Formal Methods in System Design

, Volume 43, Issue 2, pp 338–367 | Cite as

Bayesian statistical model checking with application to Stateflow/Simulink verification

Article

Abstract

We address the problem of model checking stochastic systems, i.e., checking whether a stochastic system satisfies a certain temporal property with a probability greater (or smaller) than a fixed threshold. In particular, we present a Statistical Model Checking (SMC) approach based on Bayesian statistics. We show that our approach is feasible for a certain class of hybrid systems with stochastic transitions, a generalization of Simulink/Stateflow models. Standard approaches to stochastic discrete systems require numerical solutions for large optimization problems and quickly become infeasible with larger state spaces. Generalizations of these techniques to hybrid systems with stochastic effects are even more challenging. The SMC approach was pioneered by Younes and Simmons in the discrete and non-Bayesian case. It solves the verification problem by combining randomized sampling of system traces (which is very efficient for Simulink/Stateflow) with hypothesis testing (i.e., testing against a probability threshold) or estimation (i.e., computing with high probability a value close to the true probability). We believe SMC is essential for scaling up to large Stateflow/Simulink models. While the answer to the verification problem is not guaranteed to be correct, we prove that Bayesian SMC can make the probability of giving a wrong answer arbitrarily small. The advantage is that answers can usually be obtained much faster than with standard, exhaustive model checking techniques. We apply our Bayesian SMC approach to a representative example of stochastic discrete-time hybrid system models in Stateflow/Simulink: a fuel control system featuring hybrid behavior and fault tolerance. We show that our technique enables faster verification than state-of-the-art statistical techniques. We emphasize that Bayesian SMC is by no means restricted to Stateflow/Simulink models. It is in principle applicable to a variety of stochastic models from other domains, e.g., systems biology.

Keywords

Probabilistic verification Hybrid systems Stochastic systems Statistical model checking Hypothesis testing Estimation 

References

  1. 1.
    Alur R, Courcoubetis C, Dill D (1991) Model-checking for probabilistic real-time systems. In: ICALP. LNCS, vol 510, pp 115–126 Google Scholar
  2. 2.
    Baier C, Clarke EM, Hartonas-Garmhausen V, Kwiatkowska MZ, Ryan M (1997) Symbolic model checking for probabilistic processes. In: ICALP. LNCS, vol 1256, pp 430–440 Google Scholar
  3. 3.
    Baier C, Haverkort BR, Hermanns H, Katoen J-P (2003) Model-checking algorithms for continuous-time Markov chains. IEEE Trans Softw Eng 29(6):524–541 CrossRefGoogle Scholar
  4. 4.
    Beals R, Wong R (2010) Special functions. Cambridge University Press, Cambridge MATHGoogle Scholar
  5. 5.
    Bechhofer R (1960) A note on the limiting relative efficiency of the Wald sequential probability ratio test. J Am Stat Assoc 55:660–663 MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Bujorianu ML, Lygeros J (2006) Towards a general theory of stochastic hybrid systems. In: Blom HAP, Lygeros J (eds) Stochastic hybrid systems: theory and safety critical applications. Lecture notes contr inf, vol 337. Springer, Berlin, pp 3–30 CrossRefGoogle Scholar
  7. 7.
    Carlin BP, Louis TA (2009) Bayesian methods for data analysis, 3rd edn. CRC Press, Boca Raton Google Scholar
  8. 8.
    Cassandras CG, Lygeros J (eds) (2006) Stochastic hybrid systems. CRC Press, Boca Raton Google Scholar
  9. 9.
    Chadha R, Viswanathan M (2010) A counterexample-guided abstraction-refinement framework for Markov decision processes. ACM Trans Comput Log 12(1):1 MathSciNetCrossRefGoogle Scholar
  10. 10.
    Chow YS, Robbins H (1965) On the asymptotic theory of fixed-width sequential confidence intervals for the mean. Ann Math Stat 36(2):457–462 MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Ciesinski F, Größer M (2004) On probabilistic computation tree logic. In: Validation of stochastic systems. LNCS, vol 2925. Springer, Berlin, pp 147–188 CrossRefGoogle Scholar
  12. 12.
    Cohn DL (1994) Measure theory. Birkhäuser, Basel Google Scholar
  13. 13.
    Courcoubetis C, Yannakakis M (1995) The complexity of probabilistic verification. J ACM 42(4):857–907 MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    DeGroot MH (2004) Optimal statistical decisions. Wiley, New York CrossRefMATHGoogle Scholar
  15. 15.
    Diaconis P, Ylvisaker D (1985) Quantifying prior opinion. In: Bayesian statistics 2: 2nd Valencia international meeting. Elsevier, Amsterdam, pp 133–156 Google Scholar
  16. 16.
    Finkbeiner B, Sipma H (2001) Checking finite traces using alternating automata. In: Runtime verification (RV’01). ENTCS, vol 55, pp 44–60 Google Scholar
  17. 17.
    Gelman A, Carlin JB, Stern HS, Rubin DB (1997) Bayesian data analysis. Chapman & Hall, London Google Scholar
  18. 18.
    Ghosh MK, Arapostathis A, Marcus SI (1997) Ergodic control of switching diffusions. SIAM J Control Optim 35(6):1952–1988 MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Gillespie DT (1976) A general method for numerically simulating the stochastic time evolution of coupled chemical reactions. J Comput Phys 22(4):403–434 MathSciNetCrossRefGoogle Scholar
  20. 20.
    Gong H, Zuliani P, Komuravelli A, Faeder JR, Clarke EM (2010) Analysis and verification of the HMGB1 signaling pathway. BMC Bioinform 11(S7):S10 CrossRefGoogle Scholar
  21. 21.
    Grosu R, Smolka S (2005) Monte Carlo model checking. In: TACAS. LNCS, vol 3440, pp 271–286 Google Scholar
  22. 22.
    Hahn EM, Hermanns H, Wachter B, Zhang L (2009) INFAMY: an infinite-state Markov model checker. In: CAV, pp 641–647 Google Scholar
  23. 23.
    Hansson H, Jonsson B (1994) A logic for reasoning about time and reliability. Form Asp Comput 6(5):512–535 CrossRefMATHGoogle Scholar
  24. 24.
    Henriques D, Martins J, Zuliani P, Platzer A, Clarke EM (2012) Statistical model checking for Markov decision processes. In: QEST 2012: Proceedings of the 9th international conference on quantitative evaluation of systems. IEEE Press, New York, pp 84–93 CrossRefGoogle Scholar
  25. 25.
    Hérault T, Lassaigne R, Magniette F, Peyronnet S (2004) Approximate probabilistic model checking. In: VMCAI. LNCS, vol 2937, pp 73–84 Google Scholar
  26. 26.
    Hlavacek WS, Faeder JR, Blinov ML, Posner RG, Hucka M, Fontana W (2006) Rules for modeling signal-transduction system. Sci STKE 18(344):re6 Google Scholar
  27. 27.
    Hoeffding W (1963) Probability inequalities for sums of bounded random variables. J Am Stat Assoc 58(301):13–30 MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Jeffreys H (1961) Theory of probability. Clarendon, Oxford MATHGoogle Scholar
  29. 29.
    Jha SK, Clarke EM, Langmead CJ, Legay A, Platzer A, Zuliani P (2009) A Bayesian approach to model checking biological systems. In: CMSB. LNCS, vol 5688, pp 218–234 Google Scholar
  30. 30.
    Koymans R (1990) Specifying real-time properties with metric temporal logic. Real-Time Syst 2(4):255–299 CrossRefGoogle Scholar
  31. 31.
    Kwiatkowska M, Norman G, Parker D (2011) PRISM 4.0: verification of probabilistic real-time systems. In: CAV. LNCS, vol 6806, pp 585–591 Google Scholar
  32. 32.
    Kwiatkowska MZ, Norman G, Parker D (2006) Symmetry reduction for probabilistic model checking. In: CAV. LNCS, vol 4144, pp 234–248 Google Scholar
  33. 33.
    Langmead CJ (2009) Generalized queries and Bayesian statistical model checking in dynamic Bayesian networks: application to personalized medicine. In: CSB, pp 201–212 Google Scholar
  34. 34.
    Maler O, Nickovic D (2004) Monitoring temporal properties of continuous signals. In: FORMATS. LNCS, vol 3253, pp 152–166 Google Scholar
  35. 35.
    Meseguer J, Sharykin R (2006) Specification and analysis of distributed object-based stochastic hybrid systems. In: Hespanha JP, Tiwari A (eds) HSCC, vol 3927. Springer, Berlin, pp 460–475 Google Scholar
  36. 36.
    Ouaknine J, Worrell J (2008) Some recent results in metric temporal logic. In: Proc of FORMATS. LNCS, vol 5215, pp 1–13 Google Scholar
  37. 37.
    Platzer A (2011) Stochastic differential dynamic logic for stochastic hybrid programs. In: Bjørner N, Sofronie-Stokkermans V (eds) CADE. LNCS, vol 6803. Springer, Berlin, pp 431–445 Google Scholar
  38. 38.
    Pnueli A (1977) The temporal logic of programs. In: FOCS. IEEE Press, New York, pp 46–57 Google Scholar
  39. 39.
    Robert CP (2001) The Bayesian choice. Springer, Berlin MATHGoogle Scholar
  40. 40.
    Rubinstein RY, Kroese DP (2008) Simulation and the Monte Carlo method. Wiley, New York MATHGoogle Scholar
  41. 41.
    Sen K, Viswanathan M, Agha G (2004) Statistical model checking of black-box probabilistic systems. In: CAV. LNCS, vol 3114, pp 202–215 Google Scholar
  42. 42.
    Sen K, Viswanathan M, Agha G (2005) On statistical model checking of stochastic systems. In: CAV. LNCS, vol 3576, pp 266–280 Google Scholar
  43. 43.
    Shiryaev AN (1995) Probability. Springer, Berlin MATHGoogle Scholar
  44. 44.
    Tiwari A (2002) Formal semantics and analysis methods for Simulink Stateflow models. Technical report, SRI International Google Scholar
  45. 45.
    Tiwari A (2008) Abstractions for hybrid systems. Form Methods Syst Des 32(1):57–83 CrossRefMATHGoogle Scholar
  46. 46.
    Wald A (1945) Sequential tests of statistical hypotheses. Ann Math Stat 16(2):117–186 MathSciNetCrossRefMATHGoogle Scholar
  47. 47.
    Wang Y-C, Komuravelli A, Zuliani P, Clarke EM (2011) Analog circuit verification by statistical model checking. In: ASP-DAC 2011: Proceedings of the 16th Asia and South Pacific design automation conference. IEEE Press, New York, pp 1–6 CrossRefGoogle Scholar
  48. 48.
    Younes HLS, Kwiatkowska MZ, Norman G, Parker D (2006) Numerical vs statistical probabilistic model checking. Int J Softw Tools Technol Transf 8(3):216–228 CrossRefGoogle Scholar
  49. 49.
    Younes HLS, Musliner DJ (2002) Probabilistic plan verification through acceptance sampling. In: AIPS workshop on planning via model checking, pp 81–88 Google Scholar
  50. 50.
    Younes HLS, Simmons RG (2006) Statistical probabilistic model checking with a focus on time-bounded properties. Inf Comput 204(9):1368–1409 MathSciNetCrossRefMATHGoogle Scholar
  51. 51.
    Yu PS, Krishna CM, Lee Y-H (1988) Optimal design and sequential analysis of VLSI testing strategy. IEEE Trans Comput 37(3):339–347 CrossRefGoogle Scholar
  52. 52.
    Zuliani P, Platzer A, Clarke EM (2010) Bayesian statistical model checking with application to Stateflow/Simulink verification. Technical report CMU-CS-10-100, Computer Science Department, Carnegie Mellon University Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Paolo Zuliani
    • 1
  • André Platzer
    • 2
  • Edmund M. Clarke
    • 2
  1. 1.School of Computing ScienceNewcastle UniversityNewcastleUK
  2. 2.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations