Add to collection(s) Add to saved
  1. Math
  2. Statistics And Probability
  3. Probability

Monitoring Temporal Properties of Stochastic Systems

advertisement 
Monitoring Temporal Properties of
Stochastic Systems
A. Prasad Sistla, Abhigna R. Srinivas
Monitoring Temporal Properties of Stochastic Systems – p.
Outline of the talk
Motivation
Monitoring Temporal Properties of Stochastic Systems – p.
Outline of the talk
Motivation
Monitoring Stochastic Systems
Monitoring Temporal Properties of Stochastic Systems – p.
Outline of the talk
Motivation
Monitoring Stochastic Systems
Probabilistic Algorithms
Monitoring Temporal Properties of Stochastic Systems – p.
Outline of the talk
Motivation
Monitoring Stochastic Systems
Probabilistic Algorithms
Monitoring Temporal Properties of Stochastic Systems – p.
Motivation
An application uses a component C , not thouroughly
tested/verified.
C may exhibit computations that violate the correctness
spec Φ
Need a monitor M that detects incorrect computations
at run time
M observes the computation of C and checks for
violation of Φ
Monitoring Temporal Properties of Stochastic Systems – p.
Motivation
An application uses a component C , not thouroughly
tested/verified.
C may exhibit computations that violate the correctness
spec Φ
Need a monitor M that detects incorrect computations
at run time
M observes the computation of C and checks for
violation of Φ
Monitoring Temporal Properties of Stochastic Systems – p.
Motivation
An application uses a component C , not thouroughly
tested/verified.
C may exhibit computations that violate the correctness
spec Φ
Need a monitor M that detects incorrect computations
at run time
M observes the computation of C and checks for
violation of Φ
Monitoring Temporal Properties of Stochastic Systems – p.
Motivation
An application uses a component C , not thouroughly
tested/verified.
C may exhibit computations that violate the correctness
spec Φ
Need a monitor M that detects incorrect computations
at run time
M observes the computation of C and checks for
violation of Φ
Monitoring Temporal Properties of Stochastic Systems – p.
Solution
If Φ is Safety Property then easy
([AS85,Si85,Si87,KV99])
Monitoring Temporal Properties of Stochastic Systems – p.
Solution
If Φ is Safety Property then easy
([AS85,Si85,Si87,KV99])
How to monitor general Φ??
Monitoring Temporal Properties of Stochastic Systems – p.
Solution
If Φ is Safety Property then easy
([AS85,Si85,Si87,KV99])
How to monitor general Φ??
Φ— conjunction of a safety and a liveness property
Monitoring Temporal Properties of Stochastic Systems – p.
Solution
If Φ is Safety Property then easy
([AS85,Si85,Si87,KV99])
How to monitor general Φ??
Φ— conjunction of a safety and a liveness property
Over approximate Φ by a safety property [AR05]
(Liberal Monitor)
Monitoring Temporal Properties of Stochastic Systems – p.
Solution
If Φ is Safety Property then easy
([AS85,Si85,Si87,KV99])
How to monitor general Φ??
Φ— conjunction of a safety and a liveness property
Over approximate Φ by a safety property [AR05]
(Liberal Monitor)
Under approximate it by a safety property
[MSSZ05,SZZ06] (Conservative Monitor)
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Stochastic Systems
A Hidden Markov Chain (HMC) is a pair (G, O) where
G = (S, R, φ) is a finite Markov chain;
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Stochastic Systems
A Hidden Markov Chain (HMC) is a pair (G, O) where
G = (S, R, φ) is a finite Markov chain;
O : S → Σ is an output function
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Stochastic Systems
A Hidden Markov Chain (HMC) is a pair (G, O) where
G = (S, R, φ) is a finite Markov chain;
O : S → Σ is an output function
Σ = 2P , P – set of atomic propositions
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Stochastic Systems
A Hidden Markov Chain (HMC) is a pair (G, O) where
G = (S, R, φ) is a finite Markov chain;
O : S → Σ is an output function
Σ = 2P , P – set of atomic propositions
Define E — the class of measurable subsets of Σω — as
the smallest set so that
For every α ∈ Σ∗ , αΣω ∈ E .
Closed under complementation and countable union.
Monitoring Temporal Properties of Stochastic Systems – p.
Example
1
1/3
1/3
s
1
P,Q
s
0
Q
1/3
s
2
Q
1
For any state s, Fs defines a probability measure on E .
Fs0 (♦P ) = 12 .
Monitoring Temporal Properties of Stochastic Systems – p.
Accuracy of a Monitor
The system is given by a HMC H which is known.
Monitoring Temporal Properties of Stochastic Systems – p.
Accuracy of a Monitor
The system is given by a HMC H which is known.
Outputs of H are observable but not the state
Monitoring Temporal Properties of Stochastic Systems – p.
Accuracy of a Monitor
The system is given by a HMC H which is known.
Outputs of H are observable but not the state
Correctness spec given by a det. Buchi automaton A
Monitoring Temporal Properties of Stochastic Systems – p.
Accuracy of a Monitor
The system is given by a HMC H which is known.
Outputs of H are observable but not the state
Correctness spec given by a det. Buchi automaton A
Construct a monitor M so that
L(M) ⊆ L(A).
L(M) is a safety property.
Monitoring Temporal Properties of Stochastic Systems – p.
Accuracy of a Monitor
The system is given by a HMC H which is known.
Outputs of H are observable but not the state
Correctness spec given by a det. Buchi automaton A
Construct a monitor M so that
L(M) ⊆ L(A).
L(M) is a safety property.
(Acceptance) Accuracy of M is the conditional
probability Fs0 (L(M) | L(A))— s0 initial system state.
Monitoring Temporal Properties of Stochastic Systems – p.
Accuracy of a Monitor
The system is given by a HMC H which is known.
Outputs of H are observable but not the state
Correctness spec given by a det. Buchi automaton A
Construct a monitor M so that
L(M) ⊆ L(A).
L(M) is a safety property.
(Acceptance) Accuracy of M is the conditional
probability Fs0 (L(M) | L(A))— s0 initial system state.
Rejection Accuracy of M is the conditional probability
Fs0 (L̄(M) | L̄(A))— s0 initial system state.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm
Preprocessing
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm
Preprocessing
Compute Markov chain G′ — the product of G and A.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm
Preprocessing
Compute Markov chain G′ — the product of G and A.
A state (s, q) in G′ is good if Fs (L(Aq )) = 1 and bad if
Fs (L(Aq )) is 0. Aq same as A with starting state q .
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm
Preprocessing
Compute Markov chain G′ — the product of G and A.
A state (s, q) in G′ is good if Fs (L(Aq )) = 1 and bad if
Fs (L(Aq )) is 0. Aq same as A with starting state q .
Compute good and bad states of G′ .
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm
Preprocessing
Compute Markov chain G′ — the product of G and A.
A state (s, q) in G′ is good if Fs (L(Aq )) = 1 and bad if
Fs (L(Aq )) is 0. Aq same as A with starting state q .
Compute good and bad states of G′ .
Simulates A on the sequence of system outputs .
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm Contd
Maintains the following variables
X : possible system states, initialized to {s0 }.
q : the automaton state, initialized to q0 .
i: denotes the number of times an accepting
automaton state is reached. Initialized to 0.
counter : denotes the number of expected outputs
before an accepting automaton state.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm Contd
Maintains the following variables
X : possible system states, initialized to {s0 }.
q : the automaton state, initialized to q0 .
i: denotes the number of times an accepting
automaton state is reached. Initialized to 0.
counter : denotes the number of expected outputs
before an accepting automaton state.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm Contd
Maintains the following variables
X : possible system states, initialized to {s0 }.
q : the automaton state, initialized to q0 .
i: denotes the number of times an accepting
automaton state is reached. Initialized to 0.
counter : denotes the number of expected outputs
before an accepting automaton state.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm Contd
Maintains the following variables
X : possible system states, initialized to {s0 }.
q : the automaton state, initialized to q0 .
i: denotes the number of times an accepting
automaton state is reached. Initialized to 0.
counter : denotes the number of expected outputs
before an accepting automaton state.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm Contd
Maintains the following variables
X : possible system states, initialized to {s0 }.
q : the automaton state, initialized to q0 .
i: denotes the number of times an accepting
automaton state is reached. Initialized to 0.
counter : denotes the number of expected outputs
before an accepting automaton state.
Monitoring Temporal Properties of Stochastic Systems – p.
Monitoring Algorithm Contd
Loop forever
Get next output from the system;
Simulate A for one step and Update q as well as X ;
If
all states in X × {q} are good then accept;
If
all states in X × {q} are bad then reject;
counter := counter − 1;
If counter = 0
and q is not an accepting state of A then
reject;
If q
is an accepting state of A then
{i := i + 1; counter := f (q, X, i)}
Monitoring Temporal Properties of Stochastic Systems – p. 1
For any y , 0 ≤ y ≤ 1, there exists a constant k
such that if f (q, X, i) = k · i then the acceptance
accuracy of the monitor is at least y and rejection
accuracy is 1.
Theorem:
If the HMC is fully visible, then the monitor can
be simplified to have both acceptance and rejection
accuracy to be 1.
Theorem:
Monitoring Temporal Properties of Stochastic Systems – p. 1
Example:Resource Acquisition
T
v
1/2
1/2
T
t’
1/2
s’
1/2
1
w’
C
1/3
N
N
1/3
1
1/3
1/3
t
s
1/3
T
1/3
1
w
C
s is the initial state.
v — the state where the server crashed.
Property to be monitored— (T → ♦C).
Acceptance accuracy of 0.9 can be achieved by
choosing k = 3.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Probabilistic Monitors
A probabilistic monitor M:
For i = 1, ..., ∞
Get the ith input from the system;
With some computed probability pi , reject and stop
Monitoring Temporal Properties of Stochastic Systems – p. 1
Probabilistic Monitors
A probabilistic monitor M:
For i = 1, ..., ∞
Get the ith input from the system;
With some computed probability pi , reject and stop
For a finite sequence α of length k , pr(α)— probability
that α is accepted— is (1 − p1 ) · ... · (1 − pk ).
Monitoring Temporal Properties of Stochastic Systems – p. 1
Probabilistic Monitors
A probabilistic monitor M:
For i = 1, ..., ∞
Get the ith input from the system;
With some computed probability pi , reject and stop
For a finite sequence α of length k , pr(α)— probability
that α is accepted— is (1 − p1 ) · ... · (1 − pk ).
For σ ∈ Σω , Prob {σ is accepted} = limk→∞ pr(σk ),
σk – prefix of σ of length k .
Monitoring Temporal Properties of Stochastic Systems – p. 1
Probabilistic Monitors
A probabilistic monitor M:
For i = 1, ..., ∞
Get the ith input from the system;
With some computed probability pi , reject and stop
For a finite sequence α of length k , pr(α)— probability
that α is accepted— is (1 − p1 ) · ... · (1 − pk ).
For σ ∈ Σω , Prob {σ is accepted} = limk→∞ pr(σk ),
σk – prefix of σ of length k .
M is a probabilistic monitor for L ⊆ Σω , if for every
σ∈
/ L, M rejects σ with probability 1.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Existence of Monitors
A strong monitor for L, is a probabilistic monitor that
accepts every σ ∈ L with non-zero probability.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Existence of Monitors
A strong monitor for L, is a probabilistic monitor that
accepts every σ ∈ L with non-zero probability.
Strong Monitor for ♦P : Reject with a fixed probability p
until the first P . Has graceful degradation property.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Existence of Monitors
A strong monitor for L, is a probabilistic monitor that
accepts every σ ∈ L with non-zero probability.
Strong Monitor for ♦P : Reject with a fixed probability p
until the first P . Has graceful degradation property.
Theorem: There is a strong monitor for L iff L̄ is
accepted by finite/infinite state deterministic Buchi
automaton.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Existence of Monitors
A strong monitor for L, is a probabilistic monitor that
accepts every σ ∈ L with non-zero probability.
Strong Monitor for ♦P : Reject with a fixed probability p
until the first P . Has graceful degradation property.
Theorem: There is a strong monitor for L iff L̄ is
accepted by finite/infinite state deterministic Buchi
automaton.
There exist strong monitors for ♦P, ♦P .
Monitoring Temporal Properties of Stochastic Systems – p. 1
Existence of Monitors
A strong monitor for L, is a probabilistic monitor that
accepts every σ ∈ L with non-zero probability.
Strong Monitor for ♦P : Reject with a fixed probability p
until the first P . Has graceful degradation property.
Theorem: There is a strong monitor for L iff L̄ is
accepted by finite/infinite state deterministic Buchi
automaton.
There exist strong monitors for ♦P, ♦P .
There are no strong monitors for ♦P and
♦P → ♦Q.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Monitors for ♦P
A probabilistic monitor M for ♦P :
Until the first P , reject with probability 21 after each
input.
For each i > 0, from the ith P until the next P , reject
with probability ( 21 )i after each input.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Monitors for ♦P
A probabilistic monitor M for ♦P :
Until the first P , reject with probability 21 after each
input.
For each i > 0, from the ith P until the next P , reject
with probability ( 21 )i after each input.
Theorem:Any sequence, in which the distance between
consecutive P s is bounded, is accepted with non-zero
probability.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Monitors for ♦P
A probabilistic monitor M for ♦P :
Until the first P , reject with probability 21 after each
input.
For each i > 0, from the ith P until the next P , reject
with probability ( 21 )i after each input.
Theorem:Any sequence, in which the distance between
consecutive P s is bounded, is accepted with non-zero
probability.
Monitor for ♦P → ♦Q: After each P , reject with
1
probability 2i+1
; i is the number of Qs before this
symbol.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Monitors for ♦P
A probabilistic monitor M for ♦P :
Until the first P , reject with probability 21 after each
input.
For each i > 0, from the ith P until the next P , reject
with probability ( 21 )i after each input.
Theorem:Any sequence, in which the distance between
consecutive P s is bounded, is accepted with non-zero
probability.
Monitor for ♦P → ♦Q: After each P , reject with
1
probability 2i+1
; i is the number of Qs before this
symbol.
can give prob. monitors for det. Streett/Buchi automata.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Hybrid Algorithms
Combine counter based methods with probabilities.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Hybrid Algorithms
Combine counter based methods with probabilities.
Hybrid Algorithm for ♦P :
After each input toss a fair coin.
After every k th input: If no P in the last k inputs and
all the last k coin tosses were “heads” then reject.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Hybrid Algorithms
Combine counter based methods with probabilities.
Hybrid Algorithm for ♦P :
After each input toss a fair coin.
After every k th input: If no P in the last k inputs and
all the last k coin tosses were “heads” then reject.
The k -counter serves dual purpose: as reusable
timeout and also for generating low probability, i.e.
1
2k .
Monitoring Temporal Properties of Stochastic Systems – p. 1
Hybrid Algorithms
Combine counter based methods with probabilities.
Hybrid Algorithm for ♦P :
After each input toss a fair coin.
After every k th input: If no P in the last k inputs and
all the last k coin tosses were “heads” then reject.
The k -counter serves dual purpose: as reusable
timeout and also for generating low probability, i.e.
1
2k .
Highly accurate. It can be more accurate by a factor of
2k compared to deterministic counter based methods
Monitoring Temporal Properties of Stochastic Systems – p. 1
Experimental Results
Conducted simple experiments monitoring for ♦P and
♦P .
Monitoring Temporal Properties of Stochastic Systems – p. 1
Experimental Results
Conducted simple experiments monitoring for ♦P and
♦P .
Considered strings that are very long (length > 106 )
Monitoring Temporal Properties of Stochastic Systems – p. 1
Experimental Results
Conducted simple experiments monitoring for ♦P and
♦P .
Considered strings that are very long (length > 106 )
Generated strings in which the distance between
consecutive P s is normally distributed and uniformly
distributed.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Experimental Results
Conducted simple experiments monitoring for ♦P and
♦P .
Considered strings that are very long (length > 106 )
Generated strings in which the distance between
consecutive P s is normally distributed and uniformly
distributed.
Used k -counters with k = 50, 100, ...
Monitoring Temporal Properties of Stochastic Systems – p. 1
Experimental Results
Conducted simple experiments monitoring for ♦P and
♦P .
Considered strings that are very long (length > 106 )
Generated strings in which the distance between
consecutive P s is normally distributed and uniformly
distributed.
Used k -counters with k = 50, 100, ...
The Hybrid algorithms never rejected any corrected
sequence.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Related Work
Monitoring for safety properties done by many people
[Si87], [KV99], etc.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Related Work
Monitoring for safety properties done by many people
[Si87], [KV99], etc.
Recent work— Amorium and Rosu (CAV2005)– handle
some liveness. Concentrate on evaluating efficiently
atomic propositions in system states.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Related Work
Monitoring for safety properties done by many people
[Si87], [KV99], etc.
Recent work— Amorium and Rosu (CAV2005)– handle
some liveness. Concentrate on evaluating efficiently
atomic propositions in system states.
The paper [PZZ 200] uses game theoretic approach.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Conclusions
Other cost measures for tuning deterministic algs for
HMCs.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Conclusions
Other cost measures for tuning deterministic algs for
HMCs.
How to monitor for complex systems? Use
Assume/guarantee paradigms.
Monitoring Temporal Properties of Stochastic Systems – p. 1
Conclusions
Other cost measures for tuning deterministic algs for
HMCs.
How to monitor for complex systems? Use
Assume/guarantee paradigms.
Monitoring in a distributed environment!
Monitoring Temporal Properties of Stochastic Systems – p. 1
Related documents
Abstract. The problem of identifying a stochastic matrix as a t
Abstract. The problem of identifying a stochastic matrix as a t
Adeline Samson model
Adeline Samson model
"A Stochastic Model of Tuberculosis Incororating Household Clusters" By
"A Stochastic Model of Tuberculosis Incororating Household Clusters" By
(1)
(1)
Document10911151 10911151
Document10911151 10911151
Download
advertisement