## Quantitative Verification: Models, Techniques and Tools (2007)

Citations: | 24 - 13 self |

### BibTeX

@MISC{Kwiatkowska07quantitativeverification:,

author = {Marta Kwiatkowska},

title = {Quantitative Verification: Models, Techniques and Tools },

year = {2007}

}

### OpenURL

### Abstract

Automated verification is a technique for establishing if certain properties, usually expressed in temporal logic, hold for a system model. The model can be defined using a high-level formalism or extracted directly from software using methods such as abstract interpretation. The verification proceeds through exhaustive exploration of the state-transition graph of the model and is therefore more powerful than testing. Quantitative verification is an analogous technique for establishing quantitative properties of a system model, such as the probability of battery power dropping below minimum, the expected time for message delivery and the expected number of messages lost before protocol termination. Models analysed through this method are typically variants of Markov chains, annotated with costs and rewards that describe resources and their usage during execution. Properties are expressed in temporal logic extended with probabilistic and reward operators. Quantitative verification involves a combination of a traversal of the state-transition graph of the model and numerical computation. This paper gives a brief overview of current research in quantitative verification, concentrating on the potential of the method and outlining future challenges. The modelling approach is described and the usefulness of the methodology illustrated with an example of a real-world protocol standard – Bluetooth device discovery – that has been analysed using the PRISM model checker (www.prismmodelchecker.org).

### Citations

2143 | A theory of timed automata
- Alur, Dill
- 1994
(Show Context)
Citation Context ...do not allow nondeterminism which often features in real-world distributed protocols, for example random back-off schemes. Probabilistic timed automata (PTAs) [28] extend the timed automata formalism =-=[2]-=- with probabilistic choice over transitions. Similarly to timed automata, PTAs contain clocks, positive realvalued variables which increase uniformly with time, which can be referred to in its invaria... |

1313 | Markov Decision Processes: Discrete Stochastic Dynamic Programming - Puterman - 1994 |

1239 | Automatic verification of finite-state concurrent systems using temporal logic specifications
- Clarke, Emerson, et al.
- 1986
(Show Context)
Citation Context ...lure? 2.2.2 Model Checking for PCTL over DTMCs The PCTL model checking algorithm [11, 15, 12] takes as inputs a labelled DTMC D = (S, s, P, L) and a PCTL formula Φ. The algorithm proceeds, as for CTL =-=[10]-=-, by bottom-up traversal of the parse tree for Φ, recursively computing the set Sat(Ψ) = {s ∈ S | s |= Ψ} of states satisfying each subformula Ψ. Therefore, the algorithm will compute the set of all s... |

838 |
Finite Markov Chains, D
- Snell
- 1960
(Show Context)
Citation Context ...s0 s1 s2 . . . with P(si, si+1) > 0 for all i ≥ 0. The probability matrix P induces a probability space on the set of infinite paths Paths, which start in the state s, using the cylinder construction =-=[19]-=- as follows. An observation of a finite path determines a basic event (cylinder). Let s = s0. For ω = s0s1 . . . sn, we define the probability measure Pr fin s for the ω-cylinder = 1 if ω consists of ... |

626 |
Introduction to the Numerical Solution of Markov Chains
- Stewart
- 1994
(Show Context)
Citation Context ...tic model of the system is derived, typically a continuous time Markov chain, on which analytical, simulation-based or numerical calculations are performed to obtain the desired quantitative measures =-=[34]-=-. In AI, a different probabilisticsmodel (Markov decision processes) is used for planning and control problems solvable via Bellmann equations, for example through value or policy iteration [7]. In re... |

276 | A logic for reasoning about time and reliability
- Hannsson, Jonsson
- 1994
(Show Context)
Citation Context ...ple through value or policy iteration [7]. In recent years, a complementary technique of probabilistic model checking, an automated verification technique for probabilistic models, has been developed =-=[35, 11, 15, 8, 6, 4, 32]-=-. The models are similar to those used in performance analysis and planning, i.e. variants of Markov chains or Markov decision processes, in the sense that they encode the probability or rate of makin... |

234 |
Automatic verification of probabilistic concurrent finite-state programs
- Vardi
- 1985
(Show Context)
Citation Context ...ple through value or policy iteration [7]. In recent years, a complementary technique of probabilistic model checking, an automated verification technique for probabilistic models, has been developed =-=[35, 11, 15, 8, 6, 4, 32]-=-. The models are similar to those used in performance analysis and planning, i.e. variants of Markov chains or Markov decision processes, in the sense that they encode the probability or rate of makin... |

228 | Model checking of probabilistic and nondeterministic systems
- Bianco, Alfaro
- 1995
(Show Context)
Citation Context ...ple through value or policy iteration [7]. In recent years, a complementary technique of probabilistic model checking, an automated verification technique for probabilistic models, has been developed =-=[35, 11, 15, 8, 6, 4, 32]-=-. The models are similar to those used in performance analysis and planning, i.e. variants of Markov chains or Markov decision processes, in the sense that they encode the probability or rate of makin... |

206 | PRISM: A tool for automatic verification of probabilistic systems
- Hinton, Kwiatkowska, et al.
- 2006
(Show Context)
Citation Context ...ve verification software tools exist. Our main focus is the PRISM model checker which was used to perform the case study discussed in the next section. 4.1 The Probabilistic Model Checker PRISM PRISM =-=[18, 30]-=- accepts probabilistic models described in a simple, high-level modelling language. Three types of probabilistic models are supported directly; these are discrete-time Markov chains, Markov decision p... |

171 |
Yannakakis: The complexity of probabilistic verification
- Courcoubetis, M
- 1995
(Show Context)
Citation Context ...ps is strictly less than 0.1; • P=?[try U succ] - what is the probability of sending a message successfully without failure? 2.2.2 Model Checking for PCTL over DTMCs The PCTL model checking algorithm =-=[11, 15, 12]-=- takes as inputs a labelled DTMC D = (S, s, P, L) and a PCTL formula Φ. The algorithm proceeds, as for CTL [10], by bottom-up traversal of the parse tree for Φ, recursively computing the set Sat(Ψ) = ... |

156 | Probabilistic symbolic model checking with PRISM: A hybrid approach
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context .... The complexity for PCTL model checking over a MDP is linear in the size of the formula and polynomial in |S| [8], which follows from the existence of polynomial LP solvers. For more detail see e.g. =-=[21]-=-. 2.3.2 Continuous Time Markov Chains Continuous time Markov chains (CTMCs) are well known in performance modelling [34] to model systems which have discrete states, but where time progresses continuo... |

137 | Approximate symbolic model checking of continuous-time Markov chains
- Baier, Katoen, et al.
- 1999
(Show Context)
Citation Context ...reward can be acquired in proportion to time t spent in a state. This type of model is well suited to reliability, performance and dependability modelling. The logic CSL (Continuous Stochastic Logic) =-=[3, 5]-=- has been defined over CTMCs. It is based on PCTL and contains the probabilistic and reward operators of PCTL evaluated with respect to path-based probability measure. Additionally, there is also a st... |

131 |
Dynamic Programming and Optimal
- Bertsekas
- 1995
(Show Context)
Citation Context ...sures [34]. In AI, a different probabilisticsmodel (Markov decision processes) is used for planning and control problems solvable via Bellmann equations, for example through value or policy iteration =-=[7]-=-. In recent years, a complementary technique of probabilistic model checking, an automated verification technique for probabilistic models, has been developed [35, 11, 15, 8, 6, 4, 32]. The models are... |

126 | Model checking for a probabilistic branching time logic with fairness
- Baier, Kwiatkowska
- 1998
(Show Context)
Citation Context |

99 | Verifying continuous time Markov chains
- Aziz, Sanwal, et al.
- 1996
(Show Context)
Citation Context ...reward can be acquired in proportion to time t spent in a state. This type of model is well suited to reliability, performance and dependability modelling. The logic CSL (Continuous Stochastic Logic) =-=[3, 5]-=- has been defined over CTMCs. It is based on PCTL and contains the probabilistic and reward operators of PCTL evaluated with respect to path-based probability measure. Additionally, there is also a st... |

87 | Sproston: Automatic verification of real-time systems with discrete probability distributions
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context ...d Automata Continuous time Markov chains do not allow nondeterminism which often features in real-world distributed protocols, for example random back-off schemes. Probabilistic timed automata (PTAs) =-=[28]-=- extend the timed automata formalism [2] with probabilistic choice over transitions. Similarly to timed automata, PTAs contain clocks, positive realvalued variables which increase uniformly with time,... |

85 | Symbolic model checking for probabilistic processes
- Baier, Clarke, et al.
- 1997
(Show Context)
Citation Context |

85 | Probabilistic Verification of Discrete Event Systems using Acceptance Sampling
- Younes, Simmons
- 2002
(Show Context)
Citation Context ...cates that the desired precision has been reached. See e.g. [32] for more details. 3.0.5 Approximate methods Instead of constructing the full state-transition graph of the model, it has been proposed =-=[37]-=- to use a combination of discrete event simulation and Monte Carlo methods to estimate the probability of satisfying a path formula. This is done by generating random paths of a fixed depth k and appl... |

77 | Directed explicit-state model checking in the validation of communication protocols
- Edelkamp, Leue, et al.
- 2003
(Show Context)
Citation Context ...dea include one based on a randomised approximation scheme [17], statistical model checking [33] and statistical hypothesis testing [36]. An alternative technique is to invoke directed model checking =-=[14]-=- which performs a partial exploration of the statespace, extended to the probabilistic case in [1]. 4. SOFTWARE TOOLS A number of probabilistic and quantitative verification software tools exist. Our ... |

68 | Probabilistic model checking of complex biological pathways
- Heath, Kwiatkowska, et al.
(Show Context)
Citation Context ... of the features and model checking algorithms of three other model types is also given. The models and specification formalisms introduced here are supported by the probabilistic model checker PRISM =-=[30, 16]-=-, which is briefly introduced. We illustrate the capabilities and limitations of the quantitative verification techniques with an example of a protocol standard analysed with PRISM: the Bluetooth devi... |

66 | Probabilistic Model Checking of the
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context ... determine the probabilities Probs(Φ U ≤k Ψ) for all states s where k ∈ N ∪ {∞}. When k ∈ N, the corresponding vector Prob(Φ U ≤k Ψ) can be expressed in terms of the transient probabilities of a DTMC =-=[24]-=-. Firstly, for any DTMC D = (S, s, P, L) and PCTL formula Φ, let D[Φ] = (S, s, P[Φ], L) be the DTMC D modified as follows: if s �|= Φ, then P[Φ](s, s ′ ) = P(s, s ′ ) for all s ′ ∈ S, and if s |= Φ, t... |

62 | Performance analysis of probabilistic timed automata using digital clocks
- Kwiatkowska, Norman, et al.
(Show Context)
Citation Context ...gions or zones). The methods so far developed for PTAs include those based on the region graph construction [28], forward [28] and backward [29] zone graph exploration and the digital clocks approach =-=[25]-=-. The latter admits an extension with rewards, for example expected reachability properties, a generalisation of uniformly priced timed automata. Model checking for PTAs is very expensive and experime... |

58 | Symbolic model checking for probabilistic timed automata
- Kwiatkowska, Norman, et al.
(Show Context)
Citation Context ... can be partitioned into a finite set of symbolic states (regions or zones). The methods so far developed for PTAs include those based on the region graph construction [28], forward [28] and backward =-=[29]-=- zone graph exploration and the digital clocks approach [25]. The latter admits an extension with rewards, for example expected reachability properties, a generalisation of uniformly priced timed auto... |

58 | Numerical vs. statistical probabilistic model checking: An empirical study
- Younes, Kwiatkowska, et al.
- 2004
(Show Context)
Citation Context ...nge of properties, for example LTL. Known approaches based on this idea include one based on a randomised approximation scheme [17], statistical model checking [33] and statistical hypothesis testing =-=[36]-=-. An alternative technique is to invoke directed model checking [14] which performs a partial exploration of the statespace, extended to the probabilistic case in [1]. 4. SOFTWARE TOOLS A number of pr... |

49 | Model checking for probability and time: From theory to practice
- Kwiatkowska
- 2003
(Show Context)
Citation Context ...: distributed coordination algorithms, wireless communication protocols, security and anonymity protocols, nanotechnology designs, power management and biological modelling; for more information, see =-=[30, 20, 32, 22, 23]-=-. In this paper we give an overview of formalisms and techniques employed in quantitative model checking. We describe the well-known probabilistic model of discrete time Markov chains and its reward e... |

48 |
Approximate Probabilistic Model Checking
- Hérault, Lassaigne, et al.
- 2004
(Show Context)
Citation Context ... The method is suited to DTMCs and CTMCs and can be applied to a wider range of properties, for example LTL. Known approaches based on this idea include one based on a randomised approximation scheme =-=[17]-=-, statistical model checking [33] and statistical hypothesis testing [36]. An alternative technique is to invoke directed model checking [14] which performs a partial exploration of the statespace, ex... |

43 |
Mathematical Techniques for Analyzing Concurrent and Probabilistic
- Rutten, Kwiatkowska, et al.
- 2004
(Show Context)
Citation Context |

36 | Verifying quantitative properties of continuous probabilistic timed automata
- Kwiatkowska, Norman, et al.
- 2000
(Show Context)
Citation Context ... which MDP techniques are sufficient. For more detail see [26, 29, 25]. An extension of probabilistic timed automata with continuous probability distributions and spaces are respectively described in =-=[27, 9]-=-. 3. TECHNIQUES As can be seen from the above overview of quantitative verification, a great variety of analysis techniques are required, ranging from graph-theoretical analysis of the underlying tran... |

34 | A formal analysis of Bluetooth device discovery
- Duflot, Kwiatkowska, et al.
(Show Context)
Citation Context ...iefly introduced. We illustrate the capabilities and limitations of the quantitative verification techniques with an example of a protocol standard analysed with PRISM: the Bluetooth device discovery =-=[13]-=-. We conclude by outlining the challenges that remain in the area. 2. THE MODELS Probabilistic models used in quantitative verification generalise labelled state-transition systems by the addition of ... |

34 | On Statistical Model Checking of Stochastic Systems
- Sen, Viswanathan, et al.
- 2005
(Show Context)
Citation Context ...d CTMCs and can be applied to a wider range of properties, for example LTL. Known approaches based on this idea include one based on a randomised approximation scheme [17], statistical model checking =-=[33]-=- and statistical hypothesis testing [36]. An alternative technique is to invoke directed model checking [14] which performs a partial exploration of the statespace, extended to the probabilistic case ... |

29 |
Probabilistic model checking in practice: Case studies with PRISM
- Kwiatkowska, Norman, et al.
(Show Context)
Citation Context ...: distributed coordination algorithms, wireless communication protocols, security and anonymity protocols, nanotechnology designs, power management and biological modelling; for more information, see =-=[30, 20, 32, 22, 23]-=-. In this paper we give an overview of formalisms and techniques employed in quantitative model checking. We describe the well-known probabilistic model of discrete time Markov chains and its reward e... |

22 |
D.: Quantitative Analysis with the Probabilistic Model Checker PRISM
- Kwiatkowska, Norman, et al.
- 2005
(Show Context)
Citation Context ...: distributed coordination algorithms, wireless communication protocols, security and anonymity protocols, nanotechnology designs, power management and biological modelling; for more information, see =-=[30, 20, 32, 22, 23]-=-. In this paper we give an overview of formalisms and techniques employed in quantitative model checking. We describe the well-known probabilistic model of discrete time Markov chains and its reward e... |

13 | Stochastic transition systems for continuous state spaces and non-determinism
- Cattani, Segala, et al.
- 2005
(Show Context)
Citation Context ... which MDP techniques are sufficient. For more detail see [26, 29, 25]. An extension of probabilistic timed automata with continuous probability distributions and spaces are respectively described in =-=[27, 9]-=-. 3. TECHNIQUES As can be seen from the above overview of quantitative verification, a great variety of analysis techniques are required, ranging from graph-theoretical analysis of the underlying tran... |

11 |
Verifying Temporal Properties of Finite State Probabilistic Programs
- Courcoubetis, Yannakakis
- 1988
(Show Context)
Citation Context |

10 | Extended directed search for probabilistic timed reachability
- Aljazzar, Leue
- 2006
(Show Context)
Citation Context ...a probability measure, i.e. 0 ≤ µ[A] ≤ 1 for all A ∈ F; µ[∅] = 0, µ[Ω] = 1, and µ[ S ∞ k=1 Ak] = Σ ∞ k=1 Pr[Ak], Ak disjoint. For a finite set S, a probability distribution on S is a function µ : S → =-=[0, 1]-=- such that P µ(t) = 1. Let (Ω, F, µ) be t∈S a probability space. A function X : Ω → R≥0 is said to be a random variable. Given a random variable X : Ω → R≥0 and the probability space (Ω, F, µ) the exp... |

2 |
Verification of real-time probabilistic systems
- Kwiatkowska, Norman, et al.
- 2008
(Show Context)
Citation Context ...ta. Model checking for PTAs is very expensive and experimental results are still limited with the exception of the digital clocks approach for which MDP techniques are sufficient. For more detail see =-=[26, 29, 25]-=-. An extension of probabilistic timed automata with continuous probability distributions and spaces are respectively described in [27, 9]. 3. TECHNIQUES As can be seen from the above overview of quant... |