Central Limit Model Checking

Luca Bortolussi, Luca Cardelli, Marta Kwiatkowska, Luca Laurenti
2019 ACM Transactions on Computational Logic  
We consider probabilistic model checking for continuous-time Markov chains (CTMCs) induced from Stochastic Reaction Networks (SRNs) against a fragment of Continuous Stochastic Logic (CSL) extended with reward operators. Classical numerical algorithms for CSL model checking based on uniformisation are limited to finite CTMCs and suffer from exponential growth of the state space with respect to the number of species. On the other hand, approximate techniques such as mean-field approximations and
more » ... imulations combined with statistical inference are more scalable, but can be time consuming and do not support the full expressiveness of CSL. In this paper we employ a continuous-space approximation of the CTMC in terms of a Gaussian process based on the Central Limit Approximation (CLA), also known as the Linear Noise Approximation (LNA), whose solution requires solving a number of differential equations that is quadratic in the number of species and independent of the population size. We then develop efficient and scalable approximate model checking algorithms on the resulting Gaussian process, where we restrict the target regions for probabilistic reachability to convex polytopes. This allows us to derive an abstraction in terms of a time-inhomogeneous discrete-time Markov chain (DTMC), whose dimension is independent of the number of species, on which model checking is performed. Using results from probability theory, we prove the convergence in distribution of our algorithms to the corresponding measures on the original CTMC. We implement the techniques and, on a set of examples, demonstrate that they allow us to overcome the state space explosion problem, while still correctly characterizing the stochastic behaviour of the system. Our methods can be used for formal analysis of a wide range of distributed stochastic systems, including biochemical systems, sensor networks and population protocols. Central Limit Model Checking • :3 We show the effectiveness of our approach on a set of case studies taken from the biological literature, also in cases where existing numerical model checking techniques are infeasible. A preliminary version of this work has appeared in [14] . This paper extends [14] in several aspects. While in [14] we only consider probabilistic reachability, here we generalise our algorithms to the time-bounded fragment of CSL, which we also extend with reward operators. Furthermore, we prove weak convergence of our algorithms and significantly extend the experimental evaluation. 1.0.2 Related work. Algorithms for model checking CSL properties for continuous-time Markov chains have been introduced and then improved with techniques based on uniformization [8] (essentially a discretisation of the original CTMC) and reward computation [40]. The analysis typically involves computing the transient probability of the system residing in a state at a given time, or, for a model annotated with rewards, the expected reward that can be obtained. Despite improvements such as symmetry reduction [35], sliding window [56] and fast adaptive uniformisation [28], their practical use for Stochastic Reaction Networks is severely hindered by state space explosion [35] , which in a SRN grows exponentially with the number of molecules when finite, and may be infinite, in which case finite projection methods have to be used [47] . As a consequence, approximate but faster algorithms are appealing. The mainstream solution is to rely on simulations combined with statistical inference to obtain estimates [20, 41] . These methods, however, are still computationally expensive. A recent trend of works explored as an alternative whether estimates could be obtained by relying on approximations of the stochastic process based on mean-field [15] or linear noise [18, 19, 23] . However, CSL and some classes of reward properties, like those considered here, are very challenging. In fact, most approaches consider either local properties of individual molecules [15] , or properties obtained by observing the behaviour of individual molecules and restricting the target region to an absorbing subspace of the (modified) model [18] . The only approach dealing with more general subsets, [19] , imposes restrictions on the behaviour of the mean-field approximation, whose trajectory has to enter the reachability region in a finite time. Another interesting approach has been developed in [46, 51] , where model checking of time-bounded properties for CTMCs is expressed as a Bayesian inference problem, and approximate model checking algorithms are derived. However, no guarantees on the convergence of the resulting algorithms are given. Recent works also considered approximations of the CTMC induced by a SRN in terms of a stochastic hybrid system [13, 24, 34, 36] . The idea is to approximate the species in high population as a continuous-space process, while keeping the subset of species in low counts as a discrete process. Although this approach can be effective and capture multimodal dynamics, it has convergence guarantees only in terms of stochastic hybrid systems with deterministic continuous dynamics [13] , and there is no convergence guarantee when the continuous dynamics is expressed by Gaussian processes [23] . Moreover, methods based on moment closure [34] do not have any convergence or error guarantees at all. In addition, model checking of stochastic hybrid systems against CSL properties requires discretization of the continuous state space, and are thus constrained by state space explosion [42] . Our approach differs in that it is based on the CLA and considers regions defined by polytopes, which encompasses most properties of practical interest. The simplest idea would be to consider the CLA and compute reachability probabilities for this stochastic process, invoking convergence theorems for the CLA to prove the asymptotic correctness. Unfortunately, there is no straightforward way to do this, since dealing with a continuous space and continuous time diffusion process, e.g., Gaussian, is computationally hard, and computing reachability is challenging (see [1]). As a consequence, discrete abstractions are appealing.
doi:10.1145/3331452 fatcat:oyoowhiekbaxdnxrv4373cyyoe