Upload
olivia-barrett
View
216
Download
1
Embed Size (px)
Citation preview
Miguel E. Andrés Radboud University, The Netherlands
Significant Diagnostic Significant Diagnostic Counterexamples in Probabilistic Counterexamples in Probabilistic
Model CheckingModel Checking
Pedro D’ArgenioFamaf, Argentina
Peter van RossumRadboud University, The Netherlands
2Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
j= : Reach
Classic Model Checking (Qualitative)Classic Model Checking (Qualitative)
MotivationMotivation
MODEL j= Á
CounterexamplesCounterexamples
(Not satisfaction)
3Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Quantitative Model Checking
MotivationMotivation
j=· p
I n this case the property is notsatis¯ed if p< 0;6.
Counterexamples (MORE COMPLEX)
, , …
Counterexamples (MORE COMPLEX)
, , …
Reach
4Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
MotivationMotivation
ProblemsProblems Not aqurate
evidences Similar evidences Low probability
evidences Infinite evidences
Proposed SolutionProposed Solution
j=· 0:5
How do we deal with Counterexamples (so far)
Reach
5Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
MotivationMotivation
j=· 0:5
Non Determinism is allowed
The property is satisfied if for every possible way to resolve the nondeterminism
the reachability probability is at most 0.5
Reach
6Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
OverviewOverview
Motivation Background
Markov Chains LTL for probabilistic systems Counterexamples
Solution Reduced Case (Reachability and deterministic) Reduction to Acyclic (SCC analysis) Rails and Torrents
Solution General Case From general formulas to reachability From MDPs to MCs
Implementation Conclusion Future work
7Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
OverviewOverview
Motivation Background
Markov Chains LTL for probabilistic systems Counterexamples
Solution Reduced Case (Reachability and deterministic) Reduction to Acyclic (SCC analysis) Rails and Torrents
Solution General Case From general formulas to reachability From MDPs to MCs
Implementation Conclusion Future work
8Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
BackgorundBackgorund
Discrete Time Markov Chains
DTMC=(S;s0;L ;P )
Finite Pathss0s1s3s0s1s1s3s0s1s1s1s3s0s1s1s1s1s3s0s1s1s1s1s1s3
Prob
0.20.10.050.0250.0125
² S is the ¯nite state space;² s0 2 S is the initial state;² L is a labeling function;² P : S £ S ! [0;1] is a stochastic matrix.
9Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
BackgroundBackground
Linear Temporal Logic (LTL)Sintaxis
Probabilistic SemanticD j=
. / pÁ , P r
D(Sat(Á)) ./ p ² ./ 2 f<;· ;>;¸ g
²Sat(Á) , f¾2 Paths(D) j ¾j=Ág
Á ::= V j : Á j Á^Á j ÁUÁ_ ;! ;§ ; and ¤ are syntactic sugar
Semantic¾j=
Dv , v 2 L(¾0)
¾j=D: Á , not(¾j=
DÁ)
¾j=DÁ^° , ¾j=
DÁ and ¾j=
D°
¾j=DÁU° , 9i ¸ 0:¾#i j=
D° and 80· j <i :¾#j j=
DÁ
10Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
BackgorundBackgorund
Counterexamples
Reachability property
Remember: D j=. / p
Á , P rD(Sat(Á)) ./ p
²D j=· p
Á: C µ Sat(Á) such that P r(C) > p
²D j=̧pÁ: C µ Sat(: Á) such that P r(C) > 1¡ p
C, Paths(D) , C 1 [ C 2C 1 , f½2Paths(D)j9i ¸ 0:½=s0(s1)is3gC 2 , f½2Paths(D)j9i ¸ 0:½=s0(s2)is4g
ExampleD j=
< 1§ (v1 _ v2)
11Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
OverviewOverview
Motivation Background
Markov Chains LTL for probabilistic systems Counterexamples
Solution Reduced Case (Reachability and deterministic) Reduction to Acyclic (SCC analysis) Rails and Torrents
Solution General Case From general formulas to reachability From MDPs to MCs
Implementation Conclusion Future work
12Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Solution Reduced Case Solution Reduced Case
D j=· p
§Ã
Counterexamples aregenerated for Ac(D)!!!
Preserves reachability probabilities!
D Ac(D)
Ac
TorrDjscc =Torrents Paths(Ac(D)) = Rails
P r(¾) = aP r(Torr(¾)) = a P r(¾) = a
We focus on:
13Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Solution Reduced Case Solution Reduced Case [SCC Analysis I][SCC Analysis I]
1) Identify SCCs2) Identify Input/Output states3) Compute reachability probability from input to output states
Red
uctio
n
14Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Solution Reduced Case Solution Reduced Case [SCC Analysis II][SCC Analysis II]
1) Identify SCCs2) Identify Input/Output States3) Compute reachability probability from input to output states
Ac
yclic
MC
Example
15Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Subsequences
Solution Reduced Case Solution Reduced Case [Rails and Torrents][Rails and Torrents]
Issues Freshness
Inertia
Subsequences* (Torrents)¾¹ ! ,¾v ! and Freshness and Inertia
f!
¾
s0s2s5s11s14 6́ s0s2s6s11s14
s0s2s6s14 6́ s0s2s6s11s14
¾v ! , exists such a function
S6S0 S2 S14
S5 S8S6S0 S2 S6 S14
16Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Torr(¾) , f ! 2 Paths(D) j ¾¹ ! g
Rails , Paths(Ac(D))
Solution Reduced Case Solution Reduced Case [Rails and Torrents][Rails and Torrents]
Torrents and Rails
We Generate Counterexamples on
the Acyclic Chain!!!
Theorem1)
S¾2Paths(A c(D )) Torr(¾) = Paths(D)
2) ¾6=¾0 ) Torr(¾) \ Torr(¾0) = ;3) P rA c(D )(¾) = P rD (Torr(¾))4) Ac(D) j=
· p§Ã if and only if D j=
· p§Ã
17Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
OverviewOverview
Motivation Background
Markov Chains LTL for probabilistic systems Counterexamples
Solution Reduced Case (Reachability and deterministic) Reduction to Acyclic (SCC analysis) Rails and Torrents
Solution General Case From general formulas to reachability From MDPs to MCs
Implementation Conclusion Future work
18Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
General Case General Case [Reduction to Reachability][Reduction to Reachability]
Reduction to Reachability
Á
ProbabilisticLTL
ModelChecker
MDP
LTL formula
./ ;p
Maximum Probabilities and Paths are related!!!
MDeterministic Rabin Automota
End Components
M jjAÁ
M j=. / p
Á
19Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
The calculation of a maximal probability on a reachability problem can be performed by solving a linear
minimization problem
General Case General Case [Reduction to Markov Chains I][Reduction to Markov Chains I]
Reduction to Markov Chains
Pt2S ¼1(t) ¢xt · xsPt2S ¼2(t) ¢xt · xs
...Pt2S ¼n(t) ¢xt · xs
where¿(s) = f¼1;¼2; : : : ;¼ng
Find fxs j s 2 Sg thatminimize
Ps2S xs
subject to thesetof constrains
for all s 2 S
20Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
General Case General Case [Reduction to Markov Chains II][Reduction to Markov Chains II]
Theorems:
C is a counterexample to M 0 j=· p
§Ã+
C is a counterexample to M j=· p
§Ã
M 0 j=· p
§Ã , M j=· p
§Ã
21Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
OverviewOverview
Motivation Background
Markov Chains LTL for probabilistic systems Counterexamples
Solution Reduced Case (Reachability and deterministic) Reduction to Acyclic (SCC analysis) Rails and Torrents
Solution General Case From general formulas to reachability From MDPs to MCs
Implementation Conclusion Future work
22Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Implementation Implementation [Computability][Computability]
Reduce to MC problemUsing the output from the minimization problem
[Bianco/de Alfaro] Reduce to acyclic MC
Tarjan or Kosaraju or Gabow Algorithm + steady state analysis
Generate counterexamples on an Acyclic MCK-SP problem [Han/Katoen]
23Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Implementation Implementation [Debugging Issues][Debugging Issues]
Torrent Representative
Expanding SCCs
Reachability to:1) Output States2) Goal States
EX
PA
ND
For Free!
TorRep(Tor) = argµmax! 2Tor
P r(! )¶
24Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
OverviewOverview
Motivation Background
Markov Chains LTL for probabilistic systems Counterexamples
Solution Reduced Case (Reachability and deterministic) Reduction to Acyclic (SCC analysis) Rails and Torrents
Solution General Case From general formulas to reachability From MDPs to MCs
Implementation Conclusion Future work
25Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
ConclusionConclusion
Counterexample generation for probabilistic LTL without restrictions
Show how to generalize counterexample generators on MC to MDP
Defined the notion of Torrents as collections of paths behaving similarly
Show how to compute Torrents-Counterexamples
26Haifa Verification 2008 - October 28thIBM Haifa Research Lab - Israel
Miguel E. AndresRadboud University
Future workFuture work
Implementing a practical tool
Visualization of Torrents (Regular Expressions)
Case studies
Extension to Timed Systems