probabilistic verification of discrete event systems using acceptance sampling
DESCRIPTION
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling. Introduction. Verify properties of discrete event systems Model independent approach Probabilistic real-time properties expressed using CSL Acceptance sampling Guaranteed error bounds. DES Example. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/1.jpg)
Probabilistic Verification of Discrete Event Systems using Acceptance Sampling
Håkan L. S. Younes Reid G. SimmonsCarnegie Mellon University
![Page 2: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/2.jpg)
Introduction
Verify properties of discrete event systems
Model independent approach Probabilistic real-time properties
expressed using CSL Acceptance sampling Guaranteed error bounds
![Page 3: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/3.jpg)
DES Example
Triple modular redundant system Three processors Single majority voter
CPU 1 CPU 2 CPU 3
Voter
![Page 4: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/4.jpg)
DES Example
CPU 1 CPU 2 CPU 3
Voter
3 CPUs upvoter up
![Page 5: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/5.jpg)
DES Example
CPU 1 CPU 2 CPU 3
Voter
3 CPUs upvoter up
2 CPUs upvoter up
CPU fails
40
![Page 6: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/6.jpg)
DES Example
CPU 1 CPU 2 CPU 3
Voter
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
CPU fails repair CPU
40 19.2
![Page 7: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/7.jpg)
DES Example
CPU 1 CPU 2 CPU 3
Voter
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
1 CPU uprepairing CPU
voter up
CPU fails repair CPU CPU fails
40 19.2 11
![Page 8: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/8.jpg)
DES Example
CPU 1 CPU 2 CPU 3
Voter
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
1 CPU uprepairing CPU
voter up
2 CPUs upvoter up
CPU fails repair CPU CPU fails CPU repaired
40 19.2 11 4 …
![Page 9: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/9.jpg)
Sample Execution Paths
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
1 CPU uprepairing CPU
voter up
2 CPUs upvoter up
CPU fails repair CPU CPU fails CPU repaired
40 19.2 11 4 …
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
3 CPUs upvoter up
3 CPUs upvoter down
CPU fails repair CPU CPU repaired
voter fails
82 13 16 4 …
![Page 10: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/10.jpg)
Properties of Interest
Probabilistic real-time properties “The probability is at least 0.1 that
the voter fails within 120 time units while at least 2 CPUs have continuously remained up”
![Page 11: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/11.jpg)
Properties of Interest
Probabilistic real-time properties “The probability is at least 0.1 that
the voter fails within 120 time units while at least 2 CPUs have continuously remained up”
Pr≥0.1(“2 CPUs up” “3 CPUs up” U≤120 “voter down”)
CSL formula:
![Page 12: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/12.jpg)
Continuous Stochastic Logic (CSL)
State formulas Truth value is determined in a single
state Path formulas
Truth value is determined over an execution path
![Page 13: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/13.jpg)
State Formulas
Standard logic operators: ¬, 1 2 …
Probabilistic operator: Pr≥() True iff probability is at least that
holds
![Page 14: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/14.jpg)
Path Formulas
Until: 1 U≤t 2
Holds iff 2 becomes true in some state along the execution path before time t, and 1 is true in all prior states
![Page 15: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/15.jpg)
Verifying Real-time Properties “2 CPUs up” “3 CPUs up” U≤120 “voter down”
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
1 CPU uprepairing CPU
voter up
2 CPUs upvoter up
CPU fails repair CPU CPU fails CPU repaired
40 19.2 11 4 …
False!
![Page 16: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/16.jpg)
Verifying Real-time Properties “2 CPUs up” “3 CPUs up” U≤120 “voter down”
3 CPUs upvoter up
2 CPUs upvoter up
2 CPUs uprepairing CPU
voter up
3 CPUs upvoter up
3 CPUs upvoter down
CPU fails repair CPU CPU repaired
voter fails
82 13 16 4 …
True!
+ + ≤ 120+
![Page 17: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/17.jpg)
Verifying Probabilistic Properties
“The probability is at least 0.1 that ” Symbolic Methods
Pro: Exact solution Con: Works only for restricted class of systems
Sampling Pro: Works for any system that can be
simulated Con: Uncertainty in correctness of solution
![Page 18: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/18.jpg)
Our Approach
Use simulation to generate sample execution paths
Use sequential acceptance sampling to verify probabilistic properties
![Page 19: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/19.jpg)
Error Bounds
Probability of false negative: ≤ We say that is false when it is true
Probability of false positive: ≤ We say that is true when it is false
![Page 20: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/20.jpg)
Acceptance Sampling
Hypothesis: Pr≥()
![Page 21: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/21.jpg)
Performance of Test
Actual probability of holding
Pro
bab
ility
of
acc
ep
tin
gPr ≥
(
) as
tru
e
1 –
![Page 22: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/22.jpg)
Ideal Performance
Actual probability of holding
Pro
bab
ility
of
acc
ep
tin
gPr ≥
(
) as
tru
e
1 –
False negatives
False positives
![Page 23: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/23.jpg)
Actual Performance
– +
Indifference region
Actual probability of holding
Pro
bab
ility
of
acc
ep
tin
gPr ≥
(
) as
tru
e
1 –
False negatives
False positives
![Page 24: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/24.jpg)
SequentialAcceptance Sampling
Hypothesis: Pr≥()
True, false,or anothersample?
![Page 25: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/25.jpg)
Graphical Representation of Sequential Test
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 26: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/26.jpg)
Graphical Representation of Sequential Test
We can find an acceptance line and a rejection line given , , , and
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s A,,,(n)
R,,,(n)
![Page 27: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/27.jpg)
Graphical Representation of Sequential Test
Reject hypothesis
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 28: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/28.jpg)
Graphical Representation of Sequential Test
Accept hypothesis
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 29: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/29.jpg)
Verifying Probabilistic Properties
Verify Pr≥() with error bounds and Generate sample execution paths using
simulation Verify over each sample execution path
If is true, then we have a positive sample If is false, then we have a negative sample
Use sequential acceptance sampling to test the hypothesis Pr≥()
![Page 30: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/30.jpg)
Verification of Nested Probabilistic Statements
Suppose , in Pr≥(), contains probabilistic statements Error bounds ’ and ’ when verifying
![Page 31: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/31.jpg)
Verification of Nested Probabilistic Statements
Suppose , in Pr≥(), contains probabilistic statements
True, false,or anothersample?
![Page 32: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/32.jpg)
Modified Test
Find an acceptance line and a rejection line given , , , , ’, and ’:
Reject
Accept
Continue sampling
With ’ and ’ = 0
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s A,,,(n)
R,,,(n)
![Page 33: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/33.jpg)
Modified Test
Find an acceptance line and a rejection line given , , , , ’, and ’:
With ’ and ’ > 0
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s
![Page 34: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/34.jpg)
Modified Test
Find an acceptance line and a rejection line given , , , , ’, and ’:
Reject
Accept
Continue sampling
Number of samples
Nu
mb
er
of
posi
tive s
am
ple
s A’,’,,(n)
R’,’,,(n)
’ – ’ = 1 – (1 – ( – ))(1 – ’)
’ + ’ = ( + )(1 – ’)
![Page 35: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/35.jpg)
Verification of Negation
To verify ¬ with error bounds and Verify with error bounds and
![Page 36: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/36.jpg)
Verification of Conjunction
Verify 1 2 … n with error bounds and Verify each i with error bounds and
/n
![Page 37: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/37.jpg)
Verification of Path Formulas
To verify 1 U≤t 2 with error bounds and Convert to disjunction
1 U≤t 2 holds if 2 holds in the first state, or if 2 holds in the second state and 1 holds in all prior states, or …
![Page 38: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/38.jpg)
More on Verifying Until
Given 1 U≤t 2, let n be the index of the first state more than t time units away from the current state
Disjunction of n conjunctions c1 through cn, each of size i
Simplifies if 1 or 2, or both, do not contain any probabilistic statements
![Page 39: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/39.jpg)
10
100
1000
10000
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Performance = 0.9
= = 10-1
Actual probability of holding
Avera
ge n
um
ber
of
sam
ple
s
= = 10-10
= 0.01
![Page 40: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/40.jpg)
10
100
1000
10000
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Performance
=0.05
Actual probability of holding
Avera
ge n
um
ber
of
sam
ple
s
= 0.9 = = 10-2
=0.02=0.01=0.005
=0.002
=0.001
![Page 41: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/41.jpg)
Summary
Model independent probabilistic verification of discrete event systems
Sample execution paths generated using simulation
Probabilistic properties verified using sequential acceptance sampling
Easy to trade accuracy for efficiency
![Page 42: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/42.jpg)
Future Work
Develop heuristics for formula ordering and parameter selection
Use in combination with symbolic methods
Apply to hybrid dynamic systems Use verification to aid controller
synthesis for discrete event systems
![Page 43: Probabilistic Verification of Discrete Event Systems using Acceptance Sampling](https://reader036.vdocument.in/reader036/viewer/2022062519/56814eca550346895dbc6728/html5/thumbnails/43.jpg)
ProVer: Probabilistic Verifier
http://www.cs.cmu.edu/~lorens/prover.html