Results 11  20
of
275
Quantitative Verification: Models, Techniques and Tools
, 2007
"... Automated verification is a technique for establishing if certain properties, usually expressed in temporal logic, hold for a system model. The model can be defined using a highlevel formalism or extracted directly from software using methods such as abstract interpretation. The verification procee ..."
Abstract

Cited by 36 (16 self)
 Add to MetaCart
(Show Context)
Automated verification is a technique for establishing if certain properties, usually expressed in temporal logic, hold for a system model. The model can be defined using a highlevel formalism or extracted directly from software using methods such as abstract interpretation. The verification proceeds through exhaustive exploration of the statetransition graph of the model and is therefore more powerful than testing. Quantitative verification is an analogous technique for establishing quantitative properties of a system model, such as the probability of battery power dropping below minimum, the expected time for message delivery and the expected number of messages lost before protocol termination. Models analysed through this method are typically variants of Markov chains, annotated with costs and rewards that describe resources and their usage during execution. Properties are expressed in temporal logic extended with probabilistic and reward operators. Quantitative verification involves a combination of a traversal of the statetransition graph of the model and numerical computation. This paper gives a brief overview of current research in quantitative verification, concentrating on the potential of the method and outlining future challenges. The modelling approach is described and the usefulness of the methodology illustrated with an example of a realworld protocol standard – Bluetooth device discovery – that has been analysed using the PRISM model checker (www.prismmodelchecker.org).
Motion planning and control from temporal logic specifications with probabilistic satisfaction guarantees
 in ICRA, 2010
"... Abstract — We present a computational framework for automatic deployment of a robot from a temporal logic specification over a set of properties of interest satisfied at the regions of a partitioned environment. We assume that, during the motion of the robot in the environment, the current region c ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
(Show Context)
Abstract — We present a computational framework for automatic deployment of a robot from a temporal logic specification over a set of properties of interest satisfied at the regions of a partitioned environment. We assume that, during the motion of the robot in the environment, the current region can be precisely determined, while due to sensor and actuation noise, the outcome of a control action can only be predicted probabilistically. Under these assumptions, the deployment problem translates to generating a control strategy for a Markov Decision Process (MDP) from a temporal logic formula. We propose an algorithm inspired from probabilistic Computation Tree Logic (PCTL) model checking to find a control strategy that maximizes the probability of satisfying the specification. We illustrate our method with simulation and experimental results. I.
Selfadaptive software needs quantitative verification at runtime
 Communications of the ACM
"... Software is surreptitiously becoming the backbone of modern society. Most human activities are either software enabled or entirely managed by software. Examples range from healthcare and transportation to commerce and manufacturing. In all these applications, one requirement is becoming common: soft ..."
Abstract

Cited by 30 (13 self)
 Add to MetaCart
(Show Context)
Software is surreptitiously becoming the backbone of modern society. Most human activities are either software enabled or entirely managed by software. Examples range from healthcare and transportation to commerce and manufacturing. In all these applications, one requirement is becoming common: software must adapt continuously, to respond to changes in application
Formal verification and simulation for performance analysis for probabilistic broadcast protocols
 In Proc. 5th Conf. on AdHoc, Mobile, and Wireless Networks (ADHOCNOW’06), volume 4104 of LNCS
, 2006
"... Abstract. This paper describes formal probabilistic models of flooding and gossiping protocols, and explores the influence of different modelling choices and assumptions on the results of performance analysis. We use Prism, a model checker for probabilistic systems, for the formal analysis of protoc ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes formal probabilistic models of flooding and gossiping protocols, and explores the influence of different modelling choices and assumptions on the results of performance analysis. We use Prism, a model checker for probabilistic systems, for the formal analysis of protocols and small network topologies, and use in addition MonteCarlo simulation, implemented in Matlab, to establish if the results and effects found during formal analysis extend to larger networks. This combination of approaches has several advantages. The formal model has well defined synchronization primitives with clear semantics for modelling synchronous and asynchronous communication between nodes. Model checking of the probabilistic model determines exact probabilities and performance bounds, results that cannot be obtained by simulation, and even if the model is nondeterministic. The MonteCarlo simulation can then be used to study effects that only emerge in larger networks, such as phase transition. 1
Observing Branching Structure through Probabilistic Contexts
 SIAM J. Comput
"... Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also called adversaries or strategies), which resolve all nondeterministic choices based on past history. From the resulting purely probabilistic structures, trace distributions can be extracted, whose intent is to capture the observable behavior of a PA. However, when PAs are composed via an (asynchronous) parallel composition operator, a global scheduler may establish strong correlations between the behavior of system components and, for example, resolve nondeterministic choices in one PA based on the outcome of probabilistic choices in the other. It is well known that, as a result of this, the (lineartime) trace distribution precongruence is not compositional for PAs. In his 1995 Ph.D. thesis, Segala has shown that the (branchingtime) probabilistic simulation preorder is compositional for PAs. In this paper, we establish that the simulation preorder is, in fact, the coarsest refinement of the trace distribution preorder that is compositional. We prove our characterization result by providing (1) a context of a given PA A, called the tester, which may announce the state of A to the outside world, and (2) a specific global scheduler, called the observer, which ensures that the state information that is announced is actually correct. Now when another PA B is composed with the tester, it may generate the same external behavior as the observer only when it is able to simulate A in the sense that whenever A goes to some state s, B can go to a corresponding state u, from which it may generate the same external behavior. Our result shows that probabilistic contexts together with global schedulers are able to exhibit the branching structure of PAs.
Magnifyinglens abstraction for Markov decision processes
 In CAV
, 2007
"... Abstract. We present a novel abstraction technique which allows the analysis of reachability and safety properties of Markov decision processes with very large state spaces. The technique, called magnifyinglens abstraction, (MLA) copes with the stateexplosion problem by partitioning the statespac ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a novel abstraction technique which allows the analysis of reachability and safety properties of Markov decision processes with very large state spaces. The technique, called magnifyinglens abstraction, (MLA) copes with the stateexplosion problem by partitioning the statespace into regions, and by computing upper and lower bounds for reachability and safety properties on the regions, rather than on the states. To compute these bounds, MLA iterates over the regions, considering the concrete states of each region in turn, as if one were sliding across the abstraction a magnifying lens which allowed viewing the concrete states. The algorithm adaptively refines the regions, using smaller regions where more detail is needed, until the difference between upper and lower bounds is smaller than a specified accuracy. We provide experimental results on three case studies illustrating that MLA can provide accurate answers, with savings in memory requirements. 1
H.: Quantitative multiobjective verification for probabilistic systems
, 2010
"... Abstract. We present a verification framework for analysing multiple quantitative objectives of systems that exhibit both nondeterministic and stochastic behaviour. These systems are modelled as probabilistic automata, enriched with cost or reward structures that capture, for example, energy usage ..."
Abstract

Cited by 24 (18 self)
 Add to MetaCart
(Show Context)
Abstract. We present a verification framework for analysing multiple quantitative objectives of systems that exhibit both nondeterministic and stochastic behaviour. These systems are modelled as probabilistic automata, enriched with cost or reward structures that capture, for example, energy usage or performance metrics. Quantitative properties of these models are expressed in a specification language that incorporates probabilistic safety and liveness properties, expected total cost or reward, and supports multiple objectives of these types. We propose and implement an efficient verification framework for such properties and then present two distinct applications of it: firstly, controller synthesis subject to multiple quantitative objectives; and, secondly, quantitative compositional verification. The practical applicability of both approaches is illustrated with experimental results from several large case studies. 1
Probabilistic Reachability for Parametric Markov Models
"... Given a parametric Markov model, we consider the problem of computing the formula expressing the probability of reaching a given set of states. To attack this principal problem, Daws has suggested to first convert the Markov chain into a finite automaton, from which a regular expression is compute ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
(Show Context)
Given a parametric Markov model, we consider the problem of computing the formula expressing the probability of reaching a given set of states. To attack this principal problem, Daws has suggested to first convert the Markov chain into a finite automaton, from which a regular expression is computed. Afterwards, this expression is evaluated to a closed form expression representing the reachability probability. This paper investigates how this idea can be turned into an effective procedure. It turns out that the bottleneck lies in an exponential growth of the regular expression relative to the number of states. We therefore proceed differently, by tightly intertwining the regular expression computation with its evaluation. This allows us to arrive at an effective method that avoids the exponential blow up in most practical cases. We give a detailed account of the approach, also extending to parametric models with rewards and with nondeterminism. Experimental evidence is provided, illustrating that our implementation provides meaningful insights on nontrivial models.
TwoDomain DNA Strand Displacement
 In Developments in Computational Models (DCM
, 2010
"... We investigate the computing power of a restricted class of DNA strand displacement structures: those that are made of double strands with nicks (interruptions) in the top strand. To preserve this structural invariant, we impose restrictions on the single strands they interact with: we consider only ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
(Show Context)
We investigate the computing power of a restricted class of DNA strand displacement structures: those that are made of double strands with nicks (interruptions) in the top strand. To preserve this structural invariant, we impose restrictions on the single strands they interact with: we consider only twodomain single strands consisting of one toehold domain and one recognition domain. We study fork and join signalprocessing gates based on these structures, and we show that these systems are amenable to formalization and to mechanical verification. 1
Directed Explicit StateSpace Search in the Generation of Counterexamples for Stochastic Model Checking
, 2009
"... Current stochastic model checkers do not make counterexamples for property violations readily available. In this paper we apply directed explicit state space search to discrete and continuoustime Markov chains in order to compute counterexamples for the violation of PCTL or CSL properties. Directe ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
(Show Context)
Current stochastic model checkers do not make counterexamples for property violations readily available. In this paper we apply directed explicit state space search to discrete and continuoustime Markov chains in order to compute counterexamples for the violation of PCTL or CSL properties. Directed explicit state space search algorithms explore the state space onthefly which makes our method very efficient and highly scalable. They can also be guided using heuristics which usually improve the performance of the method. Counterexamples provided by our method have two important properties. First, they include those traces which contribute the most amount of probability to the property violation. Hence, they show the most probable offending execution scenarios of the system. Second, the obtained counterexamples tend to be small. Hence, they can be effectively analyzed by a human user. Both properties make the counterexamples obtained by our method very useful for debugging purposes. We implemented our method based on the stochastic model checker PRISM and applied it to a number of case studies in order to illustrate its applicability.