#### DMCA

## Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach (2002)

### Cached

### Download Links

Venue: | International Journal on Software Tools for Technology Transfer (STTT |

Citations: | 201 - 32 self |

### Citations

3470 | Graph-based algorithms for boolean function manipulation
- Bryant
- 1986
(Show Context)
Citation Context ... developed which then automatically verify whether the model satises these properties. Motivated by the success of symbolic model checkers, such as SMV [28] which use BDDs (binary decision diagrams) [=-=11]-=-, we have developed a symbolic probabilisticsmodel checker. In the non-probabilistic setting, model checking involves analysing properties of state transition systems and the manipulation of sets of s... |

1475 |
Symbolic Model Checking
- McMillan
- 1986
(Show Context)
Citation Context ...wska, Gethin Norman, and David Parker have been developed which then automatically verify whether the model satises these properties. Motivated by the success of symbolic model checkers, such as SMV [=-=28]-=- which use BDDs (binary decision diagrams) [11], we have developed a symbolic probabilisticsmodel checker. In the non-probabilistic setting, model checking involves analysing properties of state trans... |

749 | Symbolic Model Checking: 1020 States and Beyond
- Burch, Clarke, et al.
(Show Context)
Citation Context ...etting, model checking involves analysing properties of state transition systems and the manipulation of sets of states. Both these entities can be represented naturally as BDDs, often very compactly =-=[13]-=-. In the probabilistic case, since probability transition matrices and probability vectors are required, BDDs alone are not sufficient, and hence we also use MTBDDs (multi-terminal binary decision dia... |

744 | A compositional approach to performance modelling - Hillston - 1996 |

332 |
Symbolic model checking: 10 states and beyond
- Burch, Clarke, et al.
- 1992
(Show Context)
Citation Context ...etting, model checking involves analysing properties of state transition systems and the manipulation of sets of states. Both these entities can be represented naturally as BDDs, often very compactly =-=[13]-=-. In the probabilistic case, since probability transition matrices and probability vectors are required, BDDs alone are not sucient, and hence we also use MTBDDs (multi-terminal binary decision diagra... |

323 | Reactive modules
- Alur, Henzinger
- 1996
(Show Context)
Citation Context ...rts the model checking described in the previous section. The tool takes as input a description of a system written in PRISM's system description language, a probabilistic variant of Reactive Modules =-=[1-=-]. Itsrst constructs the model from this description and computes the set of reachable states. PRISM accepts specications in either the logic PCTL or CSL depending on the model type. It then performs ... |

314 | Algebraic decision diagrams and their applications. Formal methods in system design
- Bahar, Frohm, et al.
- 1997
(Show Context)
Citation Context ... the probabilistic case, since probability transition matrices and probability vectors are required, BDDs alone are not sucient, and hence we also use MTBDDs (multi-terminal binary decision diagrams) =-=[17, 3]-=-, a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people [5, 21, 4, 26, 19, 23, 7, 25, 27] and it has been ... |

284 | Model checking of probabilistic and nondeterministic systems
- Bianco, Alfaro
- 1995
(Show Context)
Citation Context ... to s 0 , with the interpretation that the probability of moving from s to s 0 within t time units (for positive real valued t) is 1 e R(s;s 0 )t . Probabilistic specication formalisms include PCTL [2=-=0, 10, 8-=-], a probabilistic extension of the temporal logic CTL applicable in the context of MDPs and DTMCs, and the logic CSL [7], a specication language for CTMCs based on CTL and PCTL. PCTL allows us to exp... |

231 | PRISM: Probabilistic symbolic model checker - Kwiatkowska, Norman, et al. - 2001 |

206 |
Improving the variable ordering of OBDDs is NP- complete
- Bollig, Wegener
- 1996
(Show Context)
Citation Context ... of the Boolean variables. Although, in the worst case, the size of an MTBDD representation is exponential and the problem of deriving the optimal ordering for a given MTBDD is an NP-complete problem =-=[BW96]-=-, by applying heuristics to minimise graph size, MTBDDs can provide extremely compact storage for real-valued functions [CMZ + 93]. MTBDD Represention of Probabilistic Models From their inception in [... |

184 |
Multiterminal binary decision diagrams: an efficient data structure for matrix representation
- Fujita, McGeer, et al.
- 1997
(Show Context)
Citation Context ... the probabilistic case, since probability transition matrices and probability vectors are required, BDDs alone are not sucient, and hence we also use MTBDDs (multi-terminal binary decision diagrams) =-=[17, 3]-=-, a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people [5, 21, 4, 26, 19, 23, 7, 25, 27] and it has been ... |

174 | The PEPA Workbench: A tool to support a process algebra-based approach to performance modelling - Gilmore, Hillston - 1994 |

169 | Formal Verification of Probabilistic Systems - Alfaro - 1997 |

160 |
On the stochastic structure of parallelism and synchronisation models for distributed algorithms
- Plateau
- 1985
(Show Context)
Citation Context ...MC tools, such as MARCA [33], which do not allow logic specications but support steady-state and transient analysis. An area of research which has close links with our work is the Kronecker approach [=-=30-=-], a technique for the analysis of very large, structured CTMCs and DTMCs. The basic idea is that the matrix of the full system is dened as a Kronecker algebraic expression of smaller matrices, which ... |

156 | Approximate symbolic model checking of continuous-time Markov chains
- Baier, Katoen, et al.
- 1999
(Show Context)
Citation Context ... (multi-terminal binary decision diagrams) [17, 3], a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people =-=[5, 21, 4, 26, 19, 23, 7, 25, 27]-=- and it has been shown that it is feasible to use MTBDDs to construct and compute the reachable state space of extremely large, structured, probabilistic models. In these cases, it is often also possi... |

142 | Spectral transforms for large Boolean functions with application to technology mapping - Clarke, McMillan, et al. - 1993 |

134 | Fast randomized consensus using shared memory
- Aspnes, Herlihy
- 1990
(Show Context)
Citation Context ... is presented in Section 6. For reasons of space we only include statistics for two typical examples:srstly, an MDP model of the coin protocol from Aspnes and Herlihy's randomized consensus algorithm =-=[2]-=-, parameterised by N (the number of processes) and an additional parameter Ksxed at 4; secondly, a CTMC model of a Kanban manufacturing system [16] parameterised by N (the number of pallets in the sys... |

131 | Model checking for a probabilistic branching time logic with fairness
- Baier, Kwiatkowska
- 1998
(Show Context)
Citation Context ... to s 0 , with the interpretation that the probability of moving from s to s 0 within t time units (for positive real valued t) is 1 e R(s;s 0 )t . Probabilistic specication formalisms include PCTL [2=-=0, 10, 8-=-], a probabilistic extension of the temporal logic CTL applicable in the context of MDPs and DTMCs, and the logic CSL [7], a specication language for CTMCs based on CTL and PCTL. PCTL allows us to exp... |

124 | Verifying continuous time Markov chains - Aziz, Sanwal, et al. - 1996 |

97 | Symbolic model checking for probabilistic processes
- Baier, Clarke, et al.
- 1997
(Show Context)
Citation Context ... (multi-terminal binary decision diagrams) [17, 3], a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people =-=[5, 21, 4, 26, 19, 23, 7, 25, 27]-=- and it has been shown that it is feasible to use MTBDDs to construct and compute the reachable state space of extremely large, structured, probabilistic models. In these cases, it is often also possi... |

93 | Symmetry breaking in distributed networks
- Itai, Rodeh
- 1990
(Show Context)
Citation Context ...any scheduling of processes, the probability that event A occurs is at least p (at most p)". By way of illustration, we consider the asynchronous randomized leader election protocol of Itai and R=-=odeh [24]-=- which gives rise to an MDP. In this algorithm, the processors of an asynchronous ring make random choices based on coin tosses in an attempt to elect a leader. We use the atomic proposition leader to... |

89 | Model checking continuous-time markov chains by transient analyisis
- Baier, Havekort, et al.
- 2000
(Show Context)
Citation Context ...east 0:98". Model checking algorithms for PCTL have been introduced in [20, 10] and extended in [8, 4] to include fairness. An algorithm for CSL wassrst proposed in [7] and has since been improve=-=d in [6, 25]-=-. The model checking algorithms for both logics reduce to a combination of reachability-based computation (manipulation of sets of states) and numerical computation. The former corresponds tosnding al... |

78 |
A logic for reasoning about time and probability
- Hansen, Jonsson
- 1994
(Show Context)
Citation Context ... to s 0 , with the interpretation that the probability of moving from s to s 0 within t time units (for positive real valued t) is 1 e R(s;s 0 )t . Probabilistic specication formalisms include PCTL [2=-=0, 10, 8-=-], a probabilistic extension of the temporal logic CTL applicable in the context of MDPs and DTMCs, and the logic CSL [7], a specication language for CTMCs based on CTL and PCTL. PCTL allows us to exp... |

75 | Markovian Analysis of Large Finite State Machines - Hatchel, Macii, et al. - 1996 |

72 | Reachability analysis of probabilistic systems by successive refinements
- D’Argenio, Jeannet, et al.
- 2001
(Show Context)
Citation Context ... MTBDD-based model checker which only supports DTMCs and a subset of PCTL. The tool E`MC 2 [22] supports model checking of CTMCs against CSL specications using sparse matrices. The tool described in [=-=18-=-] uses abstraction and renement to perform model checking for a subset of PCTL over MDPs. There are a number of sparse-matrix based DTMC and CTMC tools, such as MARCA [33], which do not allow logic sp... |

69 | Implementation of Symbolic Model Checking for Probabilistic Systems
- Parker
- 2002
(Show Context)
Citation Context ...h addresses these performance problems, allowing verication, at an acceptable speed, of much larger systems than would be feasible using sparse matrices. Further details of this will be available in [=-=29]-=-. One problem with our current techniques is that they presently only support the Power, Jacobi and JOR iterative methods. We plan to extend the work to allow more rapidly converging alternatives such... |

69 | The UltraSAN modeling environment - Sanders, Obal, et al. - 1995 |

68 | A data structure for the efficient Kronecker solution of GSPNs
- Ciardo, Miner
- 1999
(Show Context)
Citation Context ...developed to minimise the time overhead required for numerical solution. Tools which support Kronecker based methods include APNN [9] and SMART [14]. In particular, SMART incorporates matrix diagrams =-=[15]-=-, a data structure developed as an efficient implementation of the Kronecker techniques. The matrix diagram approach has much in common with the hybrid method we present in this paper. In particular, ... |

67 | On algorithmic verification methods for probabilistic systems
- Baier
- 1998
(Show Context)
Citation Context ...s (multi-terminal binary decision diagrams) [17,3], a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people =-=[5,21,4,26,19,23,7,25,27]-=- and it has been shown that it is feasible to use MTBDDs to construct and compute the reachable state space of extremely large, structured, probabilistic models. In these cases, it is often also possi... |

65 |
CUDD: Colorado University Decision Diagram Package, Release 2.3.0
- Somenzi
- 1998
(Show Context)
Citation Context ...ch we present in this paper. Figure 1 shows the structure of the tool and Figure 2 shows a screen-shot of the graphical user interface. PRISM is written in a combination of Java and C++ and uses CUDD =-=[32]-=-, a publicly available BDD/MTBDD library developed at the University of Colorado at Boulder. The high-level parts of the tool, such as the user interface and parsers, are written in Java. The engines ... |

61 | How to specify and verify the long-run average behavior of probabilistic systems - Alfaro - 1998 |

61 | Stochastic Petri net models of polling systems - Ibe, Trivedi - 1990 |

60 | Multi terminal binary decision diagrams to represent and analyse continuous time Markov chains
- Hermanns, Kayser, et al.
- 1999
(Show Context)
Citation Context ... (multi-terminal binary decision diagrams) [17, 3], a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people =-=[5, 21, 4, 26, 19, 23, 7, 25, 27]-=- and it has been shown that it is feasible to use MTBDDs to construct and compute the reachable state space of extremely large, structured, probabilistic models. In these cases, it is often also possi... |

60 | Möbius: An extensible tool for performance and dependability modeling - Daly, Deavours, et al. - 2000 |

58 | Probabilistic self-stabilization - Herman - 1990 |

57 | A Markov chain model checker
- Hermanns, Katoen, et al.
- 2000
(Show Context)
Citation Context ...pproach 13 Related Work: We are aware of three other probabilistic model checking tools. ProbVerus [21] is an MTBDD-based model checker which only supports DTMCs and a subset of PCTL. The tool E`MC 2 =-=[2-=-2] supports model checking of CTMCs against CSL specications using sparse matrices. The tool described in [18] uses abstraction and renement to perform model checking for a subset of PCTL over MDPs. T... |

53 | Compositional performance modelling with TIPPTool - Hermanns, Herzog, et al. - 1998 |

52 | On the logical characterisation of performability properties - Baier, Haverkort, et al. - 2000 |

52 | The complexity of the optimal variable ordering problems of shared binary decision diagrams. Algorithms and Computation - Tani, Hamaguchi, et al. - 1993 |

51 | Computing minimum and maximum reachability times in probabilistic systems - Alfaro - 1999 |

50 |
PEPS: A package for solving complex Markov models of parallel systems
- Fourneau, Lee, et al.
- 1988
(Show Context)
Citation Context ... are relatively small, but ingenious techniques must be developed to minimise the time overhead required for numerical solution. Tools which support Kronecker based methods include APNN [BBK98], PEPS =-=[PFL88]-=- and SMART [CM97]. In particular, SMART incorporates matrix diagrams [CM99], a data structure developed as an ecient implementation of the Kronecker techniques. The matrix diagram approach has much in... |

44 | Faster and symbolic CTMC model checking
- Katoen, Kwiatkowska, et al.
(Show Context)
Citation Context |

42 | Temporal logics for the specification of performance and reliability - Alfaro |

41 | Probabilistic model checking of deadline properties in the IEEE 1394 FireWire root contention protocol. Formal Aspects of Computing 14(3 - Kwiatkowska, Norman, et al. - 2003 |

40 | Distributed disk-based solution techniques for large Markov models - Knottenbelt, Harrison - 1999 |

38 | Symbolic model checking of concurrent probabilistic processes using MTBDDs and the Kronecker representation
- Alfaro, Kwiatkowska, et al.
(Show Context)
Citation Context |

37 | On-The-Fly” Solution Techniques for Stochastic Petri Nets and Extensions - Deavours, Sanders - 1997 |

34 | On the representation of probabilities over structured domains - Bozga, Maler - 1999 |

33 | Probabilistic Analysis of Large Finite State Machines - Hachtel, Macii, et al. - 1994 |

31 | A toolbox for functional and quantitative analysis of DEDS
- Bause, Buchholz, et al.
- 1998
(Show Context)
Citation Context ...for the matrix are relatively small, but ingenious techniques must be developed to minimise the time overhead required for numerical solution. Tools which support Kronecker based methods include APNN =-=[9]-=- and SMART [14]. In particular, SMART incorporates matrix diagrams [15], a data structure developed as an ecient implementation of the Kronecker techniques. The matrix diagram approach has much in com... |

27 | An efficient disk-based tool for solving very large Markov models - Deavours, Sanders - 1997 |

26 | R.: Automated verification of a randomized distributed consensus protocol using Cadence
- Kwiatkowska, Norman, et al.
- 2001
(Show Context)
Citation Context ...s (multi-terminal binary decision diagrams) [17,3], a natural extension of BDDs for representing real-valued functions. Symbolic probabilistic model checking has been considered by a number of people =-=[5,21,4,26,19,23,7,25,27]-=- and it has been shown that it is feasible to use MTBDDs to construct and compute the reachable state space of extremely large, structured, probabilistic models. In these cases, it is often also possi... |

24 | M.: On the use of MTBDDs for performability analysis and verification of stochastic systems - Hermanns, Kwiatkowska, et al. |

22 | The ultrasan modeling environment. Performance Evaluation - Sanders, Obal, et al. - 1995 |

21 | ProbVerus: Probabilistic symbolic model checking
- Hartonas-Garmhausen, Campos, et al.
- 1999
(Show Context)
Citation Context |

21 | Symbolic techniques for performance analysis of timed systems based on average time separation of events - Xie, Beerel - 1997 |

19 | Kronecker Operations and Sparse Matrices with Applications to the Solution of Markov Models - Buchholz, Ciardo, et al. - 1997 |

19 | Formal Veri of Probabilistic Systems - Alfaro - 1997 |

16 |
A data structure for the ecient Kronecker solution of GSPNs
- Ciardo, Miner
- 1999
(Show Context)
Citation Context ...developed to minimise the time overhead required for numerical solution. Tools which support Kronecker based methods include APNN [9] and SMART [14]. In particular, SMART incorporates matrix diagrams =-=[15]-=-, a data structure developed as an ecient implementation of the Kronecker techniques. The matrix diagram approach has much in common with the hybrid method we present in this paper. In particular, bot... |

16 | Out-of-core solutions of large linear systems of equations arising from stochastic modelling - Kwiatkowska, Mehmood - 2002 |

13 | A symbolic out-of-core solution method for Markov models - Kwiatkowska, Mehmood, et al. - 2002 |

12 |
Automatic veri of probabilistic concurrent systems
- Vardi
- 1985
(Show Context)
Citation Context ...litybased computation (manipulation of sets of states) and numerical computation. The former corresponds tosnding all those states that satisfy the formula under study with probability exactly 0 or 1 =-=[Var85]-=-. The latter corresponds to calculating the probabilities for the remaining states. For DTMCs this entails solution of a linear equation system, for MDPs, solving a linear optimisation problem, and fo... |

11 |
On algorithmic veri methods for probabilistic systems. Habilitation thesis
- Baier
- 1998
(Show Context)
Citation Context |

11 |
On the use of Kronecker operators for the solution of generalized stocastic Petri nets
- Ciardo, Tilgner
- 1996
(Show Context)
Citation Context ...m Aspnes and Herlihy's randomized consensus algorithm [2], parameterised by N (the number of processes) and an additional parameter Ksxed at 4; secondly, a CTMC model of a Kanban manufacturing system =-=[16-=-] parameterised by N (the number of pallets in the system). Figure 8 gives the memory requirements for storing these models. Compare the `MTBDD' and `Sparse' columns: signicant savings in memory can b... |

11 | On-the- solution techniques for stochastic Petri nets and extensions - Deavours, Sanders - 1997 |

10 |
Compact Representations of Probability Distributions in the Analysis of Superposed GSPNs
- Buchholz, Kemper
- 2001
(Show Context)
Citation Context ...teration vector. However compact the matrix representation is, memory proportional to the number of states is required for numerical solution. Buchholz and Kemper consider an interesting technique in =-=[12]-=- using PDGs (Probabilistic Decision Graphs). This attempts to store the iteration vector in a structured way, as is done with the matrix. More investigation is required to discover the potential of th... |

9 | On the semantic foundations of Probabilistic VERUS
- Baier, Clarke, et al.
- 1999
(Show Context)
Citation Context ...14.76 7 41,644,800 1,148 - - 558 58.87 Figure 9: Model checking times for the coin protocol and Kanban examples Related Work: We are aware of three other probabilistic model checking tools. ProbVerus =-=[BCHG98-=-] is an MTBDD-based model checker which only supports DTMCs and a subset of PCTL. The tool E ` MC 2 [HKMKS00] supports model checking of CTMCs against CSL specications using sparse matrices. The tool ... |

9 | Deriving symbolic representations from stochastic process algebras - Kuntz, Siegle - 2002 |

8 |
Automated veri of a randomized distributed consensus protocol using Cadence SMV and PRISM
- Kwiatkowska, Norman, et al.
- 2001
(Show Context)
Citation Context |

8 | Data Structures for the Analysis of Large Structured Markov Models - Miner - 2000 |

6 | An ecient disk-based tool for solving very large Markov models - Deavours, Sanders - 1997 |

6 | Markovian analysis of large state machines - Hachtel, Macii, et al. - 1996 |

4 |
SMART: Simulation and Markovian analyser for reliability and timing
- Ciardo, Miner
- 1996
(Show Context)
Citation Context ... are relatively small, but ingenious techniques must be developed to minimise the time overhead required for numerical solution. Tools which support Kronecker based methods include APNN [9] and SMART =-=[14]-=-. In particular, SMART incorporates matrix diagrams [15], a data structure developed as an ecient implementation of the Kronecker techniques. The matrix diagram approach has much in common with the hy... |

4 |
to specify and verify the long-run average behavior of probabilistic systems
- How
- 1998
(Show Context)
Citation Context ...s will be available in [Par01]. The development of PRISM is an ongoing activity. In the near future we plan to consider extensions of PCTL for expressing expected time and long run average properties =-=[dA98]-=- and of CSL to include rewards [BHHK00b], expand the PRISM input language to allow process algebra terms, for example PEPA [Hil96], and develop model checking engines for PRISM which work in a paralle... |

4 | Temporal logics for the speci of performance and reliability - Alfaro - 1997 |

4 | On the use of MTBDDs for performability analysis and veri of stochastic systems - Hermanns, Kwiatkowska, et al. - 2003 |

1 |
MARCA: Markov chain analyser, a software package for Markov modelling
- Stewart
- 1991
(Show Context)
Citation Context ...rices. The tool described in [18] uses abstraction and renement to perform model checking for a subset of PCTL over MDPs. There are a number of sparse-matrix based DTMC and CTMC tools, such as MARCA [=-=33-=-], which do not allow logic specications but support steady-state and transient analysis. An area of research which has close links with our work is the Kronecker approach [30], a technique for the an... |

1 | GreatSPN 1.5 software architecture. Computer Performance Evaluation - Chiola - 1992 |