VESTA: A Statistical Model-checker and Analyzer for Probabilistic Systems

1
VESTA A Statistical Model-checker and Analyzer
for Probabilistic Systems
YoungMin Kwon

• Authors
• Koushik Sen Mahesh Viswanathan Gul
  Agha
• University of Illinois at Urbana-Champaign

2
Vesta Tool

• Input A probabilistic model M given as
• a Java class on which one can perform
  discrete-event simulation
• a CTMC model in a special language (similar to
  that used in PRISM)
• a Probabilistic Rewrite Theory in Maude

3
Vesta Tool

• Input A probabilistic model M given as
• a Java class on which one can perform
  discrete-event simulation
• a CTMC model in a special language (similar to
  that used in PRISM)
• a Probabilistic Rewrite Theory in Maude
• Input A formula F in Continuous Stochastic Logic
  (CSL) or Probabilistic Computation Tree Logic
  (PCTL)
• Vesta can model check F against M, i.e. check if
  M ² F

4
Vesta Tool

• Input A probabilistic model M given as
• a Java class on which one can perform
  discrete-event simulation
• a CTMC model in a special language (similar to
  that used in PRISM)
• a Probabilistic Rewrite Theory in Maude
• Input A formula F in Continuous Stochastic Logic
  (CSL) or Probabilistic Computation Tree Logic
  (PCTL)
• Vesta can model check F against M, i.e. check if
  M ² F
• Input An expression E in Quantitative Temporal
  Expressions (QuaTEx)
• Vesta can compute the expected value of E

5
Model Assumption

• Sample execution paths can be generated through
  discrete-event simulation
• Execution paths are sequences of the form
• ? s0 ! s1 ! s2 !
• where each si is a state of the model and ti 2
  Rgt0 is the time spent in the state si before
  moving to the state si1
• A probability space can be defined on the
  execution paths of the model in such a way that
  the paths satisfying any path formula in our
  concerned logic (CSL or PCTL), is measurable

t0 t1 t2
6
Continuous Stochastic Logic (CSL) and PCTL

• ? true a ? Æ ? ? PQ p(?)
• ? ? Ultt ? ? U ? X ?
• where Q 2 lt,gt,,
• Plt 0.5( full)
• Probability that queue becomes full is less than
  0.5
• Pgt0.98( retransmit U receive)
• Probability that a message is eventually received
  successfully without any need for retransmission
  is greater than 0.98

7
Model Checking Main Result Summarized

• Our algorithm A takes as input
• a stochastic model M,
• a formula ? in CSL,
• error bounds ? and ?, and
• three other parameters ?1, ?2, and ps.
• The result of model checking is denoted by
  A?1,?2,ps (M, ?,?,?)
• can be either true or false.
• Details in Sen et al. CAV05

8
Model Checking Main Result Summarized

• Theorem If the model M satisfies the following
  conditions
• C1 For every subformula of the form P p? in the
  formula ? and for every state s in M, the
  probability that a path from s satisfies ? must
  not lie in the range
• (p-?1-?)/(1-?),(p?1)/(1-?)
• C2 For any subformula of the form ?1 U ?2 and
  for every state s in M, the probability that a
  path from s satisfies ?1 U ?2 must not lie in the
  range (0, ?2/((1-ps)N-1qN-1),
• where N is the number of states in the
  model M and q is the smallest non-zero transition
  probability in M
• Then the algorithm provides the following
  guarantees
• R1
• PrA?1,?2,ps (M, ?,?,?) true M 2 ? ?
• PrA?1,?2,ps (M, ?,?,?) false M² ? ?

9
Quantitative Queries Using QuaTEx

• What is the expected number of clients that
  successfully connect to S?
• CountConnected() if completed() then count()
  else (CountConnected()) fi
• eval ECountConnected()

10
Quantitative Queries Using QuaTEx

• What is the probability that a client connected
  to S within 10 seconds after it initiated the
  connection request?
• Prob() if globaltime()gt10 then 0.0 else
• if connected() then 1.0 else (Prob()) fi fi
• eval EProb()

11
Evaluation of QuaTEx

• The expected value of a QuaTEx expression is
  statistically evaluated with respect to two
  parameters ? and ? provided as input.
• We approximate the expected value by the mean of
  n samples such that the size of (1-?)100
  confidence interval for the expected value
  computed from the samples is bounded by ?.
• Details in Agha et al. QAPL05

12
Vesta Screenshot
13
Conclusion

• Vesta 2.0 supports
• statistical model checking of probabilistic
  systems
• query various quantitative aspects of a
  probabilistic system
• The tool is available for download at
• http//osl.cs.uiuc.edu/ksen/vesta2/