# Bayesian statistical model checking with application to Stateflow/Simulink verification

- 587 Downloads
- 31 Citations

## Abstract

We address the problem of model checking stochastic systems, i.e., checking whether a stochastic system satisfies a certain temporal property with a probability greater (or smaller) than a fixed threshold. In particular, we present a Statistical Model Checking (SMC) approach based on Bayesian statistics. We show that our approach is feasible for a certain class of hybrid systems with stochastic transitions, a generalization of Simulink/Stateflow models. Standard approaches to stochastic discrete systems require numerical solutions for large optimization problems and quickly become infeasible with larger state spaces. Generalizations of these techniques to hybrid systems with stochastic effects are even more challenging. The SMC approach was pioneered by Younes and Simmons in the discrete and non-Bayesian case. It solves the verification problem by combining randomized sampling of system traces (which is very efficient for Simulink/Stateflow) with hypothesis testing (i.e., testing against a probability threshold) or estimation (i.e., computing with high probability a value close to the true probability). We believe SMC is essential for scaling up to large Stateflow/Simulink models. While the answer to the verification problem is not guaranteed to be correct, we prove that Bayesian SMC can make the probability of giving a wrong answer arbitrarily small. The advantage is that answers can usually be obtained much faster than with standard, exhaustive model checking techniques. We apply our Bayesian SMC approach to a representative example of stochastic discrete-time hybrid system models in Stateflow/Simulink: a fuel control system featuring hybrid behavior and fault tolerance. We show that our technique enables faster verification than state-of-the-art statistical techniques. We emphasize that Bayesian SMC is by no means restricted to Stateflow/Simulink models. It is in principle applicable to a variety of stochastic models from other domains, e.g., systems biology.

## Keywords

Probabilistic verification Hybrid systems Stochastic systems Statistical model checking Hypothesis testing Estimation## Notes

### Acknowledgements

This research was sponsored in part by the GigaScale Research Center under contract no. 1041377 (Princeton University), National Science Foundation under contracts no. CNS0926181, CNS0931985, and no. CNS1054246, Semiconductor Research Corporation under contract no. 2005TJ1366, General Motors under contract no. GMCMUCRLNV301, by the US DOT award DTRT12GUTC11, and the Office of Naval Research under award no. N000141010188. This work was carried out while P. Zuliani was at Carnegie Mellon University.

## References

- 1.Alur R, Courcoubetis C, Dill D (1991) Model-checking for probabilistic real-time systems. In: ICALP. LNCS, vol 510, pp 115–126 Google Scholar
- 2.Baier C, Clarke EM, Hartonas-Garmhausen V, Kwiatkowska MZ, Ryan M (1997) Symbolic model checking for probabilistic processes. In: ICALP. LNCS, vol 1256, pp 430–440 Google Scholar
- 3.Baier C, Haverkort BR, Hermanns H, Katoen J-P (2003) Model-checking algorithms for continuous-time Markov chains. IEEE Trans Softw Eng 29(6):524–541 CrossRefGoogle Scholar
- 4.Beals R, Wong R (2010) Special functions. Cambridge University Press, Cambridge MATHGoogle Scholar
- 5.Bechhofer R (1960) A note on the limiting relative efficiency of the Wald sequential probability ratio test. J Am Stat Assoc 55:660–663 MathSciNetCrossRefMATHGoogle Scholar
- 6.Bujorianu ML, Lygeros J (2006) Towards a general theory of stochastic hybrid systems. In: Blom HAP, Lygeros J (eds) Stochastic hybrid systems: theory and safety critical applications. Lecture notes contr inf, vol 337. Springer, Berlin, pp 3–30 CrossRefGoogle Scholar
- 7.Carlin BP, Louis TA (2009) Bayesian methods for data analysis, 3rd edn. CRC Press, Boca Raton Google Scholar
- 8.Cassandras CG, Lygeros J (eds) (2006) Stochastic hybrid systems. CRC Press, Boca Raton Google Scholar
- 9.Chadha R, Viswanathan M (2010) A counterexample-guided abstraction-refinement framework for Markov decision processes. ACM Trans Comput Log 12(1):1 MathSciNetCrossRefGoogle Scholar
- 10.Chow YS, Robbins H (1965) On the asymptotic theory of fixed-width sequential confidence intervals for the mean. Ann Math Stat 36(2):457–462 MathSciNetCrossRefMATHGoogle Scholar
- 11.Ciesinski F, Größer M (2004) On probabilistic computation tree logic. In: Validation of stochastic systems. LNCS, vol 2925. Springer, Berlin, pp 147–188 CrossRefGoogle Scholar
- 12.Cohn DL (1994) Measure theory. Birkhäuser, Basel Google Scholar
- 13.Courcoubetis C, Yannakakis M (1995) The complexity of probabilistic verification. J ACM 42(4):857–907 MathSciNetCrossRefMATHGoogle Scholar
- 14.DeGroot MH (2004) Optimal statistical decisions. Wiley, New York CrossRefMATHGoogle Scholar
- 15.Diaconis P, Ylvisaker D (1985) Quantifying prior opinion. In: Bayesian statistics 2: 2nd Valencia international meeting. Elsevier, Amsterdam, pp 133–156 Google Scholar
- 16.Finkbeiner B, Sipma H (2001) Checking finite traces using alternating automata. In: Runtime verification (RV’01). ENTCS, vol 55, pp 44–60 Google Scholar
- 17.Gelman A, Carlin JB, Stern HS, Rubin DB (1997) Bayesian data analysis. Chapman & Hall, London Google Scholar
- 18.Ghosh MK, Arapostathis A, Marcus SI (1997) Ergodic control of switching diffusions. SIAM J Control Optim 35(6):1952–1988 MathSciNetCrossRefMATHGoogle Scholar
- 19.Gillespie DT (1976) A general method for numerically simulating the stochastic time evolution of coupled chemical reactions. J Comput Phys 22(4):403–434 MathSciNetCrossRefGoogle Scholar
- 20.Gong H, Zuliani P, Komuravelli A, Faeder JR, Clarke EM (2010) Analysis and verification of the HMGB1 signaling pathway. BMC Bioinform 11(S7):S10 CrossRefGoogle Scholar
- 21.Grosu R, Smolka S (2005) Monte Carlo model checking. In: TACAS. LNCS, vol 3440, pp 271–286 Google Scholar
- 22.Hahn EM, Hermanns H, Wachter B, Zhang L (2009) INFAMY: an infinite-state Markov model checker. In: CAV, pp 641–647 Google Scholar
- 23.Hansson H, Jonsson B (1994) A logic for reasoning about time and reliability. Form Asp Comput 6(5):512–535 CrossRefMATHGoogle Scholar
- 24.Henriques D, Martins J, Zuliani P, Platzer A, Clarke EM (2012) Statistical model checking for Markov decision processes. In: QEST 2012: Proceedings of the 9th international conference on quantitative evaluation of systems. IEEE Press, New York, pp 84–93 CrossRefGoogle Scholar
- 25.Hérault T, Lassaigne R, Magniette F, Peyronnet S (2004) Approximate probabilistic model checking. In: VMCAI. LNCS, vol 2937, pp 73–84 Google Scholar
- 26.Hlavacek WS, Faeder JR, Blinov ML, Posner RG, Hucka M, Fontana W (2006) Rules for modeling signal-transduction system. Sci STKE 18(344):re6 Google Scholar
- 27.Hoeffding W (1963) Probability inequalities for sums of bounded random variables. J Am Stat Assoc 58(301):13–30 MathSciNetCrossRefMATHGoogle Scholar
- 28.Jeffreys H (1961) Theory of probability. Clarendon, Oxford MATHGoogle Scholar
- 29.Jha SK, Clarke EM, Langmead CJ, Legay A, Platzer A, Zuliani P (2009) A Bayesian approach to model checking biological systems. In: CMSB. LNCS, vol 5688, pp 218–234 Google Scholar
- 30.Koymans R (1990) Specifying real-time properties with metric temporal logic. Real-Time Syst 2(4):255–299 CrossRefGoogle Scholar
- 31.Kwiatkowska M, Norman G, Parker D (2011) PRISM 4.0: verification of probabilistic real-time systems. In: CAV. LNCS, vol 6806, pp 585–591 Google Scholar
- 32.Kwiatkowska MZ, Norman G, Parker D (2006) Symmetry reduction for probabilistic model checking. In: CAV. LNCS, vol 4144, pp 234–248 Google Scholar
- 33.Langmead CJ (2009) Generalized queries and Bayesian statistical model checking in dynamic Bayesian networks: application to personalized medicine. In: CSB, pp 201–212 Google Scholar
- 34.Maler O, Nickovic D (2004) Monitoring temporal properties of continuous signals. In: FORMATS. LNCS, vol 3253, pp 152–166 Google Scholar
- 35.Meseguer J, Sharykin R (2006) Specification and analysis of distributed object-based stochastic hybrid systems. In: Hespanha JP, Tiwari A (eds) HSCC, vol 3927. Springer, Berlin, pp 460–475 Google Scholar
- 36.Ouaknine J, Worrell J (2008) Some recent results in metric temporal logic. In: Proc of FORMATS. LNCS, vol 5215, pp 1–13 Google Scholar
- 37.Platzer A (2011) Stochastic differential dynamic logic for stochastic hybrid programs. In: Bjørner N, Sofronie-Stokkermans V (eds) CADE. LNCS, vol 6803. Springer, Berlin, pp 431–445 Google Scholar
- 38.Pnueli A (1977) The temporal logic of programs. In: FOCS. IEEE Press, New York, pp 46–57 Google Scholar
- 39.Robert CP (2001) The Bayesian choice. Springer, Berlin MATHGoogle Scholar
- 40.Rubinstein RY, Kroese DP (2008) Simulation and the Monte Carlo method. Wiley, New York MATHGoogle Scholar
- 41.Sen K, Viswanathan M, Agha G (2004) Statistical model checking of black-box probabilistic systems. In: CAV. LNCS, vol 3114, pp 202–215 Google Scholar
- 42.Sen K, Viswanathan M, Agha G (2005) On statistical model checking of stochastic systems. In: CAV. LNCS, vol 3576, pp 266–280 Google Scholar
- 43.Shiryaev AN (1995) Probability. Springer, Berlin MATHGoogle Scholar
- 44.Tiwari A (2002) Formal semantics and analysis methods for Simulink Stateflow models. Technical report, SRI International Google Scholar
- 45.Tiwari A (2008) Abstractions for hybrid systems. Form Methods Syst Des 32(1):57–83 CrossRefMATHGoogle Scholar
- 46.Wald A (1945) Sequential tests of statistical hypotheses. Ann Math Stat 16(2):117–186 MathSciNetCrossRefMATHGoogle Scholar
- 47.Wang Y-C, Komuravelli A, Zuliani P, Clarke EM (2011) Analog circuit verification by statistical model checking. In: ASP-DAC 2011: Proceedings of the 16th Asia and South Pacific design automation conference. IEEE Press, New York, pp 1–6 CrossRefGoogle Scholar
- 48.Younes HLS, Kwiatkowska MZ, Norman G, Parker D (2006) Numerical vs statistical probabilistic model checking. Int J Softw Tools Technol Transf 8(3):216–228 CrossRefGoogle Scholar
- 49.Younes HLS, Musliner DJ (2002) Probabilistic plan verification through acceptance sampling. In: AIPS workshop on planning via model checking, pp 81–88 Google Scholar
- 50.Younes HLS, Simmons RG (2006) Statistical probabilistic model checking with a focus on time-bounded properties. Inf Comput 204(9):1368–1409 MathSciNetCrossRefMATHGoogle Scholar
- 51.Yu PS, Krishna CM, Lee Y-H (1988) Optimal design and sequential analysis of VLSI testing strategy. IEEE Trans Comput 37(3):339–347 CrossRefGoogle Scholar
- 52.Zuliani P, Platzer A, Clarke EM (2010) Bayesian statistical model checking with application to Stateflow/Simulink verification. Technical report CMU-CS-10-100, Computer Science Department, Carnegie Mellon University Google Scholar