Abstract. This paper describes a major new release of the PRISM probabilistic model checker, adding, in particular, quantitative verification of (priced) probabilistic timed automata. These model systems exhibiting probabilistic, nondeterministic and real-time characteristics. In many application domains, all three aspects are essential; this includes, for example, embedded controllers in automotive or avionic systems, wireless communication protocols such as Bluetooth or Zigbee, and randomised security protocols. PRISM, which is open-source, also contains several new components that are of independent use. These include: an extensible toolkit for building, verifying and refining abstractions of probabilistic models; an explicit-state probabilistic model checking library; a discrete-event simulation engine for statistical model checking; support for generation of optimal adversaries/strategies; and a benchmark suite. 1

We demonstrate how probabilistic model checking, a formal veri cation method for the analysis of systems which exhibit stochastic behaviour, can be applied to the study of dependability properties of software-based control systems.

Abstract — Probabilistic model checking is a formal verification technique for analysing the reliability and performance of systems exhibiting stochastic behaviour. In this paper, we demonstrate the applicability of this approach and, in particular, the probabilistic model checking tool PRISM to the evaluation of reliability and redundancy of defect-tolerant systems in the field of computeraided design. We illustrate the technique with an example due to von Neumann, namely NAND multiplexing. We show how, having constructed a model of a defect-tolerant system incorporating probabilistic assumptions about its defects, it is straightforward to compute a range of reliability measures and investigate how they are affected by slight variations in the behaviour of the system. This allows a designer to evaluate, for example, the trade-off between redundancy and reliability in the design. We also highlight errors in analytically computed reliability bounds, recently published for the same case study. Index Terms — Probabilistic model checking, reliability, defecttolerant architectures, multiplexing

Automated verification is a technique for establishing if certain properties, usually expressed in temporal logic, hold for a system model. The model can be defined using a high-level formalism or extracted directly from software using methods such as abstract interpretation. The verification proceeds through exhaustive exploration of the state-transition graph of the model and is therefore more powerful than testing. Quantitative verification is an analogous technique for establishing quantitative properties of a system model, such as the probability of battery power dropping below minimum, the expected time for message delivery and the expected number of messages lost before protocol termination. Models analysed through this method are typically variants of Markov chains, annotated with costs and rewards that describe resources and their usage during execution. Properties are expressed in temporal logic extended with probabilistic and reward operators. Quantitative verification involves a combination of a traversal of the state-transition graph of the model and numerical computation. This paper gives a brief overview of current research in quantitative verification, concentrating on the potential of the method and outlining future challenges. The modelling approach is described and the usefulness of the methodology illustrated with an example of a real-world protocol standard – Bluetooth device discovery – that has been analysed using the PRISM model checker (www.prismmodelchecker.org).

Abstract — The widespread deployment of mobile devices like PDAs and mobile phones has created a vast computation and communication platform for pervasive computing applications. However, these devices feature an array of incompatible hardware and software architectures, discouraging ad-hoc interactions among devices. The Business Process Execution Language (BPEL) allows users in wired computing settings to model applications of significant complexity, leveraging Web standards to guarantee interoperability. However, BPEL’s inflexible communication model effectively prohibits its deployment on the kinds of dynamic wireless networks used by most pervasive computing devices. This paper presents extensions to BPEL that address these restrictions, transforming BPEL into a versatile platform for interoperable pervasive computing applications. We discuss our implementation of these extensions in Sliver, a lightweight BPEL execution engine that we have developed for mobile devices. We also evaluate a pervasive computing application prototype implemented in BPEL, running on Sliver. I.

Abstract — In this paper, we introduce and evaluate novel adaptive schemes for neighbor discovery in Bluetooth-enabled ad-hoc networks. In an ad-hoc peer-to-peer setting, neighbor search is a continuous, hence battery draining process. In order to save energy when the device is unlikely to encounter a neighbor, we adaptively choose parameter settings depending on a mobility context to decrease the expected power consumption of Bluetooth-enabled devices. For this purpose, we first determine the mean discovery time and power consumption values for different Bluetooth parameter settings through a comprehensive exploration of the parameter space by means of simulation validated by experiments on real devices. The fastest average discovery time obtained is 0.2 s, while at an average discovery time of 1 s the power consumption is just 1.5 times that of the idle mode on our devices. We then introduce two adaptive algorithms for dynamically adjusting the Bluetooth parameters based on past perceived activity in the ad-hoc network. Both adaptive schemes for selecting the discovery mode are based only on locally-available information. We evaluate these algorithms in a node mobility simulation. Our adaptive algorithms reduce energy consumption by 50 % and have up to 8 % better performance over a static power-conserving scheme. I.

For a PC-mobile download system which is embedded with streaming download protocol, there are problems that the data cannot be transmitted correctly from the PC to the mobile, or the transmission is unacceptably slow. To solve these problems, we carry out a formal analysis for the protocol with some timing parameters and a given probability of message loss and unordered data using a probabilistic model checking tool PRISM. We introduce a technique to reduce the state space of the system modeling the protocol which is a network of probabilistic timed automata. The experimental results in PRISM give us a clear explanation to the problems, and are helpful in identifying the optimal parameter settings to meet industrial requirements.

Abstract—Previously, we have developed a framework to perform systematic analysis of CSMA/CA based wireless MAC protocols. The framework first identifies protocol states that meet our study objective of minimizing a given performance metric. It then applies search techniques and heuristics to construct sequences of protocol events in a given topology that satisfy our objective. In this paper, we demonstrate that our framework can easily be extended to evaluate performance of new protocols by evaluating two completely different variants, namely MAC protocols for (i) quality of service (QoS), and (ii) power control. In each case, we identify previously unknown problems with the protocol. In particular, we generate scenarios where throughput of a lower priority class can be as high as 5 times compared to the throughput of a higher priority class, thus contradicting the basic notion of QoS. Traditional performance evaluation approaches typically evaluate average performance but do not capture the worst cases, nor do they expose the protocol breaking points. Thus this paper demonstrates the usefulness of a systematic approach in evaluating the protocol breaking points. I.

Abstract. Robot swarms provide a way for a number of simple robots to work together to carry out a task. While swarms have been found to be adaptable, fault-tolerant and widely applicable, designing individual robot algorithms so as to ensure effective and correct swarm behaviour is very difficult. In order to assess swarm effectiveness, either experiments with real robots or computational simulations of the swarm are usually carried out. However, neither of these involve a deep analysis of all possible behaviours. In this paper we will utilise automated formal verification techniques, involving an exhaustive mathematical analysis, in order to assess whether our swarms will indeed behave as required. 1

An alternative to deploying a single robot of high complexity can be to utilize robot swarms comprising large numbers of identical, and much simpler, robots. Such swarms have been shown to be adaptable, fault-tolerant and widely applicable. However, designing individual robot algorithms to ensure effective and correct overall swarm behaviour is actually very difficult. While mechanisms for assessing the effectiveness of any swarm algorithm before deployment are essential, such mechanisms have traditionally involved either computational simulations of swarm behaviour, or experiments with robot swarms themselves. However, such simulations or experiments cannot, by their nature, analyse all possible swarm behaviours. In this paper, we will develop and apply the use of automated probabilistic formal verification techniques to robot swarms, involving an exhaustive mathematical analysis, in order to assess whether swarms will indeed behave as required. In particular we consider a foraging robot scenario to which we apply probabilistic model checking. 1