prts: an approach for model checking probabilistic real ...pat/iwesss12/iwesss2012 prts.pdf ·...
TRANSCRIPT
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
PRTS: An Approach for Model CheckingProbabilistic Real-time Hierarchical Systems
Songzheng Song
Software Engineering Lab, NUS
IWESSS 2012February 23, 2012
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Motivation
Model checking real-life systems is usually difficult.
quantitative timing factorsunreliable/random environmentcomplex data operationshierarchical control flows
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Motivation
Model checking real-life systems is usually difficult.
quantitative timing factorsunreliable/random environmentcomplex data operationshierarchical control flows
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift System
Serving time/responding timeRandom user behaviorsTask assign algorithmlifts/users/buttons...
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift System
Scenario : one user presses the lift button, but one lift travelingon the same direction passes by without serving him/her!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Existing Approach
Probabilistic Timed Automata (PTA) is widely used to specifysystems having stochastic and real-time characteristics.
1 PTA models often have a simple structure, e.g. a networkof automata without hierarchy;
2 Verifying PTA models is not very efficient.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Existing Approach
Probabilistic Timed Automata (PTA) is widely used to specifysystems having stochastic and real-time characteristics.
1 PTA models often have a simple structure, e.g. a networkof automata without hierarchy;
2 Verifying PTA models is not very efficient.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Our Approach
1 Design an expressive modeling language supportingfeatures like real-time, hierarchy, concurrency, datastructures as well as probability.
2 Build a model checker for this language in order to analyzethe behavior of such systems.
3 Verify widely used properties such as reachability checkingand LTL checking.
We propose PRTS for probabilistic real-time systems and it hasbeen integrated into our framework PAT.
http://www.patroot.com
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Our Approach
1 Design an expressive modeling language supportingfeatures like real-time, hierarchy, concurrency, datastructures as well as probability.
2 Build a model checker for this language in order to analyzethe behavior of such systems.
3 Verify widely used properties such as reachability checkingand LTL checking.
We propose PRTS for probabilistic real-time systems and it hasbeen integrated into our framework PAT.
http://www.patroot.com
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Based on C. A. R. Hoare’s CSP
P = Stop – in-action| Skip – termination| e→ P – event prefixing| a{program} → P – data operation prefixing| [b]P – guard condition| if (b) {P} else {Q} – conditional choice| P 2 Q – external choice| P u Q – internal choice| P \ X – hiding| P; Q – sequential composition| P ‖ Q – parallel composition| Q – process referencing
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Based on C. A. R. Hoare’s CSP
P = Wait [d ] – delay| P timeout [d ] Q – timeout| P interrupt [d ] Q – timed interrupt| P within[d ] – timed responsiveness| P deadline[d ] – deadline
d is a non-negative integer.
P = pcase{pr0 : P0; pr1 : P1; · · · ; prk : Pk}
pri is defined as a positive integer. It means with probabilitypri
pr0+pr1+···+prk, P behaves as Pi .
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Based on C. A. R. Hoare’s CSP
P = Wait [d ] – delay| P timeout [d ] Q – timeout| P interrupt [d ] Q – timed interrupt| P within[d ] – timed responsiveness| P deadline[d ] – deadline
d is a non-negative integer.
P = pcase{pr0 : P0; pr1 : P1; · · · ; prk : Pk}
pri is defined as a positive integer. It means with probabilitypri
pr0+pr1+···+prk, P behaves as Pi .
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift System
1. #define NoOfFloors 2;2. #define NoOfLifts 2;3. #import "PAT.Lib.Lift";4. var<LiftControl> ctrl = new LiftControl(NoOfFloors,NoOfLifts);5. Users() = pcase {6. 1 : extreq.0.1{ctrl.Assign_External_Up_Request(0)} -> Skip7. 1 : intreq.0.0.1{ctrl.Add_Internal_Request(0,0)} -> Skip8. 1 : intreq.1.0.1{ctrl.Add_Internal_Request(1,0)} -> Skip9. 1 : extreq.1.0{ctrl.Assign_External_Down_Request(1)} -> Skip10. 1 : intreq.0.1.1{ctrl.Add_Internal_Request(0,1)} -> Skip11. 1 : intreq.1.1.1{ctrl.Add_Internal_Request(1,1)} -> Skip12. } within[1]; Users();13. Lift(i, level, direction) = ...;14. System = (||| x:{0..NoOfLifts-1} @ Lift(x, 0, 1)) ||| Users();
Property: what is the probability that a lift passes by?
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift System
1. #define NoOfFloors 2;2. #define NoOfLifts 2;3. #import "PAT.Lib.Lift";4. var<LiftControl> ctrl = new LiftControl(NoOfFloors,NoOfLifts);5. Users() = pcase {6. 1 : extreq.0.1{ctrl.Assign_External_Up_Request(0)} -> Skip7. 1 : intreq.0.0.1{ctrl.Add_Internal_Request(0,0)} -> Skip8. 1 : intreq.1.0.1{ctrl.Add_Internal_Request(1,0)} -> Skip9. 1 : extreq.1.0{ctrl.Assign_External_Down_Request(1)} -> Skip10. 1 : intreq.0.1.1{ctrl.Add_Internal_Request(0,1)} -> Skip11. 1 : intreq.1.1.1{ctrl.Add_Internal_Request(1,1)} -> Skip12. } within[1]; Users();13. Lift(i, level, direction) = ...;14. System = (||| x:{0..NoOfLifts-1} @ Lift(x, 0, 1)) ||| Users();
Property: what is the probability that a lift passes by?
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Definition (Markov Decision Process)
An MDP is a tuple D = (S, init ,Act ,Pr) whereS is a set of states;init ∈ S is the initial state;Act is a set of actions and Actτ is Act ∪ τ ;Pr : S × (Actτ ∪ R+)× Distr(S) is a transition relation.
A Markov Chain can be defined given an MDP D and ascheduler δ, which is denoted as Dδ.
A path of Dδ is defined as ω = s0x0→ s1
x1→ s2x2→ ...
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Definition (Markov Decision Process)
An MDP is a tuple D = (S, init ,Act ,Pr) whereS is a set of states;init ∈ S is the initial state;Act is a set of actions and Actτ is Act ∪ τ ;Pr : S × (Actτ ∪ R+)× Distr(S) is a transition relation.
A Markov Chain can be defined given an MDP D and ascheduler δ, which is denoted as Dδ.
A path of Dδ is defined as ω = s0x0→ s1
x1→ s2x2→ ...
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Definition (Markov Decision Process)
An MDP is a tuple D = (S, init ,Act ,Pr) whereS is a set of states;init ∈ S is the initial state;Act is a set of actions and Actτ is Act ∪ τ ;Pr : S × (Actτ ∪ R+)× Distr(S) is a transition relation.
A Markov Chain can be defined given an MDP D and ascheduler δ, which is denoted as Dδ.
A path of Dδ is defined as ω = s0x0→ s1
x1→ s2x2→ ...
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Given a property φ:
PmaxD (φ) = supδ PD({π ∈ paths(Dδ) | π satisfies φ})
PminD (φ) = infδ PD({π ∈ paths(Dδ) | π satisfies φ})
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Definition (Concrete System Configuration)
A concrete system configuration is a tuple s = (σ,P) where σ isa variable valuation and P is a process.
The probabilistic transition relation of a model’s MDP semanticsis defined by a set of firing rules with every process construct.
Wait [d ]pcase
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Definition (Concrete System Configuration)
A concrete system configuration is a tuple s = (σ,P) where σ isa variable valuation and P is a process.
The probabilistic transition relation of a model’s MDP semanticsis defined by a set of firing rules with every process construct.
Wait [d ]pcase
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Wait [d ]
ε ≤ d[ wait1 ]
(σ,Wait [d ]) ε→ (σ,Wait [d − ε])
[ wait2 ](σ,Wait [0]) τ→ (σ,Skip)
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
pcase
[ pcase ](σ, pcase {pr0 : P0; pr1 : P1; · · · ; prk : Pk})
τ→ µ
µ((σ,Pi)) =pri
pr0+pr1+···+prkfor all i ∈ [0, k ]
pcase transitions are not time-consuming!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
pcase
[ pcase ](σ, pcase {pr0 : P0; pr1 : P1; · · · ; prk : Pk})
τ→ µ
µ((σ,Pi)) =pri
pr0+pr1+···+prkfor all i ∈ [0, k ]
pcase transitions are not time-consuming!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Using the firing rules, the transition relation of the MDP couldbe defined. However, since PRTS model has a dense-timesemantics, the underlying MDP has infinite states.
(σ, Wait [1]) 0.1→ (σ, Wait [0.9]) 0.01→ (σ, Wait [0.89]) 0.001→ ...
Abstraction is required!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Using the firing rules, the transition relation of the MDP couldbe defined. However, since PRTS model has a dense-timesemantics, the underlying MDP has infinite states.
(σ, Wait [1]) 0.1→ (σ, Wait [0.9]) 0.01→ (σ, Wait [0.89]) 0.001→ ...
Abstraction is required!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Using the firing rules, the transition relation of the MDP couldbe defined. However, since PRTS model has a dense-timesemantics, the underlying MDP has infinite states.
(σ, Wait [1]) 0.1→ (σ, Wait [0.9]) 0.01→ (σ, Wait [0.89]) 0.001→ ...
Abstraction is required!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Dynamic Zone Abstraction
The first step of abstraction is to associate timed processconstructs with implicit clocks.
P timeout [d ] Q → P timeout [d ]c QConstraint over clock : c ≤ 5 represents any processP timeout [d ′] Q with d ′ ≤ 5
A zone D is the conjunction of multiple primitive constraintsover a set of clocks.
c ∼ d or ci − cj ∼ d where c, ci , cj are values of clocks andd is a constant integer. ∼ represents ≥,≤,=
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Dynamic Zone Abstraction
The first step of abstraction is to associate timed processconstructs with implicit clocks.
P timeout [d ] Q → P timeout [d ]c QConstraint over clock : c ≤ 5 represents any processP timeout [d ′] Q with d ′ ≤ 5
A zone D is the conjunction of multiple primitive constraintsover a set of clocks.
c ∼ d or ci − cj ∼ d where c, ci , cj are values of clocks andd is a constant integer. ∼ represents ≥,≤,=
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Abstract Configurations
Definition (Abstract System Configuration)
Given a concrete system configuration (σ,P), thecorresponding abstract system configuration is a triple(σ,PT ,D) such that PT is a process obtained by associating Pwith a set of clocks; and D is a zone over the clocks.
Abstract firing rules are defined in order to get the abstractMDP. Wait [d ] and pcase are listed as examples.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Abstract Configurations
Definition (Abstract System Configuration)
Given a concrete system configuration (σ,P), thecorresponding abstract system configuration is a triple(σ,PT ,D) such that PT is a process obtained by associating Pwith a set of clocks; and D is a zone over the clocks.
Abstract firing rules are defined in order to get the abstractMDP. Wait [d ] and pcase are listed as examples.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
Wait [d ]
[ await ](σ,Wait [d ]c ,D)
τ (σ,Skip,D↑ ∧ c = d)
D↑ denotes the zone obtained by delaying arbitrary amountof time. e.g. (c ≤ 5)↑ is c ≤ ∞.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Concrete ConfigurationsAbstraction
pcase
[ apcase ](σ, pcase {pr0 : P0; pr1 : P1; · · · ; prk : Pk},D)
τ µ
µ((σ,Pi ,D)) = pripr0+pr1+···+prk
for i ∈ [0, k ]; zone is unchanged.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
verification
1 abstract model is suitable for standard probabilistic modelchecking techniques.
2 abstract model preserves the verification result of givenproperty φ in concrete model.
M : PRTS model;DM : concrete MDP of M;Da
M : abstract MDP of M.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Theorem 1
TheoremDa
M is finite for any model M. 2
1 Variable valuations are finite[by assumption].2 Process expressions are finite[by assumption and clock
reuse].3 Zones are finite.
J. Bengtsson and Y. Wang.Timed Automata: Semantics, Algorithms and Tools.In Lectures on Concurrency and Petri Nets, pages 87-124,2003.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Theorem 1
TheoremDa
M is finite for any model M. 2
1 Variable valuations are finite[by assumption].2 Process expressions are finite[by assumption and clock
reuse].3 Zones are finite.
J. Bengtsson and Y. Wang.Timed Automata: Semantics, Algorithms and Tools.In Lectures on Concurrency and Petri Nets, pages 87-124,2003.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Definition
A probabilistic time-abstract bi-simulation relation between aDTMC C = (Sc , initc ,Act ,Prc) and an abstract DTMCCa = (Sa, inita,Act ,Pra) is a relation R ⊆ Sc × Sa satisfying thefollowing condition.C1: If (sc , sa) ∈ R, then sc and sa have the same variable
valuation.C2: If (sc , sa) ∈ R and (sc , (ε,e,p), s′c) ∈ Prc for some ε ≥ 0,
e ∈ Actτ and p ∈ [0,1], then there exists s′a such that(sa, (e,p), s′a) ∈ Pra and (s′c , s′a) ∈ R;
C3: If (sc , sa) ∈ R and (sa, (e,p), s′a) ∈ Pra for some e ∈ Actτand p ∈ [0,1], then there exists some ε ≥ 0 and s′c suchthat (sc , (ε,e,p), s′c) ∈ Prc and (s′c , s′a) ∈ R;
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Theorem 2
Theorem
PmaxDa
M(φ) = Pmax
DM(φ) and Pmin
DaM(φ) = Pmin
DM(φ). 2
1 For any scheduler δ in DaM , there is a scheduler ξ in DM
such that (DaM)δ and (DM)ξ are bisimilar Markov Chains.
2 For any scheduler η in DM , there is a scheduler ϑ in DaM
such that (DM)η and (DaM)ϑ are bisimilar Markov Chains.
pcase transitions are not time-consuming!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Theorem 2
Theorem
PmaxDa
M(φ) = Pmax
DM(φ) and Pmin
DaM(φ) = Pmin
DM(φ). 2
1 For any scheduler δ in DaM , there is a scheduler ξ in DM
such that (DaM)δ and (DM)ξ are bisimilar Markov Chains.
2 For any scheduler η in DM , there is a scheduler ϑ in DaM
such that (DM)η and (DaM)ϑ are bisimilar Markov Chains.
pcase transitions are not time-consuming!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Theorem 2
Theorem
PmaxDa
M(φ) = Pmax
DM(φ) and Pmin
DaM(φ) = Pmin
DM(φ). 2
1 For any scheduler δ in DaM , there is a scheduler ξ in DM
such that (DaM)δ and (DM)ξ are bisimilar Markov Chains.
2 For any scheduler η in DM , there is a scheduler ϑ in DaM
such that (DM)η and (DaM)ϑ are bisimilar Markov Chains.
pcase transitions are not time-consuming!
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
After abstraction, we obtain the finite states system andstandard probabilistic model checking are applied to solve thelinear program in MDP.
C. Baier and J. Katoen.Principles of Model checking.The MIT Press, 2008.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift SystemBenchmark Systems Compared with PRISM
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift SystemBenchmark Systems Compared with PRISM
Multi-lift System
Property: one user presses the lift button, but one lift travelingon the same direction passes by without serving him/her.
SystemRandom Nearest
Result(pmax) States Time(s) Result(pmax) States Time(s)lift=2; floor=2; user=2 0.21875 20120 1.47 0.13889 12070 1.33lift=2; floor=2; user=3 0.47656 173729 15.04 0.34722 83026 6.23lift=2; floor=2; user=4 0.6792 777923 90.66 0.53781 308602 28.31lift=2; floor=2; user=5 0.81372 2175271 406.29 0.68403 740997 85.29lift=2; floor=3; user=2 0.2551 72458 5.13 0.18 38593 2.89lift=2; floor=3; user=3 0.54009 1172800 150.20 0.427 500897 48.05lift=2; floor=4; user=2 0.27 170808 13.06 0.19898 86442 6.11lift=3; floor=2; user=2 0.22917 562309 86.88 0.10938 266621 34.25
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Multi-lift SystemBenchmark Systems Compared with PRISM
Benchmark Systems Compared with PRISM
System ResultPAT PRISM
States Time(s) States Iterations Time(s)FA(10K) 0.94727 1352 0.15 1065 19 1.98FA(20K) 0.99849 5030 0.13 8663 34 65.08FA(30K) 0.99994 11023 0.45 34233 45 575.03FA(300K) >0.99999 726407 30.74 - - -ZC(100) 0.49934 404 0.15 135 0 0.28ZC(300) 0.01291 4813 0.65 2129 26 2.73ZC(500) 0.00027 12840 2.39 10484 44 63.19ZC(700) 1E-5 24058 5.78 31717 60 427.70
One is the firewire abstraction (FA) for IEEE 1394 FireWire rootcontention protocol and the other is zeroconf (ZC) for Zeroconfnetwork configuration protocol.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Outline
1 Motivation
2 Language Syntax of PRTS
3 Operational SemanticsConcrete ConfigurationsAbstraction
4 Verification
5 EvaluationMulti-lift SystemBenchmark Systems Compared with PRISM
6 Conclusion
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
Conclusion
1 Modeling language PRTS is proposed for hierarchicalprobabilistic real-time systems.
2 Zone abstraction is used in order to apply probabilisticmodel checking techniques. Evaluations demonstrate theefficiency of our approach.
3 Model checker PAT is extended to support PRTS.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
References I
C. A. R. Hoare.Communicating Sequential Processes.Prentice-Hall, 1985.
R. Alur, C. Courcoubetis, and D. L. Dill.Model-checking for Probabilistic Real-time Systems.ICALP, pages 115-126, 1991.
A. Hinton, M. Kwiatkowska, G. Norman and D. Parker.PRISM: A Tool for Automatic Verification of ProbabilisticSystems.TACAS, pages 441-444, 2006.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
References II
C. Baier and J. Katoen.Principles of Model checking.The MIT Press, 2008.
M. Kwiatkowska, G. Norman, R. Segala and J. Sproston.Automatic Verification of Real-time Systems with DiscreteProbability Distributions.Theoretical Computer Science, 282(1):101–150, 2002.
S. Schnerder.Concurrent and Real-time Systems.John Wiley and Sons, 2000.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
References III
J. Ouaknine and J. Worrell.Timed CSP = Closed Timed Safety Automata.Electrical Notes Theoretical Computer Sciences, 68(2),2002.
J. Sun, Y. Liu, J. S. Dong and X. Zhang.Verifying Stateful Timed CSP Using Implicit Clocks andZone Abstraction.ICFEM, pages 581-600, 2009.
J. Sun, S. Song and Y. LiuModel Checking Hierarchical Probabilistic Systems.ICFEM, pages 388-403, 2010.
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com
MotivationLanguage Syntax of PRTS
Operational SemanticsVerificationEvaluation
Conclusion
T HANK YOU !
Songzheng Song, IWESSS 2012 PRTS@PAT http://www.patroot.com