vtsa 10 summer school luxembourg september 2010
play

VTSA10 Summer School, Luxembourg, September 2010 Introduction - PowerPoint PPT Presentation

VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking Model checking Automated formal verification for finite-state models Finite-state model System Result Model checker e.g. SMV, Spin Counter-


  1. VTSA’10 Summer School, Luxembourg, September 2010

  2. Introduction Probabilistic model checking

  3. Model checking Automated formal verification for finite-state models Finite-state model System Result Model checker e.g. SMV, Spin Counter- ¬EF fail example System Temporal logic require- specification ments 3

  4. Probabilistic model checking Automatic verification of systems with probabilistic behaviour Probabilistic model Result e.g. Markov chain System 0.4 0.5 0.1 Quantitative results Probabilistic model checker e.g. PRISM P <0.1 [ F fail ] Counter- example System Probabilistic temporal 
 require- logic specification ments e.g. PCTL, CSL, LTL 4

  5. Why probability? • Some systems are inherently probabilistic… • Randomisation, e.g. in distributed coordination algorithms − as a symmetry breaker, in gossip routing to reduce flooding • Examples: real-world protocols featuring randomisation: − Randomised back-off schemes • CSMA protocol, 802.11 Wireless LAN − Random choice of waiting time • IEEE1394 Firewire (root contention), Bluetooth (device discovery) − Random choice over a set of possible addresses • IPv4 Zeroconf dynamic configuration (link-local addressing) − Randomised algorithms for anonymity, contract signing, … 5

  6. Why probability? • Some systems are inherently probabilistic… • Randomisation, e.g. in distributed coordination algorithms − as a symmetry breaker, in gossip routing to reduce flooding • To model uncertainty and performance − to quantify rate of failures, express Quality of Service • Examples: − computer networks, embedded systems − power management policies − nano-scale circuitry: reliability through defect-tolerance 6

  7. Why probability? • Some systems are inherently probabilistic… • Randomisation, e.g. in distributed coordination algorithms − as a symmetry breaker, in gossip routing to reduce flooding • To model uncertainty and performance − to quantify rate of failures, express Quality of Service • To model biological processes − reactions occurring between large numbers of molecules are naturally modelled in a stochastic fashion 7

  8. Verifying probabilistic systems • We are not just interested in correctness • We want to be able to quantify: − security, privacy, trust, anonymity, fairness − safety, reliability, performance, dependability − resource usage, e.g. battery life − and much more… • Quantitative, as well as qualitative requirements: − how reliable is my car’s Bluetooth network? − how efficient is my phone’s power management policy? − is my bank’s web-service secure? − what is the expected long-run percentage of protein X? 8

  9. Probabilistic models Fully probabilisti tic Nondete terministi tic Discrete-time Markov decision Discrete Di te Markov chains processes (MDPs) time ti (DTMCs) (probabilistic automata) Probabilistic timed automata (PTAs) Continuous-time Conti tinuous Markov chains time ti (CTMCs) CTMDPs/IMCs 9

  10. Course overview • 2 sessions (Tue/Wed am): 4 × 1.5 hour lectures − Introduction − 1 – Discrete time Markov chains (DTMCs) − 2 – Markov decision processes (MDPs) − 3 – LTL model checking − 4 – Probabilistic timed automata (PTAs) • For extended versions of this material − and an accompanying list of references − see: http://www.prismmodelchecker.org/lectures/ 10

  11. Part 1 Discrete-time Markov chains

  12. Overview (Part 1) • Discrete-time Markov chains (DTMCs) • PCTL: A temporal logic for DTMCs • PCTL model checking • Costs and rewards • Case study: Bluetooth device discovery 12

  13. Discrete-time Markov chains • Discrete-time Markov chains (DTMCs) − state-transition systems augmented with probabilities • States − discrete set of states representing possible configurations of the system being modelled • Transitions 1 {fail} − transitions between states occur 
 s 2 in discrete time-steps 0.01 {try} s 0 s 1 0.98 1 • Probabilities 1 s 3 − probability of making transitions 
 between states is given by 
 {succ} 0.01 discrete probability distributions 13

  14. Discrete-time Markov chains • Formally, a DTMC D is a tuple (S,s init ,P,L) where: − S is a finite set of states (“state space”) − s init ∈ S is the initial state − P : S × S → [0,1] is the transition probability matrix where Σ s’ ∈ S P(s,s’) = 1 for all s ∈ S − L : S → 2 AP is function labelling states with atomic propositions 1 • Note: no deadlock states {fail} s 2 − i.e. every state has at least 0.01 {try} one outgoing transition s 0 s 1 1 0.98 1 − can add self loops to represent s 3 final/terminating states {succ} 0.01 14

  15. DTMCs: An alternative definition • Alternative definition: a DTMC is: − a family of random variables { X(k) | k=0,1,2,… } − X(k) are observations at discrete time-steps − i.e. X(k) is the state of the system at time-step k • Memorylessness (Markov property) − Pr( X(k)=s k | X(k-1)=s k-1 , … , X(0)=s 0 ) = Pr( X(k)=s k | X(k-1)=s k-1 ) • We consider homogenous DTMCs − transition probabilities are independent of time − P(s k-1 ,s k ) = Pr( X(k)=s k | X(k-1)=s k-1 ) 15

  16. Paths and probabilities • A (finite or infinite) path through a DTMC − is a sequence of states s 0 s 1 s 2 s 3 … such that P(s i ,s i+1 ) > 0 ∀ i − represents an execution (i.e. one possible behaviour) of the system which the DTMC is modelling • To reason (quantitatively) about this system − need to define a probability space over paths • Intuitively: − sample space: Path(s) = set of all 
 s 1 s 2 s infinite paths from a state s − events: sets of infinite paths from s − basic events: cylinder sets (or “cones”) − cylinder set C( ω ), for a finite path ω
 = set of infinite paths with the common finite prefix ω − for example: C(ss 1 s 2 ) 16

  17. Probability spaces • Let Ω be an arbitrary non-empty set • A σ -algebra (or σ -field) on Ω is a family Σ of subsets of Ω closed under complementation and countable union, i.e.: − if A ∈ Σ , the complement Ω ∖ A is in Σ − if A i ∈ Σ for i ∈ ℕ , the union ∪ i A i is in Σ − the empty set ∅ is in Σ • Theorem: For any family F of subsets of Ω , there exists a unique smallest σ -algebra on Ω containing F • Probability space ( Ω , Σ , Pr) − Ω is the sample space − Σ is the set of events: σ -algebra on Ω − Pr : Σ → [0,1] is the probability measure: Pr( Ω ) = 1 and Pr( ∪ i A i ) = Σ i Pr(A i ) for countable disjoint A i 17

  18. Probability space over paths • Sample space Ω = Path(s) set of infinite paths with initial state s • Event set Σ Path(s) − the cylinder set C( ω ) = { ω ’ ∈ Path(s) | ω is prefix of ω ’ } − Σ Path(s) is the least σ -algebra on Path(s) containing C( ω ) for all finite paths ω starting in s • Probability measure Pr s − define probability P s ( ω ) for finite path ω = ss 1 …s n as: • P s ( ω ) = 1 if ω has length one (i.e. ω = s) • P s ( ω ) = P(s,s 1 ) · … · P(s n-1 ,s n ) otherwise • define Pr s (C( ω )) = P s ( ω ) for all finite paths ω − Pr s extends uniquely to a probability measure Pr s : Σ Path(s) → [0,1] • See [KSK76] for further details 18

  19. Probability space - Example • Paths where sending fails the first time 1 − ω = s 0 s 1 s 2 {fail} − C( ω ) = all paths starting s 0 s 1 s 2 … s 2 0.01 {try} − P s0 ( ω ) = P(s 0 ,s 1 ) · P(s 1 ,s 2 ) s 0 s 1 1 0.98 = 1 · 0.01 = 0.01 1 s 3 − Pr s0 (C( ω )) = P s0 ( ω ) = 0.01 {succ} 0.01 • Paths which are eventually successful and with no failures − C(s 0 s 1 s 3 ) ∪ C(s 0 s 1 s 1 s 3 ) ∪ C(s 0 s 1 s 1 s 1 s 3 ) ∪ … − Pr s0 ( C(s 0 s 1 s 3 ) ∪ C(s 0 s 1 s 1 s 3 ) ∪ C(s 0 s 1 s 1 s 1 s 3 ) ∪ … ) = P s0 (s 0 s 1 s 3 ) + P s0 (s 0 s 1 s 1 s 3 ) + P s0 (s 0 s 1 s 1 s 1 s 3 ) + … = 1·0.98 + 1·0.01·0.98 + 1·0.01·0.01·0.98 + … = 0.9898989898… = 98/99 19

  20. PCTL • Temporal logic for describing properties of DTMCs − PCTL = Probabilistic Computation Tree Logic [HJ94] − essentially the same as the logic pCTL of [ASB+95] • Extension of (non-probabilistic) temporal logic CTL − key addition is probabilistic operator P − quantitative extension of CTL’s A and E operators • Example − send → P ≥ 0.95 [ true U ≤ 10 deliver ] − “if a message is sent, then the probability of it being delivered within 10 steps is at least 0.95” 20

  21. Overview (Part 1) • Discrete-time Markov chains (DTMCs) • PCTL: A temporal logic for DTMCs • PCTL model checking • Costs and rewards • Case study: Bluetooth device discovery 21

  22. PCTL syntax ψ is true with • PCTL syntax: probability ~p − φ ::= true | a | φ ∧ φ | ¬ φ | P ~p [ ψ ] (state formulas) − ψ ::= X φ | φ U ≤ k φ | φ U φ (path formulas) “bounded “next” “until” until” − where a is an atomic proposition, used to identify states of interest, p ∈ [0,1] is a probability, ~ ∈ {<,>, ≤ , ≥ }, k ∈ ℕ • A PCTL formula is always a state formula − path formulas only occur inside the P operator 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend