Approximate Verification of Probabilistic Systems

General methods have been proposed [2, 4] for the model checking of probabilistic systems, where the verification of a probabilistic statement is reduced to the solution of a linear system over the system's state space. To overcome the state space explosion problem, some probabilistic model checkers, such as PRISM [3], use MTBDDs. We propose a different solution, in which we use a Monte-Carlo algorithm [6] to approximate È ÖÓÓ℄, the probability that a temporal formula is true. We show how to obtain a randomized estimator of È ÖÓÓ℄ for a fragment of LTL formulas. This fragment is sufficient to express interesting properties such as reachability and liveness. We consider a subset of LTL formulas which have the property: truth at depth implies truth in the entire model. The essentially positive fragment (EPF) of LTL is the set of formulas constructed from atomic formulas, their negations, closed under , and the temporal operators Í. If is any formula of the EPF fragment, we can use a BMC-like framework [1] to verify whether is true on a path of depth. The monotonicity of the property defined by an EPF formula yields the following result: for any formula of the essentially positive fragment of LTL and ¼ ½, there exists such that if È ÖÓÓ ℄ , then È ÖÓÓ℄ , where È ÖÓÓ ℄ is the probability over Kripke paths of depth. We show that we can approximate the probability ÔÈ ÖÓÓ ℄ with a simple ran-domized algorithm. We generate random paths in the probabilistic space underlying the Kripke structure of depth and compute the number of paths on which the given formula is true. In order to approximate Ô with approximation ratio and confidence ratio AE, we use a sample of size AE Ç´½ ¡ ½ ¾ ¡ÐÓÓ ½ AE µ. To verify a statement È ÖÓÓ ℄, we test whether´AE µ ¡ ´½ µ. Then if È ÖÓÓ ℄, the probability that the algorithm accepts is greater than´½ AEµ, where the probability is taken over the random choices of the algorithm. The lower bound is obtained by using Chernoff bound [7] on the tail of the distribution of a sum of independent random variables. Our method proceeds in two steps: first we determine a lower bound for Ô by binary search and successive applications of the algorithm described above, then we decide the property È ÖÓÓ ℄ by applying the …