SFM-11:CONNECT Summer School, Bertinoro, June 2011

Similar documents
Probabilistic model checking with PRISM

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Stochastic Model Checking

PRISM An overview. automatic verification of systems with stochastic behaviour e.g. due to unreliability, uncertainty, randomisation,

Variations on Itai-Rodeh Leader Election for Anonymous Rings and their Analysis in PRISM

Probabilistic Model Checking of Randomised Distributed Protocols using PRISM

Probabilistic Model Checking and Strategy Synthesis for Robot Navigation

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Probabilistic model checking with PRISM

Probabilistic Model Checking (1)

Probabilistic Model Checking of Deadline Properties in the IEEE 1394 FireWire Root Contention Protocol 1

Quantitative analysis with the probabilistic model checker PRISM 1

Verification and Control of Partially Observable Probabilistic Systems

Chapter 13: Model Checking Linear-Time Properties of Probabilistic Systems

Outline. The Leader Election Protocol (IEEE 1394) IEEE 1394 High Performance Serial Bus (FireWire) Motivation. Background. Protocol Descriptions

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties and its Application to Cyber-Physical Systems

Quantitative Verification and Synthesis of Attack-Defence Scenarios

Modeling and Analysis of Probabilistic Timed Systems

Leveraging Weighted Automata in Compositional Reasoning about Concurrent Probabilistic Systems

Chapter 4: Computation tree logic

The Leader Election Protocol (IEEE 1394)

A Counterexample Guided Abstraction-Refinement Framework for Markov Decision Processes

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

A Brief Introduction to Model Checking

On Model Checking Techniques for Randomized Distributed Systems. Christel Baier Technische Universität Dresden

Overview. overview / 357

Automatic Verification of Real-time Systems with Discrete Probability Distributions

Chapter 6: Computation Tree Logic

Automata-based Verification - III

Probabilistic model checking with PRISM

Formal Verification via MCMAS & PRISM

Reasoning about Time and Reliability

Timo Latvala. March 7, 2004

Alan Bundy. Automated Reasoning LTL Model Checking

Verifying Randomized Distributed Algorithms with PRISM

Quantitative Verification: Models, Techniques and Tools

Temporal & Modal Logic. Acronyms. Contents. Temporal Logic Overview Classification PLTL Syntax Semantics Identities. Concurrency Model Checking

Quantitative Verification

State Explosion in Almost-Sure Probabilistic Reachability

7. Queueing Systems. 8. Petri nets vs. State Automata

Computation Tree Logic

From Liveness to Promptness

Analysing Randomized Distributed Algorithms

Chapter 5: Linear Temporal Logic

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties

Modelling and Analysis (and towards Synthesis)

The State Explosion Problem

Probabilistic Model Checking: Advances and Applications

AGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:

Using first-order logic, formalize the following knowledge:

Automata-based Verification - III

Lecture 16: Computation Tree Logic (CTL)

Model Checking & Program Analysis

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Course 16:198:520: Introduction To Artificial Intelligence Lecture 13. Decision Making. Abdeslam Boularias. Wednesday, December 7, 2016

Finite-State Model Checking

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

arxiv: v2 [cs.lo] 22 Jul 2017

Quantitative Verification: Models, Techniques and Tools

HIGH-LEVEL COUNTEREXAMPLES FOR PROBABILISTIC AUTOMATA

Compositional Verification of Probabilistic Systems using Learning

Discrete Event Systems Exam

Reachability in Continuous-Time Markov Reward Decision Processes

Model Checking Discounted Temporal Properties

Artificial Intelligence. Non-deterministic state model. Model for non-deterministic problems. Solutions. Blai Bonet

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties

T Reactive Systems: Temporal Logic LTL

CONTROLLER DEPENDABILITY ANALYSIS BY PROBABILISTIC MODEL CHECKING. Marta Kwiatkowska, Gethin Norman and David Parker 1

First-order resolution for CTL

Planning Under Uncertainty II

Automata-Theoretic Model Checking of Reactive Systems

Lecture 3: Markov Decision Processes

Symmetry Reduction for Probabilistic Model Checking

Model for reactive systems/software

Stochastic Games with Time The value Min strategies Max strategies Determinacy Finite-state games Cont.-time Markov chains

Topics in Verification AZADEH FARZAN FALL 2017

Chapter 3: Linear temporal logic

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

On simulations and bisimulations of general flow systems

MODEL-CHECKING IN DENSE REAL-TIME SHANT HARUTUNIAN

Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1

Verification of Probabilistic Systems with Faulty Communication

Distributed Optimization. Song Chong EE, KAIST

A note on the attractor-property of infinite-state Markov chains

CS145: Probability & Computing Lecture 24: Algorithms

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

Stochastic, Hybrid and Real-Time Systems: From Foundations To Applications with Modest

Timo Latvala. February 4, 2004

Combining Shared Coin Algorithms

A Probabilistic Extension of UML Statecharts

Probabilistic verification and approximation schemes

Network Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas

Motivation for introducing probabilities

Modal and Temporal Logics

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication 1

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Computing Laboratory STOCHASTIC GAMES FOR VERIFICATION OF PROBABILISTIC TIMED AUTOMATA. Marta Kwiatkowska Gethin Norman David Parker CL-RR-09-05

Transcription:

SFM-:CONNECT Summer School, Bertinoro, June 20 EU-FP7: CONNECT LSCITS/PSS VERIWARE

Part 3 Markov decision processes

Overview Lectures and 2: Introduction 2 Discrete-time Markov chains 3 Markov decision processes 4 Compositional probabilistic verification Course materials available here: http://www.prismmodelchecker.org/courses/sfmconnect/ lecture slides, reference list, tutorial chapter, lab session

Probabilistic models Fully probabilistic Nondeterministic Discrete time Discrete-time Markov chains (DTMCs) Markov decision processes (MDPs) (probabilistic automata) Continuous time Continuous-time Markov chains (CTMCs) Probabilistic timed automata (PTAs) CTMDPs/IMCs

Overview (Part 3) Markov decision processes (MDPs) Adversaries & probability spaces Properties of MDPs: The temporal logic PCTL PCTL model checking for MDPs Case study: Firewire root contention

Recap: Discrete-time Markov chains Discrete-time Markov chains (DTMCs) state-transition systems augmented with probabilities Formally: DTMC D = (S, s init, P, L) where: S is a set of states and s init S is the initial state P : S S [0,] is the transition probability matrix L : S 2 AP labels states with atomic propositions define a probability space Pr s over paths Path s Properties of DTMCs can be captured by the logic PCTL e.g. send P 0.95 [ F deliver ] key question: what is the probability of reaching states T S from state s? reduces to graph analysis + linear equation system s {try} 0.0 2 s 0 s 0.98 0.0 s 3 {succ} {fail}

Nondeterminism Some aspects of a system may not be probabilistic and should not be modelled probabilistically; for example: Concurrency - scheduling of parallel components e.g. randomised distributed algorithms - multiple probabilistic processes operating asynchronously Underspecification - unknown model parameters e.g. a probabilistic communication protocol designed for message propagation delays of between d min and d max Unknown environments e.g. probabilistic security protocols - unknown adversary

Markov decision processes Markov decision processes (MDPs) extension of DTMCs which allow nondeterministic choice Like DTMCs: discrete set of states representing possible configurations of the system being modelled transitions between states occur in discrete time-steps Probabilities and nondeterminism in each state, a nondeterministic choice between several discrete probability distributions over successor states s 0 c {init} a s 2 0.7 b 0.3 s {heads} s 3 {tails} a a

Markov decision processes Formally, an MDP M is a tuple (S,s init,α,δ,l) where: S is a set of states ( state space ) s init S is the initial state α is an alphabet of action labels δ S α Dist(S) is the transition probability relation, where Dist(S) is the set of all discrete probability distributions over S L : S 2 AP is a labelling with atomic propositions s 0 c {init} a s 2 0.7 b 0.3 s {heads} s 3 {tails} a a Notes: we also abuse notation and use δ as a function i.e. δ : S 2 α Dist(S) where δ(s) = { (a,µ) (s,a,µ) δ } we assume δ (s) is always non-empty, i.e. no deadlocks MDPs, here, are identical to probabilistic automata [Segala]

Simple MDP example A simple communication protocol after one step, process starts trying to send a message then, a nondeterministic choice between: (a) waiting a step because the channel is unready; (b) sending the message if the latter, with probability 0.99 send successfully and stop and with probability 0.0, message sending fails, restart restart {fail} {try} 0.0 s 2 s 0 start s send 0.99 s 3 stop wait {succ}

Example - Parallel composition Asynchronous parallel composition of two 3-state DTMCs t 0 t t 2 Action labels omitted here s 0 s 0 t 0 s 0 t s 0 t 2 s s t 0 s t s t 2 s 2 s 2 t 0 s 2 t s 2 t 2

Paths and probabilities A (finite or infinite) path through an MDP M is a sequence of states and action/distribution pairs e.g. s 0 (a 0,µ 0 )s (a,µ )s 2 such that (a i,µ i ) δ(s i ) and µ i (s i+ ) > 0 for all i 0 represents an execution (i.e. one possible behaviour) of the system which the MDP is modelling note that a path resolves both types of choices: nondeterministic and probabilistic Path M,s (or just Path s ) is the set of all infinite paths starting from state s in MDP M; the set of finite paths is PathFin s To consider the probability of some behaviour of the MDP first need to resolve the nondeterministic choices which results in a DTMC for which we can define a probability measure over paths

Overview (Part 3) Markov decision processes (MDPs) Adversaries & probability spaces Properties of MDPs: The temporal logic PCTL PCTL model checking for MDPs Case study: Firewire root contention

Adversaries An adversary resolves nondeterministic choice in an MDP also known as schedulers, strategies or policies Formally: an adversary σ of an MDP is a function mapping every finite path ω = s 0 (a 0,µ 0 )s...s n to an element of δ(s n ) Adversary σ restricts the MDP to certain paths Path σ s Path σ s and PathFin σ s PathFin σ s Adversary σ induces a probability measure Pr σ s over paths constructed through an infinite state DTMC (PathFin sσ, s, P sσ ) states of the DTMC are the finite paths of σ starting in state s initial state is s (the path starting in s of length 0) P σ s (ω,ω )=µ(s) if ω = ω(a,µ)s and σ(ω)=(a,µ) P σ s (ω,ω )=0 otherwise

Adversaries - Examples Consider the simple MDP below note that s is the only state for which δ(s) > i.e. s is the only state for which an adversary makes a choice let µ b and µ c denote the probability distributions associated with actions b and c in state s Adversary σ picks action c the first time σ (s 0 s )=(c,µ c ) Adversary σ 2 picks action b the first time, then c s 0 c {init} a s 2 0.7 b 0.3 σ 2 (s 0 s )=(b,µ b ), σ 2 (s 0 s s )=(c,µ c ), σ 2 (s 0 s s 0 s )=(c,µ c ) s {heads} s 3 {tails} a a

Adversaries - Examples Fragment of DTMC for adversary σ σ picks action c the first time {heads} s 0 c {init} a s 2 0.7 b 0.3 s s 3 {tails} a a s 0 s 0 s s 0 s s 2 s 0 s s 2 s 2 s 0 s s 3 s 0 s s 3 s 3

Adversaries - Examples Fragment of DTMC for adversary σ 2 σ 2 picks action b, then c s 0 c {init} a s 2 0.7 b 0.3 s {heads} s 3 {tails} a a s 0 s s 0 s s 2 s 0 s 0 s 0.7 s 0 s s 0 s 0 s s 0 s s 0 s s 0 s s 3 0.3 s 0 s s s 2 s 0 s s s 2 s 2 s 0 s s s 0 s s s 3 s 0 s s s 3 s 3

Memoryless adversaries Memoryless adversaries always pick same choice in a state also known as: positional, simple, Markov formally, for adversary σ: σ(s 0 (a 0,µ 0 )s...s n ) depends only on s n resulting DTMC can be mapped to a S -state DTMC From previous example: adversary σ (picks c in s ) is memoryless, σ 2 is not {heads} {heads} s 0 c {init} a s 2 0.7 b 0.3 s s 3 {tails} a a σ s 0 c {init} a s 2 s s 3 {tails} a a

Overview (Part 3) Markov decision processes (MDPs) Adversaries & probability spaces Properties of MDPs: The temporal logic PCTL PCTL model checking for MDPs Case study: Firewire root contention

PCTL Temporal logic for properties of MDPs (and DTMCs) extension of (non-probabilistic) temporal logic CTL key addition is probabilistic operator P quantitative extension of CTL s A and E operators PCTL syntax: φ ::= true a φ φ φ P ~p [ ψ ] (state formulas) ψ ::= X φ φ U k φ φ U φ (path formulas) where a is an atomic proposition, used to identify states of interest, p [0,] is a probability, ~ {<,>,, }, k N Example: send P 0.95 [ true U 0 deliver ]

PCTL semantics for MDPs PCTL formulas interpreted over states of an MDP s φ denotes φ is true in state s or satisfied in state s Semantics of (non-probabilistic) state formulas: for a state s of the MDP (S,s init,α,δ,l): s a a L(s) s φ φ 2 s φ and s φ 2 s φ s φ is false Semantics of path formulas: for a path ω = s 0 (a 0,µ 0 )s (a,µ )s 2 in the MDP: ω X φ s φ ω φ U k φ 2 i k such that s i φ 2 and j<i, s j φ ω φ U φ 2 k 0 such that ω φ U k φ 2

PCTL semantics for MDPs Semantics of the probabilistic operator P can only define probabilities for a specific adversary σ s P ~p [ ψ ] means the probability, from state s, that ψ is true for an outgoing path satisfies ~p for all adversaries σ formally s P ~p [ ψ ] Pr sσ (ψ) ~ p for all adversaries σ where we use Pr sσ (ψ) to denote Pr s σ { ω Path s σ ω ψ } s ψ ψ Pr sσ (ψ) ~ p Some equivalences: F φ φ true U φ (eventually, future ) G φ φ (F φ) (always, globally )

Minimum and maximum probabilities Letting: Pr s max (ψ) = sup σ Pr sσ (ψ) Pr s min (ψ) = inf σ Pr sσ (ψ) We have: if ~ {,>}, then s P ~p [ ψ ] Pr s min (ψ) ~ p if ~ {<, }, then s P ~p [ ψ ] Pr s max (ψ) ~ p Model checking P ~p [ ψ ] reduces to the computation over all adversaries of either: the minimum probability of ψ holding the maximum probability of ψ holding Crucial result for model checking PCTL on MDPs memoryless adversaries suffice, i.e. there are always memoryless adversaries σ min and σ max for which: Pr s σmin(ψ) = Pr s min (ψ) and Pr s σmax(ψ) = Pr s min (ψ)

Quantitative properties For PCTL properties with P as the outermost operator quantitative form (two types): P min=? [ ψ ] and P max=? [ ψ ] i.e. what is the minimum/maximum probability (over all adversaries) that path formula ψ is true? corresponds to an analysis of best-case or worst-case behaviour of the system model checking is no harder since compute the values of Pr s min (ψ) or Pr s max (ψ) anyway useful to spot patterns/trends Example: CSMA/CD protocol min/max probability that a message is sent within the deadline

Other classes of adversary A more general semantics for PCTL over MDPs parameterise by a class of adversaries Adv Only change is: s Adv P ~p [ψ] Pr s σ (ψ) ~ p for all adversaries σ Adv Original semantics obtained by taking Adv to be the set of all adversaries for the MDP Alternatively, take Adv to be the set of all fair adversaries path fairness: if a state is occurs on a path infinitely often, then each non-deterministic choice occurs infinite often see e.g. [BK98]

Some real PCTL examples Byzantine agreement protocol P min=? [ F (agreement rounds 2) ] what is the minimum probability that agreement is reached within two rounds? CSMA/CD communication protocol P max=? [ F collisions=k ] what is the maximum probability of k collisions? Self-stabilisation protocols P min=? [ F t stable ] what is the minimum probability of reaching a stable state within k steps?

Overview (Part 3) Markov decision processes (MDPs) Adversaries & probability spaces Properties of MDPs: The temporal logic PCTL PCTL model checking for MDPs Case study: Firewire root contention

PCTL model checking for MDPs Algorithm for PCTL model checking [BdA95] inputs: MDP M=(S,s init,α,δ,l), PCTL formula φ output: Sat(φ) = { s S s φ } = set of states satisfying φ Basic algorithm same as PCTL model checking for DTMCs proceeds by induction on parse tree of φ non-probabilistic operators (true, a,, ) straightforward Only need to consider P ~p [ ψ ] formulas reduces to computation of Pr s min (ψ) or Pr s max (ψ) for all s S dependent on whether ~ {,>} or ~ {<, } these slides cover the case Pr s min (φ U φ 2 ), i.e. ~ {,>} case for maximum probabilities is very similar next (X φ) and bounded until (φ U k φ 2 ) are straightforward extensions of the DTMC case

PCTL until for MDPs Computation of probabilities Pr min s (φ U φ 2 ) for all s S First identify all states where the probability is or 0 precomputation algorithms, yielding sets S yes, S no Then compute (min) probabilities for remaining states (S? ) either: solve linear programming problem or: approximate with an iterative solution method or: use policy iteration Example: P p [ F a ] P p [ true U a ] {a} s 0.4 s 2 s 0 0. 0.25 s 3 0.25

PCTL until - Precomputation Identify all states where Pr min s (φ U φ 2 ) is or 0 S yes = Sat(P [ φ U φ 2 ]), S no = Sat( P >0 [ φ U φ 2 ]) Two graph-based precomputation algorithms: algorithm ProbA computes S yes for all adversaries the probability of satisfying φ U φ 2 is algorithm Prob0E computes S no there exists an adversary for which the probability is 0 {a} S yes = Sat(P [ F a ]) Example: P p [ F a ] 0.4 s s 2 0. s 0 0.25 0.25 s 3 S no = Sat( P >0 [ F a ])

Method - Linear programming Probabilities Pr s min (φ U φ 2 ) for remaining states in the set S? = S \ (S yes S no ) can be obtained as the unique solution of the following linear programming (LP) problem: s S? maximize x s subject to the constraints : x s µ(s' ) x s' + µ(s' ) s' S? s' S yes for all s S? and for all (a,µ) δ(s) Simple case of a more general problem known as the stochastic shortest path problem [BT9] This can be solved with standard techniques e.g. Simplex, ellipsoid method, branch-and-cut

Example - PCTL until (LP) {a} s 0.4 s 2 0. S yes Let x i = Pr s (F a) imin S yes : x 2 =, S no : x 3 =0 For S? = {x 0, x } : Maximise x 0 +x subject to constraints: x 0 x s 0 0.25 0.25 s 3 S no x 0 0.25 x 0 + x 0. x 0 + x + 0.4

Example - PCTL until (LP) {a} s 0.4 s 2 0. S yes Let x i = Pr s (F a) imin S yes : x 2 =, S no : x 3 =0 For S? = {x 0, x } : Maximise x 0 +x subject to constraints: x 0 x s 0 0.25 0.25 s 3 S no x 0 2/3 x 0.2 x 0 + 0.8 x x x x 0 x 0.8 x 0 2/3 x 0.2 x 0 + 0.8 0 0 x 0 0 0 2/3 x 0 0 0 x 0

Example - PCTL until (LP) {a} s 0.4 s 2 0. S yes Let x i = Pr s (F a) imin S yes : x 2 =, S no : x 3 =0 For S? = {x 0, x } : Maximise x 0 +x subject to constraints: x 0 x s 0 0.25 0.25 s 3 S no x 0 2/3 x 0.2 x 0 + 0.8 x 0.8 max Solution: (x 0, x ) = (2/3, 4/5) x 0 0 x 0 0 2/3

Example - PCTL until (LP) {a} s 0.4 s 2 0. S yes Let x i = Pr s (F a) imin S yes : x 2 =, S no : x 3 =0 For S? = {x 0, x } : Maximise x 0 +x subject to constraints: x 0 x s 0 0.25 0.25 s 3 S no x 0 2/3 x 0.2 x 0 + 0.8 x 0.2 x 0 + 0.8 x 0 x x 0 2/3 x 0.8 max x 0 0 x 0 0 2/3 Two memoryless adversaries

Method 2 Value iteration For probabilities Pr s min (φ U φ 2 ) it can be shown that: Pr s min (φ U φ 2 ) = lim n x s (n) where: x s (n) = min (a,µ) Steps(s) if s S yes 0 if s S no 0 if s S? and n = 0 (n ) µ(s' ) x s' if s S? and n > 0 s' S This forms the basis for an (approximate) iterative solution iterations terminated when solution converges sufficiently

Example - PCTL until (value iteration) {a} s 0.4 s 2 0. S yes Compute: Pr s (F a) imin S yes = {x 2 }, S no ={x 3 }, S? = {x 0, x } [ x (n) 0,x (n),x (n) 2,x (n) 3 ] n=0: [ 0, 0,, 0 ] s 0 0.25 0.25 s 3 S no n=: [ min(0,0.25 0+), 0. 0+ 0+0.4,, 0 ] = [ 0, 0.4,, 0 ] n=2: [ min(0.4,0.25 0+), 0. 0+ 0.4+0.4,, 0 ] = [ 0.4, 0.6,, 0 ] n=3:

Example - PCTL until (value iteration) {a} s 0.4 s 2 s 0 0. 0.25 0.25 s 3 S yes S no [ x (n) 0,x (n),x (n) 2,x (n) 3 ] n=0: [ 0.000000, 0.000000,, 0 ] n=: [ 0.000000, 0.400000,, 0 ] n=2: [ 0.400000, 0.600000,, 0 ] n=3: [ 0.600000, 0.740000,, 0 ] n=4: [ 0.650000, 0.830000,, 0 ] n=5: [ 0.662500, 0.880000,, 0 ] n=6: [ 0.665625, 0.906250,, 0 ] n=7: [ 0.666406, 0.99688,, 0 ] n=8: [ 0.666602, 0.926484,, 0 ] n=9: [ 0.666650, 0.929902,, 0 ] n=20: [ 0.666667, 0.933332,, 0 ] n=2: [ 0.666667, 0.933332,, 0 ] [ 2/3, 4/5,, 0 ]

Example - Value iteration + LP [ x 0 (n),x (n),x 2 (n),x 3 (n) ] x n=0: [ 0.000000, 0.000000,, 0 ] n=: [ 0.000000, 0.400000,, 0 ] n=2: [ 0.400000, 0.600000,, 0 ] n=3: [ 0.600000, 0.740000,, 0 ] n=4: [ 0.650000, 0.830000,, 0 ] n=5: [ 0.662500, 0.880000,, 0 ] n=6: [ 0.665625, 0.906250,, 0 ] n=7: [ 0.666406, 0.99688,, 0 ] n=8: [ 0.666602, 0.926484,, 0 ] n=9: [ 0.666650, 0.929902,, 0 ] 0 0 2/3 x 0 n=20: [ 0.666667, 0.933332,, 0 ] n=2: [ 0.666667, 0.933332,, 0 ] [ 2/3, 4/5,, 0 ]

Method 3 - Policy iteration Value iteration: iterates over (vectors of) probabilities Policy iteration: iterates over adversaries ( policies ). Start with an arbitrary (memoryless) adversary σ 2. Compute the reachability probabilities Pr σ (F a) for σ 3. Improve the adversary in each state 4. Repeat 2/3 until no change in adversary Termination: finite number of memoryless adversaries improvement in (minimum) probabilities each time

Method 3 - Policy iteration. Start with an arbitrary (memoryless) adversary σ pick an element of δ(s) for each state s S 2. Compute the reachability probabilities Pr σ (F a) for σ probabilistic reachability on a DTMC i.e. solve linear equation system 3. Improve the adversary in each state σ'(s) = argmin µ(s' ) Pr σ s' (F a) (a,µ) δ(s) s' S 4. Repeat 2/3 until no change in adversary

Example - Policy iteration {a} S yes Arbitrary adversary σ: 0.4 s s 2 0. Compute: Pr σ (F a) Let x i = Pr s (F a) iσ x 2 =, x 3 =0 and: s 0 0.25 0.25 s 3 S no x 0 = x x = 0. x 0 + x + 0.4 Solution: Pr σ (F a) = [,,, 0 ] Refine σ in state s 0 : min{(), ()+0.25(0)+0.25()} = min{, 0.75} = 0.75

Example - Policy iteration {a} S yes Refined adversary σ : 0.4 s s 2 s 0 0. 0.25 0.25 s 3 S no Compute: Pr σ (F a) Let x i = Pr s (F a) iσ x 2 =, x 3 =0 and: x 0 = 0.25 x 0 + x = 0. x 0 + x + 0.4 Solution: Pr σ (F a) = [ 2/3, 4/5,, 0 ] This is optimal

Example - Policy iteration {a} S yes 0.4 s s 2 0. s 0 0.25 0.25 s 3 S no x x = 0.2 x 0 + 0.8 0.8 σ σ x 0 = x x 0 = 2/3 x 0 0 x 0 0 2/3

PCTL model checking - Summary Computation of set Sat(Φ) for MDP M and PCTL formula Φ recursive descent of parse tree combination of graph algorithms, numerical computation Probabilistic operator P: X Φ : one matrix-vector multiplication, O( S 2 ) Φ U k Φ 2 : k matrix-vector multiplications, O(k S 2 ) Φ U Φ 2 : linear programming problem, polynomial in S (assuming use of linear programming) Complexity: linear in Φ and polynomial in S S is states in MDP, assume δ(s) is constant

Costs and rewards for MDPs We can augment MDPs with rewards (or, conversely, costs) real-valued quantities assigned to states and/or transitions these can have a wide range of possible interpretations Some examples: elapsed time, power consumption, size of message queue, number of messages successfully delivered, net profit Extend logic PCTL with R operator, for expected reward as for PCTL, either R ~r [ ], R min=? [ ] or R max=? [ ] Some examples: R min=? [ I =90 ], R max=? [ C 60 ], R max=? [ F end ] the minimum expected queue size after exactly 90 seconds the maximum expected power consumption over one hour the maximum expected time for the algorithm to terminate

Overview (Part 3) Markov decision processes (MDPs) Adversaries & probability spaces Properties of MDPs: The temporal logic PCTL PCTL model checking for MDPs Case study: Firewire root contention

Case study: FireWire protocol FireWire (IEEE 394) high-performance serial bus for networking multimedia devices; originally by Apple "hot-pluggable" - add/remove devices at any time no requirement for a single PC (need acyclic topology) Root contention protocol leader election algorithm, when nodes join/leave symmetric, distributed protocol uses electronic coin tossing and timing delays nodes send messages: "be my parent" root contention: when nodes contend leadership random choice: "fast"/"slow" delay before retry

FireWire example

FireWire leader election R

FireWire root contention Root contention

FireWire root contention R Root contention

FireWire analysis Probabilistic model checking model constructed and analysed using PRISM timing delays taken from standard model includes: concurrency: messages between nodes and wires underspecification of delays (upper/lower bounds) max. model size: 70 million states Analysis: verified that root contention always resolved with probability investigated time taken for leader election and the effect of using biased coin based on a conjecture by Stoelinga

FireWire: Analysis results minimum probability of electing leader by time T

FireWire: Analysis results minimum probability of electing leader by time T (short wire length) Using a biased coin

FireWire: Analysis results maximum expected time to elect a leader (short wire length) Using a biased coin

FireWire: Analysis results maximum expected time to elect a leader (short wire length) Using a biased coin is beneficial!

Summary (Part 3) Markov decision processes (MDPs) extend DTMCs with nondeterminism to model concurrency, underspecification, Adversaries resolve nondeterminism in an MDP induce a probability space over paths consider minimum/maximum probabilities over all adversaries Property specifications PCTL: exactly same syntax as for DTMCs but quantify over all adversaries Model checking algorithms covered three basic techniques for MDPs: linear programming, value iteration, or policy iteration Next: Compositional probabilistic verification

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback