SlideShare uma empresa Scribd logo

Laser 1-background

Carlo Ghezzi
Carlo Ghezzi

1) The document discusses models used in software development including functional requirements, non-functional requirements, labeled transition systems (LTS), discrete-time Markov chains (DTMC), and discrete time Markov reward models. 2) Temporal logics like LTL and CTL are discussed for formally specifying properties of models. PCTL is presented as a probabilistic extension of CTL for specifying properties of DTMCs. 3) Quantitative modeling is covered including using DTMCs and discrete time Markov reward models to model aspects like costs, probabilities, and rewards. Formulas of reward-PCTL are provided for quantitatively evaluating properties.

Tecnologia
1 de 37
Baixar para ler offline
Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d’Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Tuesday, September 10, 13
Requirements • Functional requirements refer to services that the • system shall provide Non-functional requirements constrain how such services shall be provided Non-Functional Requirement Quality of Service Compliance Architectural Constraint Development Constraint Accuracy Safety Security Reliability Performance Interface Installation Distribution Cost Deadline Variability Cost ConfidentialityIntegrity Availability Time Space Maintainability User Device Software interaction interaction interoperability Subclass link Usability Convenience van Lamsweerde, Requirements Engineering, J. Wiley & Sons 2009 2 Tuesday, September 10, 13
Models • During software development, software engineers often build abstractions of the system in the form of models •  [noun] A system or thing used as an example to follow or imitate •  a simplified description, esp. a mathematical one, of a system or process, to assist calculations or predictions Oxford American Dictionaries 3 Tuesday, September 10, 13
Why do we use models? • To communicate - - • • They embody a shared lexicon Mathematics makes reasoning formal Through models we can predict properties of the real system before it exists ✓E.g., state, transition To simplify descriptions and help focus, ignoring details that distract from the essence of the problem To reason about the modeled system 4 Tuesday, September 10, 13
What makes a good model? • • A model is good if it carries the right amount of information you need - A model abstracts from details - • • It is at the right level of abstraction Make sure that they are details, not the essence Be aware of the approximations A model serves a purpose - Different models for different purposes (views) Expert judgment always needed!!! 5 Tuesday, September 10, 13
From model(s) to implementation • • • • Model driven development tries to support a development process that goes through correctness-preserving transformations Ideally, once correct models are developed, implementation is correct by construction Reality still far from the ideal world.... However, focus on models and verification important to achieve better quality products 6 Tuesday, September 10, 13
Models • Perhaps the most used (and useful) models are finitestate models given as Labelled Transition Systems of some kind OFF 0 1 ON 7 Tuesday, September 10, 13
Labeled Transition System (Kripke Structure) x ~p k p Transitions represent execution steps y ~p h ~p h State labels represent predicates true in the state z ~p 8 Tuesday, September 10, 13
Definition • An LTS is a tuple ⟨S, I, R, AP, L⟩ where - S is a set of states; I ⊆ S is the set of initial states; R ⊆ S×S is the set of transitions; AP is a set of atomic propositions; L : S → 2AP is a labelling function. A (maximal) path from a state s0 is either a finite sequence of states that ends in a terminal state or an infinite sequence of states - π = s0, s1, s2,... such that (si, si+1) ∈ R, for all i ≥ 0. 9 Tuesday, September 10, 13
An example • • Two process mutual exclusion with shared semaphore Each process has three states - • • Non-critical (N) Trying (T) Critical (C) Semaphore can be available (S0) or taken (S1) Initially both processes are in N and the semaphore is available --- N1 N2 S0 N1 → T1 T1 ∧ S0 → C1 ∧ S1 C1 → N 1 ∧ S0 || N2 → T2 T2 ∧ S0 → C2 ∧ S1 C2 → N 2 ∧ S0 10 Tuesday, September 10, 13
Consider the following model Does a system behaving like this LTS satisfy our expectations in terms of mutual exclusion: Never a state where both C1 and C2 hold can be reached N1N2S0 T1N2S0 N1T2S0 T1T2S0 C1N2S1 C1T2S1 N1C2S1 T1C2S1 11 Tuesday, September 10, 13
How can requirements be specified? • For example, we need to formalize statements like: - • No matter where you are, there is always a way to get to the initial state Temporal logic to formally express properties - In classical logic, formulae are evaluated within a single fixed world ✓For example, a proposition such as “it is raining” must be either true or false ✓Propositions are then combined using operators such as ∧, ¬, etc. - In temporal logic, evaluation takes place within a set of “worlds”, corresponding to time instants ✓“it is raining” may be satisfied in some worlds, but not in others The set of worlds correspond to moments in time 12 Tuesday, September 10, 13
Temporal logic • Linear Time - Every moment has a unique successor Infinite sequences (words) Linear Time Temporal Logic (LTL) • Branching Time - Every moment has several successors Infinite tree Computation Tree Logic (CTL) 13 Tuesday, September 10, 13
LTL: syntax and semantics φ ::= true | a | φ1 ∧ φ2 | ¬φ | oφ | φ1 U φ2 oφ also written Xφ true U φ also written Fφ and also ◊♢φ ¬F¬φ also written Gφ and also oφ An LTL property stands for a property of a path For a state s, a formula φ is satisfied if all paths exiting s satisfy the formula Model checking Given an LTS and a formula, verify that initial states satisfy it 14 Tuesday, September 10, 13
Mutual exclusion Always at least one process is not in the critical section N1N2S0 T1N2S0 N1T2S0 T1T2S0 C1N2S1 C1T2S1 (not C1 N1C2S1 T1C2S1 not C2) 15 Tuesday, September 10, 13
CTL • State formulae: ϕ ::= true | a | ϕ1 ∧ ϕ2 | ¬ϕ | ∃φ | ∀φ • Path formulae: φ ::= o ϕ | ϕ1 U ϕ2 X (o), F (♢) and G (o) can be introduced as for LTL ∃, ∀ often also written as E, A Mutual exclusion in CTL: ∀G(¬C1 ∨ ¬C2) Note: CTL and LTL have incomparable expressiveness 16 Tuesday, September 10, 13
Quantitative modelling • • • LTSs support qualitative modelling Often we need to model quantitative aspects, such as the cost of a certain action or the probability that a certain event occurs Here we review Markov models, an important and useful extension of LTSs 17 Tuesday, September 10, 13
Discrete-time Markov Chains A DTMC is defioned by a tuple (S, s0, P, AP, L) where • • • • • S is a finite set of states s0 ∈ S is the initial state • The modelled process must satisfy the Markov property, i.e., the probability distribution of future states does not depend on past states; the process is memoryless P: S×S→[0;1] is a stochastic matrix AP is a set of atomic propositions L: S→2AP is a labelling function. 18 Tuesday, September 10, 13
An#example# !A simple communication protocol operating with a channel! start S D T L 1 1 delivered 0.9 0.1 try lost S 0 1 0 0 D 0 0 0.9 0 T 1 0 0 1 L 0 0 0.1 0 matrix representation 1 Note: sum of probabilities for transitions leaving a given state equals 1 C. Baier, JP Katoen, “Principles of model checking” MIT Press, 2008 19 Tuesday, September 10, 13
Discrete Time Markov Reward Models • Like a DTMC, plus - • labelling states with a state reward labelling transitions with a transition reward (we just use state rewards) Rewards can be any real-valued, additive, non negative measure; we use non-negative real functions Usage in modelling: rewards represent energy consumption, average execution time, outsourcing costs, pay per use cost, CPU time 20 Tuesday, September 10, 13
Reward DTMC • A R-DTMC is a tuple (S, s0, P, AP, L, µ), where S, s0, P, L are defined as for a DTMC, while µ is defined as follows: - µ : S→R≥0 is a state reward function assigning a non-negative real number to each state ✓... at step 0 the system enters the initial state s0. At step 1, the system gains the reward µ(s0) associated with the state and moves to a new state... 21 Tuesday, September 10, 13
Which model(s) should we use? • Different models provide different viewpoints from which a system can be analyzed • Focus on non-functional properties leads to models where we can deal with uncertainty and specify quantitative aspects • Examples – DTMCs for reliability – CTMCs for performance – Reward DTMCs for energy/cost/performance 22 Tuesday, September 10, 13
Quantitative requirements specification • • • • Specification can be qualitative (“the system shall do ...”) or quantitative (“average response time shall be less than xxx”) LTL, CTL temporal logic are typical examples of qualitative specification languages Non-functional requirements ask for quantitative specification Quantitative specs then require quantitative verification 23 Tuesday, September 10, 13
PCTL • • • • Probabilistic extension of CTL In a state, instead of existential and universal quantifiers over paths we can predicate on the probability for the set of paths (leaving the state) that satisfy property In addition, path formulas also include step-bounded until ϕ1 U≤k ϕ2 ::= ::= • | | | | |¬ |P An example of a reachability property - P>0.8 [◊(system state = success)] ( ) 1 absorbing state 24 Tuesday, September 10, 13
R-PCTL • Reward-Probabilistic CTL for R-DTMC | ::= | ::= ::= R ( = ) = | | | |¬ |P ( ) |R ( ) | R ( ) R ( ) 25 Tuesday, September 10, 13
Example R ( = ) Expected state reward to be gained in the state entered at step k along the paths originating in the given state “The expected cost gained after exactly 10 time steps is less than 5” R< ( = ) 26 Tuesday, September 10, 13
Example R ( ) T Expected cumulated reward within k time steps ext Text “The expected energy consumption within the first 50 time units of operation is less than 6 kwh” R< ( ) 27 Tuesday, September 10, 13
Example R ( ) Expected cumulated reward until a state satisfying is reached Text Text “The average execution time until a user session is complete is lower than 150 s” R< ( ) 28 Tuesday, September 10, 13
A bit of theory • Probability for a finite path ⇡ = s0 , s1 , s2 , . . . to be Q|⇡| 2 traversed is 1 if |⇡| = 1 otherwise k=0 P (sk , sk+1 ) • A state sj is reachable from state si if a finite path exists leading to sj from si • The probability of moving from si to sj in exactly 2 steps P pix · pxj which is the entry (i, j) of P 2 is sx 2S • The probability of moving from si to sj in exactly k steps is the entry (i, j) of P k 29 Tuesday, September 10, 13
A bit of theory • A state is recurrent if the probability that it will be eventually visited again after being reached is 1; it is otherwise transient (a non-zero probability that it will never be visited again) • A recurrent state sk where pk,k = 1 is called absorbing • Here we assume DTMCs to be well-formed, i.e. - every recurrent state is absorbing - all states are reachable from initial state - from every transient state it is possible to reach an absorbing state 30 Tuesday, September 10, 13
An example 0.5 1 2 1 0 0.2 0.3 3 0 0 1 B 0.2 0 B @ 0 0 0 0 0 0.5 1 0 1 0 0.3 C C 0 A 1 Probability of reaching an absorbing state (e.g., 2) 2 can be reached by reaching 1 in 0, 1, 2,...∞ steps and then 2 with prob .5 (1+0.2+0.22+0.23+ ... ) x 0.5 = ( ∑ 0.2n) x 0.5 = (1/(1-0.2)) x 0.5 = 0.625 Similarly, for state 3, (1/(1-0.2)) x 0.3 = 0.375 Notice that an absorbing state is reached with prob 1 31 Tuesday, September 10, 13
A bit of theory • Consider a DTMC with r absorbing and t transient states • Its matrix can be restructured as ✓ ◆ Q R P = (1) 0 I - Q is a nonzero t × t matrix - R is a t × r matrix - 0 is a r × t matrix - I is a r × r identity matrix Qk ! 0 as k ! 1 • Theorem - In a well-formed Markov chain, the probability of the process to be eventually absorbed is 1 32 Tuesday, September 10, 13
Focus on reachability properties • A reachability property has the following form P./p (⌃ ) states that the probability of reaching a state where holds matches the constraint ./ p • Typically, they refer to reaching an absorbing state (denoting success/failure for reliability analysis) • It is a flat formula (i.e. no subformula contains P./p (·)) • These properties are the most commonly found 33 Tuesday, September 10, 13
A bit of theory Consider again ◆ ✓ Q R P = 0 I 1 X 1 2 3 k N = I + Q + Q + Q + ··· = Q (1) k=0 ni,k expected # of visits of transient state sk from si, i.e., the sum of the probablities of visiting it 0, 1, 2, ...times 1 Theorem: The geometric series converges to (I Q) Consider B = N ⇥ R . The probability of reaching X absorbing state sk from si is bik = nij · rjk k=0..t 1 34 Tuesday, September 10, 13
Proving reachability properties Pr(◊ s = End ) = ∑n 0, j ⋅ rj , End j n0,j is the sum of the probabilities to reach state j in 1, 2, 3, ... ∞ steps 35 Tuesday, September 10, 13
Model checking tools • • • SPIN (Holzmann) analyzes LTL properties for LTSs expressed in Promela (Nu)SMV (Clarke et al, Cimatti et al.) can also analyze CTL properties and uses a symbolic representation of visited states (BDDs) to address the “state explosion problem” PRISM (Kwiatkowska et al.) and MRMC (Katoen et al.) support Markov models and perform probabilistic model checking 36 Tuesday, September 10, 13
Question • How do modelling notations and verification fit software evolution? - A modification to an existing system viewed as a new system - No support to reasoning on the changes and their effects 37 Tuesday, September 10, 13

Recomendados

A Brief History of Stream Processing
A Brief History of Stream ProcessingA Brief History of Stream Processing
A Brief History of Stream ProcessingAleksandr Kuboskin, CFA
 
Chap11 slides
Chap11 slidesChap11 slides
Chap11 slidesBaliThorat1
 
solver (1)
solver (1)solver (1)
solver (1)Raj Mitra
 
Ppt
PptPpt
PptKartikey Dubey
 
MS Project
MS ProjectMS Project
MS ProjectDarin Hitchings, Ph.D.
 
Recurrent and Recursive Networks (Part 1)
Recurrent and Recursive Networks (Part 1)Recurrent and Recursive Networks (Part 1)
Recurrent and Recursive Networks (Part 1)sohaib_alam
 
Scala for Machine Learning
Scala for Machine LearningScala for Machine Learning
Scala for Machine LearningPatrick Nicolas
 
Sampling and Markov Chain Monte Carlo Techniques
Sampling and Markov Chain Monte Carlo TechniquesSampling and Markov Chain Monte Carlo Techniques
Sampling and Markov Chain Monte Carlo TechniquesTomasz Kusmierczyk
 

Recomendados

A Brief History of Stream Processing
A Brief History of Stream ProcessingA Brief History of Stream Processing
A Brief History of Stream ProcessingAleksandr Kuboskin, CFA
 
Chap11 slides
Chap11 slidesChap11 slides
Chap11 slidesBaliThorat1
 
solver (1)
solver (1)solver (1)
solver (1)Raj Mitra
 
Ppt
PptPpt
PptKartikey Dubey
 
MS Project
MS ProjectMS Project
MS ProjectDarin Hitchings, Ph.D.
 
Recurrent and Recursive Networks (Part 1)
Recurrent and Recursive Networks (Part 1)Recurrent and Recursive Networks (Part 1)
Recurrent and Recursive Networks (Part 1)sohaib_alam
 
Scala for Machine Learning
Scala for Machine LearningScala for Machine Learning
Scala for Machine LearningPatrick Nicolas
 
Sampling and Markov Chain Monte Carlo Techniques
Sampling and Markov Chain Monte Carlo TechniquesSampling and Markov Chain Monte Carlo Techniques
Sampling and Markov Chain Monte Carlo TechniquesTomasz Kusmierczyk
 
Postmodernism media homework a2
Postmodernism media homework a2Postmodernism media homework a2
Postmodernism media homework a2princejuniorabiodunremi
 
A peliku
A pelikuA peliku
A pelikunidlomserah
 
Laser 3-incremental
Laser 3-incrementalLaser 3-incremental
Laser 3-incrementalCarlo Ghezzi
 
Module iii development of an export marketing strategy
Module iii development of an export marketing strategyModule iii development of an export marketing strategy
Module iii development of an export marketing strategyquanghieu102t
 
Module i introduction
Module i introductionModule i introduction
Module i introductionquanghieu102t
 
Presentation Tsuchiya
Presentation TsuchiyaPresentation Tsuchiya
Presentation TsuchiyaOtsuchiya5339
 
Module ii situation analysis
Module ii situation analysisModule ii situation analysis
Module ii situation analysisquanghieu102t
 
Paderborn
PaderbornPaderborn
PaderbornCarlo Ghezzi
 
Лилия Горелая
Лилия ГорелаяЛилия Горелая
Лилия ГорелаяOleg Samoilow
 
Laser 0-prologue
Laser 0-prologueLaser 0-prologue
Laser 0-prologueCarlo Ghezzi
 
Presentation2
Presentation2Presentation2
Presentation2ronensarig
 
プレゼンテーション1
プレゼンテーション1プレゼンテーション1
プレゼンテーション1Otsuchiya5339
 
ICSE 2009 keynote
ICSE 2009 keynoteICSE 2009 keynote
ICSE 2009 keynoteCarlo Ghezzi
 
Cv emprenedores
Cv emprenedoresCv emprenedores
Cv emprenedoresCristina Redon Martinez
 
Postmodernism media
Postmodernism mediaPostmodernism media
Postmodernism mediaprincejuniorabiodunremi
 
Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16CDIHeinrichNessel
 
Module iv branding
Module iv brandingModule iv branding
Module iv brandingquanghieu102t
 
14 queuing
14 queuing14 queuing
14 queuingDian Saputra
 
SLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network TopologySLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network Topologytoukaigi
 
MSc_thesis
MSc_thesisMSc_thesis
MSc_thesisNokib Uddin
 
A Strategic Model For Dynamic Traffic Assignment
A Strategic Model For Dynamic Traffic AssignmentA Strategic Model For Dynamic Traffic Assignment
A Strategic Model For Dynamic Traffic AssignmentKelly Taylor
 
TLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTorao Takami
 

Mais conteúdo relacionado

Destaque

Laser 3-incremental
Laser 3-incrementalLaser 3-incremental
Laser 3-incrementalCarlo Ghezzi
 
Module iii development of an export marketing strategy
Module iii development of an export marketing strategyModule iii development of an export marketing strategy
Module iii development of an export marketing strategyquanghieu102t
 
Module i introduction
Module i introductionModule i introduction
Module i introductionquanghieu102t
 
Presentation Tsuchiya
Presentation TsuchiyaPresentation Tsuchiya
Presentation TsuchiyaOtsuchiya5339
 
Module ii situation analysis
Module ii situation analysisModule ii situation analysis
Module ii situation analysisquanghieu102t
 
Лилия Горелая
Лилия ГорелаяЛилия Горелая
Лилия ГорелаяOleg Samoilow
 
プレゼンテーション1
プレゼンテーション1プレゼンテーション1
プレゼンテーション1Otsuchiya5339
 
Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16CDIHeinrichNessel
 

Destaque (17)

Postmodernism media homework a2
Postmodernism media homework a2Postmodernism media homework a2
Postmodernism media homework a2
 
A peliku
A pelikuA peliku
A peliku
 
Laser 3-incremental
Laser 3-incrementalLaser 3-incremental
Laser 3-incremental
 
Module iii development of an export marketing strategy
Module iii development of an export marketing strategyModule iii development of an export marketing strategy
Module iii development of an export marketing strategy
 
Module i introduction
Module i introductionModule i introduction
Module i introduction
 
Presentation Tsuchiya
Presentation TsuchiyaPresentation Tsuchiya
Presentation Tsuchiya
 
Module ii situation analysis
Module ii situation analysisModule ii situation analysis
Module ii situation analysis
 
Paderborn
PaderbornPaderborn
Paderborn
 
Лилия Горелая
Лилия ГорелаяЛилия Горелая
Лилия Горелая
 
Laser 0-prologue
Laser 0-prologueLaser 0-prologue
Laser 0-prologue
 
Presentation2
Presentation2Presentation2
Presentation2
 
プレゼンテーション1
プレゼンテーション1プレゼンテーション1
プレゼンテーション1
 
ICSE 2009 keynote
ICSE 2009 keynoteICSE 2009 keynote
ICSE 2009 keynote
 
Cv emprenedores
Cv emprenedoresCv emprenedores
Cv emprenedores
 
Postmodernism media
Postmodernism mediaPostmodernism media
Postmodernism media
 
Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16Pp formation harcèlement cpe doc 3 fév 16
Pp formation harcèlement cpe doc 3 fév 16
 
Module iv branding
Module iv brandingModule iv branding
Module iv branding
 

Semelhante a Laser 1-background

SLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network TopologySLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network Topologytoukaigi
 
A Strategic Model For Dynamic Traffic Assignment
A Strategic Model For Dynamic Traffic AssignmentA Strategic Model For Dynamic Traffic Assignment
A Strategic Model For Dynamic Traffic AssignmentKelly Taylor
 
TLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTorao Takami
 
ClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in SmalltalkClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in SmalltalkESUG
 
Implementing QVT-R bidirectional model transformations using Alloy
Implementing QVT-R bidirectional model transformations using AlloyImplementing QVT-R bidirectional model transformations using Alloy
Implementing QVT-R bidirectional model transformations using AlloyNuno Macedo
 
IE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docx
IE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docxIE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docx
IE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docxsheronlewthwaite
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing timeDeepak John
 
Stochastic modelling and its applications
Stochastic modelling and its applicationsStochastic modelling and its applications
Stochastic modelling and its applicationsKartavya Jain
 
Poster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical AnalysesPoster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical AnalysesIvan Ruchkin
 
Self-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesSelf-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesNECST Lab @ Politecnico di Milano
 
Understanding High-dimensional Networks for Continuous Variables Using ECL
Understanding High-dimensional Networks for Continuous Variables Using ECLUnderstanding High-dimensional Networks for Continuous Variables Using ECL
Understanding High-dimensional Networks for Continuous Variables Using ECLHPCC Systems
 
Sparse Random Network Coding for Reliable Multicast Services
Sparse Random Network Coding for Reliable Multicast ServicesSparse Random Network Coding for Reliable Multicast Services
Sparse Random Network Coding for Reliable Multicast ServicesAndrea Tassi
 
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017MLconf
 
stochasticmodellinganditsapplications.ppt
stochasticmodellinganditsapplications.pptstochasticmodellinganditsapplications.ppt
stochasticmodellinganditsapplications.pptVGaneshKarthikeyan
 
STEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptx
STEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptxSTEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptx
STEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptxAnikendu Maitra
 
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Peter Tröger
 
Continuous Systems To Discrete Event Systems
Continuous Systems To Discrete Event SystemsContinuous Systems To Discrete Event Systems
Continuous Systems To Discrete Event Systemsahmad bassiouny
 

Semelhante a Laser 1-background (20)

14 queuing
14 queuing14 queuing
14 queuing
 
SLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network TopologySLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network Topology
 
MSc_thesis
MSc_thesisMSc_thesis
MSc_thesis
 
A Strategic Model For Dynamic Traffic Assignment
A Strategic Model For Dynamic Traffic AssignmentA Strategic Model For Dynamic Traffic Assignment
A Strategic Model For Dynamic Traffic Assignment
 
TLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspective
 
ClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in SmalltalkClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in Smalltalk
 
Implementing QVT-R bidirectional model transformations using Alloy
Implementing QVT-R bidirectional model transformations using AlloyImplementing QVT-R bidirectional model transformations using Alloy
Implementing QVT-R bidirectional model transformations using Alloy
 
IE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docx
IE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docxIE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docx
IE 425 Homework 10Submit on Tuesday, 12101.(20 pts) C.docx
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing time
 
Stochastic modelling and its applications
Stochastic modelling and its applicationsStochastic modelling and its applications
Stochastic modelling and its applications
 
Poster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical AnalysesPoster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical Analyses
 
Self-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesSelf-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policies
 
Understanding High-dimensional Networks for Continuous Variables Using ECL
Understanding High-dimensional Networks for Continuous Variables Using ECLUnderstanding High-dimensional Networks for Continuous Variables Using ECL
Understanding High-dimensional Networks for Continuous Variables Using ECL
 
Sparse Random Network Coding for Reliable Multicast Services
Sparse Random Network Coding for Reliable Multicast ServicesSparse Random Network Coding for Reliable Multicast Services
Sparse Random Network Coding for Reliable Multicast Services
 
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
 
stochasticmodellinganditsapplications.ppt
stochasticmodellinganditsapplications.pptstochasticmodellinganditsapplications.ppt
stochasticmodellinganditsapplications.ppt
 
Uml sequence diagrams
Uml sequence diagramsUml sequence diagrams
Uml sequence diagrams
 
STEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptx
STEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptxSTEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptx
STEP RESPONSE OF FIRST ORDER SYSTEM PART 1.pptx
 
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
 
Continuous Systems To Discrete Event Systems
Continuous Systems To Discrete Event SystemsContinuous Systems To Discrete Event Systems
Continuous Systems To Discrete Event Systems
 

Último

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxEasyPrinterHelp
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfEasyPrinterHelp
 

Último (20)

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 

Laser 1-background

  • 1. Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d’Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Tuesday, September 10, 13
  • 2. Requirements • Functional requirements refer to services that the • system shall provide Non-functional requirements constrain how such services shall be provided Non-Functional Requirement Quality of Service Compliance Architectural Constraint Development Constraint Accuracy Safety Security Reliability Performance Interface Installation Distribution Cost Deadline Variability Cost ConfidentialityIntegrity Availability Time Space Maintainability User Device Software interaction interaction interoperability Subclass link Usability Convenience van Lamsweerde, Requirements Engineering, J. Wiley & Sons 2009 2 Tuesday, September 10, 13
  • 3. Models • During software development, software engineers often build abstractions of the system in the form of models •  [noun] A system or thing used as an example to follow or imitate •  a simplified description, esp. a mathematical one, of a system or process, to assist calculations or predictions Oxford American Dictionaries 3 Tuesday, September 10, 13
  • 4. Why do we use models? • To communicate - - • • They embody a shared lexicon Mathematics makes reasoning formal Through models we can predict properties of the real system before it exists ✓E.g., state, transition To simplify descriptions and help focus, ignoring details that distract from the essence of the problem To reason about the modeled system 4 Tuesday, September 10, 13
  • 5. What makes a good model? • • A model is good if it carries the right amount of information you need - A model abstracts from details - • • It is at the right level of abstraction Make sure that they are details, not the essence Be aware of the approximations A model serves a purpose - Different models for different purposes (views) Expert judgment always needed!!! 5 Tuesday, September 10, 13
  • 6. From model(s) to implementation • • • • Model driven development tries to support a development process that goes through correctness-preserving transformations Ideally, once correct models are developed, implementation is correct by construction Reality still far from the ideal world.... However, focus on models and verification important to achieve better quality products 6 Tuesday, September 10, 13
  • 7. Models • Perhaps the most used (and useful) models are finitestate models given as Labelled Transition Systems of some kind OFF 0 1 ON 7 Tuesday, September 10, 13
  • 8. Labeled Transition System (Kripke Structure) x ~p k p Transitions represent execution steps y ~p h ~p h State labels represent predicates true in the state z ~p 8 Tuesday, September 10, 13
  • 9. Definition • An LTS is a tuple ⟨S, I, R, AP, L⟩ where - S is a set of states; I ⊆ S is the set of initial states; R ⊆ S×S is the set of transitions; AP is a set of atomic propositions; L : S → 2AP is a labelling function. A (maximal) path from a state s0 is either a finite sequence of states that ends in a terminal state or an infinite sequence of states - π = s0, s1, s2,... such that (si, si+1) ∈ R, for all i ≥ 0. 9 Tuesday, September 10, 13
  • 10. An example • • Two process mutual exclusion with shared semaphore Each process has three states - • • Non-critical (N) Trying (T) Critical (C) Semaphore can be available (S0) or taken (S1) Initially both processes are in N and the semaphore is available --- N1 N2 S0 N1 → T1 T1 ∧ S0 → C1 ∧ S1 C1 → N 1 ∧ S0 || N2 → T2 T2 ∧ S0 → C2 ∧ S1 C2 → N 2 ∧ S0 10 Tuesday, September 10, 13
  • 11. Consider the following model Does a system behaving like this LTS satisfy our expectations in terms of mutual exclusion: Never a state where both C1 and C2 hold can be reached N1N2S0 T1N2S0 N1T2S0 T1T2S0 C1N2S1 C1T2S1 N1C2S1 T1C2S1 11 Tuesday, September 10, 13
  • 12. How can requirements be specified? • For example, we need to formalize statements like: - • No matter where you are, there is always a way to get to the initial state Temporal logic to formally express properties - In classical logic, formulae are evaluated within a single fixed world ✓For example, a proposition such as “it is raining” must be either true or false ✓Propositions are then combined using operators such as ∧, ¬, etc. - In temporal logic, evaluation takes place within a set of “worlds”, corresponding to time instants ✓“it is raining” may be satisfied in some worlds, but not in others The set of worlds correspond to moments in time 12 Tuesday, September 10, 13
  • 13. Temporal logic • Linear Time - Every moment has a unique successor Infinite sequences (words) Linear Time Temporal Logic (LTL) • Branching Time - Every moment has several successors Infinite tree Computation Tree Logic (CTL) 13 Tuesday, September 10, 13
  • 14. LTL: syntax and semantics φ ::= true | a | φ1 ∧ φ2 | ¬φ | oφ | φ1 U φ2 oφ also written Xφ true U φ also written Fφ and also ◊♢φ ¬F¬φ also written Gφ and also oφ An LTL property stands for a property of a path For a state s, a formula φ is satisfied if all paths exiting s satisfy the formula Model checking Given an LTS and a formula, verify that initial states satisfy it 14 Tuesday, September 10, 13
  • 15. Mutual exclusion Always at least one process is not in the critical section N1N2S0 T1N2S0 N1T2S0 T1T2S0 C1N2S1 C1T2S1 (not C1 N1C2S1 T1C2S1 not C2) 15 Tuesday, September 10, 13
  • 16. CTL • State formulae: ϕ ::= true | a | ϕ1 ∧ ϕ2 | ¬ϕ | ∃φ | ∀φ • Path formulae: φ ::= o ϕ | ϕ1 U ϕ2 X (o), F (♢) and G (o) can be introduced as for LTL ∃, ∀ often also written as E, A Mutual exclusion in CTL: ∀G(¬C1 ∨ ¬C2) Note: CTL and LTL have incomparable expressiveness 16 Tuesday, September 10, 13
  • 17. Quantitative modelling • • • LTSs support qualitative modelling Often we need to model quantitative aspects, such as the cost of a certain action or the probability that a certain event occurs Here we review Markov models, an important and useful extension of LTSs 17 Tuesday, September 10, 13
  • 18. Discrete-time Markov Chains A DTMC is defioned by a tuple (S, s0, P, AP, L) where • • • • • S is a finite set of states s0 ∈ S is the initial state • The modelled process must satisfy the Markov property, i.e., the probability distribution of future states does not depend on past states; the process is memoryless P: S×S→[0;1] is a stochastic matrix AP is a set of atomic propositions L: S→2AP is a labelling function. 18 Tuesday, September 10, 13
  • 19. An#example# !A simple communication protocol operating with a channel! start S D T L 1 1 delivered 0.9 0.1 try lost S 0 1 0 0 D 0 0 0.9 0 T 1 0 0 1 L 0 0 0.1 0 matrix representation 1 Note: sum of probabilities for transitions leaving a given state equals 1 C. Baier, JP Katoen, “Principles of model checking” MIT Press, 2008 19 Tuesday, September 10, 13
  • 20. Discrete Time Markov Reward Models • Like a DTMC, plus - • labelling states with a state reward labelling transitions with a transition reward (we just use state rewards) Rewards can be any real-valued, additive, non negative measure; we use non-negative real functions Usage in modelling: rewards represent energy consumption, average execution time, outsourcing costs, pay per use cost, CPU time 20 Tuesday, September 10, 13
  • 21. Reward DTMC • A R-DTMC is a tuple (S, s0, P, AP, L, µ), where S, s0, P, L are defined as for a DTMC, while µ is defined as follows: - µ : S→R≥0 is a state reward function assigning a non-negative real number to each state ✓... at step 0 the system enters the initial state s0. At step 1, the system gains the reward µ(s0) associated with the state and moves to a new state... 21 Tuesday, September 10, 13
  • 22. Which model(s) should we use? • Different models provide different viewpoints from which a system can be analyzed • Focus on non-functional properties leads to models where we can deal with uncertainty and specify quantitative aspects • Examples – DTMCs for reliability – CTMCs for performance – Reward DTMCs for energy/cost/performance 22 Tuesday, September 10, 13
  • 23. Quantitative requirements specification • • • • Specification can be qualitative (“the system shall do ...”) or quantitative (“average response time shall be less than xxx”) LTL, CTL temporal logic are typical examples of qualitative specification languages Non-functional requirements ask for quantitative specification Quantitative specs then require quantitative verification 23 Tuesday, September 10, 13
  • 24. PCTL • • • • Probabilistic extension of CTL In a state, instead of existential and universal quantifiers over paths we can predicate on the probability for the set of paths (leaving the state) that satisfy property In addition, path formulas also include step-bounded until ϕ1 U≤k ϕ2 ::= ::= • | | | | |¬ |P An example of a reachability property - P>0.8 [◊(system state = success)] ( ) 1 absorbing state 24 Tuesday, September 10, 13
  • 25. R-PCTL • Reward-Probabilistic CTL for R-DTMC | ::= | ::= ::= R ( = ) = | | | |¬ |P ( ) |R ( ) | R ( ) R ( ) 25 Tuesday, September 10, 13
  • 26. Example R ( = ) Expected state reward to be gained in the state entered at step k along the paths originating in the given state “The expected cost gained after exactly 10 time steps is less than 5” R< ( = ) 26 Tuesday, September 10, 13
  • 27. Example R ( ) T Expected cumulated reward within k time steps ext Text “The expected energy consumption within the first 50 time units of operation is less than 6 kwh” R< ( ) 27 Tuesday, September 10, 13
  • 28. Example R ( ) Expected cumulated reward until a state satisfying is reached Text Text “The average execution time until a user session is complete is lower than 150 s” R< ( ) 28 Tuesday, September 10, 13
  • 29. A bit of theory • Probability for a finite path ⇡ = s0 , s1 , s2 , . . . to be Q|⇡| 2 traversed is 1 if |⇡| = 1 otherwise k=0 P (sk , sk+1 ) • A state sj is reachable from state si if a finite path exists leading to sj from si • The probability of moving from si to sj in exactly 2 steps P pix · pxj which is the entry (i, j) of P 2 is sx 2S • The probability of moving from si to sj in exactly k steps is the entry (i, j) of P k 29 Tuesday, September 10, 13
  • 30. A bit of theory • A state is recurrent if the probability that it will be eventually visited again after being reached is 1; it is otherwise transient (a non-zero probability that it will never be visited again) • A recurrent state sk where pk,k = 1 is called absorbing • Here we assume DTMCs to be well-formed, i.e. - every recurrent state is absorbing - all states are reachable from initial state - from every transient state it is possible to reach an absorbing state 30 Tuesday, September 10, 13
  • 31. An example 0.5 1 2 1 0 0.2 0.3 3 0 0 1 B 0.2 0 B @ 0 0 0 0 0 0.5 1 0 1 0 0.3 C C 0 A 1 Probability of reaching an absorbing state (e.g., 2) 2 can be reached by reaching 1 in 0, 1, 2,...∞ steps and then 2 with prob .5 (1+0.2+0.22+0.23+ ... ) x 0.5 = ( ∑ 0.2n) x 0.5 = (1/(1-0.2)) x 0.5 = 0.625 Similarly, for state 3, (1/(1-0.2)) x 0.3 = 0.375 Notice that an absorbing state is reached with prob 1 31 Tuesday, September 10, 13
  • 32. A bit of theory • Consider a DTMC with r absorbing and t transient states • Its matrix can be restructured as ✓ ◆ Q R P = (1) 0 I - Q is a nonzero t × t matrix - R is a t × r matrix - 0 is a r × t matrix - I is a r × r identity matrix Qk ! 0 as k ! 1 • Theorem - In a well-formed Markov chain, the probability of the process to be eventually absorbed is 1 32 Tuesday, September 10, 13
  • 33. Focus on reachability properties • A reachability property has the following form P./p (⌃ ) states that the probability of reaching a state where holds matches the constraint ./ p • Typically, they refer to reaching an absorbing state (denoting success/failure for reliability analysis) • It is a flat formula (i.e. no subformula contains P./p (·)) • These properties are the most commonly found 33 Tuesday, September 10, 13
  • 34. A bit of theory Consider again ◆ ✓ Q R P = 0 I 1 X 1 2 3 k N = I + Q + Q + Q + ··· = Q (1) k=0 ni,k expected # of visits of transient state sk from si, i.e., the sum of the probablities of visiting it 0, 1, 2, ...times 1 Theorem: The geometric series converges to (I Q) Consider B = N ⇥ R . The probability of reaching X absorbing state sk from si is bik = nij · rjk k=0..t 1 34 Tuesday, September 10, 13
  • 35. Proving reachability properties Pr(◊ s = End ) = ∑n 0, j ⋅ rj , End j n0,j is the sum of the probabilities to reach state j in 1, 2, 3, ... ∞ steps 35 Tuesday, September 10, 13
  • 36. Model checking tools • • • SPIN (Holzmann) analyzes LTL properties for LTSs expressed in Promela (Nu)SMV (Clarke et al, Cimatti et al.) can also analyze CTL properties and uses a symbolic representation of visited states (BDDs) to address the “state explosion problem” PRISM (Kwiatkowska et al.) and MRMC (Katoen et al.) support Markov models and perform probabilistic model checking 36 Tuesday, September 10, 13
  • 37. Question • How do modelling notations and verification fit software evolution? - A modification to an existing system viewed as a new system - No support to reasoning on the changes and their effects 37 Tuesday, September 10, 13