#### DMCA

## Model Checking for Probability and Time: From Theory to Practice (2003)

Venue: | In Proc. Logic in Computer Science |

Citations: | 63 - 1 self |

### Citations

2650 | Timed Automata
- Alur
- 1999
(Show Context)
Citation Context ...ins do not allow nondeterminism which often features in real-world distributed protocols, for example random back-off schemes. To derive an appropriate model we extend the formalism of timed automatas=-=[3]-=- with probabilistic choice. A timed automaton is an automaton extended with clocks, positive real valued variables which increase uniformly with time, and whose nodes and edges are labelled with clock... |

1491 |
Symbolic Model Checking
- McMillan
- 1993
(Show Context)
Citation Context ...model checking uses Binary-Decision Diagrams (BDDs) to compactly represent the state-transition graph of the model and performs traversal via fixed point calculation [15]. Implemented in the SMV tool =-=[50]-=-, symbolic model checking enabled industrial exploitation of verification technology for the first time, particularly in the context of circuit design. Encouraged by the success of symbolic model chec... |

1125 |
Finite Markov Chains,
- Kemeny, Snell
- 1976
(Show Context)
Citation Context ...1 s 2 . . . with P(s i , s i+1 ) > 0 for all i # 0. The probability matrix P induces a probability space on the set of infinite paths Path s which start in the state s using the cylinder construction =-=[35]-=- as follows. An observation of a finite path determines a basic event (cylinder). Let s = s 0 . For # = s 0 s 1 . . . s n , we define the probability measure Pr fin s for the #-cylinder by putting Pr ... |

751 |
Introduction to the numerical solution of Markov chains
- Stewart
- 1994
(Show Context)
Citation Context ... and t i # I i for isn. The (unique) probability measure Pr s is obtained similarly to the DTMC case by completing the cylinders to the least #-algebra. Traditionally, the analysis of (ergodic) CTMCs =-=[58]-=- is based on transient (the state of the model at a particular time instant) and steady-state (the state of the CTMC in the long run) behaviour. The transient probability # s,t (s # ) is defined as th... |

332 |
Symbolic model checking: 10 states and beyond
- Burch, Clarke, et al.
- 1992
(Show Context)
Citation Context ...abilistic Model Checking Symbolic model checking uses Binary-Decision Diagrams (BDDs) to compactly represent the state-transition graph of the model and performs traversal via fixed point calculation =-=[15]-=-. Implemented in the SMV tool [50], symbolic model checking enabled industrial exploitation of verification technology for the first time, particularly in the context of circuit design. Encouraged by ... |

321 | Algebraic decision diagrams and their applications
- Bahar, Frohm, et al.
- 1997
(Show Context)
Citation Context ...symbolic model checking in the combating state-space explosion problem, we embarked on implementation of probabilistic model checking techniques using Multi-Terminal Binary Decision Diagrams (MTBDDs) =-=[17, 7]-=- which are capable of representing probability matrices and support matrix multiplication algorithms. 4.1 Probabilistic Symbolic Model Checking Traditionally, analysis of probabilistic systems has bee... |

311 |
Automatic verification of probabilistic concurrent systems.
- Vardi
- 1985
(Show Context)
Citation Context ...ug protocols and designs, leading to the emergence of academic and commercial model checking tools. The first extension of model checking algorithms to probabilistic systems was proposed in the 1980s =-=[27, 59]-=-, originally focussing on qualitative probabilistic temporal properties (i.e. those satisfied with probability 1 or 0) but later also introducing quantitative properties [18]. However, work on impleme... |

290 | Model Checking of Probabilistic and Nondeterministic Systems
- Bianco, Alfaro
- 1995
(Show Context)
Citation Context ...essary in the context of asynchronous parallel to ensure progress for each concurrent component whenever possible, see e.g. [59, 12]. PCTL model checking over MDPs. The logic PCTL (Probabilistic CTL) =-=[14]-=- is defined for MDPs as for DTMCs, the difference being that the semantics is parameterised by a class Adv of adversaries and the probabilistic operator contains explicit universal quantification: s |... |

236 | PRISM: Probabilistic symbolic model checker
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context ... performance analysis tools. In this paper we give an overview of formalisms and techniques employed in probabilistic model checking as implemented in the Probabilistic Symbolic Model Checker (PRISM) =-=[41, 1]-=-. We begin by introducing four probabilistic models, discrete time Markov chains, Markov decision processes, continuous time Markov chains and probabilistic timed automata. We give the probabilistic s... |

219 |
The complexity of probabilistic verification,
- Courcoubetis, Yannakakis
- 1995
(Show Context)
Citation Context ...yes # s # #S P(s, s # ) x s # if s # S ? where S no (S yes ) denote the sets of all states that satisfy # 1 U# 2 with probability exactly 0 (1), which can be computed by ordinary fixpoint computation =-=[19]-=-, and S ? = S \ (S no # S yes ). The solution of the linear equation systems can be obtained by any direct method (e.g. Gaussian elimination) or iterative method (e.g. Jacobi, Gauss-Seidel). The compl... |

206 | Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach
- Kwiatkowska, Norman, et al.
- 2004
(Show Context)
Citation Context ... of very large state spaces for MDPs [22], it soon became apparent that the efficiency of numerical solution of steadystate probabilities for CTMCs lagged far behind that for sparse matrices [32]. In =-=[42]-=- a hybrid data structure, a combination of a modified MTBDD representation matrix with a conventional solution method was proposed which can perform better than the sparse matrix techniques, both in t... |

195 | Labelled Markov processes
- Desharnais
- 1999
(Show Context)
Citation Context ...t) = 1. 3 Probabilistic Model Checking We consider four types of probabilistic models, all variants of Markov chains with discrete states; for an approach which deals with continuous state spaces see =-=[23]-=-. These are: discrete time Markov chains (which feature probabilistic choice only), Markov decision processes (which feature both non-deterministic as well as probabilistic choice), continuous time Ma... |

187 |
NeuroDynamic Programming (Optimization and
- Bertsekas, Tsitsiklis
- 1996
(Show Context)
Citation Context ...v decision processes), introduced in operations research in the 1950s as a representation for planning and control problems solvable via Bellmann equations and now central to automated planning in AI =-=[13]-=-. Although both these fields offer a range of algorithmic techniques and tools, albeit for different Markovian models, probabilistic model checking combines probabilistic analysis and conventional mod... |

186 |
Multi-terminal binary decision diagrams: An efficient datastructure for matrix representation.
- Fujita, McGeer, et al.
- 1997
(Show Context)
Citation Context ...symbolic model checking in the combating state-space explosion problem, we embarked on implementation of probabilistic model checking techniques using Multi-Terminal Binary Decision Diagrams (MTBDDs) =-=[17, 7]-=- which are capable of representing probability matrices and support matrix multiplication algorithms. 4.1 Probabilistic Symbolic Model Checking Traditionally, analysis of probabilistic systems has bee... |

165 |
Time and probability in formal design of distributed systems,
- Hansson
- 1991
(Show Context)
Citation Context ...stic temporal properties (i.e. those satisfied with probability 1 or 0) but later also introducing quantitative properties [18]. However, work on implementation and tools did not begin until recently =-=[25, 28]-=-, when the field of model checking matured. Probabilistic model checking draws on conventional model checking, since it relies on reachability analysis of the underlying transition system, but must al... |

156 | Approximate Symbolic Model Checking of ContinuousTime Markov Chains
- Baier, Katoen, et al.
- 1999
(Show Context)
Citation Context ... # 0. The value t i represents the amount of time spent in the state s i . Denoting by Path s the set of all infinite paths starting in state s, we now give the corresponding probability measure Pr s =-=[11]-=-. If the states s 0 , . . . , s n # S satisfy R(s i , s i+1 ) > 0 for all 0 # isand I 0 , . . . , I n-1 are non-empty intervals in R#0 , then the cylinder set C(s 0 , I 0 , . . . , I n-1 , s n ) is de... |

133 | Fast randomized consensus using shared memory.
- Aspnes, Herlihy
- 1990
(Show Context)
Citation Context ...rdination algorithms, electronic coin tossing and randomness are used as symmetry breakers in order to derive efficient algorithms, see e.g. randomised mutual exclusion [55, 54], randomised consensus =-=[4, 16]-=-, root contention in IEEE 1394 FireWire, random back-off schemes in IEEE 802.11 and BlueTooth, dynamic routing in telephone networks [34] and self-stabilisation [30]. Probability is also used to quant... |

131 | Model checking for a probabilistic branching time logic with fairness.
- Baier, Kwiatkowska
- 1998
(Show Context)
Citation Context ...es (or for a given class, for example the fair adversaries). Fairness is necessary in the context of asynchronous parallel to ensure progress for each concurrent component whenever possible, see e.g. =-=[59, 12]-=-. PCTL model checking over MDPs. The logic PCTL (Probabilistic CTL) [14] is defined for MDPs as for DTMCs, the difference being that the semantics is parameterised by a class Adv of adversaries and th... |

125 | Verifying continuous time Markov chains.
- Aziz, Sanwal, et al.
- 1996
(Show Context)
Citation Context ...tarted in state s, of being in state s # at time instant t. The steady-state probability # s (s # ) is defined as lim t## # s,t (s # ). CSL model checking. The logic CSL (Continuous Stochastic Logic) =-=[5, 11]-=- is based on CTL and PCTL; it contains the probabilistic operator of PCTL evaluated with respect to path-based measures, as well as a steady-state operator. 4 The syntax for CSL is as follows: # ::= t... |

124 | Probabilistic verification of discrete event systems using acceptance sampling
- Younes, Simmons
- 2002
(Show Context)
Citation Context ...on or compositionality and proof methods; these are currently being investigated, as are parallel out-of-core solution methods, extension with real-time clocks, sampling-based techniques derived from =-=[60]-=- and Monte Carlo approximation for PCTL [49]. Further applications of PRISM to model and analyse quantum cryptographic protocols, mobile ad hoc networks and nano-circuits are underway. Acknowledgement... |

118 | Automatic verification of real-time systems with discrete probability distributions.
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context ...5))] where # is a temporal modality (CTL), z.[ # zs5] is the reset quantifier (TCTL) and P#0.98 () is the probabilistic operator (PCTL). The obtained logic is known as PTCTL (Probabilistic Timed CTL) =-=[45]-=- whose syntax: # ::= true | a | # | # # # | # | z.[#] | P#p (# 1 U # 2 ) is similar to PCTL except that z # Z , and # are zones over the clocks in X # Z , where X is the set of clocks of the automaton... |

102 | It Usually Works: The Temporal Logic of Stochastic Systems
- Aziz, Singhal, et al.
- 1995
(Show Context)
Citation Context ...complexity of PCTL model checking for MDPs is linear in the size of the formula and polynomial in the state space. PCTL admits only Boolean operators for state formulas; a more expressive logic PCTL* =-=[6, 14]-=- can be formulated, but model checking necessitates an expensive transformation of the underlying model by encoding history information. 3.3 Continuous Time Markov Chains Discrete time Markov chains a... |

97 | Symbolic model checking for probabilistic processes
- Baier, Clarke, et al.
- 1997
(Show Context)
Citation Context ...experiments with direct solution methods were unsuccessful due to the loss of regularity while manipulating the matrix [7]. The first symbolic probabilistic model checking algorithm was introduced in =-=[9]-=- for PCTL over DTMCs, and extended in [22] to MDPs, where also the BDD-based precomputation steps for probability 1/0 were introduced. Based on [10], a CSL model checking algorithm was also implemente... |

91 | Model checking continuous-time Markov chains by transient analysis.
- Baier, Haverkort, et al.
- 2000
(Show Context)
Citation Context ...s more involved. It proceeds by a technique called uniformisation, also known as Jensen's method, which transforms the original CTMC to a uniformisedsDTMC with matrix P (we omit the details, see e.g. =-=[10]-=-), yielding an infinite summation to calculate the vector of transient probabilities # s,t : # s,t = # s,0 # # i=0 # i,qt P i where # i,qt is the ith Poisson probability with parameter q t, i.e. # i,q... |

90 |
Model checking in dense real time.
- Alur, Courcoubetis, et al.
- 1993
(Show Context)
Citation Context ... space of clock valuations can be partitioned into a finite set of symbolic states called clock regions, each containing a finite or infinite number of valuations which satisfy the same TCTL formulas =-=[2]-=-. Combined with the transitions of a timed automaton, a so called region graph is obtained which takes the form of a finite-state Markov decision process and therefore admits model checking using well... |

78 |
A logic for reasoning about time and probability.
- Hansson, Jonsson
- 1994
(Show Context)
Citation Context ...ime, though reasoning about discrete time is possible through state variables keeping track of time and `counting' transition steps. PCTL model checking over DTMCs. The logic PCTL (Probabilistic CTL) =-=[26]-=- replaces the existential and universal quantification of CTL with the probabilistic operator P# p () where p # [0, 1] is a probability bound or threshold, and # # {#,s#, >}. The syntax of state formu... |

73 | Reachability analysis of probabilistic systems by successive refinements.
- D’Argenio, Jeannet, et al.
- 2001
(Show Context)
Citation Context ...rix model and full vectors; and hybrid [42, 53] which combines symbolic model and full vector. PRISM is available for download from [1]. We mention also related tools ETMCC [31] for CTMCs and RAPTURE =-=[20]-=- for MDPs. 5 Case studies PRISM has been used to build and analyse probabilistic models for a large number of case studies in Birmingham and elsewhere, with encouraging results available at the websit... |

73 | Termination of probabilistic concurrent programs
- Hart, Sharir, et al.
- 1983
(Show Context)
Citation Context ...ug protocols and designs, leading to the emergence of academic and commercial model checking tools. The first extension of model checking algorithms to probabilistic systems was proposed in the 1980s =-=[27, 59]-=-, originally focussing on qualitative probabilistic temporal properties (i.e. those satisfied with probability 1 or 0) but later also introducing quantitative properties [18]. However, work on impleme... |

72 | Implementation of Symbolic Model Checking for Probabilitics Systems.
- Parker
- 2002
(Show Context)
Citation Context ... MTBDD representation matrix with a conventional solution method was proposed which can perform better than the sparse matrix techniques, both in terms of space and time; this was further improved in =-=[53]-=- and the memory limitation imposed by the need to store a conventional vector has been tackled with out-of-core techniques, in combination with symbolic matrix representation [36, 37]. 4.2 The PRISM T... |

68 | On algorithmic verification methods for probabilistic systems
- Baier
- 1998
(Show Context)
Citation Context ...optimisation problem. The computation of p max s remains unchanged for PCTL model checking with fairness [12], and for p min s reduces to the calculation of p max s by translating to the dual problem =-=[8]-=-. The complexity of PCTL model checking for MDPs is linear in the size of the formula and polynomial in the state space. PCTL admits only Boolean operators for state formulas; a more expressive logic ... |

66 |
CUDD: Colorado university decision diagram package. ftp://vlsi .colorado.edu/pub/.
- Somenzi
- 1996
(Show Context)
Citation Context ...with out-of-core techniques, in combination with symbolic matrix representation [36, 37]. 4.2 The PRISM Tool PRISM [41, 1] is a probabilistic symbolic model checker implemented using the CUDD package =-=[57]-=- to obtain BDD/MTBDD-based representation of probabilistic models. PRISM directly supports the DTMC, MDP and CTMC models and the specification languages PCTL and CSL; probabilistic timed automata are ... |

59 | Probabilistic self-stabilization.
- Herman
- 1990
(Show Context)
Citation Context ... [55, 54], randomised consensus [4, 16], root contention in IEEE 1394 FireWire, random back-off schemes in IEEE 802.11 and BlueTooth, dynamic routing in telephone networks [34] and self-stabilisation =-=[30]-=-. Probability is also used to quantify # Supported in part by the EPSRC grants GR/N22960 and GR/S11107. unreliable or unpredictable behaviour, for example in faulttolerant systems, communication proto... |

58 | A Markov Chain Model Checker.
- Hermanns, Katoen, et al.
- 2000
(Show Context)
Citation Context ...odel and vector; sparse matrix model and full vectors; and hybrid [42, 53] which combines symbolic model and full vector. PRISM is available for download from [1]. We mention also related tools ETMCC =-=[31]-=- for CTMCs and RAPTURE [20] for MDPs. 5 Case studies PRISM has been used to build and analyse probabilistic models for a large number of case studies in Birmingham and elsewhere, with encouraging resu... |

55 |
Verification of multiprocess probabilistic protocols.
- Pnueli, Zuck
- 1986
(Show Context)
Citation Context ...cent years. In distributed co-ordination algorithms, electronic coin tossing and randomness are used as symmetry breakers in order to derive efficient algorithms, see e.g. randomised mutual exclusion =-=[55, 54]-=-, randomised consensus [4, 16], root contention in IEEE 1394 FireWire, random back-off schemes in IEEE 802.11 and BlueTooth, dynamic routing in telephone networks [34] and self-stabilisation [30]. Pro... |

54 |
Impossibility of distributed commit with one faulty process
- Fischer, Lynch, et al.
- 1985
(Show Context)
Citation Context ...ey observed some crowd member more than once, the observed member is the real sender. An analysis of probabilistic contract signing [52] also detected flaws. 5.2 Randomized consensus It is well known =-=[24]-=- that there are no symmetric solutions to certain distributed systems problems in the presence of failures; using randomisation ensures that such solutions exist [55]. In many such algorithms, modelli... |

46 | Probabilistic model checking of the IEEE 802.11 wireless local area network protocol.
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context ...f a coin is biased [21], shown in Figure 1. Probabilistic timed automata arise also in random backoff schemes of physical layer protocols, as in e.g. IEEE 802.11 Wireless LAN MAC protocol analysed in =-=[48]-=-. 6 Conclusion and Future Challenges In this paper we have described our experience with implementing probabilistic model checking techniques within PRISM, a Probabilistic Symbolic Model Checker [41, ... |

45 | Verifying quantitative properties of continuous probabilistic timed automata
- Kwiatkowska, Norman, et al.
- 2000
(Show Context)
Citation Context ...ks in the set X to 0 and leaving the values of all other clocks unchanged. Probabilistic timed automata in which clocks can be reset according to continuous probability distributionssare described in =-=[44]-=-. Let Z be the set of zones over X , that is, conjunctions of atomic constraints of the form x # c and x - y # c, with x, y # X , ## { #, #, >}, and c # N. A clock valuation v satisfies the zone #, wr... |

44 | Faster and symbolic CTMC model checking
- Katoen, Kwiatkowska, et al.
(Show Context)
Citation Context ...# s,t = # s,0 # # i=0 # i,qt P i where # i,qt is the ith Poisson probability with parameter q t, i.e. # i,qt = e -qt (q t) i /i!. An adaptation of this technique that is more efficient for all states =-=[33]-=- gives the truncated sum: p(# 1 U #t # 2 ) = R# # i=L# # # i,qtsP i # 2 # where # 2 (s) equal to 1 if s |= # 2 and 0 otherwise, L # and R # are calculated using the techniques of Fox and Glynn andsP i... |

41 | Probabilistic model checking of deadline properties in the IEEE 1394 FireWire root contention protocol. Formal Aspects of Computing 14(3
- Kwiatkowska, Norman, et al.
- 2003
(Show Context)
Citation Context .... Finally, we discuss four real-world examples analysed with PRISM: the Crowds anonymity protocol [56], randomised consensus [43], dynamic power management [51] and IEEE 1394 FireWire root contention =-=[47, 21]-=-. We finish with a statement of challenges and open problems that remain in the area. 2 Notation and Preliminaries Let# be a sample set, the set of possible outcomes of an experiment. A subset of# is ... |

38 | Symbolic model checking of concurrent probabilistic processes using MTBDDs and the Kronecker representation.
- Alfaro, Kwiatkowska, et al.
- 2000
(Show Context)
Citation Context ...were unsuccessful due to the loss of regularity while manipulating the matrix [7]. The first symbolic probabilistic model checking algorithm was introduced in [9] for PCTL over DTMCs, and extended in =-=[22]-=- to MDPs, where also the BDD-based precomputation steps for probability 1/0 were introduced. Based on [10], a CSL model checking algorithm was also implemented. Though the first experiments enabled th... |

32 | Analysis of Probabilistic Contract Signing. In
- Norman, Shmatikov
- 2002
(Show Context)
Citation Context ... the crowd, the more confident the corrupt members are that, once they observed some crowd member more than once, the observed member is the real sender. An analysis of probabilistic contract signing =-=[52]-=- also detected flaws. 5.2 Randomized consensus It is well known [24] that there are no symmetric solutions to certain distributed systems problems in the presence of failures; using randomisation ensu... |

31 |
n-process mutual exclusion with bounded waiting by 4 · log n-valued shared variable
- Rabin
- 1982
(Show Context)
Citation Context ...cent years. In distributed co-ordination algorithms, electronic coin tossing and randomness are used as symmetry breakers in order to derive efficient algorithms, see e.g. randomised mutual exclusion =-=[55, 54]-=-, randomised consensus [4, 16], root contention in IEEE 1394 FireWire, random back-off schemes in IEEE 802.11 and BlueTooth, dynamic routing in telephone networks [34] and self-stabilisation [30]. Pro... |

29 | Probabilistic analysis of anonymity
- Shmatikov
- 2002
(Show Context)
Citation Context ...CTL) and outline the corresponding model checking methods that have been implemented in the PRISM tool. Finally, we discuss four real-world examples analysed with PRISM: the Crowds anonymity protocol =-=[56]-=-, randomised consensus [43], dynamic power management [51] and IEEE 1394 FireWire root contention [47, 21]. We finish with a statement of challenges and open problems that remain in the area. 2 Notati... |

27 | Automatic verification of the IEEE 1394 root contention protocol with
- Daws, Kwiatkowska, et al.
- 2004
(Show Context)
Citation Context .... Finally, we discuss four real-world examples analysed with PRISM: the Crowds anonymity protocol [56], randomised consensus [43], dynamic power management [51] and IEEE 1394 FireWire root contention =-=[47, 21]-=-. We finish with a statement of challenges and open problems that remain in the area. 2 Notation and Preliminaries Let# be a sample set, the set of possible outcomes of an experiment. A subset of# is ... |

27 | Automated verification of a randomized distributed consensus protocol using
- Kwiatkowska, Norman, et al.
- 2001
(Show Context)
Citation Context ...ponding model checking methods that have been implemented in the PRISM tool. Finally, we discuss four real-world examples analysed with PRISM: the Crowds anonymity protocol [56], randomised consensus =-=[43]-=-, dynamic power management [51] and IEEE 1394 FireWire root contention [47, 21]. We finish with a statement of challenges and open problems that remain in the area. 2 Notation and Preliminaries Let# b... |

26 |
Random Oracles in Constantipole: Practical Asynchronous Byzantine Agreement Using Cryptography.
- Cachin, Kursawe, et al.
- 2000
(Show Context)
Citation Context ...rdination algorithms, electronic coin tossing and randomness are used as symmetry breakers in order to derive efficient algorithms, see e.g. randomised mutual exclusion [55, 54], randomised consensus =-=[4, 16]-=-, root contention in IEEE 1394 FireWire, random back-off schemes in IEEE 802.11 and BlueTooth, dynamic routing in telephone networks [34] and self-stabilisation [30]. Probability is also used to quant... |

26 | On the use of MTBDDs for performability analysis and verification of stochastic systems
- Hermanns, Kwiatkowska, et al.
- 2003
(Show Context)
Citation Context ...t storage of very large state spaces for MDPs [22], it soon became apparent that the efficiency of numerical solution of steadystate probabilities for CTMCs lagged far behind that for sparse matrices =-=[32]-=-. In [42] a hybrid data structure, a combination of a modified MTBDD representation matrix with a conventional solution method was proposed which can perform better than the sparse matrix techniques, ... |

22 | Modeling communication networks, present and future
- Kelly
- 1996
(Show Context)
Citation Context ... randomised mutual exclusion [55, 54], randomised consensus [4, 16], root contention in IEEE 1394 FireWire, random back-off schemes in IEEE 802.11 and BlueTooth, dynamic routing in telephone networks =-=[34]-=- and self-stabilisation [30]. Probability is also used to quantify # Supported in part by the EPSRC grants GR/N22960 and GR/S11107. unreliable or unpredictable behaviour, for example in faulttolerant ... |

22 | Verifying Randomized Byzantine Agreement.
- Kwiatkowska, Norman
- 2002
(Show Context)
Citation Context ...lgorithms resulted in large state spaces, and so we have used the Cadence SMV tool that supports data reduction techniques as well as proof methods, in addition to PRISM. The results are described in =-=[43, 38]-=- and [1]. 5.3 Dynamic power management Power management is receiving much attention due to an increasing trend in the usage of portable, mobile and hand-held electronic devices. These devices usually ... |

21 | ProbVerus: Probabilistic symbolic model checking
- Hartonas-Garmhausen, Campos, et al.
- 1999
(Show Context)
Citation Context ...stic temporal properties (i.e. those satisfied with probability 1 or 0) but later also introducing quantitative properties [18]. However, work on implementation and tools did not begin until recently =-=[25, 28]-=-, when the field of model checking matured. Probabilistic model checking draws on conventional model checking, since it relies on reachability analysis of the underlying transition system, but must al... |

16 |
Verifying Temporal Properties of Finite State Probabilistic Programs,
- Courcoubetis, Yannakakis
- 1988
(Show Context)
Citation Context ...proposed in the 1980s [27, 59], originally focussing on qualitative probabilistic temporal properties (i.e. those satisfied with probability 1 or 0) but later also introducing quantitative properties =-=[18]-=-. However, work on implementation and tools did not begin until recently [25, 28], when the field of model checking matured. Probabilistic model checking draws on conventional model checking, since it... |

16 | Out-of-core solutions of large linear systems of equations arising from stochastic modelling
- Kwiatkowska, Mehmood
- 2002
(Show Context)
Citation Context ... further improved in [53] and the memory limitation imposed by the need to store a conventional vector has been tackled with out-of-core techniques, in combination with symbolic matrix representation =-=[36, 37]-=-. 4.2 The PRISM Tool PRISM [41, 1] is a probabilistic symbolic model checker implemented using the CUDD package [57] to obtain BDD/MTBDD-based representation of probabilistic models. PRISM directly su... |

13 | A symbolic out-of-core solution method for Markov models
- Kwiatkowska, Mehmood, et al.
- 2002
(Show Context)
Citation Context ... further improved in [53] and the memory limitation imposed by the need to store a conventional vector has been tackled with out-of-core techniques, in combination with symbolic matrix representation =-=[36, 37]-=-. 4.2 The PRISM Tool PRISM [41, 1] is a probabilistic symbolic model checker implemented using the CUDD package [57] to obtain BDD/MTBDD-based representation of probabilistic models. PRISM directly su... |

13 | Model Checking Expected Time and Expected Reward Formulae with Random Time
- Kwiatkowska, Norman, et al.
- 2006
(Show Context)
Citation Context ...ms of [26, 14, 12] (including fairness) and the subsequent improvements of [8]. For CSL and CTMCs, methods based on [10, 33], recently extended with random time bounds, cost/rewards and expected time =-=[39, 40]-=-, are used. Graph traversal is implemented with BDD fixpoints, but numerical computation can be performed using one of three different model checking engines: symbolic MTBDD-based [9, 22] for both the... |

12 | Symbolic computation of maximal probabilistic reachability
- KWIATKOWSKA, NORMAN, et al.
- 2001
(Show Context)
Citation Context ...in the original PTA. Exact probability can be obtained with the help of a backwards probabilistic reachability, a zone-based symbolic algorithm that iterates the pre operator from the from target set =-=[46]-=-. For a restricted class of probabilistic timed automata, reduction to integer semantics enables exact maximum and minimum probabilistic reachability calculations [47]. 6 The continuous probabilistic ... |

10 | Approximate verification of probabilistic systems
- Lassaigne, Peyronnet
- 2002
(Show Context)
Citation Context ...ese are currently being investigated, as are parallel out-of-core solution methods, extension with real-time clocks, sampling-based techniques derived from [60] and Monte Carlo approximation for PCTL =-=[49]-=-. Further applications of PRISM to model and analyse quantum cryptographic protocols, mobile ad hoc networks and nano-circuits are underway. Acknowledgements: These achievements would not have been po... |

10 |
R (2002) Formal analysis and validation of continuous time Markov chain based system level power management strategies
- Norman, Parker, et al.
(Show Context)
Citation Context ...that have been implemented in the PRISM tool. Finally, we discuss four real-world examples analysed with PRISM: the Crowds anonymity protocol [56], randomised consensus [43], dynamic power management =-=[51]-=- and IEEE 1394 FireWire root contention [47, 21]. We finish with a statement of challenges and open problems that remain in the area. 2 Notation and Preliminaries Let# be a sample set, the set of poss... |

7 | Model checking CSL until formulae with random time bounds.
- Kwiatkowska, Norman, et al.
- 2002
(Show Context)
Citation Context ...ms of [26, 14, 12] (including fairness) and the subsequent improvements of [8]. For CSL and CTMCs, methods based on [10, 33], recently extended with random time bounds, cost/rewards and expected time =-=[39, 40]-=-, are used. Graph traversal is implemented with BDD fixpoints, but numerical computation can be performed using one of three different model checking engines: symbolic MTBDD-based [9, 22] for both the... |

5 |
Performance of computer-communication systems: A model-based approach
- Haverkort
- 1998
(Show Context)
Citation Context ...ilistic model of the system, typically a continuous time Markov chain (CTMC), on which analytical, simulation-based or numerical calculations are performed to obtain the desired quantitative measures =-=[29]-=-. The modelling of uncertainty due to environmental factors has given rise to a different probabilistic model (Markov decision processes), introduced in operations research in the 1950s as a represent... |