellon
Verification of Conjunction Verify 1 2 … n with error
bounds and
What error bounds to choose for the i’s? Naïve: i = /n, i = /n
Accept if all conjuncts are true Reject if some conjunct is false
![Page 22: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/22.jpg)
May 30, 2002Carnegie Mellon
“Fast reject”
Verification of Conjunction Verify 1 2 … n with error
bounds and 1. Verify each i with error bounds and ’
2. Return false as soon as any i is verified to be false
3. If all i are verified to be true, verify each i again with error bounds and /n
4. Return true iff all i are verified to be true
![Page 23: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/23.jpg)
May 30, 2002Carnegie Mellon
Verification of Conjunction
“Rigorous accept”
Verify 1 2 … n with error bounds and
1. Verify each i with error bounds and ’
2. Return false as soon as any i is verified to be false
3. If all i are verified to be true, verify each i again with error bounds and /n
4. Return true iff all i are verified to be true
![Page 24: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/24.jpg)
May 30, 2002Carnegie Mellon
Verification of Path Formulas To verify 1 U≤t 2 with error
bounds and Convert to disjunction
1 U≤t 2 holds if 2 holds in the first state, or if 2 holds in the second state and 1 holds in all prior states, or …
![Page 25: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/25.jpg)
May 30, 2002Carnegie Mellon
More on Verifying Until Given 1 U≤t 2, let n be the index
of the first state more than t time units away from the current state
Disjunction of n conjunctions c1 through cn, each of size i
Simplifies if 1 or 2, or both, do not contain any probabilistic statements
![Page 26: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/26.jpg)
May 30, 2002Carnegie Mellon
Verification of Nested Probabilistic Statements
Suppose , in Pr≥(), contains probabilistic statements
True, false,or anothersample?
![Page 27: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/27.jpg)
May 30, 2002Carnegie Mellon
Verification of Nested Probabilistic Statements
Suppose , in Pr≥(), contains probabilistic statements Pr≥0.9(Pr≤0.1(queue-full) U≤60 served) How to specify the error bounds ’ and
’ when verifying ?
![Page 28: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/28.jpg)
May 30, 2002Carnegie Mellon
Modified Test find an acceptance line and a
rejection line given , , , , ’, and ’:
Reject
Accept
Continue sampling
With ’ and ’ = 0
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 29: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/29.jpg)
May 30, 2002Carnegie Mellon
Modified Test find an acceptance line and a
rejection line given , , , , ’, and ’:
With ’ and ’ > 0
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 30: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/30.jpg)
May 30, 2002Carnegie Mellon
Performance
10
100
1000
10000
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
=0.9
=0.7=0.5
p
log E
p[n
]
![Page 31: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/31.jpg)
May 30, 2002Carnegie Mellon
Performance
10
100
1000
10000
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
p
log E
p[n
] =0.005=0.01
=0.02
![Page 32: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/32.jpg)
May 30, 2002Carnegie Mellon
Performance
p
log E
p[n
]
10
100
1000
10000
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
==0.001==0.01
==0.1
![Page 33: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/33.jpg)
May 30, 2002Carnegie Mellon
Summary Algorithm for probabilistic verification
of discrete event systems Sample execution paths generated
using simulation Probabilistic properties verified using
sequential acceptance sampling Properties specified using CSL
![Page 34: Probabilistic Verification of Discrete Event Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/56813f31550346895da9d5e5/html5/thumbnails/34.jpg)
May 30, 2002Carnegie Mellon
Future Work Apply to hybrid dynamic systems Develop heuristics for formula
ordering and parameter selection Use verification to aid policy
generation for real-time stochastic domains