Probabilistic Verification of Discrete Event Systems

1
Probabilistic Verification of Discrete Event
Systems

• Håkan L. S. Younes

2
The Problem

• Given a model of a discrete event system, check
  if certain properties hold
• The model is a stochastic process (GSMP)
• Properties are expressed using a logic formalism
  (CSL)

3
Probabilistic Verification

• Verification of probabilistic properties
• The probability of reaching a failure state
  within 60 minutes is less than 0.1
• Probabilistic verification of properties
• The probability of property P holding is at
  least 0.95

4
Discrete Event System (DES)

• Event-driven system
• Discrete state changes at the occurrence of
  events
• Examples
• Manufacturing systems
• Queueing systems
• Communication protocols

5
Why Probabilistic Verification?

• The dynamics of a DES is too complex for symbolic
  methods
• Use simulation to generate sample paths
• Use acceptance sampling to verify probabilistic
  properties

6
Stochastic Processes

• A stochastic process consists of

7
Markov Processes

• The Markov assumption
• There is enough information in the current state
  to determine the future behavior

8
Holding Times

• The holding time is the time spent in a state
  before an event occurs
• Holding times are positive random variables
• Can be discrete or continuous

9
Continuous-timeMarkov Chain (CTMC)

• Holding times are governed by exponential
  distributions

10
Semi-Markov Process

• Holding times are governed by arbitrary
  (positive) distributions

11
Generalized Semi-Markov Process (GSMP)

• Holding times can depend on the history

12
Properties

• Qualitative
• P will eventually hold on all future execution
  paths
• Quantitative
• P will hold before time t with probability at
  least ? on future execution paths

13
Problem Space
Properties
Qualitative
Quantitative
ASSB96,BKH99
CTMC
Model
ACD91
My Work
GSMP
14
Continuous Stochastic Logic (CSL)

• State formulas a, ?, ?1 ? ?2, Pr??(?)
• Truth value is determined in a single state
• Path formulas X ?, ?1 U?t ?2
• Truth value is determined over an execution path

15
Execution Paths

• Current state current clock settings internal
  state
• The internal state contains enough information to
  determine the future behavior
• A sequence of internal states is an execution path

16
CSL Semantics(State Formulas)

• Atomic proposition a
• Negation ?
• Holds iff ? does not hold in current state
• Conjunction ?1 ? ?2
• Holds iff both ?1 and ?2 hold in current state

17
CSL Semantics(More State Formulas)

• Probabilistic statement Pr??(?)
• Holds iff ? is true over at most a ? proportion
  of execution paths starting in the current state

18
CSL Semantics(Path Formulas)

• Next state X ?
• Holds iff ? holds in the next state along the
  current execution path
• Until ?1 U?t ?2
• Holds iff ?2 becomes true in some state along the
  current execution path before time t, and ?1 is
  true in all prior states

19
More on Until

• Consider the formula a U?17 b

20
Verifying Probabilistic Statements

• Verify Pr??(?)
• Generate sample execution paths using discrete
  event simulation
• Verify ? over each sample path
• If ? is true, then we have a positive sample
• If ? is false, then we have a negative sample
• Based on the proportion of positive samples,
  determine if Pr??(?) holds

21
Sequential Hypothesis Testing

• Hypothesis Pr??(?)

22
Error Bounds

• Probability of false negative ?
• We say that Pr??(?) is false when it is true
• Probability of false positive ?
• We say that Pr??(?) is true when it is false

23
Indifference Region
24
Graphical Representation of Statistical Test

• We can find an acceptance line and a rejection
  line given ?, ?, ?, and ?

25
Verification of Nested Probabilistic Statements

• Suppose ?, in Pr??(?), contains probabilistic
  statements

26
Indirect Sampling

• Want samples from random variable X
• Can only get samples from Y such that
• PrY1X1 ? 1 ?
• PrY0X1 ? ?
• PrY1X0 ? ?
• PrY0X0 ? 1 ?

27
Modified Test

• find an acceptance line and a rejection line
  given ?, ?, ?, ?, ?, and ?

28
Verification of Compound State Formulas

• To verify ? with error bounds ? and ?
• Verify ? with error bounds ? and ?
• To verify ?1 ? ?2 ? ? ?n with error bounds ?
  and ?
• Verify ?1 though ?n with error bounds ?/n and ?/n

29
Sequential Verification of Conjunction

• To verify ?1 ? ?2 ? ? ?n with error bounds ?
  and ?
• Verify each ?i with error bounds ? and ?
• Return false as soon as any ?i is verified to be
  false
• If all ?i are verified to be true, verify each ?i
  again with error bounds ? and ?/n
• Return true iff all ?i are verified to be true

30
Verification of Path Formulas

• To verify X ? with error bounds ? and ?
• Verify ? with error bounds ? and ? in the next
  state
• To verify ?1 U?t ?2 with error bounds ? and ?
• Convert to conjunction
• ?1 U?t ?2 holds if ?2 holds in the first state,
  or if ?2 holds in the second state and ?1 holds
  in all prior state,

31
More on Verifying Until

• Given ?1 U?t ?2, let n be the index of the first
  state more than t time units away from the
  current state
• Conjunction of n conjuncts c1 through cn, each of
  size i
• Simplifies if ?1 or ?2, or both, do not contain
  any probabilistic statements

32
Example

• Verify Pr?0.05(true U?200 dead) in S1

26.3----0.0
33
Summary

• Algorithm for probabilistic verification of
  discrete event systems
• Sample execution paths generated using discrete
  event simulation
• Probabilistic properties verified using
  acceptance sampling
• Algorithm can be used in an anytime manner

34
Future Work

• Apply to hybrid dynamic systems
• Develop heuristics for formula ordering and
  parameter selection
• Use verification to aid policy generation for
  real-time stochastic domains