A Survey of Statistical Model Checking

Interactive, distributed, and embedded systems often behave stochastically, for example, when inputs, message delays, or failures conform to a probability distribution. However, reasoning analytically about the behavior of complex stochastic systems is generally infeasible. While simulations of systems are commonly used in engineering practice, they have not traditionally been used to reason about formal specifications. Statistical model checking (SMC) addresses this weakness by using a simulation-based approach to reason about precise properties specified in a stochastic temporal logic. A specification for a communication system may state that within some time bound, the probability that the number of messages in a queue will be greater than 5 must be less than 0.01. Using SMC, executions of a stochastic system are first sampled, after which statistical techniques are applied to determine whether such a property holds. While the output of sample-based methods are not always correct, statistical inference can quantify the confidence in the result produced. In effect, SMC provides a more widely applicable and scalable alternative to analysis of properties of stochastic systems using numerical and symbolic methods. SMC techniques have been successfully applied to analyze systems with large state spaces in areas such as computer networking, security, and systems biology. In this article, we survey SMC algorithms, techniques, and tools, while emphasizing current limitations and tradeoffs between precision and scalability.

[1]  Kim G. Larsen,et al.  UPPAAL-SMC: Statistical Model Checking for Priced Timed Automata , 2012, QAPL.

[2]  Joost-Pieter Katoen,et al.  On the use of model checking techniques for dependability evaluation , 2000, Proceedings 19th IEEE Symposium on Reliable Distributed Systems SRDS-2000.

[3]  Robert K. Brayton,et al.  Verifying Continuous Time Markov Chains , 1996, CAV.

[4]  Michele Loreti,et al.  Simulation and Analysis of Distributed Systems in Klaim , 2010, COORDINATION.

[5]  João Leite,et al.  Statistical Model Checking for Distributed Probabilistic-Control Hybrid Automata with Smart Grid Applications , 2011, ICFEM.

[6]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[7]  Axel Legay,et al.  Scalable Verification of Markov Decision Processes , 2013, SEFM Workshops.

[8]  Axel Legay,et al.  PLASMA-lab: A Flexible, Distributable Statistical Model Checking Library , 2013, QEST.

[9]  Håkan L. S. Younes,et al.  Statistical probabilistic model checking with a focus on time-bounded properties , 2006, Inf. Comput..

[10]  Richard Lassaigne,et al.  Probabilistic verification and approximation , 2008, Ann. Pure Appl. Log..

[11]  Edmund M. Clarke,et al.  Bayesian statistical model checking with application to Stateflow/Simulink verification , 2013, Formal Methods Syst. Des..

[12]  Bengt Jonsson,et al.  A logic for reasoning about time and reliability , 1990, Formal Aspects of Computing.

[13]  Indranil Gupta,et al.  Quantitative Analysis of Consistency in NoSQL Key-Value Stores , 2015, Leibniz Trans. Embed. Syst..

[14]  Holger Hermanns,et al.  MODEST: A Compositional Modeling Formalism for Hard and Softly Timed Systems , 2006, IEEE Transactions on Software Engineering.

[15]  Mahesh Viswanathan,et al.  Model-Checking Markov Chains in the Presence of Uncertainties , 2006, TACAS.

[16]  Marco Beccuti,et al.  Efficient simulation of Stochastic Well-Formed Nets through symmetry exploitation , 2012, Proceedings Title: Proceedings of the 2012 Winter Simulation Conference (WSC).

[17]  Joost-Pieter Katoen,et al.  How Fast and Fat Is Your Probabilistic Model Checker? An Experimental Performance Comparison , 2007, Haifa Verification Conference.

[18]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[19]  R. Khan,et al.  Sequential Tests of Statistical Hypotheses. , 1972 .

[20]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[21]  Edmund M. Clarke,et al.  Statistical Model Checking for Markov Decision Processes , 2012, 2012 Ninth International Conference on Quantitative Evaluation of Systems.

[22]  Sriram Sankaranarayanan,et al.  Simulating Insulin Infusion Pump Risks by In-Silico Modeling of the Insulin-Glucose Regulatory System , 2012, CMSB.

[23]  Kim G. Larsen,et al.  A Model-Based Framework for the Specification and Analysis of Hierarchical Scheduling Systems , 2016, FMICS-AVoCS.

[24]  BeccutiMarco,et al.  The GreatSPN tool , 2009 .

[25]  Gul Agha,et al.  Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories , 2005 .

[26]  Håkan L. S. Younes,et al.  Statistical Verification of Probabilistic Properties with Unbounded Until , 2010, SBMF.

[27]  Axel Legay,et al.  A Logic for the Statistical Model Checking of Dynamic Software Architectures , 2016, ISoLA.

[28]  Gul A. Agha,et al.  Performance evaluation of sensor networks by statistical modeling and euclidean model checking , 2013, TOSN.

[29]  Cyrille Jégourel,et al.  Command-based importance sampling for statistical model checking , 2016, Theor. Comput. Sci..

[30]  Oded Maler,et al.  Some Thoughts on Runtime Verification , 2016, RV.

[31]  Cyrille Jégourel,et al.  Feedback Control for Statistical Model Checking of Cyber-Physical Systems , 2016, ISoLA.

[32]  Kim G. Larsen,et al.  Quantified Dynamic Metric Temporal Logic for Dynamic Networks of Stochastic Hybrid Automata , 2014, 2014 14th International Conference on Application of Concurrency to System Design.

[33]  José Meseguer,et al.  Specification and Analysis of Distributed Object-Based Stochastic Hybrid Systems , 2006, HSCC.

[34]  D. J. White,et al.  A Survey of Applications of Markov Decision Processes , 1993 .

[35]  J. Mount Importance Sampling , 2005 .

[36]  Thomas Hérault,et al.  APMC 3.0: Approximate Verification of Discrete and Continuous Time Markov Chains , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[37]  Paolo Ballarini,et al.  HASL: A new approach for performance evaluation and model checking from concepts to experimentation , 2015, Perform. Evaluation.

[38]  T. Lai SEQUENTIAL ANALYSIS: SOME CLASSICAL PROBLEMS AND NEW CHALLENGES , 2001 .

[39]  Håkan L. S. Younes Probabilistic Verification for "Black-Box" Systems , 2005, CAV.

[40]  D. Lindley The choice of sample size , 1997 .

[41]  Serge Haddad,et al.  Coupling and Importance Sampling for Statistical Model Checking , 2012, TACAS.

[42]  Stefano Ermon,et al.  Importance Sampling over Sets: A New Probabilistic Inference Scheme , 2015, UAI.

[43]  Mahesh Viswanathan,et al.  Statistical model checking for unbounded until formulas , 2015, International Journal on Software Tools for Technology Transfer.

[44]  Cyrille Jégourel,et al.  Statistical model checking QoS properties of systems with SBIP , 2012, International Journal on Software Tools for Technology Transfer.

[45]  Håkan L. S. Younes,et al.  Numerical vs. statistical probabilistic model checking , 2006, International Journal on Software Tools for Technology Transfer.

[46]  Paolo Zuliani,et al.  Statistical model checking for biological applications , 2014, International Journal on Software Tools for Technology Transfer.

[47]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[48]  José Meseguer,et al.  PMaude: Rewrite-based Specification Language for Probabilistic Object Systems , 2006, QAPL.

[49]  Kim G. Larsen,et al.  Statistical Model Checking for Networks of Priced Timed Automata , 2011, FORMATS.

[50]  Souheib Baarir,et al.  The GreatSPN tool: recent enhancements , 2009, PERV.

[51]  Ashish Tiwari,et al.  ARES: Adaptive Receding-Horizon Synthesis of Optimal Plans , 2016, TACAS.

[52]  Christel Baier,et al.  Model-Checking Algorithms for Continuous-Time Markov Chains , 2002, IEEE Trans. Software Eng..

[53]  Raj Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[54]  Thomas Hérault,et al.  Probabilistic Model Checking of the CSMA/CD Protocol Using PRISM and APMC , 2005, AVoCS.

[55]  Robert K. Brayton,et al.  Model-checking continuous-time Markov chains , 2000, TOCL.

[56]  Mahesh Viswanathan,et al.  Reasoning about MDPs as Transformers of Probability Distributions , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[57]  Sagar Chaki,et al.  Statistical Model Checking of Distributed Adaptive Real-Time Software , 2015, RV.

[58]  Holger Hermanns,et al.  Simulation and Statistical Model Checking for Modestly Nondeterministic Models , 2012, MMB/DFT.

[59]  Stefano Sebastio,et al.  MultiVeStA: statistical model checking for discrete event simulators , 2013, VALUETOOLS.

[60]  Holger Hermanns,et al.  Partial Order Methods for Statistical Model Checking and Simulation , 2011, FMOODS/FORTE.

[61]  Axel Legay,et al.  A Bayesian Approach to Model Checking Biological Systems , 2009, CMSB.

[62]  Johannes Hölzl,et al.  Verifying pCTL Model Checking , 2012, TACAS.

[63]  Håkan L. S. Younes,et al.  Probabilistic Verification of Discrete Event Systems Using Acceptance Sampling , 2002, CAV.

[64]  Thomas A. Henzinger,et al.  Faster Statistical Model Checking for Unbounded Temporal Properties , 2016, TACAS.

[65]  M. Siegle,et al.  Multi Terminal Binary Decision Diagrams to Represent and Analyse Continuous Time Markov Chains , 1999 .

[66]  Håkan L. S. Younes Error Control for Probabilistic Model Checking , 2006, VMCAI.

[67]  Gul A. Agha Euclidean Model Checking: A Scalable Method for Verifying Quantitative Properties in Probabilistic Systems , 2013, CAI.

[68]  Boudewijn R. Haverkort,et al.  Rare Event Simulation for Highly Dependable Systems with Fast Repairs , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[69]  Patricia Bouyer,et al.  Improved undecidability results on weighted timed automata , 2006, Inf. Process. Lett..

[70]  Richard Lassaigne,et al.  Approximate Verification of Probabilistic Systems , 2002, PAPM-PROBMIV.

[71]  Håkan L. S. Younes Ymer: A Statistical Model Checker , 2005, CAV.

[72]  Samik Basu,et al.  Approximate Model Checking of PCTL Involving Unbounded Path Properties , 2009, ICFEM.

[73]  P. Corey,et al.  An Introduction to Evidential Sample Size Calculations , 2007 .

[74]  Axel Legay,et al.  Smart sampling for lightweight verification of Markov decision processes , 2014, International Journal on Software Tools for Technology Transfer.

[75]  Kim G. Larsen,et al.  Time for Statistical Model Checking of Real-Time Systems , 2011, CAV.

[76]  Sumit Kumar Jha,et al.  Exploring behaviors of stochastic differential equation models of biological systems using change of measures , 2012, BMC Bioinformatics.

[77]  Axel Legay,et al.  Rare Events for Statistical Model Checking an Overview , 2016, RP.

[78]  Philip S. Thomas,et al.  Importance Sampling with Unequal Support , 2016, AAAI.

[79]  A. G. Phatak,et al.  Estimation of the Fraction Defective in Curtailed Sampling Plans by Attributes , 1967 .

[80]  Joost-Pieter Katoen,et al.  Approximate Model Checking of Stochastic Hybrid Systems , 2010, Eur. J. Control.

[81]  M. Basseville,et al.  Sequential Analysis: Hypothesis Testing and Changepoint Detection , 2014 .

[82]  K. Popper,et al.  Conjectures and refutations;: The growth of scientific knowledge , 1972 .

[83]  Axel Legay,et al.  An Application of SMC to continuous validation of heterogeneous systems , 2017, EAI Endorsed Trans. Ind. Networks Intell. Syst..

[84]  Richard Lassaigne,et al.  Approximate planning and verification for large Markov decision processes , 2012, SAC '12.

[85]  Nihal Pekergin,et al.  Statistical Model Checking Using Perfect Simulation , 2009, ATVA.

[86]  Edmund M. Clarke,et al.  Statistical Model Checking for Cyber-Physical Systems , 2011, ATVA.

[87]  Gul A. Agha,et al.  Verifying the Evolution of Probability Distributions Governed by a DTMC , 2011, IEEE Transactions on Software Engineering.

[88]  Adelinde M. Uhrmacher,et al.  Towards semantic model composition via experiments , 2014, SIGSIM PADS '14.

[89]  Radu Grosu,et al.  Monte Carlo Model Checking , 2005, TACAS.

[90]  Kim G. Larsen,et al.  Bisimulation through Probabilistic Testing , 1991, Inf. Comput..

[91]  Cyrille Jégourel,et al.  Importance Splitting for Statistical Model Checking Rare Properties , 2013, CAV.

[92]  Mahesh Viswanathan,et al.  Statistical Model Checking of Black-Box Probabilistic Systems , 2004, CAV.

[93]  Axel Legay,et al.  Verification of Interlocking Systems Using Statistical Model Checking , 2016, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[94]  Axel Legay,et al.  Statistical Model Checking with Change Detection , 2016, LNCS Trans. Found. Mastering Chang..

[95]  H. Robbins,et al.  ON THE ASYMPTOTIC THEORY OF FIXED-WIDTH SEQUENTIAL CONFIDENCE INTERVALS FOR THE MEAN. , 1965 .

[96]  Thomas Hérault,et al.  Cell Assisted APMC , 2008, 2008 Fifth International Conference on Quantitative Evaluation of Systems.

[97]  Martin Schwarick,et al.  A comparative study of stochastic analysis techniques , 2010, CMSB '10.

[98]  Kishor S. Trivedi,et al.  Stochastic Petri Net Models of Polling Systems , 1990, IEEE J. Sel. Areas Commun..

[99]  Abraham Wald,et al.  Statistical Decision Functions , 1951 .

[100]  Cyrille Jégourel,et al.  An Effective Heuristic for Adaptive Importance Splitting in Statistical Model Checking , 2014, ISoLA.

[101]  Thomas Hérault,et al.  Evaluating Complex MAC Protocols for Sensor Networks with APMC , 2007, Electron. Notes Theor. Comput. Sci..

[102]  Thomas Hérault,et al.  Approximate Probabilistic Model Checking , 2004, VMCAI.

[103]  Abraham Wald,et al.  Abraham Wald-1902–1950 , 1951 .

[104]  Grigore Rosu,et al.  Synthesizing Monitors for Safety Properties , 2002, TACAS.

[105]  Mahesh Viswanathan,et al.  On Statistical Model Checking of Stochastic Systems , 2005, CAV.

[106]  Kim G. Larsen,et al.  Statistical Model Checking for Stochastic Hybrid Systems , 2012, HSB.

[107]  David Hsu,et al.  Statistical Model Checking Based Calibration and Analysis of Bio-pathway Models , 2013, CMSB.

[108]  Mahesh Viswanathan,et al.  VESTA: A statistical model-checker and analyzer for probabilistic systems , 2005, Second International Conference on the Quantitative Evaluation of Systems (QEST'05).

[109]  K. Popper,et al.  Conjectures and refutations;: The growth of scientific knowledge , 1972 .

[110]  Martin Schwarick,et al.  MARCIE - Model Checking and Reachability Analysis Done EffiCIEntly , 2011, 2011 Eighth International Conference on Quantitative Evaluation of SysTems.

[111]  Koushik Sen,et al.  Efficient decentralized monitoring of safety in distributed systems , 2004, Proceedings. 26th International Conference on Software Engineering.

[112]  Sebastian Junges,et al.  A Review of Statistical Model Checking Pitfalls on Real-Time Stochastic Models , 2014, ISoLA.

[113]  David Bruce Wilson,et al.  Exact sampling with coupled Markov chains and applications to statistical mechanics , 1996, Random Struct. Algorithms.

[114]  C. Adcock Sample size determination : a review , 1997 .

[115]  José Meseguer,et al.  PVeStA: A Parallel Statistical Model Checking and Quantitative Analysis Tool , 2011, CALCO.

[116]  Axel Legay,et al.  Statistical Model Checking in BioLab: Applications to the Automated Analysis of T-Cell Receptor Signaling Pathway , 2008, CMSB.

[117]  F. Cérou,et al.  Adaptive Multilevel Splitting for Rare Event Analysis , 2007 .

[118]  Bruno Tuffin,et al.  Rare events, splitting, and quasi-Monte Carlo , 2007, TOMC.