statistical model checking of simulink models simulink
play

Statistical Model Checking of Simulink Models Simulink Models Ed - PowerPoint PPT Presentation

Oct 08, 2022 •436 likes •733 views

Statistical Model Checking of Simulink Models Simulink Models Ed Edmund M. Clarke d M Cl k School of Computer Science Carnegie Mellon University The State Explosion Problem p My 27 Year Quest: Symmetry Reduction Parametric Model

  1. Statistical Model Checking of Simulink Models Simulink Models Ed Edmund M. Clarke d M Cl k School of Computer Science Carnegie Mellon University

  2. The State Explosion Problem p My 27 Year Quest:  Symmetry Reduction  Parametric Model Checking  Partial Order Reduction  Partial Order Reduction  Symbolic Model Checking  Induction in Model Checking  SAT based Bounded Model Checking  Predicate Abstraction  Counterexample Guided Abstraction Refinement  Compositional Reasoning . . .  Statistical Model Checking!

  3. Executive Summary  State Space Exploration is infeasible for large systems. p p g y – Often easier to simulate a system  Our Goal: Provide probabilistic guarantees of correctness using a small number of simulations i ll b f i l ti – How to generate each simulation run? – How many simulation runs to generate? How many simulation runs to generate?  Applications: Stateflow / Simulink, Biological Models. Statistical Model Checking of Mixed-Analog Circuits with an Statistical Model Checking of Mixed Analog Circuits with an Application to a Third Order Delta - Sigma Modulator. E. M. Clarke, A. Donzé, and A. Legay. Best Paper Award at Haifa Verification Conference 2008 Haifa Verification Conference 2008. (To appear in Formal Methods in System Design, 2009).

  4. Bayesian Statistical Model Checking y g  Bayesian Approach to Statistical Model Checking y pp g – Faster than state-of-the-art Statistical Model Checking. – Generally requires fewer simulations.  Can use prior knowledge about the model – Represented by the prior probability distribution of the model satisfying the specification model satisfying the specification.  Can revise prior knowledge in light of experimental data – Compute posterior probability of the model satisfying the Compute posterior probability of the model satisfying the specification. Bayesian Statistical Model Checking S K Jh S. K. Jha, E. M. Clarke, C. J. Langmead, A. Platzer, P. Zuliani, E M Cl k C J L d A Pl t P Z li i and A. Legay. CMU CS Technical Report 09-110.

  5. Motivation - Scalability  State Space Exploration infeasible for large systems. p p g y – Symbolic MC with OBDDs scales to 10 300 states. – Scalability depends on the structure of the system. y p y  Simulation is feasible for many more systems.  Target Applications include: Target Applications include: – Stateflow Simulink Models – Analog Circuits a og C cu s – Verilog Models – Biological Models g

  6. Motivation – Parallel Model Checking  Some success with explicit state Model Checking p g – Parallel Murphi  More difficult to distribute Symbolic MC using BDDs. o e d cu t to d st bute Sy bo c C us g s  Learned Clauses in SAT solving are not easy to distribute for Bounded Model Checking.  Simulation can be easily parallelized. Statistical Model Checking should be able to exploit g p  – multiple cores – commodity clusters

  7. Probabilistic Model Checking  Given a stochastic model such as – a Markov Chain, or – the solution to a stochastic differential equation  a Bounded Linear Temporal Logic property  a Bounded Linear Temporal Logic property and a and a probability threshold .  Does Does satisfy with probability at least ? satisfy with probability at least ?  Example: Is every request acknowledged within 10 time  Example: Is every request acknowledged within 10 time units with 99.999999% probability?  Numerical techniques compute the precise probability of q p p p y satisfying : – Does NOT scale to large systems.

  8. Statistical Probabilistic Model Checking  Decides between two mutually exclusive composite y p hypotheses: – Null Hypothesis – Alternate Hypothesis  Statistical tests can determine the true hypothesis: – based on sampling the traces of system – answer may be wrong, but error probability is bounded.  Statistical Hypothesis Testing Model Checking!

  9. Challenges g  Each simulation trace is expensive to generate p g – Computation time: few minutes to several days.  Given an upper bound on the probability of making G e a uppe bou d o t e p obab ty o a g incorrect decisions: – Sample as many traces as needed, but no more.  Nondeterministic Systems: – Nondeterminism due to incompletely specified inputs – Model Checking Markov Decision Processes (PRISM) – Statistical Model Checking not yet adapted to MDPs

  10. Existing Work g  [Younes and Simmons 06] use Wald’s SPRT [ ] – SPRT: Sequential Probability Ratio Test  The SPRT decides between e S dec des bet ee – the simple null hypothesis vs – the simple alternate hypothesis  SPRT is asymptotically optimal (when or is true) – Minimizes the expected number of samples – Among all tests with equal or smaller error probability.

  11. Existing Work g  MC chooses between two composite hypotheses p yp  Existing works use SPRT for hypothesis testing with an g yp g indifference region:

  12. Faster Statistical Model Checking I g  But MC chooses between two mutually exclusive y composite hypotheses Null Hypothesis vs Alternate Hypothesis  We have developed a new MC algorithm – Statistical Model Checking Algorithm – Performs Composite Hypothesis Testing Performs Composite Hypothesis Testing – Based on Bayes Theorem and the Bayes Factor.

  13. Faster Statistical Model Checking II g  Model Checking  Suppose satisfies with (unknown) probability u. – u is given by a random variable U with density g . – g represents the prior belief that satisfies .  Generate independent and identically distributed (iid) sample traces.  x i : the i th sample trace satisfies . – x i = 1 iff 1 iff – x i = 0 iff  Then x will be a Bernoulli trial with density  Then, x i will be a Bernoulli trial with density f ( x i |u ) = u x i (1 − u ) 1- x i

  14. Faster Statistical Model Checking III g  a sample of Bernoulli random variables. p  Bayes Theorem (Posterior Probability):  Prior Probability of being true:  Ratio of Posterior Probabilities:  Ratio of Posterior Probabilities: Bayes Factor

  15. Faster Statistical Model Checking IV g  Bayes Factor: Measure of confidence in H 0 vs H 1 y 0 1 – provided by the data – weighted by the prior g.  Bayes Factor � � Threshold: Accept Null Hypothesis H 0 .  Bayes Factor � � Threshold: Reject Null Hypothesis H 0 . Definition : Bayes Factor B of sample X and hypotheses H 0 , H 1 joint distribution of independent events independent events B B

  16. Faster Statistical Model Checking V g Require : Property P ≥ θ ( Φ ) , Threshold T > 1 , Prior density g n : = 0 n : = 0 {number of traces drawn so far} {number of traces drawn so far} x : = 0 {number of traces satisfying so far} repeat σ := draw a sample trace of the system (iid) σ := draw a sample trace of the system (iid) n : = n + 1 if σ Φ then x : x : = x + 1 x + 1 end if B : = BayesFactor(n, x) until ( B > T v B < 1/T ) til ( B > T B < 1/T ) if ( B > T ) then return H 0 accepted else l return H 1 accepted end if

  17. Bounded Linear Temporal Logic p g  Bounded Linear Temporal Logic (BLTL): Extension of LTL p g ( ) with time bounds on temporal operators.  Let σ = ( s 0 , t 0 ), (s 1 , t 1 ), . . . be an execution of the model – along states s 0 , s 1 , . . . – the system stays in state s i for time t i  σ i : Execution trace starting at state i.  V ( σ , i, x ): Value of the variable x at the state s i in. ( ) i  A natural model for Simulink traces – Simulink has discrete time semantics

  18. Semantics of BLTL The semantics of BLTL for a trace σ k :  σ k x ~ c iff V( σ , k, x) ~ c, where ~ is in { ≤ , ≥ ,= }  σ k σ Φ 1 v Φ 2 Φ 1 v Φ 2 iff σ k iff σ Φ 1 or σ Φ 1 or σ k Φ 2 Φ 2  σ k ¬ Φ iff σ k Φ does not hold Φ 1 U t Φ 2 Φ 1 U Φ 2  σ k  σ iff there exists natural i such that iff there exists natural i such that σ k+i Φ 2 1) 2) ) Σ j<i t j ≤ t j<i j 3) for each 0 ≤ j < i, σ k+j Φ 1

  19. Fuel System Controller y The Simulink model:

  20. Fuel System Controller y  We Model Check the formula (Null hypothesis) ( yp ) M , FaultRate ╞═ P ≥ θ (¬ F 100 G 1 ( FuelFlowRate = 0 )) for θ = 0 5 0 7 0 8 0 9 0 99 for θ 0.5, 0.7, 0.8, 0.9, 0.99.  “It is not the case that within 100 seconds, FuelFlowRate is zero for 1 second”.  We use various values of FaultRate for each of the three sensors in the model.  We use uniform priors over � 0,1); both hypotheses equally likely a priori.  We choose Bayes threshold T � � 1000 , i.e., stop when one hypothesis is 1000 times more likely than the other.

  21. Fuel System Controller y Recall the Null hypothesis: yp M , FaultRate ╞═ P ≥ θ (¬ F 100 G 1 ( FuelFlowRate = 0 )) Number of samples and test decision: p  blue numbers: test accepted Null hypothesis.  red numbers: test rejected Null hypothesis. Probability threshold θ .5 .7 .8 .9 .99 [3 7 8] 63 15 10 7 4 [10 8 9] 29 55 371 514 17 Fault rates rates [20 10 20] [20 10 20] 9 9 16 16 24 24 64 64 936 936 [30 30 30] 9 16 24 44 400

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bayesian Statistical Model Checking with Application to Stateflow/Simulink Verification Paolo

Bayesian Statistical Model Checking with Application to Stateflow/Simulink Verification Paolo

Bayesian Statistical Model Checking with Application to Stateflow/Simulink Verification Paolo Zuliani Andr Platzer Edmund M. Clarke Computer Science Department Carnegie Mellon University Problem Verification of Stochastic Systems

752 views • 39 slides
From Simulink to NoC-based MPSoC on FPGA Simulink front-end for the NoC System Generator (NSG)

From Simulink to NoC-based MPSoC on FPGA Simulink front-end for the NoC System Generator (NSG)

From Simulink to NoC-based MPSoC on FPGA Simulink front-end for the NoC System Generator (NSG) Francesco Robino KTH Royal Institute of Technology ICES seminar F. Robino (KTH) From Simulink to MPSoC on FPGA 20-05-2014 1 / 17 Overview of the

510 views • 17 slides
A Synchronous Look at the Simulink Standard Library or Can we design a functional Simulink? 1

A Synchronous Look at the Simulink Standard Library or Can we design a functional Simulink? 1

A Synchronous Look at the Simulink Standard Library or Can we design a functional Simulink? 1 Marc Pouzet Marc.Pouzet@ens.fr DI, ENS SYNCHRON Bamberg December 7, 2016 1 Joint work with T. Bourke (INRIA Paris), F. Carcenac, JL. Cola co, B.

693 views • 37 slides
Towards an Operational Semantics of the Simulation Engine of Simulink Alexandre Chapoutot joint

Towards an Operational Semantics of the Simulation Engine of Simulink Alexandre Chapoutot joint

Towards an Operational Semantics of the Simulation Engine of Simulink Alexandre Chapoutot joint work with Olivier Bouissou (CEA LIST, LMeASI) ENSTA Paristech SYNCHRON 2011 December 1st Motivation 2 / 22 Simulink and its industrial uses

670 views • 40 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
A Timing Model for Synchronous Language Implementations in Simulink Timothy Bourke and Arcot

A Timing Model for Synchronous Language Implementations in Simulink Timothy Bourke and Arcot

1 A Timing Model for Synchronous Language Implementations in Simulink Timothy Bourke and Arcot Sowmya School of Computer Science and Engineering University of New South Wales, Sydney and National ICT Australia tbourke@cse.unsw.edu.au

773 views • 36 slides
Generation of Flow-Preserving Orocos Implementations of Simulink/Scicos Models Matteo Morelli and

Generation of Flow-Preserving Orocos Implementations of Simulink/Scicos Models Matteo Morelli and

Generation of Flow-Preserving Orocos Implementations of Simulink/Scicos Models Matteo Morelli and Marco Di Natale IEEE-ICRA 2013, Workshop On Software Development and Integration in Robotics May 6th, 2013 TeCIP Institute, Scuola Superiore

733 views • 23 slides
Brian L. Young, Oregon State University, 5/18/2009 Software Tools Preliminary Calculations

Brian L. Young, Oregon State University, 5/18/2009 Software Tools Preliminary Calculations

Brian L. Young, Oregon State University, 5/18/2009 Software Tools Preliminary Calculations Mathematical Design Script, MATLAB Simulink Modeling Circuit Implementation Simulink Results Suggestions 2 MATLAB/Simulink

525 views • 23 slides
Submodel Pattern Extraction for Simulink Models James R. Cordy Queens University NECSIS

Submodel Pattern Extraction for Simulink Models James R. Cordy Queens University NECSIS

Submodel Pattern Extraction for Simulink Models James R. Cordy Queens University NECSIS Automotive Partnership Canada MPE near-miss clones near-miss clone detection Simone analysis of GM models pattern extraction pattern evolution

841 views • 70 slides
Simulation abstraite : une analyse statique de modles Simulink Alexandre Chapoutot 1

Simulation abstraite : une analyse statique de modles Simulink Alexandre Chapoutot 1

Simulation abstraite : une analyse statique de modles Simulink Alexandre Chapoutot 1 Laboratoire MeASI - CEA LIST Soutenance de thse Ecole Polytechnique, Palaiseau 8 dcembre 2008 1 Sous la direction de Matthieu Martel Introduction

893 views • 71 slides
Massif - the love child of Matlab Simulink and Eclipse kos Horvth , Istvn Rth and Rodrigo

Massif - the love child of Matlab Simulink and Eclipse kos Horvth , Istvn Rth and Rodrigo

Massif - the love child of Matlab Simulink and Eclipse kos Horvth , Istvn Rth and Rodrigo Rizzi Starr (ahorvath@mit.bme.hu) Budapest University of Technology and Economics Embraer S.A. IncQuery Labs Ltd. Eclipsecon 2015 Department of

438 views • 20 slides
PRESENTATION OF THE INTERNATIONAL BUILDING PHYSICS TOOLBOX FOR SIMULINK Article January 2003

PRESENTATION OF THE INTERNATIONAL BUILDING PHYSICS TOOLBOX FOR SIMULINK Article January 2003

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/238767529 PRESENTATION OF THE INTERNATIONAL BUILDING PHYSICS TOOLBOX FOR SIMULINK Article January 2003 CITATIONS READS 15 250 5

568 views • 9 slides
Statistical Model Checking and Rare Events Paolo Zuliani Joint work with Edmund M. Clarke

Statistical Model Checking and Rare Events Paolo Zuliani Joint work with Edmund M. Clarke

Statistical Model Checking and Rare Events Paolo Zuliani Joint work with Edmund M. Clarke Computer Science Department, CMU Probabilistic Verification Verification of stochastic system models via statistical model checking Temporal

686 views • 56 slides
Structured adaptive control, or how to solve LMIs with Simulink Alexandru - Razvan LUZI Dimitri

Structured adaptive control, or how to solve LMIs with Simulink Alexandru - Razvan LUZI Dimitri

Structured adaptive control, or how to solve LMIs with Simulink Alexandru - Razvan LUZI Dimitri PEAUCELLE IEIIT-CNR Torino, october 2012 1/21 Introduction Introduction Direct adaptive control: Adaptation of control gains done directly

722 views • 33 slides
Model checking perhaps the most important part of applied statistical modelling Simon Wood

Model checking perhaps the most important part of applied statistical modelling Simon Wood

Model checking perhaps the most important part of applied statistical modelling Simon Wood Model checking Checking validation! As with detection function, checking is important Want to know the model conforms to assumptions What

524 views • 26 slides
Statistical Model Checking for Biological Systems Paolo Zuliani Department of Computer Science

Statistical Model Checking for Biological Systems Paolo Zuliani Department of Computer Science

Statistical Model Checking for Biological Systems Paolo Zuliani Department of Computer Science Carnegie Mellon University Joint work with Edmund Clarke, James Faeder, Haijun Gong, Qinsi Wang Verification of Rule-based Models Temporal

462 views • 33 slides
Public Goods as a Compensation in Cartel Offenses Luk a s T oth ACLE, University of

Public Goods as a Compensation in Cartel Offenses Luk a s T oth ACLE, University of

Public Goods as a Compensation in Cartel Offenses Luk a s T oth ACLE, University of Amsterdam Joint paper with M.P. Schinkel (ACLE) 9th ACLE Competition &amp; Regulation Meeting: The Public Interest Defense in Cartel Offenses

187 views • 17 slides
Compliance Planning for FY2021 Hosted by the Michigan Indigent Defense Commission Staff March

Compliance Planning for FY2021 Hosted by the Michigan Indigent Defense Commission Staff March

Compliance Planning for FY2021 Hosted by the Michigan Indigent Defense Commission Staff March 31, 2020 WE ARE HERE TO HELP Marla McCowan Director of Training, Outreach &amp; Support McCowanM@Michigan.gov or 517-388-6702 direct

631 views • 26 slides
The Role of Renewables and Energy Efficiency Under the

The Role of Renewables and Energy Efficiency Under the

The Role of Renewables and Energy Efficiency Under the Clean Power Plan Presenta:on to: Kentucky Mineral Law Conference October 19, 2016

870 views • 20 slides
IN5320 - Development in Platform Ecosystems Lecture 1: Introduction 17th of August 2020

IN5320 - Development in Platform Ecosystems Lecture 1: Introduction 17th of August 2020

IN5320 - Development in Platform Ecosystems Lecture 1: Introduction 17th of August 2020 Department of Informatics, University of Oslo Magnus Li - magl@ifi.uio.no 1 OBS - recording of lectures on Zoom The live lectures on Zoom are recorded. The

674 views • 66 slides
HBase A Comprehensive Introduction James Chin, Zikai Wang Monday, March 14, 2011 CS 227 (Topics

HBase A Comprehensive Introduction James Chin, Zikai Wang Monday, March 14, 2011 CS 227 (Topics

HBase A Comprehensive Introduction James Chin, Zikai Wang Monday, March 14, 2011 CS 227 (Topics in Database Management) CIT 367 Overview Overview: History Began as project by Powerset to process massive amounts of data for natural language

797 views • 36 slides
Revised: January 18, 2013 Funded by The Health Foundation of Greater Cincinnati, The Mt. Sinai

Revised: January 18, 2013 Funded by The Health Foundation of Greater Cincinnati, The Mt. Sinai

Revised: January 18, 2013 Funded by The Health Foundation of Greater Cincinnati, The Mt. Sinai Health Care Foundation and The George Gund Foundation 01.18.2013 About the study Partnership of Regional Economic Models, Inc., the Urban

747 views • 53 slides
Potential l Carb arbon Mult ltiplie lier Effects or or Re-spendin ing deci cisi sions fol

Potential l Carb arbon Mult ltiplie lier Effects or or Re-spendin ing deci cisi sions fol

RSAI British and Irish Section 45th Annual Conference Newquay Cornwall Potential l Carb arbon Mult ltiplie lier Effects or or Re-spendin ing deci cisi sions fol ollowing in incr creased energy efficiency: A tool l for ass

500 views • 13 slides
Greenhouse Gas Emissions Andre Barbe USAEE Annual Conference November 14, 2017 Disclaimer This

Greenhouse Gas Emissions Andre Barbe USAEE Annual Conference November 14, 2017 Disclaimer This

The Effects of Restricting Coal Consumption on Coal Exports and Greenhouse Gas Emissions Andre Barbe USAEE Annual Conference November 14, 2017 Disclaimer This article represents solely the views of the author and not the views of the United

547 views • 25 slides

More recommend