formal methods for probabilistic systems
play

Formal Methods for Probabilistic Systems Annabelle McIver Carroll - PowerPoint PPT Presentation

Apr 06, 2024 •417 likes •731 views

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Probabilistic amplification Uniform selection 2 Probabilistic amplification Is K

  1. 1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan • Source-level program logic • Meta-theorems for loops • Examples • Probabilistic amplification • Uniform selection

  2. 2 Probabilistic amplification Is K prime? true � “yes” false � “no” There is a Boolean question Q that the program is to answer, { [ N � 0] � (1 - 1/ 2 N ) } in Boolean variable a . a,n := true,N ; But a := Q is not allowed! do n � 0 � a � a Instead, only a := Q 1/ 2 � true a := Q 1/ 2 � true ; can be used. n := n -1 od We must therefore “amplify” that 1/ 2 probability towards 1, { [ a = Q ] } for which we pay with execution time. The Miller-Rabin test “puts K to the Question”. If K is prime, it will never confess; but if it is composite, then it On e con f ession is en ough... will confess with probability 1/ 2. Probabilistic amplification interrogates K a number of times, to increase the probability of confession. (The real Inquisition allowed only three interrogations.)

  3. 3 Probabilistic amplification { [ N � 0] � (1 - 1/ 2 N ) } The probability that a = Q on a,n := true,N ; termination... do n � 0 � a � is at least 1 - 1/ 2 N ... a := Q 1/ 2 � true ; n := n -1 provided N � 0 initially. od { [ a = Q ] }

  4. 4 What is the invariant? a = Q do n � 0 � a � Q not Q finally? a := Q 1/ 2 � true ; n := n -1 1 - 1/ 2 n a true od { [ a = Q ] } not a false true After some experimentation, [ a ] � � Q � � � 1 - [ a ]/ 2 n turns out to work well in the calculations.

  5. 5 Invariant is preserved do n � 0 � a � a := Q 1/ 2 � true ; Invariant “at end of loop body” n:= n -1 od [ a ] � � Q � � � 1 - [ a ]/ 2 n [ a ] � � Q � � � 1 - [ a ]/ 2 n-1 � wp. ( n := n -1 ) • 1/ 2 � ( [ Q ] � � Q � � � 1 - [ Q ]/ 2 n-1 ) � wp. ( a := Q 1/ 2 � true ) • 1/ 2 � ( [ true ] � � Q � � � 1 - [ true ]/ 2 n-1 ) + 1/ 2 � 1 + 1/ 2 � ( 1 � � Q � � � 1 - 1/ 2 n-1 ) � arithmetic 1 � � Q � � � 1 - 1/ 2 n � arithmetic [ a ] � ( [ a ] � � Q � � � 1 - [ a ]/ 2 n ) . � [ a ] from guard Loop guard Invariant “at beginning of loop body”

  6. 6 Invariant establishes overall post-expectation Negated loop guard Invariant “at end of loop body” [ n =0 � ! a ] � ( [ a ] � � Q � � � 1 - [ a ]/ 2 n ) [ n =0 � ! a ] � ( [ a ] � � Q � � � [! a ] ) � arithmetic � [ a ] � � Q � � � [! a ] drop guard � [ a = Q ] . arithmetic do n � 0 � a � a := Q 1/ 2 � true ; Overall post-expectation n:= n -1 od

  7. 7 Invariant... established by initialisation a,n := true , N ; do n � 0 � a � Invariant “at a := Q 1/ 2 � true ; beginning of loop body” Termination condition n:= n -1 od [ n � 0] � ( [ a ] � � Q � � � 1 - [ a ]/ 2 n ) [ N � 0] � ( [ true ] � � Q � � � 1 - [ true ]/ 2 N ) � wp. ( a , n := true,N ) • [ N � 0] � ( 1 � � Q � � � 1 - 1/ 2 N ) � arithmetic [ N � 0] � (1 - 1/ 2 N ) . � sufficient Probability of establishing Q=a is at least this... ...provided termination is guaranteed.

  8. 8 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ a ] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] } “postcondition”

  9. 9 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ a ] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } invariant od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] } “postcondition”

  10. 10 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ a ] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } invariant and negated guard { [ a = Q ] }

  11. 11 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ a ] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } implies { [ a = Q ] } postcondition

  12. 12 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ a ] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } invariant must be maintained od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  13. 13 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ a ] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 work backwards { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  14. 14 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ Q ] � � Q � � 1 - [ Q ]/ 2 n -1 1/ 2 � [ true ] � � Q � � 1 - [ tru a := Q 1/ 2 � true ; work backwards { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  15. 15 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } [ true ] � � Q � � 1 - [ true ]/ 2 n -1 a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { [ Q ] � � Q � � 1 - [ Q ]/ 2 n -1 1/ 2 � } a := Q 1/ 2 � true ; work backwards { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  16. 16 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } [ true ] � � Q � � 1 - [ true ]/ 2 n -1 a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � should be { [ Q ] � � Q � � 1 - [ Q ]/ 2 n -1 1/ 2 � } implied by invariant and a := Q 1/ 2 � true ; guard { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  17. 17 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { 1 � � Q � � 1 - 0/ 2 n -1 1/ 2 � 1 � � Q � � 1 - 1/ 2 n -1 } simplify a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  18. 18 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { 1 � � Q � � (1 1/ 2 � 1 - 1/ 2 n -1) } simplify more a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

  19. 19 Summary { [ N � 0] � (1 - 1/ 2 N ) } { [ N � 0] � ( 1 � � Q � � 1 - 1/ 2 N ) } a,n := true,N ; { [ n � 0] � ( [ a ] � � Q � � 1 - [ a ]/ 2 n ) } do n � 0 � a � { 1 � � Q � � 1 - 1/ 2 n } and more a := Q 1/ 2 � true ; { [ a ] � � Q � � 1 - [ a ]/ 2 n -1 } n := n -1 { [ a ] � � Q � � 1 - [ a ]/ 2 n } od { [ n =0 � ! a ] � ([ a ] � � Q � � � 1 - [ a ]/ 2 n ) } { [ a = Q ] }

Recommend

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Almost-certain termination Mu-calculus, temporal

927 views • 73 slides
Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Almost-certain termination Hermans Graph

985 views • 66 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges in Barrelfish. System configuration using SAT. Tracing and online invariant checking. Better languages for Systems. 18 January 2016

359 views • 18 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan Crolard 1 ICAR15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2.

980 views • 71 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin 2000 Andrew Butterfield c Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS 2003, Rros, June 7th 2003)

1.02k views • 16 slides
Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor:

Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor:

Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor: OUSD(R&E) | CCDC By Dr. Azad Madni 11 th Annual SERC Sponsor Research Review November 19, 2019 FHI 360 CONFERENCE CENTER 1825 Connecticut Avenue NW, 8

374 views • 34 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra

Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra

Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web:

1.36k views • 94 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
CS6480: Systems and Formal Methods Robbert van Renesse Cornell University Course Overview

CS6480: Systems and Formal Methods Robbert van Renesse Cornell University Course Overview

CS6480: Systems and Formal Methods Robbert van Renesse Cornell University Course Overview Course Outline Some lectures by me specifica7on, Hoare logic, Dafny tutorial, refinement Paper reading by us Addi7onal lectures by you

550 views • 44 slides

More recommend