Results 1  10
of
21
Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach
 International Journal on Software Tools for Technology Transfer (STTT
, 2002
"... In this paper we introduce PRISM, a probabilistic model checker, and describe the ecient symbolic techniques we have developed during its implementation. PRISM is a tool for analysing probabilistic systems. It supports three models: discretetime Markov chains, continuoustime Markov chains and ..."
Abstract

Cited by 203 (32 self)
 Add to MetaCart
In this paper we introduce PRISM, a probabilistic model checker, and describe the ecient symbolic techniques we have developed during its implementation. PRISM is a tool for analysing probabilistic systems. It supports three models: discretetime Markov chains, continuoustime Markov chains and Markov decision processes. Analysis is performed through model checking speci cations in the probabilistic temporal logics PCTL and CSL. Motivated by the success of model checkers such as SMV, which use BDDs (binary decision diagrams), we have developed an implementation of PCTL and CSL model checking based on MTBDDs (multiterminal BDDs) and BDDs. Existing work in this direction has been hindered by the generally poor performance of MTBDDbased numerical computation, which is often substantially slower than explicit methods using sparse matrices. We present a novel hybrid technique which combines aspects of symbolic and explicit approaches to overcome these performance problems. For typical examples, we achieve orders of magnitude speedup compared to MTBDDs and are able to almost match the speed of sparse matrices whilst maintaining considerable space savings.
Symbolic Model Checking of Probabilistic Timed Automata Using Backwards Reachability
, 2000
"... We consider probabilistic timed automata of [13], an extension of the timed automata model of [2] with discrete probability distributions. In contrast to timed automata, which model realtime systems purely in terms of nondeterminism, our model allows to express the likelihood of the system makin ..."
Abstract

Cited by 84 (27 self)
 Add to MetaCart
We consider probabilistic timed automata of [13], an extension of the timed automata model of [2] with discrete probability distributions. In contrast to timed automata, which model realtime systems purely in terms of nondeterminism, our model allows to express the likelihood of the system making certain transitions, and is thus appropriate for modelling faulttolerance and probabilistic failures. We present a symbolic model checking algorithm for the existential fragment of the logic PTCTL of [13] based on backward reachability as in [12]. The logic allows us to specify properties such as \with probability 0.99 or greater, it is possible to correctly deliver a data packet within 5 time units", or \with probability 0.87 or greater, the system never enters an error state".
Performance analysis of probabilistic timed automata using digital clocks
 Proc. Formal Modeling and Analysis of Timed Systems (FORMATSâ€™03), volume 2791 of LNCS
, 2003
"... ..."
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 71 (21 self)
 Add to MetaCart
(Show Context)
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Probabilistic Model Checking of Deadline Properties in the IEEE1394 FireWire Root Contention Protocol
 in the IEEE 1394 FireWire root contention protocol. Special Issue of Formal Aspects of Computing
"... The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automati ..."
Abstract

Cited by 44 (26 self)
 Add to MetaCart
The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automatic verification techniques such as model checking have been adapted to this class of probabilistic, timed systems [1, 9, 3, 14]. This abstract considers an application of such techniques to the IEEE1394 (FireWire) root contention protocol, in which the interplay between timed and probabilistic aspects is used to break the symmetry which may arise during the leader election process. Here, the properties of interest concern the election of a leader within a certain deadline, with a certain probability or greater. Our specification formalism is that of probabilistic timed automata [14], a variant of timed automa...
Model checking discounted temporal properties
 In TACAS04, LNCS 2988
, 2004
"... Temporal logic is twovalued: formulas are interpreted as either true or false. When applied to the analysis of stochastic systems, or systems with imprecise formal models, temporal logic is therefore fragile: even small changes in the model can lead to opposite truth values for a specication. We p ..."
Abstract

Cited by 33 (8 self)
 Add to MetaCart
Temporal logic is twovalued: formulas are interpreted as either true or false. When applied to the analysis of stochastic systems, or systems with imprecise formal models, temporal logic is therefore fragile: even small changes in the model can lead to opposite truth values for a specication. We present a generalization of the branchingtime logic Ctl which achieves robustness with respect to model perturbations by giving a quantitative interpretation to predicates and logical operators, and by discounting the importance of events according to how late they occur. In every state, the value of a formula is a real number in the interval [0,1], where 1 corresponds to truth and 0 to falsehood. The boolean operators and and or are replaced by min and max, the path quantiers 9 and 8 determine sup and inf over all paths from a given state, and the temporal operators 3 and 2 specify sup and inf over a given path; a new operator averages all values along a path. Furthermore, all path operators are discounted by a parameter that can be chosen to give more weight to states that are closer to the beginning of the path.
Continuous Stochastic Logic Characterizes Bisimulation of Continuoustime Markov Processes
 J. of Logic and Alg. Progr
, 2002
"... In a recent paper Baier, Haverkort, Hermanns and Katoen [BHHK00], analyzed a new way of modelchecking formulas of a logic for continuoustime processes  called Continuous Stochastic Logic (henceforth CSL) { against continuoustime Markov chains { henceforth CTMCs. One of the important results o ..."
Abstract

Cited by 33 (3 self)
 Add to MetaCart
In a recent paper Baier, Haverkort, Hermanns and Katoen [BHHK00], analyzed a new way of modelchecking formulas of a logic for continuoustime processes  called Continuous Stochastic Logic (henceforth CSL) { against continuoustime Markov chains { henceforth CTMCs. One of the important results of that paper was the proof that if two CTMCs were bisimilar then they would satisfy exactly the same formulas of CSL. This raises the converse question { does satisfaction of the same collection of CSL formulas imply bisimilarity? In other words, given two CTMCs which are known to satisfy exactly the same formulas of CSL does it have to be the case that they are bisimilar? We prove that the answer to the question just raised is \yes". In fact we prove a signi cant extension, namely that a subset of CSL suces even for systems where the statespace may be a continuum. Along the way we prove a result to the eect that the set of Zeno paths has measure zero provided that the transition rates are bounded.
The complexity of stochastic Rabin and Streett games
, 2004
"... Abstract. The theory of graph games with!regular winning conditions is the foundation for modeling and synthesizing reactive processes. In the case of stochastic reactive processes, the corresponding stochastic graph games have three players, two of them (System and Environment) behaving adversari ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
(Show Context)
Abstract. The theory of graph games with!regular winning conditions is the foundation for modeling and synthesizing reactive processes. In the case of stochastic reactive processes, the corresponding stochastic graph games have three players, two of them (System and Environment) behaving adversarially, and the third (Uncertainty) behaving probabilistically. We consider two problems for stochastic graph games: the qualitative problem asks for the set of states from which a player can win with probability 1 (almostsure winning); the quantitative problem asks for the maximal probability of winning (optimal winning) from each state. We show that for Rabin winning conditions, both problems are in NP. As these problems were known to be NPhard, it follows that they are NPcomplete for Rabin conditions, and dually, coNPcomplete for Streett conditions. The proof proceeds by showing that pure memoryless strategies suce for qualitatively and quantitatively winning stochastic graph games with Rabin conditions. This insight is of interest in its own right, as it implies that controllers for Rabin objectives have simple implementations. We also prove that for every!regular condition, optimal winning strategies are no more complex than almostsure winning strategies. 1
Verifying Probabilistic Programs Using A Hoare Like Logic
, 2002
"... Probability, be it inherent or explicitly introduced, has become an important issue in the verification of programs. In this paper we study a formalism which allows reasoning about programs which can act probabilistically. To describe probabilistic programs, a basic programming language with an oper ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
Probability, be it inherent or explicitly introduced, has become an important issue in the verification of programs. In this paper we study a formalism which allows reasoning about programs which can act probabilistically. To describe probabilistic programs, a basic programming language with an operator for probabilistic choice is introduced and a denotational semantics is given for this language. To specify properties of probabilistic programs, standard first order logic predicates are insufficient, so a notion of probabilistic predicates is introduced. A Hoarestyle proof system to check properties of probabilistic programs is given. The proof system for a sublanguage is shown to be sound and complete; the properties that can be derived are exactly the valid properties. Finally some typical examples illustrate the use of the probabilistic predicates and the proof system.
Probabilistic KLAIM
 In Proc. of 7th International Conference on Coordination Models and Languages (Coordination 04), volume 2949 of LNCS
, 2004
"... We introduce a probabilistic extension of KLAIM, where the behaviour of networks and individual nodes is determined by a probabilistic scheduler for processes and probabilistic allocation environments which describe the logical neighbourhood of each node. The resulting language has two variants ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
(Show Context)
We introduce a probabilistic extension of KLAIM, where the behaviour of networks and individual nodes is determined by a probabilistic scheduler for processes and probabilistic allocation environments which describe the logical neighbourhood of each node. The resulting language has two variants which are modelled respectively as discrete and continuous time Markov processes. We suggest that Poisson processes are a natural probabilistic model for the coordination of discrete processes asynchronously communicating in continuous time and we use them to de ne the operational semantics of the continuous time variant. This framework allows for the implementation of networks with independent clocks on each site.