Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Similar documents
Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

SFM-11:CONNECT Summer School, Bertinoro, June 2011

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Stochastic Model Checking

Probabilistic model checking with PRISM

Probabilistic model checking with PRISM

Overview. overview / 357

Chapter 4: Computation tree logic

Computation Tree Logic

Quantitative Verification: Models, Techniques and Tools

Counterexamples in Probabilistic LTL Model Checking for Markov Chains

Quantitative Verification

MA3232 Numerical Analysis Week 9. James Cooley (1926-)

Probabilistic Model Checking and Strategy Synthesis for Robot Navigation

Chapter 6: Computation Tree Logic

Approximating a single component of the solution to a linear system

Quantitative Verification: Models, Techniques and Tools

Probabilistic Model Checking (1)

Topics in Verification AZADEH FARZAN FALL 2017

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

Today s class. Linear Algebraic Equations LU Decomposition. Numerical Methods, Fall 2011 Lecture 8. Prof. Jinbo Bi CSE, UConn

6. Iterative Methods for Linear Systems. The stepwise approach to the solution...

JACOBI S ITERATION METHOD

PRISM An overview. automatic verification of systems with stochastic behaviour e.g. due to unreliability, uncertainty, randomisation,

Computational Methods. Systems of Linear Equations

Understanding IC3. Aaron R. Bradley. ECEE, CU Boulder & Summit Middle School. Understanding IC3 1/55

Probabilistic model checking A comparison of tools

LINEAR SYSTEMS (11) Intensive Computation

A Game-Based Approach for PCTL* Stochastic Model Checking with Evidence

Iterative Methods. Splitting Methods

PRISM: Probabilistic Model Checking for Performance and Reliability Analysis

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties

Symbolic Model Checking with ROBDDs

Probabilistic model checking with PRISM

IC3 and Beyond: Incremental, Inductive Verification

Scientific Computing with Case Studies SIAM Press, Lecture Notes for Unit VII Sparse Matrix

Review of matrices. Let m, n IN. A rectangle of numbers written like A =

Comp487/587 - Boolean Formulas

CSL model checking of biochemical networks with Interval Decision Diagrams

10.2 ITERATIVE METHODS FOR SOLVING LINEAR SYSTEMS. The Jacobi Method

Symbolic Counterexample Generation for Large Discrete-Time Markov Chains

Database Theory VU , SS Complexity of Query Evaluation. Reinhard Pichler

AIMS Exercise Set # 1

Quantitative Verification and Synthesis of Attack-Defence Scenarios

A Bounded Statistical Approach for Model Checking of Unbounded Until Properties

Probabilistic Model Checking of Randomised Distributed Protocols using PRISM

1 Number Systems and Errors 1

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

Numerical methods, midterm test I (2018/19 autumn, group A) Solutions

Binary Decision Diagrams

Simulation and verification for computational modelling of signalling pathways

Classical iterative methods for linear systems

Verifying Randomized Distributed Algorithms with PRISM

Next topics: Solving systems of linear equations

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties and its Application to Cyber-Physical Systems

SAT-Based Verification with IC3: Foundations and Demands

Reduced Ordered Binary Decision Diagrams

5.7 Cramer's Rule 1. Using Determinants to Solve Systems Assumes the system of two equations in two unknowns

FMCAD 2013 Parameter Synthesis with IC3

Probabilistic verification and approximation schemes

Reduced Ordered Binary Decision Diagrams

30.5. Iterative Methods for Systems of Equations. Introduction. Prerequisites. Learning Outcomes

Leveraging Weighted Automata in Compositional Reasoning about Concurrent Probabilistic Systems

Component-wise Incremental LTL Model Checking

Solution of System of Linear Equations & Eigen Values and Eigen Vectors

Variations on Itai-Rodeh Leader Election for Anonymous Rings and their Analysis in PRISM

x x2 2 + x3 3 x4 3. Use the divided-difference method to find a polynomial of least degree that fits the values shown: (b)

Sparse analysis Lecture II: Hardness results for sparse approximation problems

Math 471 (Numerical methods) Chapter 3 (second half). System of equations

Lecture 2: Symbolic Model Checking With SAT

Iterative Solvers. Lab 6. Iterative Methods

Iterative Methods for Solving A x = b

Chapter 3 Deterministic planning

Complexity Theory of Polynomial-Time Problems

A brief introduction to Logic. (slides from

Linear-Time Logic. Hao Zheng

Model Checking Infinite-State Markov Chains

Quantitative analysis with the probabilistic model checker PRISM 1

Concept of Statistical Model Checking. Presented By: Diana EL RABIH

Introduction to Applied Linear Algebra with MATLAB

Lecture 1 : Data Compression and Entropy

Towards Inference and Learning in Dynamic Bayesian Networks using Generalized Evidence

Numerical Solution Techniques in Mechanical and Aerospace Engineering

Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties

Wolf-Tilo Balke Silviu Homoceanu Institut für Informationssysteme Technische Universität Braunschweig

Integer Programming. Wolfram Wiesemann. December 6, 2007

Reasoning about Time and Reliability

Laboratoire Spécification & Vérification. Importance Sampling for Model Checking of Continuous Time Markov Chains

Course Notes: Week 1

Problem 1: Suppose A, B, C and D are finite sets such that A B = C D and C = D. Prove or disprove: A = B.

Approximate model checking of stochastic hybrid systems

Symbolic Model Checking for Factored Probabilistic Models

Lecture 24 Nov. 20, 2014

Improved Algorithms for Module Extraction and Atomic Decomposition

On the Complexity of Partitioning Graphs for Arc-Flags

Computational Complexity of Inference

A Probabilistic Temporal Logic with Frequency Operators and Its Model Checking

Transcription:

Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of Computer Science University of Oxford

Probabilistic model checking System Probabilistic model e.g. Markov chain Result 0.5 0.1 0.4 Probabilistic model checker e.g. PRISM Quantitative results System requirements P <0.1 [ F fail ] Probabilistic temporal logic specification e.g. PCTL, CSL, LTL Counterexample 2

Overview PCTL model checking for DTMCs Computation of probabilities for PCTL formulae next bounded until (unbounded) until Solving large linear equation systems direct vs. iterative methods iterative solution methods 3

PCTL PCTL syntax: ψ is true with probability ~p φ ::= true a φ φ φ P ~p [ ψ ] (state formulae) ψ ::= X φ φ U k φ φ U φ (path formulae) next bounded until until where a is an atomic proposition, p [0,1] is a probability bound, ~ {<,>,, }, k N Remaining operators can be derived (false,,, F, G, ) hence will not be discussed here 4

PCTL model checking for DTMCs Algorithm for PCTL model checking [CY88,HJ94,CY95] inputs: DTMC D=(S,s init,p,l), PCTL formula φ output: Sat(φ) = { s S s φ } = set of states satisfying φ What does it mean for a DTMC D to satisfy a formula φ? often, just want to know if s init φ, i.e. if s init Sat(φ) sometimes, want to check that s φ s S, i.e. Sat(φ) = S Sometimes, focus on quantitative results e.g. compute result of P =? [ F error ] e.g. compute result of P =? [ F k error ] for 0 k 100 5

PCTL model checking for DTMCs Basic algorithm proceeds by induction on parse tree of φ example: φ = ( fail try) P >0.95 [ fail U succ ] For the non-probabilistic operators: Sat(true) = S Sat(a) = { s S a L(s) } Sat( φ) = S \ Sat(φ) Sat(φ 1 φ 2 ) = Sat(φ 1 ) Sat(φ 2 ) P >0.95 [ U ] For the P ~p [ ψ ] operator: try succ need to compute the probabilities Prob(s, ψ) for all states s S fail fail Sat(P ~p [ ψ ]) = { s S Prob(s, ψ) ~ p } 6

Probability computation Three temporal operators to consider: Next: P ~p [ X φ ] Bounded until: P ~p [ φ 1 U k φ 2 ] adaptation of bounded reachability for DTMCs Until: P ~p [ φ 1 U φ 2 ] adaptation of reachability for DTMCs graph-based precomputation algorithms techniques for solving large linear equation systems 7

PCTL next for DTMCs Computation of probabilities for PCTL next operator Sat(P ~p [ X φ ]) = { s S Prob(s, X φ) ~ p } need to compute Prob(s, X φ) for all s S Sum outgoing probabilities for transitions to φ-states Prob(s, X φ) = Σ s Sat(φ) P(s,s ) s Compute vector Prob(X φ) of probabilities for all states s Prob(X φ) = P φ where φ is a 0-1 vector over S with φ(s) = 1 iff s φ computation requires a single matrix-vector multiplication φ 8

PCTL next - Example Model check: P 0.9 [ X ( try succ) ] Sat ( try succ) = (S \ Sat(try)) Sat(succ) = ({s 0,s 1,s 2,s 3 } {s 1 }) {s 3 } = {s 0,s 2,s 3 } Prob(X ( try succ)) = P ( try succ) = 1 {fail} Results: Prob(X ( try succ)) = [0, 0.99, 1, 1] Sat(P 0.9 [ X ( try succ) ]) = {s 1, s 2, s 3 } s {try} 0.01 2 s 0 s 1 0.98 1 s 3 0.01 {succ} 1 9

PCTL bounded until for DTMCs Computation of probabilities for PCTL U k operator Sat(P ~p [ φ 1 U k φ 2 ]) = { s S Prob(s, φ 1 U k φ 2 ) ~ p } need to compute Prob(s, φ 1 U k φ 2 ) for all s S First identify (some) states where probability is trivially 1/0 S yes = Sat(φ 2 ) S no = S \ (Sat(φ 1 ) Sat(φ 2 )) Sat(φ 2 ) S Sat(φ 1 ) 10

PCTL bounded until for DTMCs Let: S yes = Sat(φ 2 ) S no = S \ (Sat(φ 1 ) Sat(φ 2 )) And let: S? = S \ (S yes S no ) S Sat(φ 1 ) Sat(φ 2 ) Compute solution of recursive equations: 11

PCTL bounded until for DTMCs Simultaneous computation of vector Prob(φ 1 U k φ 2 ) i.e. probabilities Prob(s, φ 1 U k φ 2 ) for all s S Iteratively define in terms of matrices and vectors define matrix P as follows: P (s,s ) = P(s,s ) if s S?, P (s,s ) = 1 if s S yes and s=s, P (s,s ) = 0 otherwise Prob(φ 1 U 0 φ 2 ) = φ 2 Prob(φ 1 U k φ 2 ) = P Prob(φ 1 U k-1 φ 2 ) requires k matrix-vector multiplications Note that we could express this in terms of matrix powers Prob(φ 1 U k φ 2 ) = (P ) k φ 2 and compute (P ) k in log 2 k steps but this is actually inefficient: (P ) k is much less sparse than P 12

PCTL bounded until - Example Model check: P >0.98 [ F 2 succ ] P >0.98 [ true U 2 succ ] Sat (true) = S = {s 0,s 1,s 2,s 3 }, Sat(succ) = {s 3 } S yes = {s 3 }, S no =, S? = {s 0,s 1,s 2 }, P = P Prob(true U 0 succ) = succ = [0, 0, 0, 1] Sat(P >0.98 [ F 2 succ ]) = {s 1, s 3 } 13

PCTL until for DTMCs Computation of probabilities Prob(s, φ 1 U φ 2 ) for all s S First, identify all states where the probability is 1 or 0 S yes = Sat(P 1 [ φ 1 U φ 2 ]) S no = Sat(P 0 [ φ 1 U φ 2 ]) Then solve linear equation system for remaining states Running example: 1 0.3 {a} 0.6 s 1 s 3 s 5 P >0.8 [ a U b ] 0.4 0.1 s 0 0.9 0.1 0.3 s 2 s 4 0.5 0.1 0.7 {b} 1 14

Precomputation We refer to the first phase (identifying sets S yes and S no ) as precomputation two algorithms: Prob0 (for S no ) and Prob1 (for S yes ) algorithms work on underlying graph (probabilities irrelevant) Important for several reasons ensures unique solution to linear equation system only need Prob0 for uniqueness, Prob1 is optional reduces the set of states for which probabilities must be computed numerically gives exact results for the states in S yes and S no (no round-off) for model checking of qualitative properties (P ~p [ ] where p is 0 or 1), no further computation required 15

Precomputation - Prob0 Prob0 algorithm to compute S no = Sat(P 0 [ φ 1 U φ 2 ]) : first compute Sat(P >0 [ φ 1 U φ 2 ]) Sat(E[ φ 1 U φ 2 ]) i.e. find all states which can, with non-zero probability, reach a φ 2 -state without leaving φ 1 -states i.e. find all states from which there is a finite path through φ 1 - states to a φ 2 -state: simple graph-based computation subtract the resulting set from S S no = Sat(P 0 [ a U b ]) 1 0.3 Example: P >0.8 [ a U b ] a 0.1 0.6 s 1 s 3 s 0 s 5 0.3 0.4 0.1 0.7 s b 2 s 4 0.9 0.5 0.1 1 Sat(P >0 [ a U b ]) Sat(b) 16

Prob0 algorithm Note: can be formulated as a least fixed point computation also well suited to computation with binary decision diagrams 17

Precomputation - Prob1 Prob1 algorithm to compute S yes = Sat(P 1 [ φ 1 U φ 2 ]) : first compute Sat(P <1 [ φ 1 U φ 2 ]), reusing S no this is equivalent to the set of states which have a non-zero probability of reaching S no, passing only through φ 1 -states again, this is a simple graph-based computation subtract the resulting set from S S no Sat(P = Sat(P <1 [ a 0 [ a U b U ]) b ]) 1 0.3 Example: P >0.8 [ a U b ] a 0.1 0.6 s 1 s 3 s 0 s 5 0.3 0.4 0.1 0.7 s 2 s 4 0.9 0.5 0.1 b 1 S yes = Sat(P 1 [ a U b ]) 18

Prob1 algorithm 19

Prob 1 explanation 20

PCTL until - linear equations Probabilities Prob(s, φ 1 U φ 2 ) can now be obtained as the unique solution of the following set of linear equations essentially the same as for probabilistic reachability Prob(s, φ 1 U φ 2 ) = s' S 1 0 P(s,s' ) Prob(s', φ 1 U φ 2 ) if s S yes if s S no otherwise Can also be reduced to a system in S? unknowns instead of S where S? = S \ (S yes S no ) 21

PCTL until - linear equations Example: P >0.8 [ a U b ] Let x i = Prob(s i, a U b) S no = Sat(P 0 [ a U b ]) 1 0.3 a 0.1 x 1 = x 3 = 0 x 4 = x 5 = 1 0.6 s 1 s 3 x 2 = 0.1x 2 +0.1x 3 +0.3x 5 +0.5x 4 = 8/9 x 0 = 0.1x 1 +0.9x 2 = 0.8 Prob( a U b) = x = [0.8, 0, 8/9, 0, 1, 1] Sat(P >0.8 [ a U b ]) = { s 2,s 4,s 5 } s 0 s 5 0.3 0.4 0.1 0.7 s 2 s 4 0.9 0.5 0.1 b 1 S yes = Sat(P 1 [ a U b ]) 22

PCTL Until Example 2 Example: P >0.5 [ G b ] Prob(s i, G b) = 1 - Prob(s i, (G b)) = 1 - Prob(s i, F b) Let x i = Prob(s i, F b) x 3 = 0 and x 4 = x 5 = 1 x 2 = 0.1x 2 +0.1x 3 +0.3x 5 +0.5x 4 = 8/9 a 0.1 S no = Sat(P 0 [ F b ]) 0.6 s 1 s 3 s 0 0.4 0.9 0.1 1 0.3 0.3 0.1 s 5 s 2 s 4 0.5 0.7 b 1 S yes = Sat(P 1 [ F b ]) x 1 = 0.6x 3 +0.4x 0 = 0.4x 0 x 0 = 0.1x 1 +0.9x 2 = 5/6 and x 1 = 1/3 Prob(G b) = 1-x = [1/6, 2/3, 1/9, 1, 0, 0 ] Sat(P >0.5 [ G b ]) = { s 1,s 3 } 23

Linear equation systems Solution of large (sparse) linear equation systems size of system (number of variables) typically O( S ) state space S gets very large in practice Two main classes of solution methods: direct methods - compute exact solutions in fixed number of steps, e.g. Gaussian elimination, L/U decomposition iterative methods, e.g. Power, Jacobi, Gauss-Seidel, the latter are preferred in practice due to scalability General form: A x = b indexed over integers, i.e. assume S = { 0,1,, S -1 } 24

Iterative solution methods Start with an initial estimate for the vector x, say x (0) Compute successive (increasingly accurate) approximations approximation (solution vector) at k th iteration denoted x (k) computation of x (k) uses values of x (k-1) Terminate when solution vector has converged sufficiently Several possibilities for convergence criteria, e.g.: maximum absolute difference maximum relative difference 25

Jacobi method Based on fact that: For probabilistic model checking, A(i,i) is always non-zero can be rearranged as: yielding this update scheme: 26

Gauss-Seidel The update scheme for Jacobi: can be improved by using the most up-to-date values of x (j) that are available This is the Gauss-Seidel method: 27

Over-relaxation Over-relaxation: compute new values with existing schemes (e.g. Jacobi) but use weighted average with previous vector Example: Jacobi + over-relaxation where ω (0,2) is a parameter to the algorithm 28

Comparison Gauss-Seidel typically outperforms Jacobi i.e. faster convergence also: only need to store a single solution vector Both Gauss-Seidel and Jacobi usually outperform the Power method (see least fixed point method from Lecture 2) However Power method has guaranteed convergence Jacobi and Gauss-Seidel do not Over-relaxation methods may converge faster for well chosen values of ω need to rely on heuristics for this selection 29

Model checking complexity Model checking of DTMC (S,s init,p,l) against PCTL formula Φ complexity is linear in Φ and polynomial in S Size Φ of Φ is defined as number of logical connectives and temporal operators plus sizes of temporal operators model checking is performed for each operator Worst-case operator is P ~p [ Φ 1 U Φ 2 ] main task: solution of linear equation system of size S can be solved with Gaussian elimination: cubic in S and also precomputation algorithms (max S steps) Strictly speaking, U k could be worse than U for large k but in practice k is usually small 30

Summing up Model checking a PCTL formula φ on a DTMC i.e. determine set Sat(φ) recursive: bottom-up traversal of parse tree of φ Atomic propositions and logical connectives: trivial Key part: computing probabilities for P ~p [ ] formulae X Φ : one matrix-vector multiplications Φ 1 U k Φ 2 : k matrix-vector multiplications Φ 1 U Φ 2 : graph-based precomputation algorithms + solution of linear equation system in at most S variables Iterative methods for solving large linear equation systems 31

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback