Probabilistic CEGAR* Björn Wachter Joint work with Holger Hermanns, Lijun Zhang TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Slides:

Advertisements

Similar presentations

Model Checking Base on Interoplation

Advertisements

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

Eager Markov Chains Parosh Aziz Abdulla Noomene Ben Henda Richard Mayr Sven Sandberg TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Kshitij Judah, Alan Fern, Tom Dietterich TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: School of EECS, Oregon State.

Energy and Mean-Payoff Parity Markov Decision Processes Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria MFCS 2011.

Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.

Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.

Relatively Complete Verification of Higher- Order Programs (via Automated Refinement Type Inference) Tachio Terauchi Nagoya University TexPoint fonts used.

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

Miguel E. Andrés Radboud University, The Netherlands Significant Diagnostic Counterexamples in Probabilistic Model Checking Pedro D’Argenio Famaf, Argentina.

A Hybridized Planner for Stochastic Domains Mausam and Daniel S. Weld University of Washington, Seattle Piergiorgio Bertoli ITC-IRST, Trento.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

Interpolants [Craig 1957] G(y,z) F(x,y)

Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.

Computing OverApproximations with Bounded Model Checking Daniel Kroening ETH Zürich.

1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.

1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.

VESTA: A Statistical Model- checker and Analyzer for Probabilistic Systems Authors: Koushik Sen Mahesh Viswanathan Gul Agha University of Illinois at Urbana-Champaign.

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

Verifying Concurrent Message- Passing C Programs with Recursive Calls Sagar Chaki, Edmund Clarke, Nicholas Kidd, Thomas Reps, and Tayssir Touili.

7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.

1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05.

1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.

A Template-based Approach to Complete Predicate Refinement Tachio Terauchi (Nagoya University) Hiroshi Unno (University of Tsukuba) Naoki Kobayashi (University.

1 Interacting Process Classes P.S. Thiagarajan National University of Singapore Joint with: Ankit Goel, Abhik Roychoudhury, Sun Meng To be presented at.

Uri Zwick Tel Aviv University Simple Stochastic Games Mean Payoff Games Parity Games TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts.

Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.

On Finding All Minimally Unsatisfiable Subformulas Mark Liffiton and Karem Sakallah University of Michigan {liffiton, June 21, 2005.

Localization and Register Sharing for Predicate Abstraction Himanshu Jain Franjo Ivančić Aarti Gupta Malay Ganai.

Predicate Abstraction. Abstract state space exploration Method: (1) start in the abstract initial state (2) use to compute reachable states (invariants)

Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.

Reachability for Linear Hybrid Automata Using Iterative Relaxation Abstraction Sumit K. Jha, Bruce H. Krogh, James E. Weimer, Edmund M. Clarke Carnegie.

Concrete Model Checking with Abstract Matching and Refinement Corina Păsăreanu QSS, NASA Ames Research Center Radek Pelánek Masaryk University, Brno, Czech.

1 Proving program termination Lecture 5 · February 4 th, 2008 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.

CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.

Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.

CHARME’03 Predicate abstraction with Minimum Predicates Sagar Chaki*, Ed Clarke*, Alex Groce*, Ofer Strichman** * Carnegie Mellon University ** Technion.

Boolean Programs: A Model and Process For Software Analysis By Thomas Ball and Sriram K. Rajamani Microsoft technical paper MSR-TR Presented by.

1 Computing Abstractions by integrating BDDs and SMT Solvers Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Joint work with R. Cavada, A. Franzen,

Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.

© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,

Counterexample-Guided Abstraction Refinement By Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith Presented by Yunho Kim Provable Software.

The software model checker BLAST Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Presented by Yunho Kim TexPoint fonts used in EMF. Read.

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

Polynomial analysis algorithms for free-choice workflow nets

SS 2017 Software Verification Bounded Model Checking, Outlook

Solving Linear Arithmetic with SAT-based MC

Introduction to Software Verification

Enhancing PDR/IC3 with Localization Abstraction

Lifting Propositional Interpolants to the Word-Level

Property Directed Reachability with Word-Level Abstraction

Over-Approximating Boolean Programs with Unbounded Thread Creation

Statistical Model-Checking of “Black-Box” Probabilistic Systems VESTA

Scalability in Model Checking

Predicate Abstraction

‘Crowds’ through a PRISM

SAT Based Abstraction/Refinement in Model-Checking

Presentation transcript:

Probabilistic CEGAR* Björn Wachter Joint work with Holger Hermanns, Lijun Zhang TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A AAA A AVACS Supported by Uni Saar *To appear in CAV

2 Introducing Probabilistic Model Checking CEGAR (counterexample-guided abstraction refinement) PASS does CEGAR for probabilistic models 1

3 PRISM & PASS PRISM  Very popular probabilistic model checker  Finite-state PASS  Supports PRISM models  handles infinite-state as well  Under the Hood: Predicate abstraction SMT Interpolation

4 Comparison to PRISM Network protocols  Wireless LAN, CSMA  Bounded Retransmission  Sliding Window Model (#)State reduction Speed-up WLAN (3) WLAN (1) 16x-152x ? 1,3x-7x TO->311s CSMA (4)41x-248x1x-2x BRP (3)1x1/2x - 1/3x PRISM vs PASS

5 Basics  Paths, Markov Chains, MDPs  Counterexamples  Probabilistic Programs  Predicate Abstraction Abstraction Refinement  Abstract Counterexamples  Path Analysis  Strongest Evidence  CEGAR algorithm Experimental Results Conclusion Program e Probabilistic Reachability Problem Overview

6 Paths, MCs, MDPs Weighted Path Markov Chain non-determinism … 2/3 1/3 2/31/3

7 Paths, MCs, MDPs 2/3 1/3 2/3 1/3 1 1/2 1/3 2/31/3 Weighted Path Markov Chain Markov Decision Process

8 Adversary Adversary resolves transition non-determinism 2/3 1/3 1 1/2

9 Probabilistic Reachability Probability to get from green to red Weighted Path Markov Chain Markov Decision Process 2/3 1/3 2/3 1/3 1 1/2 1/3 2/31/3

10 Guarded command language à la PRISM  Variables: integer, real, bool  Non-determinism: interleaving Example: Program = (variables, commands, initial condition) Probabilistic Programs x=1 0.2: (x‘:=x+1) x=2 Update #1 0.8: (x‘:=x+2) x=3 Update #2 Guard: x>0 guard Labels for CEX Analysis

11 Predicates: partition the state space  are boolean expressions x>0, x<y, x + y = 3 (variables x,y)  Abstract MDP  Probabilistic may-transitions Similar to Blast, SLAM, Magic …  See our [Qest’07] paper Abstraction guarantees upper bound Predicate Abstraction actual 1 0 Probability: Abstract MDP

12 May Transitions Hier ist‘s noch nicht verständlich genug! Besseres Beispiel wo #abs. trans < #conc. trans abstract concrete

13 CEGAR Loop p actual upper abstract check refine Probability CEX ? Real CEX Low enough

14 Counterexamples (CEX) Resolution of non-determinism  initial state  adversary induces a Markov chain Counterexample:  Resolution of non-det such that probability threshold exceeded Example: CEX for Witness of Reachability probability in MDP 2/3 1/3 1 1/2

15 Path 1Path 2Path 3Path 4… Counterexample Analysis: Idea Idea:  Enumerate paths of Markov chain  Sort paths by probability [Han\Katoen2007]: visit paths with highest measure first  Realizable Spurious Path 1Path 2Path 3Path 4… Probability of Abstract CEX / Markov Chain How much MEASURE is REALIZABLE? More than p?

16 Path Analysis Abstract path: Two cases  Realizable if there‘s a corresponding concrete path  Spurious: no corresponding path Splitter predicate exists iff path spurious Interpolation: predicate from unsatisfiable path formula uu´ u´´ uu´ u´´ uu´ u´´ Reachable with prefix Can do postfix Path formula SAT UNSAT Logic (SMT)

17 Path Analysis Abstract path: Two cases  Realizable if there‘s a corresponding concrete path  Spurious: no corresponding path Splitter predicate (interpolant): uu´ u´´ uu´ u´´ 0 1 x´:=x x´:=x+1 Reachable with prefix Can do postfix Path formula SAT UNSAT Logic (SMT) x=0 x=1 X 10 x>1

18 Example 1.0 concrete abstract Probability: Upper: ?

19 Example(cont): after refinement 0.4 Concrete abstract Probability: Upper: lower

20 Example concrete abstract lower 0.8 Upper 1.0 Multiple Initial states

21 Example concrete abstract Maximum Find Maximal Combination by MAX-SMT (  paper) Probability: lower 0.8 Upper 1.0

22 CEX Analysis: Semi decision procedure Problem in general: undecidable Too many spurious paths  abort counterexample analysis  Output: collection of predicates Enough realizable probability Path 1Path 2Path 3Path 4…Path 1Path 2Path 3Path 4… > C Limit # of spurious paths to enforce termination Path 1Path 2Path 3Path 4…Path 1Path 2Path 3Path 4… Can take many paths To obtain enough realizable probability 0 lower = real

23 Related Work Probabilistic Counterexamples:  … however not in the context of abstraction Hermanns/Aljazzar (FORMATS’05), Han/Katoen (TACAS’07) Abstraction Refinement for Prob. Finite-state Models  CEGAR for stochastic games, Chatterjee et al (UAI’05)  Not based on counterexamples D‘Argenio (Papm-Probmiv02), Fecher & al (SPIN’06): simulation Magnifying-lens, de Alfaro et al (CAV’07): probability values

24 Conclusion & Future Work Abstraction refinement …  Counterexamples ~ Markov Chains Markov Chains have cycles Model Checking Infinite-state Probabilistic Models Speed-up for huge finite-state models Future Work  Better Lower bounds

25 References Tool website Literature  Our work Hermanns, Wachter, Zhang: Probabilistic CEGAR (CAV’08) Wachter, Zhang, Hermanns: MC Modulo Theories (Qest’07)  Counterexamples Hermanns, Aljazar: CEX for timed prob reachability, FORMATS‘05 Han, Katoen: CEX in probabilistic model checking, TACAS‘07  Probabilistic Abstraction Refinement De Alfaro, Magnifying-lens abstraction for MDPs, CAV‘07 Chatterjee, Henzinger, Majumdar: CEX-guided planning, UAI’05

26 Questions?

27 Is Counterexample analysis problem undecidable? Semi-decision algorithm  heuristics If we only need finiteley many paths  decidable if logic is If we need infinitely many  undecidable