Model Exploration and Analysis of Quantitative Safety Refinement in Probabilistic Systems

Probabilistic programs permit the specification of abstract quantitative properties via the encoding of expectations — random variables defined over program state — which prescribe critical model information. Refinement steps which form the basis for elaborating the specification with implementation details must then be checked to ensure that the expectations threshold are never violated. But capturing, interpreting and coping with the failure of expectations (in case they occur) can prove challenging. As for standard systems, counterexamples are an important feature of program construction which can be used to investigate qualitative properties of proof-based models as in the method of Event-B [LB03]. In this paper, we extend our previous work [NM11] on the use of counterexamples to investigate quantitative inductive invariant properties of probabilistic systems refinement in the probabilistic B language [Hoa05]. In particular, we demonstrate how Hoang’s fundamental probabilistic theorem can be equipped with a bounded-style model checking interpretation so that each refinement step of a probabilistic system can be explored algorithmically to compute useful diagnostics where necessary. The diagnostics we obtain are precise and can be used to make accurate quantitative judgements about the evolving refinement relations for pre-defined expectations. We illustrate the technique with pB implementations of Karger’s mincut algorithm and a software engineering problem involving the refinements of an abstract embedded control system design whose components have known probabilities of failure.