Results 1  10
of
31
PRISM: Probabilistic symbolic model checker
, 2002
"... Abstract. In this paper we describe PRISM, a tool being developed at the University of Birmingham for the analysis of probabilistic systems. PRISM supports two probabilistic models: continuoustime Markov chains and Markov decision processes. Analysis is performed through model checking such systems ..."
Abstract

Cited by 224 (14 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we describe PRISM, a tool being developed at the University of Birmingham for the analysis of probabilistic systems. PRISM supports two probabilistic models: continuoustime Markov chains and Markov decision processes. Analysis is performed through model checking such systems against specifications written in the probabilistic temporal logics PCTL and CSL. The tool features three model checking engines: one symbolic, using BDDs (binary decision diagrams) and MTBDDs (multiterminal BDDs); one based on sparse matrices; and one which combines both symbolic and sparse matrix methods. PRISM has been successfully used to analyse probabilistic termination, performance, dependability and quality of service properties for a range of systems, including randomized distributed algorithms, polling systems, workstation cluster and wireless cell communication. 1
The NPcompleteness column: an ongoing guide
 JOURNAL OF ALGORITHMS
, 1987
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freem ..."
Abstract

Cited by 220 (0 self)
 Add to MetaCart
(Show Context)
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freeman & Co., New York, 1979 (hereinafter referred to as "[G&J]"; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Knowledge, probability, and adversaries
 Journal of the ACM
, 1993
"... Abstract: What should it mean for an agent toknowor believe an assertion is true with probability:99? Di erent papers [FH88, FZ88a, HMT88] givedi erent answers, choosing to use quite di erent probability spaces when computing the probability that an agent assigns to an event. We showthat each choice ..."
Abstract

Cited by 83 (24 self)
 Add to MetaCart
Abstract: What should it mean for an agent toknowor believe an assertion is true with probability:99? Di erent papers [FH88, FZ88a, HMT88] givedi erent answers, choosing to use quite di erent probability spaces when computing the probability that an agent assigns to an event. We showthat each choice can be understood in terms of a betting game. This betting game itself can be understood in terms of three types of adversaries in uencing three di erent aspects of the game. The rst selects the outcome of all nondeterministic choices in the system� the second represents the knowledge of the agent's opponent in the betting game (this is the key place the papers mentioned above di er) � the third is needed in asynchronous systems to choose the time the bet is placed. We illustrate the need for considering all three types of adversaries with a number of examples. Given a class of adversaries, we show howto assign probability spaces to agents in a way most appropriate for that class, where \most appropriate " is made precise in terms of this betting game. We conclude by showing how di erent assignments of probability spaces (corresponding to di erent opponents) yield di erent levels of guarantees in probabilistic coordinated attack.
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 66 (22 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Secrecy in multiagent systems
"... We introduce a general framework for reasoning about secrecy requirements in multiagent systems. Because secrecy requirements are closely connected with the knowledge of individual agents of a system, our framework employs the modal logic of knowledge within the context of the wellstudied runs and ..."
Abstract

Cited by 63 (5 self)
 Add to MetaCart
(Show Context)
We introduce a general framework for reasoning about secrecy requirements in multiagent systems. Because secrecy requirements are closely connected with the knowledge of individual agents of a system, our framework employs the modal logic of knowledge within the context of the wellstudied runs and systems framework. Put simply, “secrets ” are facts about a system that lowlevel agents are never allowed to know. The framework presented here allows us to formalize this intuition precisely, in a way that is much in the spirit of Sutherland’s notion of nondeducibility. Several wellknown attempts to characterize the absence of information flow, including separability, generalized noninterference, and nondeducibility on strategies, turn out to be special cases of our definition of secrecy. However, our approach lets us go well beyond these definitions. It can handle probabilistic secrecy in a clean way, and it suggests generalizations of secrecy that may be useful for dealing with resourcebounded reasoning and with issues such as downgrading of information.
Sharedmemory mutual exclusion: Major research trends since
 Distributed Computing
, 1986
"... * Exclusion: At most one process executes its critical section at any time. ..."
Abstract

Cited by 61 (6 self)
 Add to MetaCart
(Show Context)
* Exclusion: At most one process executes its critical section at any time.
Model Checking for Probability and Time: From Theory to Practice
 In Proc. Logic in Computer Science
, 2003
"... Probability features increasingly often in software and hardware systems: it is used in distributed coordination and routing problems, to model faulttolerance and performance, and to provide adaptive resource management strategies. Probabilistic model checking is an automatic procedure for establi ..."
Abstract

Cited by 59 (1 self)
 Add to MetaCart
(Show Context)
Probability features increasingly often in software and hardware systems: it is used in distributed coordination and routing problems, to model faulttolerance and performance, and to provide adaptive resource management strategies. Probabilistic model checking is an automatic procedure for establishing if a desired property holds in a probabilistic model, aimed at verifying probabilistic specifications such as "leader election is eventually resolved with probability 1", "the chance of shutdown occurring is at most 0.01%", and "the probability that a message will be delivered within 30ms is at least 0.75". A probabilistic model checker calculates the probability of a given temporal logic property being satisfied, as opposed to validity. In contrast to conventional model checkers, which rely on reachability analysis of the underlying transition system graph, probabilistic model checking additionally involves numerical solutions of linear equations and linear programming problems. This paper reports our experience with implementing PRISM (www.cs.bham.ac.uk/dxp/ prism/), a Probabilistic Symbolic Model Checker, demonstrates its usefulness in analysing realworld probabilistic protocols, and outlines future challenges for this research direction.
Efficient Asynchronous Consensus with the ValueOblivious Adversary Scheduler
 Automata, Languages and Programming, 23rd International Colloquium, volume 1099 of Lecture Notes in Computer Science
, 1996
"... We address the problem of asynchronous consensus. In view of the ~\Omega ) lower bound for consensus with the standard adversary scheduler [2], we examine the problem with other adversary models. We define the valueoblivious scheduler, which at all times has full knowledge of the entire stat ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
We address the problem of asynchronous consensus. In view of the ~\Omega ) lower bound for consensus with the standard adversary scheduler [2], we examine the problem with other adversary models. We define the valueoblivious scheduler, which at all times has full knowledge of the entire state of system except for the actual random values generated and manipulated by the program, as long as they do not affect the dynamics of the system. We argue that the valueoblivious adversary model faithfully captures the possible sources of asynchrony in realworld systems. We present a randomized algorithm that achieves consensus in O(n log n) total work in the presence of a valueoblivious scheduler. Total work is defined as the total number of steps performed by all processors collectively. The amortized work per processor is thus O(log n). The expected contention on any register is O(1) and with high probability never do more than O(log n) processors try to access the same register concurrently.
Towards automated proof support for probabilistic distributed systems
 In Proceedings of Logic for Programming and Automated Reasoning, volume 3835 of LNAI
, 2005
"... Abstract. The mechanisation of proofs for probabilistic systems is particularly challenging due to the verification of realvalued properties that probability entails: experience indicates [12, 4, 11] that there are many difficulties in automating realnumber arithmetic in the context of other progr ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
(Show Context)
Abstract. The mechanisation of proofs for probabilistic systems is particularly challenging due to the verification of realvalued properties that probability entails: experience indicates [12, 4, 11] that there are many difficulties in automating realnumber arithmetic in the context of other program features. In this paper we propose a framework for verification of probabilistic distributed systems based on the generalisation of Kleene algebra with tests that has been used as a basis for development of concurrency control in standard programming [7]. We show that verification of realvalued properties in these systems can be considerably simplified, and moreover that there is an interpretation which is susceptible to counterexample search via state exploration, despite the underlying realnumber domain. 1
Analysing randomized distributed algorithms
 Validation of Stochastic Systems
, 2004
"... Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, thi ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, this comes at a cost: the analysis of such systems become very complex, particularly in the context of distributed computation. This arises through the interplay between probability and nondeterminism. To prove a randomized distributed algorithm correct one usually involves two levels: classical, assertionbased reasoning, and a probabilistic analysis based on a suitable probability space on computations. In this paper we describe a number of approaches which allows us to verify the correctness of randomized distributed algorithms. 1