Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 x try 0 x lost 0 x delivered 0 Init Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 x try 0 0 x lost 0 0 x delivered 0 1 Init Step-1 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 0 x try 0 0 0 . 9 x lost 0 0 0 x delivered 0 1 1 Init Step-1 Step-2 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 0 0 . 9 x try 0 0 0 . 9 0 . 9 x lost 0 0 0 0 . 9 x delivered 0 1 1 1 Init Step-1 Step-2 Step-3 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 0 0 . 9 0 . 9 x try 0 0 0 . 9 0 . 9 0 . 99 x lost 0 0 0 0 . 9 0 . 9 x delivered 0 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 0 0 . 9 0 . 9 0 . 99 x try 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x lost 0 0 0 0 . 9 0 . 9 0 . 99 x delivered 0 1 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Step-5 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x try 0 0 0 . 9 0 . 9 0 . 99 0 . 99 0 . 999 x lost 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x delivered 0 1 1 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Step-5 Step-6 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Approximate Model Checking : Value Iteration x ( i +1) = 1 . 0 ∗ x ( i ) start try start 1 = 9 delivered + 1 x ( i +1) 10 ∗ x ( i ) 10 ∗ x ( i ) try lost 1 1 10 x ( i +1) = 1 . 0 ∗ x ( i ) 9 lost try 10 try delivered lost x ( i +1) delivered = 1 . 0 1 Probability of reaching ‘delivered’ from each state? Value Iteration : x start 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x try 0 0 0 . 9 0 . 9 0 . 99 0 . 99 0 . 999 · · · x lost 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x delivered 0 1 1 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Step-5 Step-6 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 7 of 23
Value Iteration More general setting : Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 8 of 23
Value Iteration More general setting : – Probabilistic Computation Tree Logic (PCTL) : – Is the probability of ‘delivered’ – Probabilistic analogue of CTL without being ‘lost’ ≥ 0 . 575 ? – Probabilistic quantifier : P ✶ p ( · ) – Modal operators : X (next), U (until). P ≥ 0 . 575 [ ¬ lost U delivered ] – Is every message almost surely delivered? P =1 [ true U delivered ] Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 8 of 23
Value Iteration More general setting : – Probabilistic Computation Tree Logic (PCTL) : – Probabilistic analogue of CTL – Probabilistic quantifier : P ✶ p ( · ) start – Modal operators : X (next), U (until). 1 – Reward/cost structure 7 1 5 1 – Costs associated with transitions 10 – Expected cost to reach a state? 9 1.5 10 try delivered lost 8.6 1 3.9 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 8 of 23
Value Iteration More general setting : – Probabilistic Computation Tree Logic (PCTL) : – Probabilistic analogue of CTL α, 1 α, 3 2 4 – Probabilistic quantifier : P ✶ p ( · ) – Modal operators : X (next), U (until). s 1 s 0 s 2 α, 1 β, 1 – Reward/cost structure 2 β, 1 – Costs associated with transitions 2 α, 1 – Expected cost to reach a state? 4 α, 1 – Markov Decision Processes (MDPs) 2 s 3 α, 1 – Non-deterministic choice (actions) – Probability distribution for every action from a state Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 8 of 23
Value Iteration : Convergence – Value iteration converges to the correct answer, in the limit Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 9 of 23
Value Iteration : Convergence – Value iteration converges to the correct answer, in the limit – The limit may not be reached in any finite number of steps Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 9 of 23
Value Iteration : Convergence – Value iteration converges to the correct answer, in the limit – The limit may not be reached in any finite number of steps x start 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x try 0 0 0 . 9 0 . 9 0 . 99 0 . 99 0 . 999 · · · x lost 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x delivered 0 1 1 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Step-5 Step-6 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 9 of 23
Value Iteration : Convergence – Value iteration converges to the correct answer, in the limit – The limit may not be reached in any finite number of steps x start 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x try 0 0 0 . 9 0 . 9 0 . 99 0 . 99 0 . 999 · · · x lost 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x delivered 0 1 1 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Step-5 Step-6 – At Step- (2 i + 1) , 1 − 10 − i x start 1 − 10 − i x try = 1 − 10 − i x lost x delivered 1 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 9 of 23
Value Iteration : Convergence – Value iteration converges to the correct answer, in the limit – The limit may not be reached in any finite number of steps x start 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x try 0 0 0 . 9 0 . 9 0 . 99 0 . 99 0 . 999 · · · x lost 0 0 0 0 . 9 0 . 9 0 . 99 0 . 99 x delivered 0 1 1 1 1 1 1 Init Step-1 Step-2 Step-3 Step-4 Step-5 Step-6 – At Step- (2 i + 1) , 1 − 10 − i x start 1 − 10 − i x try = 1 − 10 − i x lost x delivered 1 – In the limit, x start 1 x try 1 = x lost 1 x delivered 1 Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 9 of 23
Value Iteration : Convergence – Value iteration may not converge in any finite number of steps Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 10 of 23
Value Iteration : Convergence – Value iteration may not converge in any finite number of steps – Model checkers need to stop the iterations in a finite number of steps Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 10 of 23
Value Iteration : Convergence – Value iteration may not converge in any finite number of steps – Model checkers need to stop the iterations in a finite number of steps – Common criteria : difference between successive vectors becomes small – Absolute criterion : || V ( i +1) − V ( i ) || ≤ ǫ – Relative criterion : || V ( i +1) − V ( i ) || ≤ ǫ V ( i ) Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 10 of 23
Value Iteration : Convergence – Value iteration may not converge in any finite number of steps – Model checkers need to stop the iterations in a finite number of steps – Common criteria : difference between successive vectors becomes small – Absolute criterion : || V ( i +1) − V ( i ) || ≤ ǫ – Relative criterion : || V ( i +1) − V ( i ) || ≤ ǫ V ( i ) – Problem : high magnitude changes are preceded by periods of stability Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 10 of 23
Value Iteration : Convergence – Value iteration may not converge in any finite number of steps – Model checkers need to stop the iterations in a finite number of steps – Common criteria : difference between successive vectors becomes small – Absolute criterion : || V ( i +1) − V ( i ) || ≤ ǫ – Relative criterion : || V ( i +1) − V ( i ) || ≤ ǫ V ( i ) – Problem : high magnitude changes are preceded by periods of stability – Unknown quality of the resulting approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 10 of 23
Exact Quantitative Model Checking – Approximate solution techniques can lead to unreliable results – Incorrect analysis of systems – Verification tools must strive to get the exact answers – Existing techniques for exact model checking: 1. Linear programming Implemented in state-of-the-art quantitative 2. Parametric model model checkers - PRISM, STORM, etc., checking 3. State Elimination Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 11 of 23
Rational Search : Key Ideas Rational Search Insight : Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 12 of 23
Rational Search : Key Ideas Rational Search Insight : 1. When transition probabilities are rational, the exact solution vector also has rational entries Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 12 of 23
Rational Search : Key Ideas Rational Search Insight : 1. When transition probabilities are rational, the exact solution vector also has rational entries 2. Approximate answers resulting from value iteration can be used to find the exact rational solution Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 12 of 23
Rational Search : Key Ideas Rational Search Insight : 1. When transition probabilities are rational, the exact solution vector also has rational entries 2. Approximate answers resulting from value iteration can be used to find the exact rational solution 3. Checking if a rational vector is the correct solution is easy Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 12 of 23
Rational Search : Key Ideas Rational Search Insight : 1. When transition probabilities are rational, the exact solution vector also has rational entries 2. Approximate answers resulting from value iteration can be used to find the exact rational solution 3. Checking if a rational vector is the correct solution is easy – Fixpoint check : x = Ax + b – Unique solution : Only the correct answer passes the check Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 12 of 23
Rational Search : Overview Rational Search Overview : Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 13 of 23
Rational Search : Overview Rational Search Overview : 1. Perform value iteration : approximate solution vector Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 13 of 23
Rational Search : Overview Rational Search Overview : 1. Perform value iteration : approximate solution vector 2. ‘Sharpen’ approximation : Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 13 of 23
Rational Search : Overview Rational Search Overview : 1. Perform value iteration : approximate solution vector 2. ‘Sharpen’ approximation : – find a rational vector – close to the approximate solution – representable using few bits – guaranteed to be correct for good quality approximations Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 13 of 23
Rational Search : Overview Rational Search Overview : 1. Perform value iteration : approximate solution vector 2. ‘Sharpen’ approximation : – find a rational vector – close to the approximate solution – representable using few bits – guaranteed to be correct for good quality approximations 3. Confirm using fix-point check : x = Ax + b Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 13 of 23
Rational Search : Overview Rational Search Overview : 1. Perform value iteration : approximate solution vector 2. ‘Sharpen’ approximation : – find a rational vector – close to the approximate solution – representable using few bits – guaranteed to be correct for good quality approximations 3. Confirm using fix-point check : x = Ax + b 4. Refine approximation if not a fixpoint Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 13 of 23
Rational Search : Overview Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Rational Search : Overview PCTL ϕ Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Rational Search : Overview PCTL ϕ Value Iteration Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Rational Search : Overview PCTL ϕ Approximate V † solution Sharpen Value Iteration Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Rational Search : Overview PCTL ϕ Approximate V † solution Exact Sharpen Value Iteration Found Solution Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Rational Search : Overview PCTL ϕ Approximate V † solution Exact Sharpen Value Iteration Found Solution Not found ǫ ← ǫ/ 10 Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Rational Search : Overview PCTL ϕ ? NO YES Approximate V † solution Exact Sharpen Value Iteration Found Solution Not found ǫ ← ǫ/ 10 Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 14 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm β , γ For any interval I = [ α δ ] with rational endpoints, there is a unique minimal rational p min /q min ∈ I such that ∀ p, q ∈ N , p q ∈ I = ⇒ p min ≤ p and q min ≤ q Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm β , γ For any interval I = [ α δ ] with rational endpoints, there is a unique minimal rational p min /q min ∈ I such that ∀ p, q ∈ N , p q ∈ I = ⇒ p min ≤ p and q min ≤ q Efficient algorithm to locate p min /q min in I , due to Kwek and Mehlhorn. Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm α γ β δ For any interval I = [ α β , γ δ ] with rational endpoints, there is a unique minimal rational p min /q min ∈ I such that findFraction ∀ p, q ∈ N , p q ∈ I = ⇒ p min ≤ p and q min ≤ q Efficient algorithm to locate p min /q min in I , due to Kwek and Mehlhorn. α γ β δ p min /q min Figure: Kwek Mehlhorn Algorithm Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm α γ For a rational interval I , β δ findFraction α γ β δ p min /q min Figure: Kwek Mehlhorn Algorithm Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm α γ For a rational interval I , β δ 2 M 2 , µ +1 µ – If the length of I is small ( I = [ 2 M 2 ] ), and findFraction α γ β δ p min /q min Figure: Kwek Mehlhorn Algorithm Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm α γ For a rational interval I , β δ 2 M 2 , µ +1 µ – If the length of I is small ( I = [ 2 M 2 ] ), and findFraction – If I contains a rational number p/q of small size ( 1 ≤ p ≤ q ≤ M ) α γ β δ p min /q min Figure: Kwek Mehlhorn Algorithm Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm α γ For a rational interval I , β δ 2 M 2 , µ +1 µ – If the length of I is small ( I = [ 2 M 2 ] ), and findFraction – If I contains a rational number p/q of small size ( 1 ≤ p ≤ q ≤ M ) – Then, p/q is the minimal rational in I α γ β δ p min /q min Figure: Kwek Mehlhorn Algorithm Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Our Secret Ingredient : Kwek Mehlhorn Algorithm α γ For a rational interval I , β δ 2 M 2 , µ +1 µ – If the length of I is small ( I = [ 2 M 2 ] ), and findFraction – If I contains a rational number p/q of small size ( 1 ≤ p ≤ q ≤ M ) – Then, p/q is the minimal rational in I – Can be found efficiently (in O (log M ) steps) α γ due to Kwek, Mehlhorn et. al. β δ p min /q min Figure: Kwek Mehlhorn Algorithm Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 15 of 23
Sharpening An Approximation Sharpening an approximation : Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation V † ( z ) = 0 . 18 . . . 33120 . . . Sharpening an approximation : 1. Value iteration gives approximate vector V † Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation V † ( z ) = 0 . 18 . . . 33120 . . . Sharpening an approximation : 1. Value iteration gives approximate vector V † – Supposedly close to the actual solution vector V Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation V † ( z ) = 0 . 18 . . . 33120 . . . Sharpening an approximation : 1. Value iteration gives approximate vector V † – Supposedly close to the actual solution vector V – How close? Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation V † ( z ) = 0 . 18 . . . 33120 . . . Sharpening an approximation : 1. Value iteration gives approximate vector V † – Supposedly close to the actual solution vector V – How close? 2. Guess a rational vector V ∗ of small size close to V † Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation V † ( z ) = 0 . 18 . . . 331 20 . . . � �� � d + 0 . 00 . . . 001 Sharpening an approximation : � �� � d 1. Value iteration gives approximate vector V † – Supposedly close to the actual solution vector V 0 . 18 . . . 331 0 . 18 . . . 33 2 – How close? 2. Guess a rational vector V ∗ of small size close to V † – For every state z , construct an interval I z using first d digits of V † ( z ) Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation V † ( z ) = 0 . 18 . . . 331 20 . . . � �� � d + 0 . 00 . . . 001 Sharpening an approximation : � �� � d 1. Value iteration gives approximate vector V † – Supposedly close to the actual solution vector V 0 . 18 . . . 331 0 . 18 . . . 33 2 – How close? 2. Guess a rational vector V ∗ of small size close to V † findFraction – For every state z , construct an interval I z using first d digits of V † ( z ) – Compute minimal fraction in this interval, using Kwek Mehlhorn algorithm V ∗ ( z ) Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 16 of 23
Sharpening An Approximation Is V ∗ the correct solution ? Approximate V † vector Value • • • Iteration Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Sharpening An Approximation Is V ∗ the correct solution ? – Check if V ∗ satisfies the fixpoint Approximate V † vector check V ∗ = A · V ∗ + b Value • • • – Only the correct solution passes this Iteration check Candidate V ∗ vector fixpoint? YES Congratulations! Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Sharpening An Approximation Is V ∗ the correct solution ? – Check if V ∗ satisfies the fixpoint Approximate V † vector check V ∗ = A · V ∗ + b Value • • • – Only the correct solution passes this Iteration check If V ∗ does not pass the check : Candidate V ∗ vector fixpoint? YES Congratulations! Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Sharpening An Approximation Is V ∗ the correct solution ? – Check if V ∗ satisfies the fixpoint Approximate V † vector check V ∗ = A · V ∗ + b Value • • • – Only the correct solution passes this Iteration check If V ∗ does not pass the check : Candidate V ∗ vector – ‘Bad’ initial approximation V † fixpoint? YES Congratulations! Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Sharpening An Approximation Is V ∗ the correct solution ? – Check if V ∗ satisfies the fixpoint Approximate V † vector check V ∗ = A · V ∗ + b Value • • • – Only the correct solution passes this Iteration check If V ∗ does not pass the check : Candidate V ∗ Refine vector – ‘Bad’ initial approximation V † – Generate a finer approximation by NO performing more iterations fixpoint? YES Congratulations! Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Sharpening An Approximation Is V ∗ the correct solution ? – Check if V ∗ satisfies the fixpoint Approximate V † vector check V ∗ = A · V ∗ + b Value • • • – Only the correct solution passes this Iteration check If V ∗ does not pass the check : Candidate V ∗ Refine vector – ‘Bad’ initial approximation V † – Generate a finer approximation by NO performing more iterations fixpoint? – Eventually, a ‘good’ approximation YES will be generated : Value iteration Congratulations! converges in the limit Figure: Sharpening an approximation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Sharpening An Approximation Is V ∗ the correct solution ? – Check if V ∗ satisfies the fixpoint Approximate V † vector check V ∗ = A · V ∗ + b Value • • • – Only the correct solution passes this Iteration check If V ∗ does not pass the check : Candidate V ∗ Refine vector – ‘Bad’ initial approximation V † – Generate a finer approximation by NO performing more iterations fixpoint? – Eventually, a ‘good’ approximation YES will be generated : Value iteration Congratulations! converges in the limit Figure: Sharpening an approximation Details in the paper Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 17 of 23
Rational Search : Recap Kwek Mehlhorn PCTL Formula ϕ Candidate solution Fixpoint Approximate V † solution YES NO Exact Sharpen Value Iteration Found Solution Not found ǫ ← ǫ/ 10 Figure: RationalSearch : Overview Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 18 of 23
Implementation – Tool RationalSearch , implemented on top of PRISM Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 19 of 23
Implementation – Tool RationalSearch , implemented on top of PRISM – RationalSearch intercepts PRISM’s value iteration phase, and rationalizes the values Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 19 of 23
Implementation – Tool RationalSearch , implemented on top of PRISM – RationalSearch intercepts PRISM’s value iteration phase, and rationalizes the values – Extending PRISM’s engines : Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 19 of 23
Implementation – Tool RationalSearch , implemented on top of PRISM – RationalSearch intercepts PRISM’s value iteration phase, and rationalizes the values – Extending PRISM’s engines : 1. Explicit engine – Arbitrary precision libraries for Java : Apfloat, JScience 2. Symbolic engines : MTBDD , Hybrid and Sparse – Value iteration phase uses MTBDDs from CUDD library (written in C) – Extended CUDD to handle arbitrary precision rational numbers at leaf nodes – GNU MP library in C Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 19 of 23
Implementation – Tool RationalSearch , implemented on top of PRISM – RationalSearch intercepts PRISM’s value iteration phase, and rationalizes the values – Extending PRISM’s engines : 1. Explicit engine – Arbitrary precision libraries for Java : Apfloat, JScience 2. Symbolic engines : MTBDD , Hybrid and Sparse – Value iteration phase uses MTBDDs from CUDD library (written in C) – Extended CUDD to handle arbitrary precision rational numbers at leaf nodes – GNU MP library in C – Available for download : https://publish.illinois.edu/rationalmodelchecker/ Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 19 of 23
Evaluation 1 2 3 4 5 6 7 8 9 10 11 Model RationalSearch PRISM STORM Explicit MTBDD Hybrid Name Parameter States Time Overhead Time Overhead Time Overhead Time Time (s) (%) (s) (%) (s) (%) (s) (s) Biased Coins 11 180K 23.1 336 0.125 179 0.178 225 1449.7 3.2 Dice 6 4.8M OOM N/A 1.8 2.1 6.5 12 TO 63 Din. Cryptographers 8 190K 18.9 197 0.278 70 0.364 105 356.2 2.4 Din. Philosophers 3 956 0.41 165 1.9 4.8 0.133 98 3.128 0.65 ECS 14 4.8M OOM N/A 2.4 23 11.6 79 TO TO Fair Exchange 400 320K 14.6 423 2.0 44 2.2 51 TO 1.1 Firewire 11,000 430K 122.2 225 15.1 0.2 19.5 21 232.3 29.5 Leader Election 4 12K 1.8 226 5.0 30 20.4 25 80 0.042 Virus Infection 3 809 0.5 165 2.8 52 0.17 93 0.98 0.032 Figure: Experimental Evaluation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 20 of 23
Evaluation 1 2 3 4 5 6 7 8 9 10 11 Model RationalSearch PRISM STORM Explicit MTBDD Hybrid Name Parameter States Time Overhead Time Overhead Time Overhead Time Time (s) (%) (s) (%) (s) (%) (s) (s) Biased Coins 11 180K 23.1 336 0.125 179 0.178 225 1449.7 3.2 Dice 6 4.8M OOM N/A 1.8 2.1 6.5 12 TO 63 Din. Cryptographers 8 190K 18.9 197 0.278 70 0.364 105 356.2 2.4 Din. Philosophers 3 956 0.41 165 1.9 4.8 0.133 98 3.128 0.65 ECS 14 4.8M OOM N/A 2.4 23 11.6 79 TO TO Fair Exchange 400 320K 14.6 423 2.0 44 2.2 51 TO 1.1 Firewire 11,000 430K 122.2 225 15.1 0.2 19.5 21 232.3 29.5 Leader Election 4 12K 1.8 226 5.0 30 20.4 25 80 0.042 Virus Infection 3 809 0.5 165 2.8 52 0.17 93 0.98 0.032 Figure: Experimental Evaluation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 20 of 23
Evaluation 1 2 3 4 5 6 7 8 9 10 11 Model RationalSearch PRISM STORM Explicit MTBDD Hybrid Name Parameter States Time Overhead Time Overhead Time Overhead Time Time (s) (%) (s) (%) (s) (%) (s) (s) Biased Coins 11 180K 23.1 336 0.125 179 0.178 225 1449.7 3.2 Dice 6 4.8M OOM N/A 1.8 2.1 6.5 12 TO 63 Din. Cryptographers 8 190K 18.9 197 0.278 70 0.364 105 356.2 2.4 Din. Philosophers 3 956 0.41 165 1.9 4.8 0.133 98 3.128 0.65 ECS 14 4.8M OOM N/A 2.4 23 11.6 79 TO TO Fair Exchange 400 320K 14.6 423 2.0 44 2.2 51 TO 1.1 Firewire 11,000 430K 122.2 225 15.1 0.2 19.5 21 232.3 29.5 Leader Election 4 12K 1.8 226 5.0 30 20.4 25 80 0.042 Virus Infection 3 809 0.5 165 2.8 52 0.17 93 0.98 0.032 Figure: Experimental Evaluation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 20 of 23
Evaluation 1 2 3 4 5 6 7 8 9 10 11 Model RationalSearch PRISM STORM Explicit MTBDD Hybrid Name Parameter States Time Overhead Time Overhead Time Overhead Time Time (s) (%) (s) (%) (s) (%) (s) (s) Biased Coins 11 180K 23.1 336 0.125 179 0.178 225 1449.7 3.2 Dice 6 4.8M OOM N/A 1.8 2.1 6.5 12 TO 63 Din. Cryptographers 8 190K 18.9 197 0.278 70 0.364 105 356.2 2.4 Din. Philosophers 3 956 0.41 165 1.9 4.8 0.133 98 3.128 0.65 ECS 14 4.8M OOM N/A 2.4 23 11.6 79 TO TO Fair Exchange 400 320K 14.6 423 2.0 44 2.2 51 TO 1.1 Firewire 11,000 430K 122.2 225 15.1 0.2 19.5 21 232.3 29.5 Leader Election 4 12K 1.8 226 5.0 30 20.4 25 80 0.042 Virus Infection 3 809 0.5 165 2.8 52 0.17 93 0.98 0.032 Figure: Experimental Evaluation Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 20 of 23
Conclusions Matthew S. Bauer, Umang Mathur, Rohit Chadha , A. Prasad Sistla, Mahesh Viswanathan – 21 of 23
Recommend
More recommend