David Rosenblum, profile picture
Uploaded byDavid Rosenblum
25,519 views

Probability and Uncertainty in Software Engineering (keynote talk at NASAC 2013)

The document presents insights on probability and uncertainty in software engineering, emphasizing the limitations of traditional binary characterizations (correct/incorrect) and the necessity for probabilistic methods. It discusses various forms of uncertainty, including nondeterminism and empirical risk, and introduces probabilistic model checking as a tool for addressing such challenges. The conclusion highlights the need for a probabilistic mindset in software engineering to tackle inherent uncertainties.

Embed presentation

NASAC 2013,Tianjin, 9 November 2013 Probability and Uncertainty in Software Engineering David S. Rosenblum! Dean, School of Computing! National University of Singapore
NASAC 2013,Tianjin, 9 November 2013 Software Engineering
 at NUS Hugh
 Anderson Chin
 Wei Ngan Dong
 Jin Song Aquinas
 Hobor Joxan! Jaffar Stan
 Jarzabek Khoo
 Siau Cheng Damith
 Rajapakse David! Rosenblum Abhik
 Roychoudhury Bimlesh
 Wadhwa Yap
 Hock Chuan,
 Roland
NASAC 2013,Tianjin, 9 November 2013 Certainty in
 Software Engineering Engineering of software is centered around simplistic,“yes/no” characterizations of artifacts
NASAC 2013,Tianjin, 9 November 2013 Certainty in
 Software Engineering Engineering of software is centered around simplistic,“yes/no” characterizations of artifacts Program is correct/incorrect Program execution finished/crashed Compilation completed/aborted Test suite succeeded/failed Specification is satisfied/violated
NASAC 2013,Tianjin, 9 November 2013 Example! Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements
NASAC 2013,Tianjin, 9 November 2013 Example! Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements
NASAC 2013,Tianjin, 9 November 2013 Uncertainty in
 Software Engineering ✓Nondeterminism ✓Randomized Algorithms ✓“Good Enough Software” ✓Test Coverage Metrics
NASAC 2013,Tianjin, 9 November 2013 Uncertainty in
 Software Engineering ✓Nondeterminism ✓Randomized Algorithms ✓“Good Enough Software” ✓Test Coverage Metrics Probabilistic Modeling and Analysis
NASAC 2013,Tianjin, 9 November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P≥0.95 [ ] 0.4 0.6 Probabilistic Probabilistic
NASAC 2013,Tianjin, 9 November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P=? [ ] 0.4 0.6 Quantitative Results 0.9732Probabilistic Probabilistic
NASAC 2013,Tianjin, 9 November 2013 Example
 Die Tossing Simulated by Coin Flipping Knuth-Yao algorithm,
 from the PRISM group
 (Kwiatkowska et al.) 0 3 2 1 6 4 5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5
NASAC 2013,Tianjin, 9 November 2013 Example
 Die Tossing Simulated by Coin Flipping Knuth-Yao algorithm,
 from the PRISM group
 (Kwiatkowska et al.) The behavior is governed by a! theoretical probability distribution 0 3 2 1 6 4 5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5
NASAC 2013,Tianjin, 9 November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P≥0.95 [ ] 0.4 0.6 Quantitative Results 0.9732Probabilistic Probabilistic
NASAC 2013,Tianjin, 9 November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P≥0.95 [ ] Quantitative Results Probabilistic Probabilistic 0.41 0.59 0.6211
NASAC 2013,Tianjin, 9 November 2013 Example! Zeroconf Protocol s1s0 s2 s3 q 1 1 {ok} {error} {start} s4 s5 s6 s7 s8 1 1-q 1-p 1-p 1-p 1-p p p p p 1 from the PRISM group
 (Kwiatkowska et al.)
NASAC 2013,Tianjin, 9 November 2013 Example! Zeroconf Protocol s1s0 s2 s3 q 1 1 {ok} {error} {start} s4 s5 s6 s7 s8 1 1-q 1-p 1-p 1-p 1-p p p p p 1 The behavior is governed by an! empirically estimated probability distribution from the PRISM group
 (Kwiatkowska et al.) packet-loss rate
NASAC 2013,Tianjin, 9 November 2013 Perturbed Probabilistic Systems! (Current Research) • Starting Points! ✓Discrete-Time Markov Chains (DTMCs)! ✓… with one or more probability parameters! ✓… verified against reachability properties: S? ∪ S! Guoxin Su and David S. Rosenblum,
 “Asymptotic Bounds for QuantitativeVerification of Perturbed Probabilistic Systems”,
 Proc. ICFEM 2013
NASAC 2013,Tianjin, 9 November 2013 Parametric
 Markov Chains • A distribution parameter in a DTMC is represented as a vector x of parameters xi! • The norm of total variance represents the amount of perturbation:! ! • The parameter is allowed a “sufficiently small” perturbation with respect to ideal reference values r:! ! • Can generalize to multiple parameters v = vi∑ x − r ≤ Δ
NASAC 2013,Tianjin, 9 November 2013 Perturbation Bounds • Perturbation Function! ! where A is the transition probability sub-matrix for S? and b is the vector of one-step probabilities from S? to S! ! • Condition Numbers! ! ρ x( )= ι? i A x i i b x( )− Ai i b( )( )i=0 ∞ ∑ κ = lim δ→0 sup ρ(x − r) δ : x − r ≤ δ,δ > 0 ⎧ ⎨ ⎩ ⎫ ⎬ ⎭
NASAC 2013,Tianjin, 9 November 2013 Results! Noisy Zeroconf (35000 Hosts, PRISM) p Actual Collision Probability Predicted Collision Probability 0.095 -19.8% -21.5% 0.096 -16.9% -17.2% 0.097 -12.3% -12.9% 0.098 -8.33% -8.61% 0.099 -4.23% -4.30% 0.100 1.8567 — 0.101 +4.38% +4.30% 0.102 +8.91% +8.61% 0.103 +13.6% +12.9% 0.104 +18.4% +17.2% 0.105 +23.4% +21.5%
NASAC 2013,Tianjin, 9 November 2013 Additional Aspects • Models ✓Markov Decision Processes (MDPs)! ✓Continuous-Time Markov Chains (CMTCs) • Verification ✓LTL Model Checking! using Deterministic Rabin Automata! ✓PCTL Model Checking! with singular perturbations due to nested P[ ] operators! ✓Reward Properties! ✓Alternative Norms and Bounds! Kullback-Leibler Divergence, Quadratic Bounds
NASAC 2013,Tianjin, 9 November 2013 Other Forms of Uncertainty “There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say, we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know.”! ! — Donald Rumsfeld
NASAC 2013,Tianjin, 9 November 2013 Uncertainty in Testing! (New Research) 1982: Weyuker: Non-Testable Programs! - Impossible/too costly to efficiently check results! - Example: mathematical software! 2010: Garlan: Intrinsic Uncertainty! - Systems embody intrinsic uncertainty/imprecision! - Cannot easily distinguish bugs from “features”! - Example: ubiquitous computing
NASAC 2013,Tianjin, 9 November 2013 Example! Google Latitude ~ 500m ~ 50m ~ 2m
NASAC 2013,Tianjin, 9 November 2013 Example! Google Latitude When is an
 incorrect location! a bug, and when
 is it a “feature”? ~ 500m ~ 50m ~ 2m
NASAC 2013,Tianjin, 9 November 2013 Example! Google Latitude When is an
 incorrect location! a bug, and when
 is it a “feature”? And how do! you know? ~ 500m ~ 50m ~ 2m
NASAC 2013,Tianjin, 9 November 2013 Example! Affective Computing
NASAC 2013,Tianjin, 9 November 2013 Example! Affective Computing When is an! incorrect! classification a bug,! and when is it a! “feature”?
NASAC 2013,Tianjin, 9 November 2013 Example! Affective Computing When is an! incorrect! classification a bug,! and when is it a! “feature”? And how do! you know?
NASAC 2013,Tianjin, 9 November 2013 Sources of
 Uncertainty ✓Output: results, characteristics of results! ✓Sensors: redundancy, reliability, resolution! ✓Context: sensing, inferring, fusing! ✓Machine learning: imprecision, user training
NASAC 2013,Tianjin, 9 November 2013 Sources of
 Uncertainty ✓Output: results, characteristics of results! ✓Sensors: redundancy, reliability, resolution! ✓Context: sensing, inferring, fusing! ✓Machine learning: imprecision, user training These create significant challenges for
 software engineering research and practice!
NASAC 2013,Tianjin, 9 November 2013 Conclusion ✓Software engineering (certainly) suffers from excessive certainty! ✓A probabilistic mindset offers greater insight! ✓But significant challenges remain for probabilistic verification! ✓And other forms of uncertainty are equally challenging to address
NASAC 2013,Tianjin, 9 November 2013 Probability and Uncertainty in Software Engineering David S. Rosenblum! Dean, School of Computing! National University of Singapore ThankYou!

More Related Content

PDF
The Challenges of Probabilistic Thinking (keynote talk at ICFEM 2017)
byDavid Rosenblum
 
PDF
The Power of Probabilistic Thinking (keynote talk at ASE 2016)
byDavid Rosenblum
 
PDF
Jogging While Driving, and Other Software Engineering Research Problems (invi...
byDavid Rosenblum
 
PDF
Felicitous Computing (invited Talk for UC Irvine ISR Distinguished Speaker Se...
byDavid Rosenblum
 
KEY
High-Confidence Ubiquitous Computing Systems (invited talk at ISHCS 2011)
byDavid Rosenblum
 
KEY
Applications and Abstractions: A Cautionary Tale (invited talk at a DIMACS Wo...
byDavid Rosenblum
 
PDF
Whither Software Engineering Research? (keynote talk at APSEC 2012)
byDavid Rosenblum
 
PDF
Career Management (invited talk at ICSE 2014 NFRS)
byDavid Rosenblum
 
The Challenges of Probabilistic Thinking (keynote talk at ICFEM 2017)
byDavid Rosenblum
 
The Power of Probabilistic Thinking (keynote talk at ASE 2016)
byDavid Rosenblum
 
Jogging While Driving, and Other Software Engineering Research Problems (invi...
byDavid Rosenblum
 
Felicitous Computing (invited Talk for UC Irvine ISR Distinguished Speaker Se...
byDavid Rosenblum
 
High-Confidence Ubiquitous Computing Systems (invited talk at ISHCS 2011)
byDavid Rosenblum
 
Applications and Abstractions: A Cautionary Tale (invited talk at a DIMACS Wo...
byDavid Rosenblum
 
Whither Software Engineering Research? (keynote talk at APSEC 2012)
byDavid Rosenblum
 
Career Management (invited talk at ICSE 2014 NFRS)
byDavid Rosenblum
 

Similar to Probability and Uncertainty in Software Engineering (keynote talk at NASAC 2013)

PDF
Modeling and Evaluating Quality in the Presence of Uncertainty
byAntonio Vallecillo
 
PPTX
Three Laws of Trusted Data Sharing: (Building a Better Business Case for Dat...
byCS, NcState
 
PPTX
Security Data Quality Challenges
byCREST
 
PPTX
'A critique of testing' UK TMF forum January 2015
byGeorgina Tilby
 
PDF
[Keynote @ RAID'24] How to solve cybersecurity once and for all
bymboehme
 
PDF
DATI, AI E ROBOTICA @POLITO
byMarcoMellia
 
PDF
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
byBarbara Russo
 
PPT
Nii shonan-meeting-gsrm-20141021 - コピー
byHironori Washizaki
 
PDF
Laser 3-incremental
byCarlo Ghezzi
 
PDF
Belief Uncertainty in Software Models
byAntonio Vallecillo
 
PDF
The Value of Requirements Uncertainty, Louvain-la-Neuve, October 2013
byEmmanuel Letier
 
PPTX
RTS fault tolerance, Reliability evaluation
by4132lenin6497ram
 
PPTX
real time systems fault tolerance, Redundancy
by4132lenin6497ram
 
PPTX
Explicating and Reasoning with Model Uncertainty by Marsha Chechik (ECMFA'14 ...
byJordi Cabot
 
ODP
Complexity of planning and games with partial information
byOlivier Teytaud
 
PPTX
AIw08.pptx
byNguyễn Tiến
 
PPTX
System modeling using ERG and Petri Nets
byNavneet Bhushan
 
PDF
ICSE '22 Presentaion_Sherry.pdf
byXueqiYang
 
PDF
Ai notes 2 for btech.pdf useful for btech students
byaksayush2005
 
PDF
Antifragility = Elasticity + Resilience + Machine Learning. Models and Algori...
byVincenzo De Florio
 
Modeling and Evaluating Quality in the Presence of Uncertainty
byAntonio Vallecillo
 
Three Laws of Trusted Data Sharing: (Building a Better Business Case for Dat...
byCS, NcState
 
Security Data Quality Challenges
byCREST
 
'A critique of testing' UK TMF forum January 2015
byGeorgina Tilby
 
[Keynote @ RAID'24] How to solve cybersecurity once and for all
bymboehme
 
DATI, AI E ROBOTICA @POLITO
byMarcoMellia
 
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
byBarbara Russo
 
Nii shonan-meeting-gsrm-20141021 - コピー
byHironori Washizaki
 
Laser 3-incremental
byCarlo Ghezzi
 
Belief Uncertainty in Software Models
byAntonio Vallecillo
 
The Value of Requirements Uncertainty, Louvain-la-Neuve, October 2013
byEmmanuel Letier
 
RTS fault tolerance, Reliability evaluation
by4132lenin6497ram
 
real time systems fault tolerance, Redundancy
by4132lenin6497ram
 
Explicating and Reasoning with Model Uncertainty by Marsha Chechik (ECMFA'14 ...
byJordi Cabot
 
Complexity of planning and games with partial information
byOlivier Teytaud
 
AIw08.pptx
byNguyễn Tiến
 
System modeling using ERG and Petri Nets
byNavneet Bhushan
 
ICSE '22 Presentaion_Sherry.pdf
byXueqiYang
 
Ai notes 2 for btech.pdf useful for btech students
byaksayush2005
 
Antifragility = Elasticity + Resilience + Machine Learning. Models and Algori...
byVincenzo De Florio
 

More from David Rosenblum

PDF
Known Unknowns: Testing in the Presence of Uncertainty (talk at ACM SIGSOFT F...
byDavid Rosenblum
 
PPT
SIGSOFT Impact Award: Reflections and Prospects (invited talk at SIGSOFT FSE ...
byDavid Rosenblum
 
PPT
Content-Based Publish/Subscribe: A Re-Assessment (keynote talk at DOA 2005)
byDavid Rosenblum
 
PPT
Scalability in Software Systems Engineering: The Good, the Bad, and the Ugly ...
byDavid Rosenblum
 
PPT
Some Open Problems in Publish/Subscribe Networking (keynote talk at DEBS 2003)
byDavid Rosenblum
 
PPT
Assertions a Decade Later (invited talk at ICSE 2002)
byDavid Rosenblum
 
PPT
Scalability: What It Is and How to Analyze It (keynote talk at SBES 2007)
byDavid Rosenblum
 
PPT
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
byDavid Rosenblum
 
Known Unknowns: Testing in the Presence of Uncertainty (talk at ACM SIGSOFT F...
byDavid Rosenblum
 
SIGSOFT Impact Award: Reflections and Prospects (invited talk at SIGSOFT FSE ...
byDavid Rosenblum
 
Content-Based Publish/Subscribe: A Re-Assessment (keynote talk at DOA 2005)
byDavid Rosenblum
 
Scalability in Software Systems Engineering: The Good, the Bad, and the Ugly ...
byDavid Rosenblum
 
Some Open Problems in Publish/Subscribe Networking (keynote talk at DEBS 2003)
byDavid Rosenblum
 
Assertions a Decade Later (invited talk at ICSE 2002)
byDavid Rosenblum
 
Scalability: What It Is and How to Analyze It (keynote talk at SBES 2007)
byDavid Rosenblum
 
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
byDavid Rosenblum
 

Recently uploaded

PDF
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
How to Prepare for the RWA Tokenization Trend
byrose mason
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
How to Prepare for the RWA Tokenization Trend
byrose mason
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
final.pdf
byomarbishtawi04
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 

Probability and Uncertainty in Software Engineering (keynote talk at NASAC 2013)

  • 1.
    NASAC 2013,Tianjin, 9November 2013 Probability and Uncertainty in Software Engineering David S. Rosenblum! Dean, School of Computing! National University of Singapore
  • 2.
    NASAC 2013,Tianjin, 9November 2013 Software Engineering
 at NUS Hugh
 Anderson Chin
 Wei Ngan Dong
 Jin Song Aquinas
 Hobor Joxan! Jaffar Stan
 Jarzabek Khoo
 Siau Cheng Damith
 Rajapakse David! Rosenblum Abhik
 Roychoudhury Bimlesh
 Wadhwa Yap
 Hock Chuan,
 Roland
  • 3.
    NASAC 2013,Tianjin, 9November 2013 Certainty in
 Software Engineering Engineering of software is centered around simplistic,“yes/no” characterizations of artifacts
  • 4.
    NASAC 2013,Tianjin, 9November 2013 Certainty in
 Software Engineering Engineering of software is centered around simplistic,“yes/no” characterizations of artifacts Program is correct/incorrect Program execution finished/crashed Compilation completed/aborted Test suite succeeded/failed Specification is satisfied/violated
  • 5.
    NASAC 2013,Tianjin, 9November 2013 Example! Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements
  • 6.
    NASAC 2013,Tianjin, 9November 2013 Example! Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements
  • 7.
    NASAC 2013,Tianjin, 9November 2013 Uncertainty in
 Software Engineering ✓Nondeterminism ✓Randomized Algorithms ✓“Good Enough Software” ✓Test Coverage Metrics
  • 8.
    NASAC 2013,Tianjin, 9November 2013 Uncertainty in
 Software Engineering ✓Nondeterminism ✓Randomized Algorithms ✓“Good Enough Software” ✓Test Coverage Metrics Probabilistic Modeling and Analysis
  • 9.
    NASAC 2013,Tianjin, 9November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P≥0.95 [ ] 0.4 0.6 Probabilistic Probabilistic
  • 10.
    NASAC 2013,Tianjin, 9November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P=? [ ] 0.4 0.6 Quantitative Results 0.9732Probabilistic Probabilistic
  • 11.
    NASAC 2013,Tianjin, 9November 2013 Example
 Die Tossing Simulated by Coin Flipping Knuth-Yao algorithm,
 from the PRISM group
 (Kwiatkowska et al.) 0 3 2 1 6 4 5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5
  • 12.
    NASAC 2013,Tianjin, 9November 2013 Example
 Die Tossing Simulated by Coin Flipping Knuth-Yao algorithm,
 from the PRISM group
 (Kwiatkowska et al.) The behavior is governed by a! theoretical probability distribution 0 3 2 1 6 4 5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5
  • 13.
    NASAC 2013,Tianjin, 9November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✓ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P≥0.95 [ ] 0.4 0.6 Quantitative Results 0.9732Probabilistic Probabilistic
  • 14.
    NASAC 2013,Tianjin, 9November 2013 Probabilistic
 Model Checking ! ¬p → ◊q( )∧"( ) Model Checker ✕ State Machine! Model Temporal
 Property Results Counterexample! Trace System Requirements P≥0.95 [ ] Quantitative Results Probabilistic Probabilistic 0.41 0.59 0.6211
  • 15.
    NASAC 2013,Tianjin, 9November 2013 Example! Zeroconf Protocol s1s0 s2 s3 q 1 1 {ok} {error} {start} s4 s5 s6 s7 s8 1 1-q 1-p 1-p 1-p 1-p p p p p 1 from the PRISM group
 (Kwiatkowska et al.)
  • 16.
    NASAC 2013,Tianjin, 9November 2013 Example! Zeroconf Protocol s1s0 s2 s3 q 1 1 {ok} {error} {start} s4 s5 s6 s7 s8 1 1-q 1-p 1-p 1-p 1-p p p p p 1 The behavior is governed by an! empirically estimated probability distribution from the PRISM group
 (Kwiatkowska et al.) packet-loss rate
  • 17.
    NASAC 2013,Tianjin, 9November 2013 Perturbed Probabilistic Systems! (Current Research) • Starting Points! ✓Discrete-Time Markov Chains (DTMCs)! ✓… with one or more probability parameters! ✓… verified against reachability properties: S? ∪ S! Guoxin Su and David S. Rosenblum,
 “Asymptotic Bounds for QuantitativeVerification of Perturbed Probabilistic Systems”,
 Proc. ICFEM 2013
  • 18.
    NASAC 2013,Tianjin, 9November 2013 Parametric
 Markov Chains • A distribution parameter in a DTMC is represented as a vector x of parameters xi! • The norm of total variance represents the amount of perturbation:! ! • The parameter is allowed a “sufficiently small” perturbation with respect to ideal reference values r:! ! • Can generalize to multiple parameters v = vi∑ x − r ≤ Δ
  • 19.
    NASAC 2013,Tianjin, 9November 2013 Perturbation Bounds • Perturbation Function! ! where A is the transition probability sub-matrix for S? and b is the vector of one-step probabilities from S? to S! ! • Condition Numbers! ! ρ x( )= ι? i A x i i b x( )− Ai i b( )( )i=0 ∞ ∑ κ = lim δ→0 sup ρ(x − r) δ : x − r ≤ δ,δ > 0 ⎧ ⎨ ⎩ ⎫ ⎬ ⎭
  • 20.
    NASAC 2013,Tianjin, 9November 2013 Results! Noisy Zeroconf (35000 Hosts, PRISM) p Actual Collision Probability Predicted Collision Probability 0.095 -19.8% -21.5% 0.096 -16.9% -17.2% 0.097 -12.3% -12.9% 0.098 -8.33% -8.61% 0.099 -4.23% -4.30% 0.100 1.8567 — 0.101 +4.38% +4.30% 0.102 +8.91% +8.61% 0.103 +13.6% +12.9% 0.104 +18.4% +17.2% 0.105 +23.4% +21.5%
  • 21.
    NASAC 2013,Tianjin, 9November 2013 Additional Aspects • Models ✓Markov Decision Processes (MDPs)! ✓Continuous-Time Markov Chains (CMTCs) • Verification ✓LTL Model Checking! using Deterministic Rabin Automata! ✓PCTL Model Checking! with singular perturbations due to nested P[ ] operators! ✓Reward Properties! ✓Alternative Norms and Bounds! Kullback-Leibler Divergence, Quadratic Bounds
  • 22.
    NASAC 2013,Tianjin, 9November 2013 Other Forms of Uncertainty “There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say, we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know.”! ! — Donald Rumsfeld
  • 23.
    NASAC 2013,Tianjin, 9November 2013 Uncertainty in Testing! (New Research) 1982: Weyuker: Non-Testable Programs! - Impossible/too costly to efficiently check results! - Example: mathematical software! 2010: Garlan: Intrinsic Uncertainty! - Systems embody intrinsic uncertainty/imprecision! - Cannot easily distinguish bugs from “features”! - Example: ubiquitous computing
  • 24.
    NASAC 2013,Tianjin, 9November 2013 Example! Google Latitude ~ 500m ~ 50m ~ 2m
  • 25.
    NASAC 2013,Tianjin, 9November 2013 Example! Google Latitude When is an
 incorrect location! a bug, and when
 is it a “feature”? ~ 500m ~ 50m ~ 2m
  • 26.
    NASAC 2013,Tianjin, 9November 2013 Example! Google Latitude When is an
 incorrect location! a bug, and when
 is it a “feature”? And how do! you know? ~ 500m ~ 50m ~ 2m
  • 27.
    NASAC 2013,Tianjin, 9November 2013 Example! Affective Computing
  • 28.
    NASAC 2013,Tianjin, 9November 2013 Example! Affective Computing When is an! incorrect! classification a bug,! and when is it a! “feature”?
  • 29.
    NASAC 2013,Tianjin, 9November 2013 Example! Affective Computing When is an! incorrect! classification a bug,! and when is it a! “feature”? And how do! you know?
  • 30.
    NASAC 2013,Tianjin, 9November 2013 Sources of
 Uncertainty ✓Output: results, characteristics of results! ✓Sensors: redundancy, reliability, resolution! ✓Context: sensing, inferring, fusing! ✓Machine learning: imprecision, user training
  • 31.
    NASAC 2013,Tianjin, 9November 2013 Sources of
 Uncertainty ✓Output: results, characteristics of results! ✓Sensors: redundancy, reliability, resolution! ✓Context: sensing, inferring, fusing! ✓Machine learning: imprecision, user training These create significant challenges for
 software engineering research and practice!
  • 32.
    NASAC 2013,Tianjin, 9November 2013 Conclusion ✓Software engineering (certainly) suffers from excessive certainty! ✓A probabilistic mindset offers greater insight! ✓But significant challenges remain for probabilistic verification! ✓And other forms of uncertainty are equally challenging to address
  • 33.
    NASAC 2013,Tianjin, 9November 2013 Probability and Uncertainty in Software Engineering David S. Rosenblum! Dean, School of Computing! National University of Singapore ThankYou!