Results 11  20
of
215
Monte Carlo Model Checking
 In Proc. of Tools and Algorithms for Construction and Analysis of Systems (TACAS 2005), volume 3440 of LNCS
, 2005
"... Abstract. We present MC 2, what we believe to be the first randomized, Monte Carlo algorithm for temporallogic model checking, the classical problem of deciding whether or not a property specified in temporal logic holds of a system specification. Given a specification S of a finitestate system, a ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
Abstract. We present MC 2, what we believe to be the first randomized, Monte Carlo algorithm for temporallogic model checking, the classical problem of deciding whether or not a property specified in temporal logic holds of a system specification. Given a specification S of a finitestate system, an LTL (Linear Temporal Logic) formula ϕ, and parameters ɛ and δ, MC 2 takes N = ln(δ) / ln(1 − ɛ) random samples (random walks ending in a cycle, i.e lassos) from the Büchi automaton B = BS × B¬ϕ to decide if L(B) = ∅. Should a sample reveal an accepting lasso l, MC 2 returns false with l as a witness. Otherwise, it returns true and reports that with probability less than δ, pZ < ɛ, where pZ is the expectation of an accepting lasso in B. It does so in time O(N · D) and space O(D), where D is B’s recurrence diameter, using a number of samples N that is optimal to within a constant factor. Our experimental results demonstrate that MC 2 is fast, memoryefficient, and scales very well.
How to Specify and Verify the LongRun Average Behavior of Probabilistic Systems
 In Proc. LICS'98
, 1998
"... Longrun average properties of probabilistic systems refer to the average behavior of the system, measured over a period of time whose length diverges to infinity. These properties include many relevant performance and reliability indices, such as system throughput, average response time, and mean t ..."
Abstract

Cited by 38 (3 self)
 Add to MetaCart
Longrun average properties of probabilistic systems refer to the average behavior of the system, measured over a period of time whose length diverges to infinity. These properties include many relevant performance and reliability indices, such as system throughput, average response time, and mean time between failures. In this paper, we argue that current formal specification methods cannot be used to specify longrun average properties of probabilistic systems. To enable the specification of these properties, we propose an approach based on the concept of experiments. Experiments are labeled graphs that can be used to describe behavior patterns of interest, such as the request for a resource followed by either a grant or a rejection. Experiments are meant to be performed infinitely often, and it is possible to specify their longrun average outcome or duration. We propose simple extensions of temporal logics based on experiments, and we present modelchecking algorithms for the verif...
A Hierarchy of Probabilistic System Types
, 2003
"... We study various notions of probabilistic bisimulation from a coalgebraic point of view, accumulating in a hierarchy of probabilistic system types. In general, a natural transformation between two Setfunctors straightforwardly gives rise to a transformation of coalgebras for the respective functors ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
We study various notions of probabilistic bisimulation from a coalgebraic point of view, accumulating in a hierarchy of probabilistic system types. In general, a natural transformation between two Setfunctors straightforwardly gives rise to a transformation of coalgebras for the respective functors. This latter transformation preserves homomorphisms and thus bisimulations. For comparison of probabilistic system types we also need reflection of bisimulation. We build the hierarchy of probabilistic systems by exploiting the new result that the transformation also reflects bisimulation in case the natural transformation is componentwise injective and the first functor preserves weak pullbacks. Additionally, we illustrate the correspondence of concrete and coalgebraic bisimulation in the case of general Segalatype systems.
On Generative Parallel Composition
, 1999
"... A major reason for studying probabilistic processes is to establish a link between a formal model for describing functional system behaviour and a stochastic process. Compositionality is an essential ingredient for specifying systems. Parallel composition in a probabilistic setting is complicated si ..."
Abstract

Cited by 36 (6 self)
 Add to MetaCart
A major reason for studying probabilistic processes is to establish a link between a formal model for describing functional system behaviour and a stochastic process. Compositionality is an essential ingredient for specifying systems. Parallel composition in a probabilistic setting is complicated since it gives rise to nondeterminism, for instance due to interleaving of independent autonomous activities. This paper presents a detailed study of the resolution of nondeterminism in an asynchronous generative setting. Based on the intuition behind the synchronous probabilistic calculus PCCS we formulate two criteria that an asynchronous parallel composition should fulfill. We provide novel probabilistic variants of parallel composition for CCS and CSP and show that these operators satisfy these general criteria, opposed to most existing proposals. Probabilistic bisimulation is shown to be a congruence for these operators and their expansion is addressed.
Weak probabilistic anonymity
 INRIA FUTURS AND LIX
, 2005
"... Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact ..."
Abstract

Cited by 36 (10 self)
 Add to MetaCart
Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information. We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.
Probabilistic Model Checking of Deadline Properties in the IEEE1394 FireWire Root Contention Protocol
 in the IEEE 1394 FireWire root contention protocol. Special Issue of Formal Aspects of Computing
"... The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automati ..."
Abstract

Cited by 35 (23 self)
 Add to MetaCart
The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automatic verification techniques such as model checking have been adapted to this class of probabilistic, timed systems [1, 9, 3, 14]. This abstract considers an application of such techniques to the IEEE1394 (FireWire) root contention protocol, in which the interplay between timed and probabilistic aspects is used to break the symmetry which may arise during the leader election process. Here, the properties of interest concern the election of a leader within a certain deadline, with a certain probability or greater. Our specification formalism is that of probabilistic timed automata [14], a variant of timed automa...
Symbolic Model Checking of Concurrent Probabilistic Systems Using MTBDDs
, 2000
"... Symbolic model checking for purely probabilistic processes using MTBDDs [12] was introduced in [4] and further developed in [20, 3]. In this paper we consider models for concurrent probabilistic systems similar to those of [28, 7, 5] and the concurrent Markov chains of [35, 13], which extend the ..."
Abstract

Cited by 35 (16 self)
 Add to MetaCart
Symbolic model checking for purely probabilistic processes using MTBDDs [12] was introduced in [4] and further developed in [20, 3]. In this paper we consider models for concurrent probabilistic systems similar to those of [28, 7, 5] and the concurrent Markov chains of [35, 13], which extend the purely probabilistic processes through the addition of nondeterministic choice. As a specification formalism we use the probabilistic branchingtime temporal logic PBTL of [5, 7], which allows us to express properties such as "under any scheduling of nondeterministic choices, the probability of OE holding until / is true is at least 0.78". In [5, 7] it is shown that the verification of "until" properties can be reduced to a linear programming problem and solved with the help of e.g. the simplex algorithm, but no symbolic model checking is considered. Based on the algorithms of [5, 7], we derive symbolic model checking procedure for PBTL over concurrent probabilistic systems using MTBDDs, and extend it with fairness constraints. We furthermore implement an experimental model checker using the Colorado University Decision Diagram (CUDD) package [32]. Our key contribution is an implementation of the simplex algorithm in terms of MTBDDs.
An algebraic approach to the specification of stochastic systems (extended abstract
 Programming Concepts and Methods
, 1998
"... ) P. R. D'Argenio 1 , J.P. Katoen 2 , and E. Brinksma 1 1 Dept. of Computer Science. University of Twente. P.O.Box 217. 7500 AE Enschede. The Netherlands. fdargenio,brinksmag@cs.utwente.nl 2 Lehrstuhl fur Informatik VII. University of ErlangenNurnberg. Martensstrasse 3. D91058 Erlangen. ..."
Abstract

Cited by 34 (12 self)
 Add to MetaCart
) P. R. D'Argenio 1 , J.P. Katoen 2 , and E. Brinksma 1 1 Dept. of Computer Science. University of Twente. P.O.Box 217. 7500 AE Enschede. The Netherlands. fdargenio,brinksmag@cs.utwente.nl 2 Lehrstuhl fur Informatik VII. University of ErlangenNurnberg. Martensstrasse 3. D91058 Erlangen. Germany. katoen@informatik.unierlangen.de Abstract We introduce a framework to study stochastic systems, i.e. systems in which the time of occurrence of activities is a general random variable. We introduce and discuss in depth a stochastic process algebra (named ) adequate to specify and analyse those systems. In order to give semantics to , we also introduce a model that is an extension of traditional automata with clocks which are basically random variables: the stochastic automata model. We show that this model and are equally expressive. Although stochastic automata are adequate to analyse systems since they are finite objects, they are still too coarse to serve as concrete semantic...
A Logical Characterization of Bisimulation for Labeled Markov Processes
, 1998
"... This paper gives a logical characterization of probabilistic bisimulation for Markov processes introduced in [BDEP97]. The thrust of that work was an extension of the notion of bisimulation to systems with continuous state spaces; for example for systems where the state space is the real numbers. In ..."
Abstract

Cited by 34 (11 self)
 Add to MetaCart
This paper gives a logical characterization of probabilistic bisimulation for Markov processes introduced in [BDEP97]. The thrust of that work was an extension of the notion of bisimulation to systems with continuous state spaces; for example for systems where the state space is the real numbers. In the present paper we study the logical characterization of probabilistic bisimulation for such general systems. This study revealed some unexpected results even for discrete probabilistic systems. ffl Bisimulation can be characterized by a very weak modal logic. The most striking feature is that one has no negation or any kind of negative proposition. ffl Bisimulation can be characterized by several inequivalent logics; we report five in this paper. ffl We do not need any finite branching assumption yet there is no need of infinitary conjunction. ffl The proofs that we give are of an entirely different character than the typical proofs of these results. They use quite subtle facts abou...
Computing Minimum and Maximum Reachability Times in Probabilistic Systems
, 1999
"... A Markov decision process is a generalization of a Markov chain in which both probabilistic and nondeterministic choice coexist. Given a Markov decision process with costs associated with the transitions and a set of target states, the stochastic shortest path problem consists in computing the minim ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
A Markov decision process is a generalization of a Markov chain in which both probabilistic and nondeterministic choice coexist. Given a Markov decision process with costs associated with the transitions and a set of target states, the stochastic shortest path problem consists in computing the minimum expected cost of a control strategy that guarantees to reach the target. In this paper, we consider the classes of stochastic shortest path problems in which the costs are all nonnegative, or all nonpositive. Previously, these two classes of problems could be solved only under the assumption that the policies that minimize or maximize the expected cost also lead to the target with probability 1. This assumption does not necessarily hold for Markov decision processes that arise as model for distributed probabilistic systems. We present efficient methods for solving these two classes of problems without relying on additional assumptions. The methods are based on algorithms to transform th...