## Possibilistic and Probabilistic Abstraction-Based Model Checking (2002)

### Cached

### Download Links

- [pubs.doc.ic.ac.uk]
- [dev.pubs.doc.ic.ac.uk]
- DBLP

### Other Repositories/Bibliography

Venue: | Process Algebra and Probabilistic Methods, Performance Modeling and Veri Second Joint International Workshop PAPM-PROBMIV 2002, volume 2399 of Lecture Notes in Computer Science |

Citations: | 4 - 2 self |

### BibTeX

@INPROCEEDINGS{Huth02possibilisticand,

author = {Michael Huth},

title = {Possibilistic and Probabilistic Abstraction-Based Model Checking},

booktitle = {Process Algebra and Probabilistic Methods, Performance Modeling and Veri Second Joint International Workshop PAPM-PROBMIV 2002, volume 2399 of Lecture Notes in Computer Science},

year = {2002},

pages = {115--134},

publisher = {Springer Verlag}

}

### OpenURL

### Abstract

models whose verification results transfer to the abstracted models for a logic with unrestricted use of negation and quantification. This framework is novel in that its models have quantitative or probabilistic observables and state transitions. Properties of a quantitative temporal logic have measurable denotations in these models. For probabilistic models such denotations approximate the probabilistic semantics of full LTL. We show how predicate-based abstractions specify abstract quantitative and probabilistic models with finite state space. 1

### Citations

3204 |
Communication and Concurrency
- Milner
- 1989
(Show Context)
Citation Context ...e) in the usual manner. If all measures of M1 and M2 are probabilistic, then that is also the case for their sum. Co-inductive, monotone definitions over complete lattices have a greatest fixed point =-=[39, 35]-=-. Since σ-algebras are not complete lattices in general, we need to ensure that the computation of such a greatest fixed point resides within a given σ-algebra. This is guaranteed for finite-state sys... |

1880 |
Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...t al. [40] provide a quantitative version of identity confinement for probabilistic concurrent constraint programming (without non-determinism), using a probabilistic version of the widening operator =-=[13]-=- for a safe abstraction of their concrete collection semantics. In the framework of probabilistic automata, Segala and Lynch present and investigate several notions of probabilistic simulations with r... |

876 | Symbolic Boolean manipulation with ordered binary-decision diagrams
- Bryant
- 1992
(Show Context)
Citation Context ...an be implemented with a conventional labeling algorithm such that the only changes are in the treatment of negation — leading to a-labels and c-labels on states that may be represented with two BDDs =-=[7]-=- — and in the computation of successor sets, based on pre m ⊒r (A). In particular, in finite-state systems fixed points always converge with the size of the state space as upper bound on the number of... |

655 |
Concurrency and automata on infinite sequences
- Park
- 1981
(Show Context)
Citation Context ...e) in the usual manner. If all measures of M1 and M2 are probabilistic, then that is also the case for their sum. Co-inductive, monotone definitions over complete lattices have a greatest fixed point =-=[39, 35]-=-. Since σ-algebras are not complete lattices in general, we need to ensure that the computation of such a greatest fixed point resides within a given σ-algebra. This is guaranteed for finite-state sys... |

623 | Model Checking and Abstraction
- Clarke, Grumberg, et al.
- 1994
(Show Context)
Citation Context ...er of its components. Therefore, probabilistic verification of realistic models requires the use of aggressive abstraction techniques. Model checks M |= φ can be abstracted by simplifying the model M =-=[10]-=-, the property φ [25], or the satisfaction relation |=. To be effective, such simplifications need to ensure that they render sound, and hopefully useful, analysis results. For qualitative systems, we... |

596 | A Compositional Approach to Performance Modeling
- Hillston
- 1996
(Show Context)
Citation Context ...alysis of safety-critical systems [24]. Such models are also indispensable for the analysis of quantitative behavior in a wide variety of systems, e.g. through the computation of performance measures =-=[26]-=-. Formal analysis of probabilistic models does not scale well. Model checking LTL formulas on concurrent labeled Markov chains is polynomial in the size of models and doubly exponential in the size of... |

403 | Bisimulation through probabilistic testing
- Larsen, Skou
- 1991
(Show Context)
Citation Context ...cally develops abstract interpretations of infinite-state concurrent Markov chains [45]; these analyses may use state-space partitioning. Jonsson and Larsen [30] generalize probabilistic bisimulation =-=[32]-=- to a satisfaction relation between probabilistic specifications — multi-set versions of probabilistic transition systems — and probabilistic transition systems; two notionssand algorithms for refinem... |

215 |
Automatic verification of probabilistic concurrent finite state programs
- Vardi
- 1985
(Show Context)
Citation Context ...mantics of full LTL. We show how predicate-based abstractions specify abstract quantitative and probabilistic models with finite state space. 1 Introduction Probabilistic models of concurrent systems =-=[45]-=- are important for the quantitative design and analysis of safety-critical systems [24]. Such models are also indispensable for the analysis of quantitative behavior in a wide variety of systems, e.g.... |

192 | Abstract interpretation
- Cousot
- 1996
(Show Context)
Citation Context ... semantics is also branching as its models are (probabilistic) computation trees but it abstracts the adversary abstraction of the linear semantics in [24]. (For qualitative models, Cousot and Cousot =-=[14]-=- showed how one may systematically abstract a trace semantics into several branching-time semantics; see [44] for a corresponding abstraction of trace sets to modal transition systems.) This abstracti... |

159 | Boolean and Cartesian Abstraction for Model Checking C Programs
- Ball, Podelski, et al.
(Show Context)
Citation Context ...an analysis. Various techniques exist for obtaining more precise interpretations in qualitative models, although at a significant increase in complexity. We mention the focus operation of Ball et al. =-=[4]-=- and Bruns and Godefroid’s generalized model checking [6]; it would be of interest to investigate their quantitative analogues. As we saw above, the loss of precision in our property semantics does no... |

158 |
M.: The complexity of probabilistic verification
- Courcoubetis, Yannakakis
- 1995
(Show Context)
Citation Context ...nalysis of probabilistic models does not scale well. Model checking LTL formulas on concurrent labeled Markov chains is polynomial in the size of models and doubly exponential in the size of formulas =-=[12]-=-. These complexity bounds inflate the effects of the state-explosion problem, that the number of states of a composed model is often exponential in the number of its components. Therefore, probabilist... |

147 |
Time and probability in formal design of distributed systems
- Hansson
- 1994
(Show Context)
Citation Context ...tive and probabilistic models with finite state space. 1 Introduction Probabilistic models of concurrent systems [45] are important for the quantitative design and analysis of safety-critical systems =-=[24]-=-. Such models are also indispensable for the analysis of quantitative behavior in a wide variety of systems, e.g. through the computation of performance measures [26]. Formal analysis of probabilistic... |

141 | Bounded model checking using satisfiability solving
- Clarke, Biere, et al.
(Show Context)
Citation Context ...n relation and threshholds of probabilistic LTL formulas. Although we cannot yet comment on the practical utility of this abstraction, it has apparent connections to bounded model checking techniques =-=[9]-=-. Outline of paper. In Section 2 we survey existing work on abstraction of probabilistic systems. Section 3 generalizes labeled concurrent Markov chains to modal quantitative structures and develops o... |

135 | Labelled Markov processes
- Desharnais
- 1999
(Show Context)
Citation Context ...imulations with respect to compositionality — where these notions fare well — and the preservation of properties written in probabilistic CTL [24] — where these notions fare poorly. Desharnais et al. =-=[17]-=- approximate continuous-state Markov processes by a family of finite-state labeled Markov chains; they define a notion of (probabilistic) simulation and prove its soundness with respect to a fragment ... |

130 |
A modal process logic, in
- Larsen, Thomsen
- 1988
(Show Context)
Citation Context ...or all of these simplifications, prove their soundness, and discuss their utility for analyzing probabilistic systems. These instances are realized by transferring work on three-valued model checking =-=[33, 5, 6, 29, 22]-=- to the realm of probabilistic verification. Three-valued models allow specifiers to state under-determinacy in non-deterministic choices: if “There are possible delays on the Bakerloo Line.” is the o... |

97 | Approximate noninterference
- Pierro, Hankin, et al.
- 2002
(Show Context)
Citation Context ...sibilistic information flow between high and low security variables; this (abstract) analysis is shown to be sound for the probabilistic non-interference of Sabelfeld and Sands [43]. Di Pierro et al. =-=[40]-=- provide a quantitative version of identity confinement for probabilistic concurrent constraint programming (without non-determinism), using a probabilistic version of the widening operator [13] for a... |

96 |
Specification and refinement of probabilistic processes
- Jonsson, Larsen
- 1991
(Show Context)
Citation Context ...specifying abstract models through an abstraction relation on states is presented in Section 6 and its soundness and compositionality proved. We show that a modal version of probabilistic simulations =-=[30]-=- is the operational equivalent of our possibilistic refinement for functional and discrete abstractions. Finally, Section 7 concludes. 2 Related work Di Pierro and Wiklicky [41] use the Moore-Penrose ... |

95 | Model checking partial state spaces with 3-valued temporal logics
- Bruns, Godefroid
- 1999
(Show Context)
Citation Context ...or all of these simplifications, prove their soundness, and discuss their utility for analyzing probabilistic systems. These instances are realized by transferring work on three-valued model checking =-=[33, 5, 6, 29, 22]-=- to the realm of probabilistic verification. Three-valued models allow specifiers to state under-determinacy in non-deterministic choices: if “There are possible delays on the Bakerloo Line.” is the o... |

93 | D.: A per model of secure information flow in sequential programs
- Sabelfeld, Sands
- 2001
(Show Context)
Citation Context ...Algol that collects possibilistic information flow between high and low security variables; this (abstract) analysis is shown to be sound for the probabilistic non-interference of Sabelfeld and Sands =-=[43]-=-. Di Pierro et al. [40] provide a quantitative version of identity confinement for probabilistic concurrent constraint programming (without non-determinism), using a probabilistic version of the widen... |

90 | Modal transition systems: A foundation for three-valued program analysis
- Huth, Jagadeesan, et al.
(Show Context)
Citation Context ...or all of these simplifications, prove their soundness, and discuss their utility for analyzing probabilistic systems. These instances are realized by transferring work on three-valued model checking =-=[33, 5, 6, 29, 22]-=- to the realm of probabilistic verification. Three-valued models allow specifiers to state under-determinacy in non-deterministic choices: if “There are possible delays on the Bakerloo Line.” is the o... |

81 | Symbolic model checking for probabilistic processes
- Baier, Clarke, et al.
- 1997
(Show Context)
Citation Context ...e space as upper bound on the number of necessary unfoldings. It would be of interest to represent this labeling algorithm symbolically, as done for the standard semantics with MTBBDs in Baier et al. =-=[2]-=-. We conclude this section with a discussion of how our possibilistic refinement relates to the established notion of probabilistic bisimulation [32]. Theorem 3 (Probabilistic bisimulation). Let M be ... |

74 | Generalized model checking: Reasoning about partial state spaces
- Bruns, Godefroid
- 2000
(Show Context)
Citation Context |

63 | Abstraction-based model checking using modal transition systems
- Godefroid, Huth, et al.
(Show Context)
Citation Context |

48 | Reachability analysis of probabilistic systems by successive refinements
- DArgenio, Jeannet, et al.
- 2001
(Show Context)
Citation Context ...set versions of probabilistic transition systems — and probabilistic transition systems; two notionssand algorithms for refinement between probabilistic specifications are presented. D’Argenio et al. =-=[15]-=- define simulations between concurrent Markov chains that are based on a discrimination criterion and the co-inductive existence of distributions. Such simulations allow for the sound verification of ... |

40 | Optimality in abstractions of model checking
- Cleaveland, Iyer, et al.
- 1995
(Show Context)
Citation Context ...computation of such abstractions may prove to be expensive. This is indeed the case for qualitative systems, where the tradeoff between size and precision has been anticipated by Cleaveland et al. in =-=[11]-=-. For ⋆ ∈ {ps, pr}, one seeks abstraction relations Q ⊆ Σ × ΣQ such that Mc Q⋆ is as small and Ma Q⋆ as big as possible. Since the computation of Ra Q⋆-transitions requires disjunctions of abstract st... |

40 |
A categorical approach to probability theory
- Giry
- 1982
(Show Context)
Citation Context ...int of view. It is hoped that a more general theory will emerge from this paper that generalizes its results to abstractions that are continuous-state concurrent labeled Markov chains. Markov kernels =-=[21]-=-, as outlined in [38, 18, 19], are a likely candidate for such a theory. Since this paper works with a branching-time logic, we are able to give a coordinated approximation of the satisfaction relatio... |

35 | Refinement-Oriented Probability for CSP
- Morgan, McIver, et al.
- 1996
(Show Context)
Citation Context ...gic. Vardi (e.g. [46]) shows that properties of the form “with probability 1 satisfies φ” can be expressed as an ergodic analysis and therefore checked through automata-theoretic means. Morgan et al. =-=[37]-=- study a probabilistic version of the process algebra CSP and show that probabilistic choice distributes through all other operators; a failure/divergence semantics [27] supplies a refinement notion b... |

23 |
Finite-State Markovian Decision Processes
- Derman
- 1996
(Show Context)
Citation Context ... choice; abstractions operate on internal actions. 3 Modal quantitative systems We present modal versions of quantitative models for abstraction-based model checking. Labeled concurrent Markov chains =-=[16, 45]-=- and their modal abstractions turn out to be a special instance of such models. In a partial order (P, ≤), we write ≥ for the relational inverse {(r, r ′ ) ∈ P × P | r ′ ≤ r} of ≤. The relation < is o... |

23 |
Probabilistic linear-time model checking: an overview of the automata-theoretic approach
- Vardi
- 1999
(Show Context)
Citation Context ...ly of finite-state labeled Markov chains; they define a notion of (probabilistic) simulation and prove its soundness with respect to a fragment of probabilistic propositional modal logic. Vardi (e.g. =-=[46]-=-) shows that properties of the form “with probability 1 satisfies φ” can be expressed as an ergodic analysis and therefore checked through automata-theoretic means. Morgan et al. [37] study a probabil... |

19 | Abstract Interpretation of Programs as Markov Decision Processes
- Monniaux
- 2005
(Show Context)
Citation Context ... connections, which require orderings, in the setting of vector spaces; this allows for a re-formulation of soundness and optimality principles for abstract interpretations in linear spaces. Monniaux =-=[36]-=- systematically develops abstract interpretations of infinite-state concurrent Markov chains [45]; these analyses may use state-space partitioning. Jonsson and Larsen [30] generalize probabilistic bis... |

19 | Concurrent Constraint Programming: Towards Probabilistic Abstract Interpretation
- Pierro, Wiklicky
- 2000
(Show Context)
Citation Context ...babilistic simulations [30] is the operational equivalent of our possibilistic refinement for functional and discrete abstractions. Finally, Section 7 concludes. 2 Related work Di Pierro and Wiklicky =-=[41]-=- use the Moore-Penrose pseudo-inverse of linear operators to re-cast Galois connections, which require orderings, in the setting of vector spaces; this allows for a re-formulation of soundness and opt... |

16 |
Measure theory, Graduate Texts
- Halmos
- 1950
(Show Context)
Citation Context ... obtained by removing from ≤ the diagonal {(r, r ′ ) ∈ P × P | r = r ′ } of P ; as customary, its inverse is denoted by >.sDefinition 1 (Modal quantitative Kripke structures). 1. Let F be a σ-algebra =-=[23]-=- over a state set Σ, (P, ≤) a partial order of quantities, and [F → P ] the set of monotone (total) functions of type (F, ⊆) → (P, ≤); elements of [F → P ] are quantitative measures. 2. Given a set AP... |

9 |
Abstraction in probabilistic process algebra
- Andova, Baeten
- 2001
(Show Context)
Citation Context ...ilistic assumptions with strong fairness assumptions and thereby reduces P-validity checks on parameterized probabilistic systems to validity checks over non-probabilistic programs. Andova and Baeten =-=[1]-=- define a branching probabilistic bisimulation for a probabilistic process algebra without non-deterministic choice whose rooted branching variant is a congruence with respect to sequential compositio... |

8 | From trace sets to modal-transition systems by stepwise abstract interpretation
- Schmidt
- 2001
(Show Context)
Citation Context ...ry abstraction of the linear semantics in [24]. (For qualitative models, Cousot and Cousot [14] showed how one may systematically abstract a trace semantics into several branching-time semantics; see =-=[44]-=- for a corresponding abstraction of trace sets to modal transition systems.) This abstraction is caused by a “memory-less” way of computing successor states for fixed points. Along computation paths, ... |

6 |
Model checking for a probabilistic branching-time logic with fairness
- Baier, Kwiatkowska
- 1998
(Show Context)
Citation Context ...they abstract, wheresproperties range over a full logic with negation and quantification. Such a range is required, for example, if one mixes abstraction-based checks with simple fairness assumptions =-=[3, 28]-=- or for the verification of properties that combine safety and liveness aspects. We offer this transfer also for systems whose quantities are specified in any partial order (cost, total energy, weight... |

6 |
Model checking and abstraction: a framework preserving both truth and failure information
- Kelb
- 1994
(Show Context)
Citation Context ...at all denotations are elements of the underlying σ-algebra — as shown below. Note the special treatment of negation: to evaluate ¬φ in mode m, first evaluate φ in mode ¬m and then negate that result =-=[31]-=-. Since models are finitely branching, we have s|= m µZ.φ iff for [| tt |] m ρ [| p |] m ρ [| Z |] m ρ [| µZ.φ |] m ρ def = Σ def = {s ∈ Σ | p ∈ L m (s)} def = ρ m (Z) def = lfp F m ; [| ¬φ |] m ρ ρ d... |

5 |
Model checking modal transition systems using Kripke structures
- Huth
(Show Context)
Citation Context ...they abstract, wheresproperties range over a full logic with negation and quantification. Such a range is required, for example, if one mixes abstraction-based checks with simple fairness assumptions =-=[3, 28]-=- or for the verification of properties that combine safety and liveness aspects. We offer this transfer also for systems whose quantities are specified in any partial order (cost, total energy, weight... |

5 |
A generalisation of stationary distributions, and probabilistic program algebra
- McIver
- 2001
(Show Context)
Citation Context ... of the process algebra CSP and show that probabilistic choice distributes through all other operators; a failure/divergence semantics [27] supplies a refinement notion between such processes. MvIver =-=[34]-=- generalizes stationary distributions of Markov processes to models of probabilistic programs that include non-determinism (abstraction) with support for Dijkstra-style reasoning. For a simple but pra... |

4 |
The converse of a probabilistic relation
- Doberkat
- 2003
(Show Context)
Citation Context ...ped that a more general theory will emerge from this paper that generalizes its results to abstractions that are continuous-state concurrent labeled Markov chains. Markov kernels [21], as outlined in =-=[38, 18, 19]-=-, are a likely candidate for such a theory. Since this paper works with a branching-time logic, we are able to give a coordinated approximation of the satisfaction relation and threshholds of probabil... |

4 |
The category of Markov kernels
- Panangaden
- 1999
(Show Context)
Citation Context ...ped that a more general theory will emerge from this paper that generalizes its results to abstractions that are continuous-state concurrent labeled Markov chains. Markov kernels [21], as outlined in =-=[38, 18, 19]-=-, are a likely candidate for such a theory. Since this paper works with a branching-time logic, we are able to give a coordinated approximation of the satisfaction relation and threshholds of probabil... |

4 | Automatic verification of probabilistic free choice
- Zuck, Pnueli, et al.
- 2002
(Show Context)
Citation Context ...esses to models of probabilistic programs that include non-determinism (abstraction) with support for Dijkstra-style reasoning. For a simple but practically important fragment of temporal logic, Zuck =-=[47]-=- replaces probabilistic assumptions with strong fairness assumptions and thereby reduces P-validity checks on parameterized probabilistic systems to validity checks over non-probabilistic programs. An... |

3 | Possibilistic information flow is safe for probabilistic non-interference. Workshop on Issues in the Theory of Security (WITS’00), available at www.doc.ic.ac.uk/ clh/Papers/witscnh.ps.gz
- Clark, Hankin, et al.
- 2000
(Show Context)
Citation Context ... co-inductive existence of distributions. Such simulations allow for the sound verification of safety properties and incremental refinement of abstractions driven by refutation evidence. Clark et al. =-=[8]-=- present a program analysis of probabilistic idealized Algol that collects possibilistic information flow between high and low security variables; this (abstract) analysis is shown to be sound for the... |

3 | The demonic product of probabilistic relations
- Doberkat
- 2002
(Show Context)
Citation Context ...ped that a more general theory will emerge from this paper that generalizes its results to abstractions that are continuous-state concurrent labeled Markov chains. Markov kernels [21], as outlined in =-=[38, 18, 19]-=-, are a likely candidate for such a theory. Since this paper works with a branching-time logic, we are able to give a coordinated approximation of the satisfaction relation and threshholds of probabil... |

3 |
Approximating ATL* in ATL
- Harding, Schobbens
- 2002
(Show Context)
Citation Context ... Therefore, probabilistic verification of realistic models requires the use of aggressive abstraction techniques. Model checks M |= φ can be abstracted by simplifying the model M [10], the property φ =-=[25]-=-, or the satisfaction relation |=. To be effective, such simplifications need to ensure that they render sound, and hopefully useful, analysis results. For qualitative systems, we present instances fo... |

1 |
Possibilistic logic, volume 3
- Dubois, Lang, et al.
- 1992
(Show Context)
Citation Context ...states for fixed points. Along computation paths, the threshold in EX⊒r is appliedsto each state in isolation. This is akin to the use of possibility and necessity measures in artificial intelligence =-=[20]-=- — whence the name possibilistic refinement — especially if quantitative measures compute maxima: µ(A) = maxs∈A µ({a}). Given this memory-less treatment of probabilities, it is therefore intuitive tha... |