Markov decision processes (MDPs) are the prime model to capture decision-making under uncertainty. That is, MDPs and its extensions are suitable to describe how agents interact with an unpredictable and potentially hostile environment.

We take a model-centric view and ask key questions such: What is the probability to reach an error state? or What is the best policy to steer a robot to the target within a given energy budget?

In this tutorial, we present the probabilistic model checking tool Storm that can automatically answer these questions, even in the absence of precisely known models or partial observability. Storm supports various input languages such as variations of Petri nets, fault trees, and domain-specific probabilistic programming languages. It supports questions that allow trading off various objectives, provides precise results with strict guarantees, is open access, and is accessible via a Python API.

The content is based on the UAI 2022 tutorial by professor Dr. Joost-Pieter Katoen and Dr. Sebastian Junges, two of the main researchers behind the library.

Learning outcomes

Understand the theory behind probabilistic model checking.
Get to know the most important algorithms
Learn how to model systems as Markov chains and Markov decision processes.
Learn how to formulate queries about the behavior of a system.
Learn how to use the Storm probabilistic model checker.

Structure of the workshop

MDP model of an airport journey

Part 1: Fundamentals of Probabilistic Model Checking

We will start with an introduction into the basics of probabilistic model checking. We will discuss the important notions of Markov chains and Markov decision processes and define the semantics of the temporal logics LTL and CTL.

A finite state Markov chain with transition probabilities.

Markov chains and Markov decision processes.
LTL and CTL.

Part 2: Fault Tree Analysis

A multi-objective query in LTL Fault tree analysis is a popular technique in safety and reliability engineering. Dynamic fault trees are a flexible model that is able to capture common dependability patterns, such as spare management, functional dependencies, and sequencing. We will discuss how to use Storm to analyze dynamic fault trees.

Part 3: Hands-on probabilistic Model Checking with Storm

We will then move on to a hands-on session where we will use the Storm probabilistic model checker to verify properties of some simple models. Efficient probabilistic model checking

Storm probabilistic model checker

Part 4: Parameter Synthesis in Markov Models.

Sound quantitative results So far, we have only considered the case where the parameters of a Markov model are known. In many applications, however, some parameters are free to choose. In this part, we will discuss how to synthesize parameters of a Markov model such that a given specification is satisfied with high probability.

Parameter synthesis in Markov models.

Prerequisites

Basic knowledge of probability theory.
Mo particular programming skills are required.
No prior knowledge of machine learning is required.

References

[Bai03M]

Model-checking algorithms for continuous-time Markov chains, C. Baier, B. Haverkort, H. Hermanns, J.-P. Katoen.

Jun 2003

Continuous-time Markov chains (CTMCs) have been widely used to determine system performance and dependability characteristics. Their analysis most often concerns the computation of steady-state and transient-state probabilities. This paper introduces a branching temporal logic for expressing real-time probabilistic properties on CTMCs and presents approximate model checking algorithms for this …

[Bat23P]

Probabilistic Program Verification via Inductive Synthesis of Inductive Invariants, Kevin Batz, Mingshuai Chen, Sebastian Junges, Benjamin Lucien Kaminski, Joost-Pieter Katoen, Christoph Matheja.

2023

Essential tasks for the verification of probabilistic programs include bounding expected outcomes and proving termination in finite expected runtime. We contribute a simple yet effective inductive synthesis approach for proving such quantitative reachability properties by generating inductive invariants on source-code level. Our implementation shows promise: It finds invariants for …

[Est12F]

Formal correctness, safety, dependability, and performance analysis of a satellite, Marie-Aude Esteve, Joost-Pieter Katoen, Viet Yen Nguyen, Bart Postma, Yuri Yushtein.

Jun 2012

This paper reports on the usage of a broad palette of formal modeling and analysis techniques on a regular industrial-size design of an ultra-modern satellite platform. These efforts were carried out in parallel with the conventional software development of the satellite platform. The model itself is expressed in a formalized dialect of AADL. Its formal nature enables rigorous and automated …

[Har23P]

A Practitioner's Guide to MDP Model Checking Algorithms, Arnd Hartmanns, Sebastian Junges, Tim Quatmann, Maximilian Weininger.

2023

Model checking undiscounted reachability and expected-reward properties on Markov decision processes (MDPs) is key for the verification of systems that act under uncertainty. Popular algorithms are policy iteration and variants of value iteration; in tool competitions, most participants rely on the latter. These algorithms generally need worst-case exponential time. However, the problem can …

[Hen22P]

The probabilistic model checker Storm, Christian Hensel, Sebastian Junges, Joost-Pieter Katoen, Tim Quatmann, Matthias Volk.

Aug 2022

We present the probabilistic model checker Storm. Storm supports the analysis of discrete- and continuous-time variants of both Markov chains and Markov decision processes. Storm has three major distinguishing features. It supports multiple input languages for Markov models, including the Jani and Prism modeling languages, dynamic fault trees, generalized stochastic Petri nets, and the …

[Jan22P]

Parameter Synthesis in Markov Models: A Gentle Survey, Nils Jansen, Sebastian Junges, Joost-Pieter Katoen.

2022

This paper surveys the analysis of parametric Markov models whose transitions are labelled with functions over a finite set of parameters. These models are symbolic representations of uncountable many concrete probabilistic models, each obtained by instantiating the parameters. We consider various analysis problems for a given logical specification $$\varphi $$φ: do all parameter instantiations …

[Jun16S]

Safety-Constrained Reinforcement Learning for MDPs, Sebastian Junges, Nils Jansen, Christian Dehnert, Ufuk Topcu, Joost-Pieter Katoen.

Apr 2016

We consider controller synthesis for stochastic and partially unknown environments in which safety is essential. Specifically, we abstract the problem as a Markov decision process in which the expected performance is measured using a cost function that is unknown prior to run-time exploration of the state space. Standard learning approaches synthesize cost-optimal strategies without guaranteeing …

[Jun16U]

Uncovering Dynamic Fault Trees, Sebastian Junges, Dennis Guck, Joost-Pieter Katoen, Mariëlle Stoelinga.

Jun 2016

Fault tree analysis is a widespread industry standard for assessing system reliability. Standard (static) fault trees model the failure behaviour of systems in dependence of their component failures. To overcome their limited expressive power, common dependability patterns, such as spare management, functional dependencies, and sequencing are considered. A plethora of such dynamic fault trees …

[Kat16P]

The Probabilistic Model Checking Landscape, Joost-Pieter Katoen.

Jul 2016

Randomization is a key element in sequential and distributed computing. Reasoning about randomized algorithms is highly non-trivial. In the 1980s, this initiated first proof methods, logics, and model-checking algorithms. The field of probabilistic verification has developed considerably since then. This paper surveys the algorithmic verification of probabilistic models, in particular …

[Vol18F]

Fast Dynamic Fault Tree Analysis by Model Checking Techniques, Matthias Volk, Sebastian Junges, Joost-Pieter Katoen.

Jan 2018

This paper presents a new state-space generation approach for dynamic fault trees (DFTs) that exploits several successful reduction techniques from the field of model checking. The key idea is to aggressively exploit the DFT structure-detecting symmetries, spurious nondeterminism, and don't cares. Benchmarks show a gain of more than two orders of magnitude in terms of state-space generation and …

[Win17M]

Motion planning under partial observability using game-based abstraction, Leonore Winterer, Sebastian Junges, Ralf Wimmer, Nils Jansen, Ufuk Topcu, Joost-Pieter Katoen, Bernd Becker.

Dec 2017

We study motion planning problems where agents move inside environments that are not fully observable and subject to uncertainties. The goal is to compute a strategy for an agent that is guaranteed to satisfy certain safety and performance specifications. Such problems are naturally modeled by partially observable Markov decision processes (POMDPs). Because of the potentially huge or even infinite …