Probabilistic black-box reachability checking (extended version)

AbstractModel checking has a long-standing tradition in software verification. Given a system design it checks whether desired properties are satisfied. Unlike testing, it cannot be applied in a black-box setting. To overcome this limitation Peled et al.  introduced black-box checking, a combination of testing, model inference and model checking. The technique requires systems to be fully deterministic. For stochastic systems, statistical techniques are available. However, they cannot be applied to systems with non-deterministic choices. We present a black-box checking technique for stochastic systems that allows both, non-deterministic and probabilistic behaviour. It involves model inference, testing and probabilistic model-checking. Here, we consider reachability checking, i.e., we infer near-optimal input-selection strategies for bounded reachability.

[1]  Angelos D. Keromytis,et al.  HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[2]  Kim G. Larsen,et al.  Learning Probabilistic Automata for Model Checking , 2011, 2011 Eighth International Conference on Quantitative Evaluation of SysTems.

[3]  Cees Witteveen,et al.  A Likelihood-Ratio Test for Identifying Probabilistic Deterministic Real-Time Automata from Positive Data , 2010, ICGI.

[4]  Bernhard K. Aichernig,et al.  Model-Based Testing IoT Communication via Active Automata Learning , 2017, 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST).

[5]  Mahesh Viswanathan,et al.  Statistical Model Checking of Black-Box Probabilistic Systems , 2004, CAV.

[6]  Axel Legay,et al.  Scalable Verification of Markov Decision Processes , 2013, SEFM Workshops.

[7]  Axel Legay,et al.  Faster Statistical Model Checking by Means of Abstraction and Learning , 2014, RV.

[8]  Mihalis Yannakakis,et al.  Black Box Checking , 1999 .

[9]  Angelos D. Keromytis,et al.  SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning , 2016, CCS.

[10]  Pedro García,et al.  IDENTIFYING REGULAR LANGUAGES IN POLYNOMIAL TIME , 1993 .

[11]  Kim G. Larsen,et al.  On Time with Minimal Expected Cost! , 2014, ATVA.

[12]  Stavros Tripakis,et al.  Learning Moore machines from input–output traces , 2016, International Journal on Software Tools for Technology Transfer.

[13]  Frits W. Vaandrager,et al.  Combining Model Learning and Model Checking to Analyze TCP Implementations , 2016, CAV.

[14]  Margus Veanes,et al.  Optimal strategies for testing nondeterministic systems , 2004, ISSTA '04.

[15]  Frits W. Vaandrager,et al.  Model learning and model checking of SSH implementations , 2017, SPIN.

[16]  Kim G. Larsen,et al.  Uppaal Stratego , 2015, TACAS.

[17]  Yingke Chen,et al.  Active Learning of Markov Decision Processes for System Verification , 2012, 2012 11th International Conference on Machine Learning and Applications.

[18]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[19]  Krishnendu Chatterjee,et al.  Verification of Markov Decision Processes Using Learning Algorithms , 2014, ATVA.

[20]  Axel Legay,et al.  Smart sampling for lightweight verification of Markov decision processes , 2014, International Journal on Software Tools for Technology Transfer.

[21]  Kim G. Larsen,et al.  Statistical Model Checking: Past, Present, and Future , 2016, ISoLA.

[22]  Marta Z. Kwiatkowska,et al.  Automated Verification Techniques for Probabilistic Systems , 2011, SFM.

[23]  José Oncina,et al.  Learning Stochastic Regular Grammars by Means of a State Merging Method , 1994, ICGI.

[24]  Bernhard K. Aichernig,et al.  Model Learning and Model-Based Testing , 2018, Machine Learning for Dynamic Software Analysis.

[25]  Roland Groz,et al.  Inferring Mealy Machines , 2009, FM.

[26]  Bruno Legeard,et al.  A taxonomy of model‐based testing approaches , 2012, Softw. Test. Verification Reliab..

[27]  Edith Elkind,et al.  Grey-Box Checking , 2006, FORTE.

[28]  Eyal Kushilevitz,et al.  Learning functions represented as multiplicity automata , 2000, JACM.

[29]  Perdita Stevens,et al.  ON TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS , 2006 .

[30]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[31]  Maurice Herlihy,et al.  Fast Randomized Consensus Using Shared Memory , 1990, J. Algorithms.

[32]  David Lee,et al.  Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[33]  M. Okamoto Some inequalities relating to the partial sum of binomial probabilities , 1959 .

[34]  Christel Baier,et al.  Principles of model checking , 2008 .

[35]  Lu Feng,et al.  Learning-Based Compositional Verification for Synchronous Probabilistic Systems , 2011, ATVA.

[36]  Axel Legay,et al.  Statistical Model Checking: An Overview , 2010, RV.

[37]  Håkan L. S. Younes Probabilistic Verification for "Black-Box" Systems , 2005, CAV.

[38]  Ufuk Topcu,et al.  Probably Approximately Correct MDP Learning and Control With Temporal Logic Constraints , 2014, Robotics: Science and Systems.

[39]  Kim G. Larsen,et al.  Learning deterministic probabilistic automata from a model checking perspective , 2016, Machine Learning.

[40]  Tiziana Margaria,et al.  Efficient test-based model generation for legacy reactive systems , 2004, Proceedings. Ninth IEEE International High-Level Design Validation and Test Workshop (IEEE Cat. No.04EX940).

[41]  Bernhard K. Aichernig,et al.  Probabilistic Black-Box Reachability Checking , 2017, RV.

[42]  Alex Groce,et al.  Adaptive Model Checking , 2002, Log. J. IGPL.

[43]  Marta Z. Kwiatkowska,et al.  Automated Verification and Strategy Synthesis for Probabilistic Systems , 2013, ATVA.

[44]  Kim G. Larsen,et al.  Learning Markov Decision Processes for Model Checking , 2012, QFM.

[45]  Colin de la Higuera,et al.  Grammatical Inference: Learning Automata and Grammars , 2010 .

[46]  Jianping Wu,et al.  Formal Methods for Protocol Engineering and Distributed Systems , 1999, IFIP Advances in Information and Communication Technology.

[47]  Joeri de Ruiter,et al.  Protocol State Fuzzing of TLS Implementations , 2015, USENIX Security Symposium.

[48]  Bernhard K. Aichernig,et al.  Learning from Faults: Mutation Testing in Active Automata Learning , 2017, NFM.