## Implementation of Symbolic Model Checking for Probabilistic Systems (2002)

Citations: | 62 - 22 self |

### BibTeX

@TECHREPORT{Parker02implementationof,

author = {David Anthony Parker},

title = {Implementation of Symbolic Model Checking for Probabilistic Systems},

institution = {},

year = {2002}

}

### OpenURL

### Abstract

In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, fault-tolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.

### Citations

3153 | Graph-based algorithms for boolean function manipulation
- Bryant
(Show Context)
Citation Context ...grams (BDDs). These are directed acyclic graphs which can be used to represent Boolean functions. BDDs were introduced by Lee [Lee59] and Akers [Ake78] but became popular following the work of Bryant =-=[Bry86-=-], who rened the data structure and developed a set of ecient algorithms for their manipulation. In terms of model checking, the fundamental breakthrough was made by McMillan. He observed that transit... |

1246 | Automatic verification of finitestate concurrent systems using temporal logic specifications
- Clarke, Emerson, et al.
- 1986
(Show Context)
Citation Context ...ecution of the system which illustrates 5 6 2 - Review of Related Work that the property does not hold. A model checking algorithm for the temporal logic CTL (Computation Tree Logic) was presented in =-=[CES86]-=-. Temporal logic based formal verification has been successfully extended to the realm of probabilistic models. Initial work in this area focused on the verification of qualitative formulas, i.e. thos... |

941 | Symbolic Boolean manipulation with ordered binary-decision diagrams - Bryant - 1992 |

852 |
Design and synthesis of synchronization skeletons using branching time temporal logic
- Clarke, Emerson
- 1981
(Show Context)
Citation Context ... adequate for concurrent, reactive systems, i.e. those comprising parallel, interacting components and which do not necessarily terminate. Model checking, proposed independently by Clarke and Emerson =-=[CE8-=-1] and by Queille and Sifakis [QS82], is a technique for automatically determining whether or not asnitestate model of a system satises a property specied in temporal logic. It does so via an exhausti... |

471 | Efficient implementation of a BDD package - Brace, Rudell, et al. - 1991 |

402 |
Binary Decision Diagram
- Akers
- 1978
(Show Context)
Citation Context ...ues based on a data structure called binary decision diagrams (BDDs). These are directed acyclic graphs which can be used to represent Boolean functions. BDDs were introduced by Lee [Lee59] and Akers =-=[Ake78-=-] but became popular following the work of Bryant [Bry86], who rened the data structure and developed a set of ecient algorithms for their manipulation. In terms of model checking, the fundamental bre... |

384 | Process algebra for synchronous communication - Bergstra, Klop - 1984 |

383 | Model-checking for real-time systems - Alur, Courcoubetis, et al. - 1990 |

292 | Reactive modules - Alur, Henzinger - 1999 |

229 | Model checking of probabilistic and nondeterministic systems
- Bianco, Alfaro
- 1995
(Show Context)
Citation Context ... LTL. This can be model checked using the techniques in [CY88, CY95]. The verication of quantitative properties for MDPs was considered by Courcoubetis and Yannakakis [CY90] and Bianco and de Alfaro [=-=BdA95]-=-. Model checking for pCTL is shown to reduce to the solution of a linear optimisation problem. Bianco and de Alfaro [BdA95] also presented an algorithm for pCTL*. As in the case for qualitative proper... |

184 | Improving the Variable Ordering of OBDDs is NP-Complete - Bollig, Wegener - 1996 |

166 | Symbolic model checking with partitioned transition relations
- Burch, Clarke, et al.
- 1991
(Show Context)
Citation Context ...to give a symbolic version of the CTL model checking algorithm from [CES86] and it was demonstrated that large, regular models with as many as 10 20 states could be veried. Improvements presented in [=-=BCL91]-=- pushed the limit even higher to 10 120 states. These techniques were implemented in what became the well-known SMV model checker [McM93]. Perhaps one of the most notable achievements of this technolo... |

137 | Approximate symbolic model checking of continuous-time Markov chains
- Baier, Katoen, et al.
- 1999
(Show Context)
Citation Context ...t introduces a time-bounded until operator which can be used to reason about real-time behaviour of CTMCs. Model checking for the logic is shown to be decidable for rational time-bounds. Baier et al. =-=[BKH99]-=- then extended CSL by adding an operator to reason above the steady-state behaviour of CTMCs and presented thesrst model checking algorithm for the logic. Steady-state probabilities are computed in th... |

133 | Fast randomized consensus using shared memory
- Aspnes, Herlihy
- 1990
(Show Context)
Citation Context ...s are typied by the results, given in Table 4.5, for two examples: Rabin's randomised mutual exclusion algorithm [Rab82] and the coin protocol from Aspnes and Herlihy's randomised consensus protocol [=-=AH90]-=-. Both are parameterised by N , the number of processes modelled. The latter case study has an additional parameter, K, which wesx here at 8. Further details about these case studies and others we hav... |

126 | Model checking for a probabilistic branching time logic with fairness
- Baier, Kwiatkowska
- 1998
(Show Context)
Citation Context ... problem. Bianco and de Alfaro [BdA95] also presented an algorithm for pCTL*. As in the case for qualitative properties, it is often necessary to consider fairness in order to perform verication. In [=-=BK98]-=-, Baier and Kwiatkowska showed how the algorithms for model checking quantitative properties can be extended to incorporate a notion of fairness based on that of Vardi [Var85]. A further improvement t... |

124 | Verification tools for finite-state concurrent systems”. In: A Decade of concurrency - Clarke - 1994 |

117 | Dynamic Programming and Optimal Control, volume 1. Athena Scientific - Bertsekas - 2005 |

113 | Binary decision diagrams and beyond: Enabling technologies for formal verification - Bryant - 1995 |

111 | A Decomposition Approach for Stochastic Reward Net Models
- Ciardo, Trivedi
- 1993
(Show Context)
Citation Context ...s, respectively; the bounded retransmission protocol (BRP) of [HSV94], a DTMC model for which we model check a PCTL until formula using the Jacobi method; and thesexible manufacturing system (FMS) of =-=[CT93]-=-, a CTMC model for which we check a CSL timebounded until property. The sizes of all four models can be varied by changing a parameter N , the meaning of which for each case can be found in Appendix E... |

100 | Verifying continuous time Markov chains
- Aziz, Sanwal, et al.
- 1996
(Show Context)
Citation Context ... techniques, where steady-state (long run) and transient probabilities are computed and then translated into more meaningful, application-specic measures such as throughput and mean waiting time. In [=-=ASSB96]-=-, Aziz et al. proposed the logic CSL 2 - Review of Related Work 7 (Continuous Stochastic Logic) to provide a means of formally specifying properties of CTMCs. CSL can be seen as an extension of PCTL. ... |

88 | Model checking in dense real time - Alur, Courcoubetis, et al. - 1993 |

87 | Model-checking for probabilistic real-time systems - Alur, Courcoubetis, et al. - 1991 |

79 | Model checking continuous-time Markov chains by transient analysis
- Baier, Haverkort, et al.
- 2000
(Show Context)
Citation Context ... solving a linear equation system. For the time-bounded until operator, they proposed an algorithm based on an iterative method for the approximate solution of a Volterra integral equation system. In =-=[BHHK00a]-=-, Baier et al. presented an alternative method of model checking the CSL time-bounded until operator using a conversion to transient analysis. This allows standard, ecient computation techniques to be... |

77 | An analysis of stochastic shortest path problems - Bertsekas, Tsitsiklis - 1991 |

72 |
Automatic veri of concurrent systems using temporal logic
- Clarke, Emerson, et al.
- 1986
(Show Context)
Citation Context ...ecution of the system which illustrates 5 6 2 - Review of Related Work that the property does not hold. A model checking algorithm for the temporal logic CTL (Computation Tree Logic) was presented in =-=[CES8-=-6]. Temporal logic based formal verication has been successfully extended to the realm of probabilistic models. Initial work in this area focused on the verication of qualitative formulas, i.e. those ... |

63 |
Markov decision processes and regular events
- Courcoubetis, Yannakakis
- 1990
(Show Context)
Citation Context ...f pCTL and the linear time logic LTL. This can be model checked using the techniques in [CY88, CY95]. The verication of quantitative properties for MDPs was considered by Courcoubetis and Yannakakis [=-=CY90]-=- and Bianco and de Alfaro [BdA95]. Model checking for pCTL is shown to reduce to the solution of a linear optimisation problem. Bianco and de Alfaro [BdA95] also presented an algorithm for pCTL*. As i... |

55 |
On algorithmic verification methods for probabilistic systems
- Baier
- 1998
(Show Context)
Citation Context ...lgorithms for model checking quantitative properties can be extended to incorporate a notion of fairness based on that of Vardi [Var85]. A further improvement to their algorithm was given by Baier in =-=[Bai98]-=-. The model checking paradigm has also been extended to continuous-time Markov chains (CTMCs). Traditionally, these models have been analysed by standard performance analysis techniques, where steady-... |

50 | Some progress in the symbolic verification of timed automata - Bozga, Maler, et al. - 1997 |

49 | On the logical characterisation of performability properties - Baier, Haverkort, et al. - 2000 |

38 | Storage alternatives for large structured state spaces
- Ciardo, Miner
- 1997
(Show Context)
Citation Context ... developing ecient data structures to perform Kronecker-based solution of CTMCs. They introduce a data structure called matrix diagrams for this purpose. This complements existing work by the authors =-=[CM97]-=- which considers structured approaches for computing and storing the reachable state space of stochastic Petri nets. The latter uses multi-valued decision diagrams (MDDs), a generalisation of BDDs. Ma... |

36 | S.B.: ‘On a theory of Boolean functions - AKERS - 1986 |

35 | On the Representation of Probabilities over Structured Domains - Bozga, Maler - 1999 |

34 | Binary Decision Diagrams - Andersen - 1997 |

33 | Data-structures for the verification of timed automata - Asarin, Bozga, et al. - 1997 |

27 | TwoTowers: A tool integrating functional and performance analysis of concurrent systems
- Bernardo, Cleaveland, et al.
(Show Context)
Citation Context ...uch as TIPPtool [HHK + 98], which constructs a CTMC from a process algebra description. TIPPtool, along with numerous other applications such as MARCA [Ste94], SMART [CM96], PEPA [GH94] and TwoTowers =-=[BCSS98]-=-, supports conventional steady-state and transient analysis of CTMCs, but not probabilistic temporal logic model checking. Our tool, PRISM [KNP02a], supports model checking of three types of probabili... |

20 | Complexity of Kronecker operations on sparse matrices with applications to the solution of Markov models
- Buchholz, Ciardo, et al.
- 1997
(Show Context)
Citation Context ...ally, a process not ideally suited to techniques relying on structured storage of the matrix. An alternative, and the one which is most directly related to our approach, is the `interleaving' idea of =-=[BCDK97-=-]. Here, all matrix entries are accessed in a single pass of the data structure, comparable with the depth-rst traversal of MTBDDs we adopt. The advantage is that many of the multiplication operations... |

20 | A Quantitative Approach to the Formal Verification of RealTime Systems
- Campos
- 1996
(Show Context)
Citation Context ...lity and discrete-time to be modelled. This incorporates model checking of PCTL over DTMCs, as described in [HJ94], which we consider. The second is ProbVerus [HGCC99], an extension of the tool Verus =-=[Cam96]-=-. This supports model checking of DTMCs using a subset of PCTL (until formulas are restricted to the bounded variant) and was developed to accompany the work presented in [HG98]. Of particular interes... |

18 |
Formal Veri of Probabilistic Systems
- Alfaro
- 1997
(Show Context)
Citation Context ...rmine the states which have a zero probability for every adversary. The Prob1E algorithm is more involved. It wassrst presented in [dAKN + 00] but is actually an extension of a related algorithm from =-=[dA97]-=-. In essence, it is similar to Prob1, given earlier, in that it works by identifying states for which p max s is less than 1. Prob1E is based on the computation of a doublesxpoint and is hence impleme... |

16 |
A data structure for the ecient Kronecker solution of GSPNs
- Ciardo, Miner
- 1999
(Show Context)
Citation Context ...act, structured representation of the model and explicit storage for vectors to perform numerical computation using iterative methods. Of particular interest is the implementation of Ciardo and Miner =-=[CM99]-=- which uses decision diagram data structures. Now, having now presented our technique in detail, we give a more in-depth comparison of the two approaches. To recap, the idea of Kronecker-based techniq... |

13 | From fairness to chance - Alfaro - 1999 |

11 | The algebraic mu-calculus and MTBDDs - Baier, Clarke - 1998 |

11 |
Compact representations of probability distributions in the analysis of superposed GSPNs
- Buchholz, Kemper
- 2001
(Show Context)
Citation Context ...se proved to be fruitless. In addition, the increased complexity of algorithms for manipulation of PDGs slows the implementation speed considerably. Similarsndings were made by Buchholz and Kemper in =-=[BK01-=-], where they adapt PDGs for use alongside Kronecker-based techniques (described in the next section). The PDG data structure is modied for this purpose, allowing more than two edges from each node, a... |

11 |
On the use of Kronecker operators for the solution of generalized stocastic Petri nets
- Ciardo, Tilgner
- 1996
(Show Context)
Citation Context ... faster the operations on it will be. Table 4.4 gives statistics for several dierent case studies: the polling system of [IT90], as used in the preceding sections; the Kanban manufacturing system of [=-=CT96]-=-; and the bounded retransmission protocol (BRP) of [HSV94]. Thesrst two give rise to CTMCs, the third to a DTMC. For each one, we can construct models of varying size by changing a parameter N . In th... |

11 | Verifying Temporal Properties of Finite State Probabilistic Programs - Courcoubetis, Yannakakis - 1988 |

9 |
On algorithmic veri methods for probabilistic systems. Habilitation thesis
- Baier
- 1998
(Show Context)
Citation Context ...lgorithms for model checking quantitative properties can be extended to incorporate a notion of fairness based on that of Vardi [Var85]. A further improvement to their algorithm was given by Baier in =-=[Bai98]-=-. The model checking paradigm has also been extended to continuous-time Markov chains (CTMCs). Traditionally, these models have been analysed by standard performance analysis techniques, where steady-... |

9 | On the semantic foundations of Probabilistic VERUS - Baier, Clarke, et al. - 1999 |

5 |
SMART: Simulation and Markovian analyser for reliability and timing
- Ciardo, Miner
- 1996
(Show Context)
Citation Context ...ntaining solution speed comparable with sparse matrix implementations. Of particular interest to us is recent work by Ciardo and Miner, presented in [CM99, Min00] and integrated within the tool SMART =-=[CM96]-=-, into developing ecient data structures to perform Kronecker-based solution of CTMCs. They introduce a data structure called matrix diagrams for this purpose. This complements existing work by the au... |

3 | The complexity of probabilistic veri cation - Courcoubetis, Yannakakis - 1995 |

2 |
A Quantitative Approach to the Formal Veri of RealTime Systems
- Campos
- 1996
(Show Context)
Citation Context ...lity and discrete-time to be modelled. This incorporates model checking of PCTL over DTMCs, as described in [HJ94], which we consider. The second is ProbVerus [HGCC99], an extension of the tool Verus =-=[Cam96]-=-. This supports model checking of DTMCs using a subset of PCTL (until formulas are restricted to the bounded variant) and was developed to accompany the work presented in [HG98]. Of particular interes... |

1 | Verifying temporal properties of state probabilistic programs - Courcoubetis, Yannakakis - 1988 |