High-level Counterexamples for Probabilistic Automata

Abstract: Abstract. Providing compact and understandable counterexamples for violated system properties is an essential task in model checking. Existing works on counterexamples for probabilistic systems so far computed either a large set of system runs or a subset of the system's states, both of which are of limited use in manual debugging. Many probabilistic systems are described in a guarded command language like the one used by the popular model checker PRISM. In this paper we describe how a smallest possible subset… Show more

“…Currently, our PRISM-based implementation receives a finite set of paths as weighted witnesses to M |= P ≤p [ψ]. Generally, weighted witnesses to M |= P p[ψ] where ∈ {<, ≤} are represented as graphs with strongly connected components [41,42]. We plan to generalize transition contributions to select counterexamples from spurious weighted witnesses with strongly connected components.…”

“…A weighted witness [23,41,42] to M |= P ≤p [ψ] is a pair (σ, c) where σ ∈ Adv M is an adversary with p σ s (ψ) > p, and c is a set of finite paths in M σ such that (1) for all π ∈ c, π |= ψ; (2) for all proper prefix π of π, π |= ψ; and (3) Wt(c) > p. Observe that the set c is prefix containment free. Hence Wt(c) is well-defined.…”

Leveraging Weighted Automata in Compositional Reasoning about Concurrent Probabilistic Systems

“…Currently, our PRISM-based implementation receives a finite set of paths as weighted witnesses to M |= P ≤p [ψ]. Generally, weighted witnesses to M |= P p[ψ] where ∈ {<, ≤} are represented as graphs with strongly connected components [41,42]. We plan to generalize transition contributions to select counterexamples from spurious weighted witnesses with strongly connected components.…”

“…A weighted witness [23,41,42] to M |= P ≤p [ψ] is a pair (σ, c) where σ ∈ Adv M is an adversary with p σ s (ψ) > p, and c is a set of finite paths in M σ such that (1) for all π ∈ c, π |= ψ; (2) for all proper prefix π of π, π |= ψ; and (3) Wt(c) > p. Observe that the set c is prefix containment free. Hence Wt(c) is well-defined.…”

Leveraging Weighted Automata in Compositional Reasoning about Concurrent Probabilistic Systems

“…It is however not recommended when M is composed of concurrent MDP's. Since the construction of the composition can be very expensive, the computation should where ∈ {<, ≤} are represented as graphs with strongly connected components [41,42]. We plan to generalize transition contributions to select counterexamples from spurious weighted witnesses with strongly connected components.…”

Leveraging Weighted Automata in Compositional Reasoning about Concurrent Probabilistic Systems

“…Several approaches [48,2,30] revolve around the identification of a small subsystem of the concrete model that already violates the property. Recently, [49] showed how to characterize and compute counterexamples in terms of the commands of a probabilistic program. Despite this progress, it is yet unclear how to use these sophisticated counterexample representations for the purpose of CEGAR.…”

On Abstraction of Probabilistic Systems