Probabilistic Verification of Discrete Event Systems

1
Probabilistic Verification of Discrete Event
Systems

• Håkan L. S. Younes
• Reid G. Simmons
• (initial work performed at HTC, Summer 2001)

2
Introduction

• Goal Verify temporal properties of general
  discrete event systems
• Probabilistic, real-time properties
• Expressed using CSL
• Approach Acceptance sampling
• Guaranteed error bounds
• Any-time properties

3
The Hungry Stork
The probability is at least 0.7 that the stork
satisfies its hunger within 180 seconds
4
The Hungry Stork as aDiscrete Event System
5
The Hungry Stork as aDiscrete Event System
6
The Hungry Stork as aDiscrete Event System
7
The Hungry Stork as aDiscrete Event System
stork sees frog
frog sees stork
stork eats frog
hungry,hunting,seen
not hungry
hungry,hunting
hungry
40 sec
19 sec
2 sec
8
The Hungry Stork as aDiscrete Event System
stork sees frog
frog sees stork
stork eats frog
hungry,hunting,seen
not hungry
hungry,hunting
hungry
40 sec
19 sec
2 sec
For this execution path, at least, the property
holds (total time lt 180 sec)
9
Verifying Probabilistic Properties

• Properties of the form Pr?(X)
• Symbolic Methods
• Exact solutions
• - Works for a restricted class of systems
• Sampling
• Works for all systems that can be simulated
• - Solutions not guaranteed

10
Our Approach Acceptance Sampling

• Use simulation to generate sample execution paths
• Samples based on stochastic discrete event models
• How many samples are enough?
• Probability of false negatives ?
• Probability of false positives ?

11
Performance of Test
1 ?
Probability of acceptingPr? (X) as true
?
?
Actual probability of X holding
12
Ideal Performance
1 ?
Probability of acceptingPr? (X) as true
?
?
Actual probability of X holding
13
Actual Performance
1 ?
Probability of acceptingPr? (X) as true
?
?
Actual probability of X holding
14
SequentialAcceptance Sampling

• Hypothesis Pr?(X)

15
Graphical Representation of Sequential Test
16
Graphical Representation of Sequential Test

• We can find an acceptance line and a rejection
  line given ?, ?, ?, and ?

17
Graphical Representation of Sequential Test
18
Graphical Representation of Sequential Test
19
Verifying Properties

• Verify Pr?(?) with error bounds ? and ?
• Generate sample execution paths using simulation
• Verify ? over each sample execution path
• If ? is true, then we have a positive sample
• If ? is false, then we have a negative sample
• Use sequential acceptance sampling to test the
  hypothesis Pr?(?)

• How to express probabilistic, real-time temporal
  properties as acceptance tests?

20
Continuous Stochastic Logic (CSL)

• State formulas
• Standard logic operators ?, ?1 ? ?2
• Probabilistic operator Pr?(?)
• Path formulas
• Time-bounded Until ?1 Ut ?2
• Pr0.7(true U180 hungry)
• Pr0.9(Pr0.1(queue-full) U60 served)

21
Verification of Conjunction

• Verify ?1 ? ?2 ? ? ?n with error bounds ? and ?
• What error bounds to choose for the ?is?
• Naïve ?i ?/n, ?i ?/n

• Accept if all conjuncts are true
• Reject if some conjunct is false

22
Verification of Conjunction

• Verify ?1 ? ?2 ? ? ?n with error bounds ? and ?
• Verify each ?i with error bounds ? and ?
• Return false as soon as any ?i is verified to be
  false
• If all ?i are verified to be true, verify each ?i
  again with error bounds ? and ?/n
• Return true iff all ?i are verified to be true

23
Verification of Conjunction

• Verify ?1 ? ?2 ? ? ?n with error bounds ? and ?
• Verify each ?i with error bounds ? and ?
• Return false as soon as any ?i is verified to be
  false
• If all ?i are verified to be true, verify each ?i
  again with error bounds ? and ?/n
• Return true iff all ?i are verified to be true

24
Verification of Path Formulas

• To verify ?1 Ut ?2 with error bounds ? and ?
• Convert to disjunction
• ?1 Ut ?2 holds if ?2 holds in the first state,
  or if ?2 holds in the second state and ?1 holds
  in all prior states, or

25
More on Verifying Until

• Given ?1 Ut ?2, let n be the index of the first
  state more than t time units away from the
  current state
• Disjunction of n conjunctions c1 through cn, each
  of size i
• Simplifies if ?1 or ?2, or both, do not contain
  any probabilistic statements

26
Verification of Nested Probabilistic Statements

• Suppose ?, in Pr?(?), contains probabilistic
  statements

27
Verification of Nested Probabilistic Statements

• Suppose ?, in Pr?(?), contains probabilistic
  statements
• Pr0.9(Pr0.1(queue-full) U60 served)
• How to specify the error bounds ? and ? when
  verifying ??

28
Modified Test

• find an acceptance line and a rejection line
  given ?, ?, ?, ?, ?, and ?

29
Modified Test

• find an acceptance line and a rejection line
  given ?, ?, ?, ?, ?, and ?

Accept
Continue sampling
Reject
30
Performance
?0.5
?0.7
?0.9
log Epn
p
31
Performance
?0.005
?0.01
log Epn
?0.02
p
32
Performance
??0.001
??0.01
log Epn
??0.1
p
33
Summary

• Algorithm for probabilistic verification of
  discrete event systems
• Sample execution paths generated using simulation
• Probabilistic properties verified using
  sequential acceptance sampling
• Properties specified using CSL

34
Future Work

• Apply to hybrid dynamic systems
• Develop heuristics for formula ordering and
  parameter selection
• Use verification to aid policy generation for
  real-time stochastic domains