Results 1  10
of
23
Automated Verification Techniques for Probabilistic Systems
"... Abstract. This tutorial provides an introduction to probabilistic model checking, a technique for automatically verifying quantitative properties of probabilistic systems. We focus on Markov decision processes (MDPs), which model both stochastic and nondeterministic behaviour. We describe methods to ..."
Abstract

Cited by 39 (17 self)
 Add to MetaCart
(Show Context)
Abstract. This tutorial provides an introduction to probabilistic model checking, a technique for automatically verifying quantitative properties of probabilistic systems. We focus on Markov decision processes (MDPs), which model both stochastic and nondeterministic behaviour. We describe methods to analyse a wide range of their properties, including specifications in the temporal logics PCTL and LTL, probabilistic safety properties and cost or rewardbased measures. We also discuss multiobjective probabilistic model checking, used to analyse tradeoffs between several different quantitative properties. Applications of the techniques in this tutorial include performance and dependability analysis of networked systems, communication protocols and randomised distributed algorithms. Since such systems often comprise several components operating in parallel, we also cover techniques for compositional modelling and verification of multicomponent probabilistic systems. Finally, we describe three large case studies which illustrate practical applications of the various methods discussed in the tutorial. 1
Generic trace semantics via coinduction
 Logical Methods in Comp. Sci
, 2007
"... Abstract. Trace semantics has been defined for various kinds of statebased systems, notably with different forms of branching such as nondeterminism vs. probability. In this paper we claim to identify one underlying mathematical structure behind these “trace ..."
Abstract

Cited by 35 (10 self)
 Add to MetaCart
(Show Context)
Abstract. Trace semantics has been defined for various kinds of statebased systems, notably with different forms of branching such as nondeterminism vs. probability. In this paper we claim to identify one underlying mathematical structure behind these “trace
Observing Branching Structure through Probabilistic Contexts
 SIAM J. Comput
"... Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also called adversaries or strategies), which resolve all nondeterministic choices based on past history. From the resulting purely probabilistic structures, trace distributions can be extracted, whose intent is to capture the observable behavior of a PA. However, when PAs are composed via an (asynchronous) parallel composition operator, a global scheduler may establish strong correlations between the behavior of system components and, for example, resolve nondeterministic choices in one PA based on the outcome of probabilistic choices in the other. It is well known that, as a result of this, the (lineartime) trace distribution precongruence is not compositional for PAs. In his 1995 Ph.D. thesis, Segala has shown that the (branchingtime) probabilistic simulation preorder is compositional for PAs. In this paper, we establish that the simulation preorder is, in fact, the coarsest refinement of the trace distribution preorder that is compositional. We prove our characterization result by providing (1) a context of a given PA A, called the tester, which may announce the state of A to the outside world, and (2) a specific global scheduler, called the observer, which ensures that the state information that is announced is actually correct. Now when another PA B is composed with the tester, it may generate the same external behavior as the observer only when it is able to simulate A in the sense that whenever A goes to some state s, B can go to a corresponding state u, from which it may generate the same external behavior. Our result shows that probabilistic contexts together with global schedulers are able to exhibit the branching structure of PAs.
Generic forward and backward simulations
 International Conference on Concurrency Theory (CONCUR 2006), volume 4137 of Lect. Notes Comp. Sci
, 2006
"... Abstract. The technique of forward/backward simulations has been applied successfuly in many distributed and concurrent applications. In this paper, however, we claim that the technique can actually have more genericity and mathematical clarity. We do so by identifying forward/backward simulations a ..."
Abstract

Cited by 19 (5 self)
 Add to MetaCart
(Show Context)
Abstract. The technique of forward/backward simulations has been applied successfuly in many distributed and concurrent applications. In this paper, however, we claim that the technique can actually have more genericity and mathematical clarity. We do so by identifying forward/backward simulations as lax/oplax morphisms of coalgebras. Starting from this observation, we present a systematic study of this generic notion of simulations. It is meant to be a generic version of the study by Lynch and Vaandrager, covering both nondeterministic and probabilistic systems. In particular we prove soundness and completeness results with respect to trace inclusion: the proof is by coinduction using the generic theory of traces developed by Jacobs, Sokolova and the author. By suitably instantiating our generic framework, one obtains the appropriate definition of forward/backward simulations for various kinds of systems, for which soundness and completeness come for free. 1
Quantitative model checking revisited: neither decidable nor approximable
 In FORMATS’07, LNCS 4763
, 2007
"... Abstract. Quantitative model checking computes the probability values of a given property quantifying over all possible schedulers. It turns out that maximum and minimum probabilities calculated in such a way are overestimations on models of distributed systems in which components are loosely coup ..."
Abstract

Cited by 16 (10 self)
 Add to MetaCart
(Show Context)
Abstract. Quantitative model checking computes the probability values of a given property quantifying over all possible schedulers. It turns out that maximum and minimum probabilities calculated in such a way are overestimations on models of distributed systems in which components are loosely coupled and share little information with each other (and hence arbitrary schedulers may result too powerful). Therefore, we focus on the quantitative model checking problem restricted to distributed schedulers that are obtained only as a combination of local schedulers (i.e. the schedulers of each component) and show that this problem is undecidable. In fact, we show that there is no algorithm that can compute an approximation to the maximum probability of reaching a state within a given bound when restricted to distributed schedulers. 1
On the expressive power of schedulers in distributed probabilistic systems
 ENTCS
"... In this paper, we consider several subclasses of distributed schedulers and we investigate the ability of these subclasses to attain worstcase probabilities. Based on previous work, we consider the class of distributed schedulers, and we prove that randomization adds no extra power to distributed s ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
(Show Context)
In this paper, we consider several subclasses of distributed schedulers and we investigate the ability of these subclasses to attain worstcase probabilities. Based on previous work, we consider the class of distributed schedulers, and we prove that randomization adds no extra power to distributed schedulers when trying to attain the supremum probability of any measurable set, thus showing that the subclass of deterministic schedulers suffices to attain the worstcase probability. Traditional schedulers are a particular case of distributed schedulers. So, since our result holds for any measurable set, our proof generalizes the wellknown result that randomization adds no extra power to schedulers when trying to maximize the probability of an ωregular language. However, nonMarkovian schedulers are needed to attain supremum probabilities in distributed systems. We develop another class of schedulers (the strongly distributed schedulers) that restricts the nondeterminism concerning the order in which components execute. We compare this class against previous approaches in the same direction, showing that our definition is an important contribution. For this class, we show that randomized and nonMarkovian schedulers are needed to attain worstcase probabilities. We also discuss the subclass of finitememory schedulers, showing the intractability of the model checking problem for these schedulers.
Partial order reduction for probabilistic systems assuming distributed schedulers
 Serie A, Inf. 2009/02, FaMAF, UNC, 2009. Available at
"... Abstract. In the verification of probabilistic systems, distributed schedulers are used to obtain tight bounds on worstcase probabilities, these bounds being more realistic than the ones obtained by considering unrestricted fullhistory dependent schedulers. In this paper, we define two classes o ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In the verification of probabilistic systems, distributed schedulers are used to obtain tight bounds on worstcase probabilities, these bounds being more realistic than the ones obtained by considering unrestricted fullhistory dependent schedulers. In this paper, we define two classes of distributed schedulers. We present undecidability results related to the automatic verification under these classes of schedulers. In previous literature, we have proven that the model checking problem is undecidable for distributed schedulers. However, in this paper we show that, by assuming that the schedulers are in a given class, the technique of partial order reduction (POR) for LTL properties can be applied in a more efficient way than usual, thus yielding a system with less states and transitions than if reduced assuming unrestricted schedulers. The reduced system can then be analysed using wellknown algorithms for fullhistory dependent schedulers. Our partial order reduction technique may also obtain bounds strictly tighter than the ones obtained by considering unrestricted schedulers (of course, such bounds are safe with respect to the class of schedulers under consideration). We explain that the two variants we present are obtained from a general theorem, thus raising the question of whether there are other “natural ” classes of schedulers for which POR variants can be developed. 1
Probabilistic anonymity via coalgebraic simulations
 European Symposium on Programming (ESOP 2007), volume 4421 of Lect. Notes Comp. Sci
, 2007
"... Abstract. There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who presen ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
Abstract. There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who present the definition of probabilistic anonymity for which, however, proof methods are not yet elaborated. In this paper we introduce a simulationbased proof method for probabilistic anonymity. It is a probabilistic adaptation of the method by Kawabe et al. for nondeterministic anonymity: anonymity of a protocol is proved by finding out a forward/backward simulation between certain automata. For the jump from nondeterminism to probability we fully exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo and others. In particular, an appropriate notion of probabilistic simulations is obtained by instantiating a generic definition with suitable parameters. 1
On the verification of probabilistic I/O automata with unspecified rates
 In SAC ’09: Proceedings of the 2009 ACM symposium on Applied Computing
, 2009
"... We consider the Probabilistic I/O Automata framework, for which we address the verification of reachability properties in case the rates (also called delay parameters) are unspecified. We show that the problem of finding (or even approximating) the supremum probability that a set of states is reac ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
(Show Context)
We consider the Probabilistic I/O Automata framework, for which we address the verification of reachability properties in case the rates (also called delay parameters) are unspecified. We show that the problem of finding (or even approximating) the supremum probability that a set of states is reached is undecidable. However, we give an algorithm to obtain a nontrivial overestimation of this value. We explain why this overestimation may result useful for many systems. Finally, in order to compare our approach against Markov Decision Processes, we study a simple protocol for anonymous fair service. In this case, the overestimation computed over the PIOA gives a more realistic result than the exact computation over the MDP.
Undecidability results for distributed probabilistic systems
 of Lecture Notes in Computer Science
, 2009
"... Abstract. In the verification of concurrent systems involving probabilities, the aim is to find out the maximum/minimum probability that a given event occurs (examples of such events being “the system reaches a failure state”,“a message is delivered”). Such extremal probabilities are obtained by qu ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In the verification of concurrent systems involving probabilities, the aim is to find out the maximum/minimum probability that a given event occurs (examples of such events being “the system reaches a failure state”,“a message is delivered”). Such extremal probabilities are obtained by quantifying over all the possible ways in which the processes may be interleaved. Interleaving choices are considered a particular case of nondeterministic behaviour. Such behaviour is dealt with by considering schedulers that resolve the nondeterministic choices. Each scheduler determines a Markov chain for which actual probabilities can be calculated. In the recent literature on distributed systems, particular attention has been paid to the fact that, in order to obtain accurate results, the analysis must rely on partial information schedulers, instead of fullhistory dependent schedulers used in the setting of Markov decision processes. In this paper, we present undecidability results for distributed schedulers. These schedulers were devised in previous works, and aim to capture the fact that each process has partial information about the actual state of the system. Some of the undecidability results we present are particularly impressive: in the setting of total information the same problems are inexpensive and, indeed, they are used as preprocessing steps in more general model checking algorithms. 1