1 / 27

Probabilistic CEGAR* Björn Wachter

Probabilistic CEGAR* Björn Wachter. *To appear in CAV. Joint work with Holger Hermanns, Lijun Zhang. Supported by. Uni Saar. AVACS. TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A A A A A. Introducing. Probabilistic Model Checking

sheryl
Download Presentation

Probabilistic CEGAR* Björn Wachter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Probabilistic CEGAR*Björn Wachter *To appear in CAV Joint work with Holger Hermanns, Lijun Zhang Supported by Uni Saar AVACS TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAA

  2. Introducing • Probabilistic Model Checking • CEGAR (counterexample-guided abstraction refinement) • PASS does CEGAR for probabilistic models 1

  3. PRISM & PASS PRISM • Very popular probabilistic model checker • Finite-state PASS • Supports PRISM models • handles infinite-state as well • Under the Hood: • Predicate abstraction • SMT • Interpolation

  4. Comparison to PRISM • Network protocols • Wireless LAN, CSMA • Bounded Retransmission • Sliding Window PRISM vs PASS

  5. Overview • Basics • Paths, Markov Chains, MDPs • Counterexamples • Probabilistic Programs • Predicate Abstraction • Abstraction Refinement • Abstract Counterexamples • Path Analysis • Strongest Evidence • CEGAR algorithm • Experimental Results • Conclusion Probabilistic Reachability Problem Program e

  6. Paths, MCs, MDPs Weighted Path Markov Chain • non-determinism … 1/3 2/3 1/3 1/3 2/3 1/3 1/3 1/3

  7. 1/3 1 2/3 1/3 1/3 1/3 1/2 1/2 Paths, MCs, MDPs Weighted Path Markov Chain Markov Decision Process 1/3 2/3 1/3 1/3 2/3 1/3 1/3 1/3

  8. 1 1/2 1/2 Adversary Adversary resolves transition non-determinism 1/3 2/3 1/3 1/3 1/3

  9. Probabilistic Reachability • Probability to get from green to red • Weighted Path • Markov Chain • Markov Decision Process 1/3 2/3 1/3 1/3 2/3 1/3 1/3 1/3 1/3 1 2/3 1/3 1/3 1/3 1/2 1/2

  10. Guard: x>0 0.2: (x‘:=x+1) 0.8: (x‘:=x+2) x=2 x=3 Update #1 guard Update #2 Probabilistic Programs • Guarded command language à la PRISM • Variables: integer, real, bool • Non-determinism: interleaving • Example: • Program = (variables, commands, initial condition) x=1 Labels for CEX Analysis

  11. Predicate Abstraction • Predicates: partition the state space • are boolean expressions • x>0, x<y, x + y = 3 (variables x,y) •  Abstract MDP • Probabilisticmay-transitions • Similar to Blast, SLAM, Magic … • See our [Qest’07] paper • Abstraction guarantees upper bound Probability: 1 Abstract MDP actual 0

  12. 0.2 0.2 0.8 0.8 1.0 1.0 May Transitions • Hier ist‘s noch nicht verständlich genug! • Besseres Beispiel wo #abs. trans < #conc. trans abstract concrete

  13. upper actual CEGAR Loop abstract check Probability p ? CEX refine Low enough Real CEX

  14. 1 1/2 1/2 Counterexamples (CEX) • Resolution of non-determinism • initial state • adversary induces a Markov chain • Counterexample: • Resolution of non-det such that probability threshold exceeded Example: CEX for Witness of Reachability probability in MDP 1/3 2/3 1/3 1/3 1/3

  15. Counterexample Analysis: Idea • Idea: • Enumerate paths of Markov chain • Sort paths by probability [Han\Katoen2007]: visit paths with highest measure first • Realizable Spurious Path 1 Path 1 Path 2 Path 2 Path 3 Path 3 Path 4 Path 4 … … Probability of Abstract CEX / Markov Chain How much MEASURE is REALIZABLE? More than p?

  16. u u´ u´´ Path Analysis Logic (SMT) • Abstract path: Two cases • Realizable if there‘s a corresponding concrete path • Spurious: no corresponding path • Splitter predicate exists iff path spurious • Interpolation: predicate from unsatisfiable path formula u´´ u u´ Reachable with prefix u u´ Can do postfix u´´

  17. Reachable with prefix x´:=x+1 x´:=x+1 2 1 Can do postfix x´:=x+1 9 10 Path Analysis Logic (SMT) • Abstract path: Two cases • Realizable if there‘s a corresponding concrete path • Spurious: no corresponding path • Splitter predicate (interpolant): u´´ u u´ u u´ u´´ 0 x=1 x=0 x>1 X 10

  18. ? 1.0 0.2 Example Probability: Upper: 1.0 0.8 0.2 0 concrete abstract 0.8 0.5 0.5

  19. 0.4 Example(cont): after refinement Probability: Upper: 0.4 0.4 0 Concrete abstract lower 0.8 0.5

  20. 0.2 0.8 1.0 0.2 0.2 0.2 0.8 Multiple Initial states 0.8 Example 2 Upper 1.0 0.2 0.8 0 concrete abstract lower 0.8 1.0 0.8

  21. 1.0 0.2 0.2 0.8 0.8 Example 2 Probability: • Find Maximal Combination by MAX-SMT ( paper) Upper 1.0 0.2 0.8 0.8 0.8 0 concrete abstract lower 0.8 0.2 1.0 0.8 Maximum

  22. CEX Analysis:Semi decision procedure • Problem in general: undecidable • Too many spurious paths  abort counterexample analysis • Output: collection of predicates • Enough realizable probability Path 1 Path 1 Path 2 Path 2 Path 3 Path 3 Path 4 Path 4 … … > C Limit # of spurious paths to enforce termination lower = real Path 1 Path 1 Path 2 Path 2 Path 3 Path 3 Path 4 Path 4 … … Can take many paths To obtain enough realizable probability 0

  23. Related Work • Probabilistic Counterexamples: • … however not in the context of abstraction • Hermanns/Aljazzar (FORMATS’05) , Han/Katoen (TACAS’07) • Abstraction Refinement for Prob. Finite-state Models • CEGAR for stochastic games, Chatterjee et al (UAI’05) • Not based on counterexamples • D‘Argenio (Papm-Probmiv02), Fecher & al (SPIN’06): simulation • Magnifying-lens, de Alfaro et al (CAV’07): probability values

  24. Conclusion & Future Work • Abstraction refinement … • Counterexamples ~ Markov Chains • Markov Chains have cycles • Model Checking Infinite-state Probabilistic Models • Speed-up for huge finite-state models • Future Work • Better Lower bounds

  25. References • Tool website http://depend.cs.uni-sb.de/pass • Literature • Our work • Hermanns, Wachter, Zhang: Probabilistic CEGAR (CAV’08) • Wachter, Zhang, Hermanns: MC Modulo Theories (Qest’07) • Counterexamples • Hermanns, Aljazar: CEX for timed prob reachability, FORMATS‘05 • Han, Katoen: CEX in probabilistic model checking, TACAS‘07 • Probabilistic Abstraction Refinement • De Alfaro, Magnifying-lens abstraction for MDPs, CAV‘07 • Chatterjee, Henzinger, Majumdar: CEX-guided planning, UAI’05

  26. Questions?

  27. Is Counterexample analysis problem undecidable? • Semi-decision algorithm  heuristics • If we only need finiteley many paths  decidable if logic is • If we need infinitely many  undecidable

More Related