formal methods for probabilistic systems
play

Formal Methods for Probabilistic Systems Annabelle McIver Carroll - PowerPoint PPT Presentation

May 27, 2023 •308 likes •985 views

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Almost-certain termination Hermans Graph

  1. 1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan • Source-level program logic • Meta-theorems for loops • Examples • Relational operational model • Almost-certain termination • “Herman’s Graph” • Probabilistic variant rule • Termination of Herman’s Graph • Herman’s Ring • Termination of Herman’s Ring • Expected time to stability; comparison with model-checking ( PRISM )

  2. 2 A variation on Herman’s Ring : “Herman’s Graph” T Herman. Probabilistic self-stabilization. Inf. Proc. Lett. 35(2):63-67, 1990.

  3. 3 Herman’s Graph 1/ 4 1/ 3 1/ 6 1/ 4 On every step, each processor decides probabilistically to which neighbour its tokens will go... ...including possibly itself. All (four, in this case) probabilities must be non-zero.

  4. 4 Herman’s Graph The decisions are made synchronously .

  5. 5 Herman’s Graph And then the moves are made.

  6. 6 Herman’s Graph Choose; move.

  7. 7 Herman’s Graph Choose; move.

  8. 8 Herman’s Graph Choose; move.

  9. 9 Herman’s Graph Because all tokens are together, they will now circulate as a group.

  10. 10 Herman’s Graph Like this...

  11. 11 Herman’s Graph Thus the system is stable . What is the probability that the system will become stable eventually, no matter where it begins? Eventual stability for Herman’s Graph is almost certain .

  12. 12 The (probabilistic) variant rule for loops CC Morgan. Proof rules for probabilistic loops. Proc. 3rd BCS Refinement Workshop. Springer, 1996. http://ewic.bcs.org/conferences/1996/refinement/ papers/paper10.htm S Hart, M Sharir and A Pnueli. Termination of probabilistic concurrent programs. TOPLAS 5:356-380, 1983.

  13. 13 page 55 If the invariant Inv is true at the beginning of the loop body, then it’s true at the end.

  14. 14 page 55 The variant V is bounded below and above — that is, it takes only finitely many values.

  15. 15 page 55 The variant V is strictly decreased, by the loop body, with some non-zero probability.

  16. 16 The (probabilistic) variant rule for loops at least , then with probability � the variant If the guard will G is true, the strictly invariant Inv decrease. holds, and the variant V has some value N ,

  17. 17 The (probabilistic) variant rule for loops at least , then with probability � the variant If the guard will G is true, the strictly invariant Inv decrease. holds, and the variant V has some value N ,

  18. 18 The (probabilistic) variant rule for loops For finite-state systems: Choose some integer-valued variant function of the state. If you can show that from every non-terminated state there is a non-zero probability of strict decrease of that variant in the very next step, then you have shown that termination will eventually occur, from any initial state, with probability one. This a consequence of our “paradoxical” Zero-One Law for probabilistic processes: if from every state the probability of eventual termination is bounded away from zero, then in fact that probability is one.

  19. 19 What is the variant for Herman’s Graph ?

  20. 20 The variant for Herman’s Graph It is the size of the smallest connected subgraph containing all tokens.

  21. 21 Herman’s Graph: the variant It is the size of the smallest connected subgraph containing all tokens. The value of the variant is 3 in this example.

  22. 22 Herman’s Graph: the variant With probability pqr p tokens will move as shown... ... and pqr is strictly q greater than zero... r ...so that the variant will decrease, from 3 to 2, with non � zero probability . Q.E.D. This variant suffices because it has non-zero probability of decrease on each iteration.

  23. 23 Herman’s Ring The system comprises a number of processes, connected in a ring: it is a special case of the graph .

  24. 24 Herman’s Ring Normally, a single token will circulate around the ring...

  25. 25 Herman’s Ring But occasionally a hardware or software error causes extra tokens to appear.

  26. 26 Herman’s Ring ... like this.

  27. 27 Herman’s Ring Because of Herman’s clever underlying encoding, however, there can only ever be an odd number of tokens. If extra ones appear, how do we get rid of them?

  28. 28 Herman’s algorithm On every “tick”, each token-holding processor flips a coin: if heads , the token is kept; if tails , it is passed downstream. Colliding tokens are annihilated.

  29. 29 Herman’s algorithm For example, we might have this, with heads probability 1/ 8, that is heads , heads , tails... heads tails

  30. 30 Herman’s algorithm For example, we might have this, with keep probability 1/ 8, that is keep , keep , pass... keep pass

  31. 31 Herman’s algorithm keeping ...and so a token moves along... keeping passing

  32. 32 Herman’s algorithm kept ...but, afterwards, there are still three of them. kept passed

  33. 33 Herman’s algorithm pass Suppose this time, we get pass , keep , pass ... keep pass

  34. 34 Herman’s algorithm passing ...again probability 1/ 8... passing keeping

  35. 35 Herman’s algorithm passed ...and there is a collision... annihilated

  36. 36 Herman’s algorithm ...so that the ring becomes stable once more.

  37. 37 Herman’s algorithm ...so that the ring becomes stable once more.

  38. 38 Herman’s algorithm ...so that the ring becomes stable once more.

  39. 39 Herman’s algorithm Herman’s algorithm has the property that no matter how the ring is perturbed (provided the number of tokens remains odd), it is guaranteed with probability 1 to return “automatically” to a stable state in which there is only one token. In that sense, it is “self-repairing”. How do we prove this is so? And how long does it take for stabilisation to occur?

  40. 40 Herman’s proof of eventual stabilisation http://www.cs.uiowa.edu/ftp/selfstab/H90.ps.gz , pp. 6-7.

  41. 41 A very short proof of eventual stabilisation We get a much shorter proof — Choose as probabilistic variant the essentially “one line” — by using length of the smallest consecutive the same technique as before, span of ring segments that contains where the hard work has been all tokens; apply Lemma 2.7.1. packaged up in a theorem that can be used over and over. Q.E.D.

  42. 42 Expected time to stabilisation The probabilistic variant can also be used to estimate the expected time to stabilisation. The variant effectively performs a random walk on the integers between 0 and N -1. When it is zero, stabilisation has occurred. It is known from probability theory that the expected time for a random walker to move N steps in the same direction is of order N squared. That is thus an upper bound on how long it takes for stabilisation to occur. AK McIver and CC Morgan. An elementary proof that Herman’s Ring is � (N2) . http://web.comlab.ox.ac.uk/oucl/research/areas/probs/ bibliography.html#HR04

  43. 43 Herman’s Ring is � (N2) We know already that eventual convergence is assured with probability one. But how long does it take?

  44. 44 Herman’s Ring is � (N2) — using program logic Write the ring as a small looping pGCL program, with an extra “counting” variable k initialised to zero and incremented on each iteration; the loop guard is “there is more than one token”; determine the expected final value of k . In principle...

  45. 45 Herman’s Ring is � (N2) — using program logic multi-way probabilistic choice k := 0; In practice the program � do n � 0 is rather messy, and the calculations complex — if 0 < n < N -1 � n := | n -1 @ 1/ 4 if one can find the | n @ 1/ 2 invariant at all! | n +1 @ 1/ 4 � n := | n -1 � n = N -1 @ 1/ 4 Instead we abstract , | n @ 3/ 4 using as inspiration the fi ; same variant n that n : � n ; showed eventual termination. k := k +1 od same as n := n -1 1/ 4 � n := n

  46. 46 Herman’s Ring is � (N2) — using program logic Part of the abstraction k := 0; however is that we do � do n � 0 not know exactly what if 0 < n < N -1 � n := | n -1 the effect of other @ 1/ 4 collisions might be; | n @ 1/ 2 | n +1 @ 1/ 4 that is represented by � n := | n -1 � n = N -1 @ 1/ 4 the demonic possible | n @ 3/ 4 decrease of the fi ; maximum separation n ; n : � n ; and it is the problem k := k +1 with applying standard od Markov methods .

  47. 47 Herman’s Ring is � (N2) — using program logic k := 0; � do n � 0 if 0 < n < N -1 � n := | n -1 @ 1/ 4 | n @ 1/ 2 | n +1 @ 1/ 4 � n := | n -1 � n = N -1 n = 4 @ 1/ 4 | n @ 3/ 4 fi ; n : � n ; k := k +1 od

  48. 48 Herman’s Ring is � (N2) — using program logic k := 0; � do n � 0 if 0 < n < N -1 � n := | n -1 @ 1/ 4 | n @ 1/ 2 | n +1 @ 1/ 4 4 � n := | n -1 � n = N -1 @ 1/ 4 | n @ 3/ 4 fi ; n : � n ; k := k +1 od

  49. 49 Herman’s Ring is � (N2) — using program logic k := 0; � do n � 0 if 0 < n < N -1 � n := | n -1 @ 1/ 4 | n @ 1/ 2 | n +1 @ 1/ 4 3 � n := | n -1 � n = N -1 @ 1/ 4 | n @ 3/ 4 fi ; n : � n ; k := k +1 od

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Probabilistic amplification Uniform selection 2 Probabilistic amplification Is K

731 views • 31 slides
Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Almost-certain termination Mu-calculus, temporal

927 views • 73 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations &amp; Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations &amp; Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges in Barrelfish. System configuration using SAT. Tracing and online invariant checking. Better languages for Systems. 18 January 2016

359 views • 18 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge

Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Probability, Random Processes and Inference Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

1.68k views • 130 slides
A game-theoretic proof of the Erdos-Feller-Kolmogorov-Petrowsky law of the iterated logarithm for

A game-theoretic proof of the Erdos-Feller-Kolmogorov-Petrowsky law of the iterated logarithm for

A game-theoretic proof of the Erdos-Feller-Kolmogorov-Petrowsky law of the iterated logarithm for fair-coin tossing Akimichi Takemura (U.Tokyo) (joint with Takeyuki Sasai and Kenshi Miyabe) Nov.13, 2014, CIMAT Mexico Manuscript: A

418 views • 25 slides
Computer Science &amp; Engineering 423/823 Introduction Design and Analysis of Algorithms

Computer Science &amp; Engineering 423/823 Introduction Design and Analysis of Algorithms

CSCE423/823 Computer Science &amp; Engineering 423/823 Introduction Design and Analysis of Algorithms Bellman-Ford Algorithm Lecture 05 Single-Source Shortest Paths (Chapter 24) SSSPs in Directed Acyclic Graphs Dijkstras Algorithm

763 views • 36 slides
Theory of Computation Chapter 13: Approximability Guan-Shieng Huang Jan. 3, 2007 0-0

Theory of Computation Chapter 13: Approximability Guan-Shieng Huang Jan. 3, 2007 0-0

Theory of Computation Chapter 13: Approximability Guan-Shieng Huang Jan. 3, 2007 0-0 Decision v.s. Optimization Problems decision problems: expect a yes/no answer optimization problems: expect an optimal solution from all

478 views • 28 slides
Warm up Sketch the graph of f ( x ) = ( x 3)( x 2)( x 1) = x 3 6 x 2 + 11 x 6

Warm up Sketch the graph of f ( x ) = ( x 3)( x 2)( x 1) = x 3 6 x 2 + 11 x 6

Warm up Sketch the graph of f ( x ) = ( x 3)( x 2)( x 1) = x 3 6 x 2 + 11 x 6 over the interval [1 , 4]. Mark any critical points and inflection points. What is the absolute maximum over this interval? What is the absolute

369 views • 4 slides
Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter

Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter

Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter Sewell 1 Luc Maranget 2 Jade Alglave 3 , 4 Derek Williams 5 1 University of Cambridge 2 INRIA 3 Oxford University 4 Queen Mary London 5 IBM Austin June

856 views • 41 slides
3rd Grade Shapes and Perimeter 2015-11-10 www.njctl.org Slide 3 / 102 Slide 4 / 102 Table of

3rd Grade Shapes and Perimeter 2015-11-10 www.njctl.org Slide 3 / 102 Slide 4 / 102 Table of

Slide 1 / 102 Slide 2 / 102 3rd Grade Shapes and Perimeter 2015-11-10 www.njctl.org Slide 3 / 102 Slide 4 / 102 Table of Contents Area Click on a topic to Perimeter go to that section Lines, Rays and Line Segments Angles Area

525 views • 25 slides
for BlueGene/P Franz Franchetti 1 , Yevgen Voronenko 2 , Gheorghe Almasi 3 1 Carnegie Mellon

for BlueGene/P Franz Franchetti 1 , Yevgen Voronenko 2 , Gheorghe Almasi 3 1 Carnegie Mellon

Carnegie Mellon Carnegie Mellon Automatic Generation of the HPC Challenge's Global FFT Benchmark for BlueGene/P Franz Franchetti 1 , Yevgen Voronenko 2 , Gheorghe Almasi 3 1 Carnegie Mellon University and SpiralGen, Inc. 2 AccuRay, Inc., 3 IBM

588 views • 25 slides

More recommend