Statistical Model Checking - IT-Universitetet i … Today’s objectives A brief introduction to priced timed stochastic automata A presentation of Uppaal-SMC Handling case studies

1/18

Statistical Model Checking

Axel Legay

INRIA Rennes and Aalborg University

and

Alexandre David

Aalborg University

February 28, 2012

Axel Legay INRIA Rennes and Aalborg UniversityandAlexandre David Aalborg UniversityStatistical Model Checking 1/18

2/18

Today’s objectives

A brief introduction to priced timed stochastic automata

A presentation of Uppaal-SMC

Handling case studies in Uppaal-SMC

Stochastic Abstraction (if time permits)

The future of SMC


3/18

The Context

Previous lecture

SMC for pure stochastic systems

However ...

Many systems highly depend on timed features

Many systems are the composition of small independentsub-systems.

This lecture

SMC for component-based design of timed stochastic systems


3/18

The Context

Previous lecture


However ...



This lecture



3/18

The Context

Previous lecture


However ...



This lecture



4/18

The Objective

Verifying properties of networks of automata mixing bothcontinuous time and stochastic aspects

Is the probability of reaching q in less than c unit of timegreater than θ?

Clock rates should be general (energy problems, ...)

Observation: Most of these questions are undecidable


5/18

The challenges

How to combine stochastic and timed aspects?

Which semantic shall we give to the model?

How to overcome undecidability?

Solution

Statistical Model Checking for Networks of Priced TimedStochastic Automata


6/18

The Priced Timed Automata Model (1)

Formal definition

A Priced Timed Automaton (PTA) is a tuple A = (L, `0,X ,Σ,E ,R, I ) where: (i) L is a finite set of locations, (ii) `0 ∈ L is theinitial location, (iii) X is a finite set of clocks, (iv) Σ = Σi ] Σo isa finite set of actions partitioned into inputs (Σi ) and outputs(Σo), (v) E ⊆ L× L(X )× Σ× 2X × L is a finite set of edges, (vi)R : L→ NX assigns a rate vector to each location, and (viii)I : L→ U(X ) assigns an invariant to each location.

As a summary, Timed Automata with:

General clock constraints

Input and output actions on discrete transitions


7/18

Example of three PTA

A1

A0

x<=1

a!

B1

B0y<=2

b!T1

T3

T0

C’==2

C’==4

a?

b?

A B T


8/18

The Priced Timed Automata Model (2)

Definition

The semantics of NPTAs is a timed labeled transition systemwhose states are pairs (`, ν) ∈ L× RX

≥0 with ν |= I (`), and whose

transitions are either delay (`, ν)d−→ (`, ν ′) with d ∈ R≥0 and

ν ′ = ν + R(`) · d , or discrete (`, ν)a−→ (`′, ν ′) if there is an edge

(`, g , a,Y , `′) such that ν |= g and ν ′ = ν[Y ]. We write(`, ν) ; (`′, ν ′) if there is a finite sequence of delay and discretetransitions from (`, ν) to (`′, ν ′).

As a summary:

Classical infinite-state transition semantic from timed automata


9/18

Networks of Priced Timed Automata (1)

Compose Priced Timed Automata (component-based designof complex systems)

Input-enabled, deterministic, non-zeno

Disjoint sets of clocks

Disjoint sets of outputs

Inputs synchronize with Outputs


10/18

Networks of Priced Timed Automata (2)

Formal Definition

Let Aj = (Lj ,X j ,Σ,E j ,R j , I j) (with j = 1 . . . n) be composableNPTAs. Their composition (A1 | . . . | An) is the NPTAA = (L,X ,Σ,E ,R, L) where (i) L = ×jL

j , (ii) X = ∪jX j , (iii)R(`)(x) = R j(`j)(x) when x ∈ X j , (iv) I (`) = ∩j I (`j), and (v)(`,∩jgj , a,∪j rj , `′) ∈ E whenever (`j , gj , a, rj , `

′j) ∈ E j for

j = 1 . . . n.


11/18

Example of NPTA

A1

A0

x<=1

a!

B1

B0y<=2

b!

y<=2

ENDx<=1

x<=1 && y<=2

b!

a!

b!

a!

T1

T3

T0

C’==2

C’==4

a?

b?

Observation: composite systems (A|B|T ) and (AB|T ) are timed(and priced) bisimilar.


12/18

Stochastic Semantic

Independence between components

Race: all the components propose a delay and an output

Smallest delay is chosen

Uniform delays for bounded intervals

Exponential delays otherwise

Composition may lead to complex distributions


13/18

Properties in PWCTL

Cost-based Logic

ψ ::= P(3C≤cϕ

)∼ p | P

(2C≤cϕ

)∼ p

Conceptually:

Classical PLTL with cost-measure on executions.


14/18

Back to Example (1)

A1

A0

x<=1

a!

B1

B0y<=2

b!

y<=2

ENDx<=1

x<=1 && y<=2

b!

a!

b!

a!

T1

T3

T0

C’==2

C’==4

a?

b?

A B AB T

Illustration

(A|B|T ) |= P(3t≤2T3

)= 0.75 (A|B|T ) |= P

(3C≤6T3

)= 0.75,

(AB|T ) |= P(3t≤2T3

)= 0.50 and

(AB|T ) |= P(3C≤6T3

)= 0.50.


15/18

Back to Example (2)

A|Br|T

A|B|T

AB|T

Time

pro

ba

bili

ty

0

0.15

0.30

0.45

0.60

0.75

0 0.7 1.4 2.1

A|Br|T

A|B|T

AB|T

C

pro

ba

bili

ty

0

0.15

0.30

0.45

0.60

0.75

0 2.0 4.0 6.0

(a) (b)


16/18

SMC for NPTA

First, provide monitors and an engine to generate simulations

Second, implement SMC algorithms

Third, find a tool for timed systems in where you canimplement all that easily!

Our Solution

UPPAAL-SMC


17/18

UPPAAL-SMC

What is UPPAAL-SMC?

The first toolset for Statistical Model Checking of complexnetworks of timed stochastic automata

Features:

Friendly-user interface

Feedback procedures

Implements NPTAs

Implements Various monitoring algorithms for complex logics


17/18

UPPAAL-SMC

What is UPPAAL-SMC?

The first toolset for Statistical Model Checking of complexnetworks of timed stochastic automata

Features:

Friendly-user interface

Feedback procedures

Implements NPTAs

Implements Various monitoring algorithms for complex logics


18/18

The Future of SMC

Rare event systems

Handling non-determinism

Stochastic abstraction

Distributing single simulations

Bayesian Model Checking

Nested Probabilities

Runtime procedures

More statistics, learning, stochastic abstraction, ...

....


Documents

Statistical Model Checking - IT-Universitetet i … Today’s objectives A brief introduction to priced timed stochastic automata A presentation of Uppaal-SMC Handling case studies