Model Repair

1,108 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,108
On SlideShare
0
From Embeds
0
Number of Embeds
334
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Model Repair

  1. 1. Model  Repair  for   Probabilis0c  Systems   Ezio  Bartocci   JOINT WORK WITHR. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA
  2. 2. Model Repair for Probabilistic Systems Presentation Outline2   Motivation   The Model Repair problem   Model Repair as a nonlinear programming problem   Model Repair feasibility & optimality   Related Work   Conclusion E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  3. 3. Model Repair for Probabilistic Systems Motivation (1/3)3   Model Checking problem: Given a model M and a temporal logic formula determine if M |=  φ.   If is not satisfied, the model checker returns a counterexample, i.e. an execution path in M leading to the violation of .   Are existing model checkers adequate in assisting the analyst to repair a model that fails to satisfy a formula? Can we do it better?   Model Repair: aims to automate the repair process assuming the problem lies within M and not in . E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  4. 4. Model Repair for Probabilistic Systems Motivation (2/3)4   The Model Repair problem in Probabilistic Systems: Given a probabilistic model M and a probabilistic temporal logic formula such that M fails to satisfy , find an M’ that satisfies and differs from M only in the transition flows of those states in M that are deemed controllable. The cost associated with modifying the transition flows of M should be minimized.   which states are controllable depends on the model parameters that can be tuned for some modeled system   cost: find the minimal change in the parameters to be tuned E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  5. 5. Model Repair for Probabilistic Systems Motivation (3/3)5   Motivating examples: Fair die simulated by fair coin “Formal analysis of the Kaminsky (Knuth & Yao, 76) DNS cache-poisoning attack using prob. model checking” Alexiou, Deshpande, Basagiannis Smolka, Katsaros, HASE 2010 Continuous Time Markov Chain parameter   that  can  be   Attack fix: randomize the UDP port controlled     used in name-resolution requests. Problem: what is the minimum bias Problem: what is the minimum for the coin to satisfy the property range of port id values that should be used, such that the attack prob E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  6. 6. Model Repair for Probabilistic Systems Presentation Outline6   Motivation   The Model Repair problem   Model Repair as a nonlinear programming problem   Model Repair feasibility & optimality   Related Work   Conclusion   E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  7. 7. Model Repair for Probabilistic Systems The Model Repair problem (1/8)7   For probabilistic systems, Model Repair is expressed as a new version of parametric probabilistic model checking, which is shown to yield a nonlinear optimization problem with a minimal-cost objective function.   Preliminaries on Parametric Probabilistic Model Checking (Daws, 2005 & Hahn et al, 2010)   A parametric DTMC (PDTMC) is a tuple , where S is a finite set of states, is the initial state and for a finite set of parameters. $ield  of  real-­‐ valued  rational   functions  over  V     For a PDTMC, an evaluation is said to be valid, if the induced probability transition matrix is such that stochastic   E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  8. 8. Model Repair for Probabilistic Systems The Model Repair problem (2/8)8   Preliminaries on Parametric Probabilistic Model Checking   For a PDTMC D and a PCTL formula (Prob. Comp. Tree Logic) with , Daws defines the derived finite state automaton with   finite alphabet the rational functions for the non-zero elements of   transition function derived from   set of final states that depends on .   Also, every member of R( ) -regular expressions over alphabet - is translated into a multivariate rational function by using which is inductively defined by the rules: where E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  9. 9. Model Repair for Probabilistic Systems The Model Repair problem (3/8)  9 Example b 3 1-b 3 =? 1 1-b p.a.((b.a)*.(1-b) 4 0 b ⎛ 1 ⎞ 1 pa ⎜ (1 − b)⎟ = 1-b ⎝ 1 − ba ⎠ 6 5 1 2 b if p = a = (1 − b) = 2 6 1-b E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  10. 10. Model Repair for Probabilistic Systems The Model Repair problem (4/8)10   Preliminaries on Parametric Probabilistic Model Checking   It is proved that comp( ) yields a probability measure of the set of paths in from s0 to some state sf in Sf.   The set of paths satisfying a PCTL formula without nested probabilistic quantifiers is characterized as a derived finite state automaton and: Proposition For a PDTMC D and a PCTL formula , with a path formula, let be the regular expression for L( ). Then,   Hahn et al have extended parametric probabilistic model checking to bounded reachability properties.   PARAM tool for parametric probabilistic model checking (Hahn et al, 2010). E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  11. 11. Model Repair for Probabilistic Systems The Model Repair problem (5/8)11   Controllable DTMC Introduce a matrix Z that implements a strategy for altering or controlling the behavior of a DTMC for the purpose of repair. s0,  s2  controllable  by  Z   DTMC   controllable   set  of  linear  combinations   DTMC   of  elements  in  V   Definition A controllable DTMC over a set of parameters V is a tuple , where is a DTMC and is a matrix such that . A state is a controllable state of ,if such that . E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  12. 12. Model Repair for Probabilistic Systems The Model Repair problem (6/8)12   The constraint on Z implies that the control strategy embodied in Z should neither change the structure of the DTMC nor its stochasticity.   Which states of the DTMC are controllable depends on the model parameters that can be tuned. In general, a model may be repaired by a number of different strategies. Model Repair with the use of Model Repair with three different a single biased coin biased coins E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  13. 13. Model Repair for Probabilistic Systems The Model Repair problem (7/8)13   Model Repair seeks to manipulate the parameters of the controllable DTMC in order to obtain a DTMC D’, such that D’, s0 |= and the cost of deriving probability transition matrix from is minimized. Definition Let be a controllable DTMC over the parameters V, the DTMC underlying , a PCTL formula for which and g(v) a possibly nonlinear cost function, which is always positive, continuous, and differentiable. The Model Repair problem is to find a DTMC where is an evaluation function satisfying the following conditions: evaluation  function   minimizing  the  cost  to   derive  P’   E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  14. 14. Model Repair for Probabilistic Systems The Model Repair problem (8/8)14   Condition 3: insertion of new transitions and elimination of existing ones is not allowed   A typical cost function is with weights specifying that some parameters affect the model to a greater extent than others. For , g is the square of the L2-norm .   The repair process as defined is robust in the following sense: Proposition A controllable DTMC and its repaired version D’ are -bisimilar (Giacalone, Jou & Smolka, 1990), where is the largest value in the matrix . E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  15. 15. Model Repair for Probabilistic Systems Presentation Outline15   Motivation   The Model Repair problem   Model Repair as a nonlinear programming problem   Model Repair feasibility & optimality   Related Work   Conclusion   E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  16. 16. Model Repair for Probabilistic Systems Model Repair by nonlinear progr. (1/4)16   If , from we derive by parametric model checking a nonlinear constraint , where f is a multivariate rational function and . Proposition A solution to the Model Repair problem satisfies the constraints of the following nonlinear program (NLP): Constraints  which   Constraint  derived  by   assure  that  evaluation  u   parametric  model   is  valid   checking   with E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  17. 17. Model Repair for Probabilistic Systems Model Repair by nonlinear progr. (2/4)17   IPOPT tool for large-scale nonlinear optimization.   All nonlinear optimization algorithms search for a locally feasible solution to the problem.   Such a solution can be found by initiating the search from the point , representing the no-change scenario.   If no solution is found, the problem is locally infeasible and the analyst has to initiate a new search from another point or to prove that the problem is not feasible. E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  18. 18. Model Repair for Probabilistic Systems Model Repair by nonlinear progr. (3/4)18   Knuth & Yao fair die problem Solution found for Solution found for E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  19. 19. Model Repair for Probabilistic Systems Model Repair by nonlinear progr. (4/4)19   CTMC for the Kaminsky DNS cache-poisoning attack Model Repair to find the minimum range of port id values such that Result  found  for  the   embedded  DTMC   Time  needed  for  parametric   Nonlinear  optimization  with   model  checking  with  PARAM   Ipopt  is  instatntaneous   E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  20. 20. Model Repair for Probabilistic Systems Presentation Outline20   Motivation   The Model Repair problem   Model Repair as a nonlinear programming problem   Model Repair feasibility & optimality   Related Work   Conclusion E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  21. 21. Model Repair for Probabilistic SystemsModel Repair feasibility & optimality (1/5)21 Model Repair is not feasible for b < 2/3 When is Model Repair not feasible? E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  22. 22. Model Repair for Probabilistic SystemsModel Repair feasibility & optimality (2/5)22   For the Model Repair nonlinear program we consider such that (or )   Model Repair is feasible when the program NLPf is feasible E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  23. 23. Model Repair for Probabilistic SystemsModel Repair feasibility & optimality (3/5)23   For the Model Repair nonlinear program the Lagrangian function is defined as   The Lagrange dual function yields the minimum of the Lagrangian function over .   The Lagrange dual function for NLPf is   The Lagrange dual problem for NLPf is E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  24. 24. Model Repair for Probabilistic SystemsModel Repair feasibility & optimality (4/5)24 Proposition (Boyd et al, 2003) If the Lagrange dual problem of NLPf is feasible, then the NLP for model repair is infeasible. Conversely, if NLP is feasible, then the Lagrange dual problem of NLPf is infeasible. The Lagrangian dual function for the NLPf program is with λ0 ≥ 0 and 1, 2 > 0. The rational function for the path formula is minimized in v1=0 and therefore The Lagrange dual problem of NLPf becomes feasible when b < 2/3 and in this case the NLP for repairing the model becomes infeasible. E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  25. 25. Model Repair for Probabilistic SystemsModel Repair feasibility & optimality (5/5)25   A local minimizer satisfies the so-called Karush-Kuhn-Tucker conditions, if it fulfills certain constraint qualifications.   Because all the parameters are bounded, we can check global optimality with an appropriate constraint solver.   In our examples global optimality was verified by RealPaver (Granvilliers et al, 2006). E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  26. 26. Model Repair for Probabilistic Systems Presentation Outline26   Motivation   The Model Repair problem   Model Repair as a nonlinear programming problem   Model Repair feasibility & optimality   Related Work   Conclusion E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  27. 27. Model Repair for Probabilistic Systems Related Work (1/2)27 Non-probabilistic systems   “Enhancing model checking in verification by AI techniques” Buccafurri et al, Artificial Intelligence, 112 (1-2), 57-104, 1999 Determine a suitable modification of a Kripke model by abductive reasoning. No cost is considered for a model repair.   “Complexity results in revising UNITY programs” Bonakdarpour et al, ACM Trans. on Auton. & Ad. Sys., 4 (1), 1-28, 2009 Automatically revise programs with respect to UNITY properties, such that the revised program satisfies a previously failed property, while preserving the other properties.   “Program repair as a game” Jobstmann et al, CAV, LNCS 3576, 226-238, 2005 A game-based approach for automatically fixing faults in a finite-state program against an LTL property specification. E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  28. 28. Model Repair for Probabilistic Systems Related Work (2/2)28 Probabilistic systems   “Parametric probabilistic transition systems for system design and analysis” Lanotte et al, Formal Aspects of Computing, 19 (1), 93-109, 2007 Parametric models are considered, for which it is shown that finding parameter values for a property to be satisfied is in general undecidable.   “A model checking approach to the parameter estimation of biochemical pathways” Donaldson et al, CMSB, LNCS 5307, 269-287, 2008 A simulation-based Monte Carlo model checker together with a genetic algorithm drive a parameter estimation process by reducing the distance between the desired behavior and the actual behavior.   “Approximate parameter synthesis for probabilistic time-bounded reachability” Han et al, RTSS, IEEE, 173-182, 2008 Approximation for parameter synthesis focused on parametric CTMCs and time- bounded properties. E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  29. 29. Model Repair for Probabilistic Systems Conclusion29   We defined the problem of Model Repair in probabilistic systems.   A non-trivial extension of parametric probabilistic model checking,   Model Repair is solved by nonlinear optimization program with a minimal-cost objective function.   We investigated Model Repair feasibility and optimality. We implemented and benchmarked the Model Repair problem with existing tools.   Future work:   Investigate the problem of online Model Repair.   Better understand the relation between the Model Repair and controller synthesis problems. E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011
  30. 30. Model Repair for Probabilistic Systems30 E. BARTOCCI, R. GROSU, P. KATSAROS, CR RAMAKRISHNAN, S. SMOLKA TACAS 2011

×