Probabilistic timed automata are a formalism for modelling systems whose dynamics includes probab... more Probabilistic timed automata are a formalism for modelling systems whose dynamics includes probabilistic, nondeterministic and timed aspects including real-time systems. A variety of techniques have been proposed for the analysis of this formalism and successfully employed to analyse, for example, wireless communication protocols and computer security systems. Augmenting the model with prices (or, equivalently, costs or rewards) provides a means to verify more complex quantitative properties, such as the expected energy usage of a device or the expected number of messages sent during a protocol's execution. However, the analysis of these properties on probabilistic timed automata currently relies on a technique based on integer discretisation of real-valued clocks, which can be expensive in some cases. In this paper, we propose symbolic techniques for verification and optimal strategy synthesis for priced probabilistic timed automata which avoid this discretisation. We build upon recent work for the special case of expected time properties, using value iteration over a zone-based abstraction of the model.
Game-theoretic techniques and equilibria analysis facilitate the design and verification of compe... more Game-theoretic techniques and equilibria analysis facilitate the design and verification of competitive systems. While algorithmic complexity of equilibria computation has been extensively studied, practical implementation and application of game-theoretic methods is more recent. Tools such as PRISM-games support automated verification and synthesis of zero-sum and (epsilon-optimal subgame-perfect) social welfare Nash equilibria properties for concurrent stochastic games. However, these methods become inefficient as the number of agents grows and may also generate equilibria that yield significant variations in the outcomes for individual agents. Instead, we consider correlated equilibria, in which players can coordinate through public signals, and introduce an alternative optimality criterion of social fairness, which can be applied to both Nash and correlated equilibria. We show that correlated equilibria are easier to compute, are more equitable, and can also improve joint outcom...
UML compte maintenant parmi les langages de modélisation les plus répandus, enseignés et outillés... more UML compte maintenant parmi les langages de modélisation les plus répandus, enseignés et outillés pour le génie logiciel. Bien que langage de modélisation généraliste, UML a la capacité d'être adapté aux besoins d'un domaine particulier d'application au travers de la définition de stéréotypes, valeurs étiquetées et contraintes réunis dans un profil UML. C'est ainsi que UML s'est également répandu dans des domaines où initialement il n'aurait pas pu trouver sa place. On retrouve donc tout naturellement des propositions de méthode et d'outils basés sur UML et adressant le domaine particulier du développement d'applications temps-réel embarquées. Le but de ce papier est de montrer comment UML tient désormais une place au sein des langages de développement pour le temps-réel (TR). UML2 étant maintenant disponible, l'objet de cet article est d'une part de décrire rapidement les capacités intrinsèques de UML2 à modéliser des applications TR, et d'autre part à décrire ses profils spécifiques pour le TR. 3.4. De UML vers un espace technologique d'analyse Une fois le modèle annoté et c,e quelque soit le profil utilisé, l'exploitation d'un modèle en vue d'une analyse se fait usuellement via un outil externe (c.a.d. différent de l'outil de modélisation). Pour ce faire, il est nécessaire de définir une transformation de modèle de UML vers le
Although the populations of biological systems are inherently discrete and their dynamics are str... more Although the populations of biological systems are inherently discrete and their dynamics are strongly stochastic, it is usual to consider their limiting behaviour for large environments in order to study some of their features. Such limiting behaviour is described as the solution of a set of ordinary differential equations, i.e., a continuous and deterministic trajectory. It will be shown that this trajectory does not always average correctly the system behaviour, such as sustained oscillations, in the neighbourhood of deterministic equilibrium points. In order to overcome this mismatch, an alternative set of differential equations based on polar coordinates is proposed. This set of equations can be used to easily compute the average amplitude and frequency of stochastic oscillations.
We present an implementation of model checking for the probabilistic pi-calculus, a process algeb... more We present an implementation of model checking for the probabilistic pi-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) pi-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic pi-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a highlevel model description for the PRISM tool. The feasibility ...
We present an implementation of model checking for the probabilistic π-calculus, a pro-cess algeb... more We present an implementation of model checking for the probabilistic π-calculus, a pro-cess algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in sev-eral domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) π-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic π-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Sec-ondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a high-level model description for the PRISM tool. The feasibility...
Fourth International Conference on the Quantitative Evaluation of Systems (QEST 2007), 2007
We present an implementation of model checking for the probabilistic π-calculus, a process algebr... more We present an implementation of model checking for the probabilistic π-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) π-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic πcalculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a highlevel model description for the PRISM tool. The feasibility of our techniques is demonstrated through three case studies from the π-calculus literature.
Page 205. Verifying Randomized Byzantine Agreement⋆ Marta Kwiatkowska and Gethin Norman⋆⋆ School ... more Page 205. Verifying Randomized Byzantine Agreement⋆ Marta Kwiatkowska and Gethin Norman⋆⋆ School of Computer Science, University of Birmingham, Birmingham B15 2TT, United Kingdom {MZ Kwiatkowska, G. Norman}@ cs. bham. ac. uk Abstract. ...
We consider a simple divergence-free language RP for reactive processes which includes prefixing,... more We consider a simple divergence-free language RP for reactive processes which includes prefixing, deterministic choice, actionguarded probabilistic choice, synchronous parallel and recursion. We show that the probabilistic bisimulation of Larsen & Skou is a congruence for this language. Following the methodology introduced by de Bakker & Zucker we give denotational semantics to this language by means of a complete metric space of (deterministic) probabilistic trees defined in terms of the powerdomain of closed sets. This new metric, although not an ultra-metric, nevertheless specialises to the metric of de Bakker & Zucker. Our semantic domain admits a full abstraction result with respect to probabilistic bisimulation.
In an expected reachability-time game (ERTG) two players, Min and Max, move a token along the tra... more In an expected reachability-time game (ERTG) two players, Min and Max, move a token along the transitions of a probabilistic timed automaton, so as to minimise and maximise, respectively, the expected time to reach a target. These games are concurrent since at each step of the game both players choose a timed move (a time delay and action under their control), and the transition of the game is determined by the timed move of the player who proposes the shorter delay. A game is turn-based if at any step of the game, all available actions are under the control of precisely one player. We show that while concurrent ERTGs are not always determined, turn-based ERTGs are positionally determined. Using the boundary region graph abstraction, and a generalisation of Asarin and Maler's simple function, we show that the decision problems related to computing the upper/lower values of concurrent ERTGs, and computing the value of turn-based ERTGs are decidable and their complexity is in NEXPTIME ∩ co-NEXPTIME.
Gossip protocols have been proposed as a robust and efficient method for disseminating informatio... more Gossip protocols have been proposed as a robust and efficient method for disseminating information throughout dynamically changing networks. We present an analysis of a gossip protocol using probabilistic model checking and the tool PRISM. Since the behaviour of these protocols is both probabilistic and nondeterministic in nature, this provides a good example of the exhaustive, quantitative analysis that probabilistic model checking techniques can provide. In particular, we compute minimum and maximum values, representing the best-and worst-case performance of the protocol under any scheduling, and investigate both their relationship with the average values that would be obtained through simulation and the precise scheduling which achieve these values.
Electronic Proceedings in Theoretical Computer Science, 2010
ABSTRACT This volume contains the proceedings of the Eighth Workshop on Quantitative Aspects of P... more ABSTRACT This volume contains the proceedings of the Eighth Workshop on Quantitative Aspects of Programming Languages (QAPL 2010), held in Paphos, Cyprus, on March 27-28, 2010. QAPL 2010 is a satellite event of the European Joint Conferences on Theory and Practice of Software (ETAPS 2010). The workshop theme is on quantitative aspects of computation. These aspects are related to the use of physical quantities (storage space, time, bandwidth, etc.) as well as mathematical quantities (e.g. probability and measures for reliability, security and trust), and play an important (sometimes essential) role in characterising the behavior and determining the properties of systems. Such quantities are central to the definition of both the model of systems (architecture, language design, semantics) and the methodologies and tools for the analysis and verification of the systems properties. The aim of this workshop is to discuss the explicit use of quantitative information such as time and probabilities either directly in the model or as a tool for the analysis of systems.
We study the interaction between non-deterministic and probabilistic behaviour in systems with co... more We study the interaction between non-deterministic and probabilistic behaviour in systems with continuous state spaces, arbitrary probability distributions and uncountable branching. Models of such systems have been proposed previously. Here, we introduce a model that extends probabilistic automata to the continuous setting. We identify the class of schedulers that ensures measurability properties on executions, and show that such measurability properties are preserved by parallel composition. Finally, we demonstrate how these results allow us to define an alternative notion of weak bisimulation in our model.
In recent papers, the partial order reduction approach has been adapted to reason about the proba... more In recent papers, the partial order reduction approach has been adapted to reason about the probabilities for temporal properties in concurrent systems with probabilistic behaviours. This paper extends these results by presenting reduction criteria for a probabilistic branching time logic that allows specification of constraints on quantitative measures given by a reward or cost function for the actions of the system.
Continuous Time Markov Chains (CTMCs) are widely used as the underlying stochastic process in per... more Continuous Time Markov Chains (CTMCs) are widely used as the underlying stochastic process in performance and dependability analysis. Model checking of CTMCs against Continuous Stochastic Logic (CSL) has been investigated previously by a number of authors . CSL contains a time-bounded until operator that allows one to express properties such as "the probability of 3 servers becoming faulty within 7.01 seconds is at most 0.1". In this paper we extend CSL with a random time-bounded until operator, where the time bound is given by a random variable instead of a fixed real-valued time (or interval). With the help of such an operator we can state that the probability of reaching a set of goal states within some generally distributed delay while passing only through states that satisfy a certain property is at most (at least) some probability threshold. In addition, certain transient properties of systems which contain general distributions can be expressed with the extended logic. We extend the efficient model checking of CTMCs against the logic CSL developed in [13] to cater for the new operator. Our method involves precomputing a family of coefficients for a range of random variables which includes Pareto, uniform and gamma distributions, but otherwise carries the same computational cost as that for ordinary time-bounded until in . We implement the algorithms in Matlab and evaluate them by means of a queueing system example.
In this paper we extend CSL (Continuous Stochastic Logic) with an expected time and an expected r... more In this paper we extend CSL (Continuous Stochastic Logic) with an expected time and an expected reward operator, both of which are parameterized by a random terminal time. With the help of such operators we can state for example that the expected sojourn time in a set of goal states within some generally distributed delay is at most (at least)
Probabilistic timed automata are a formalism for modelling systems whose dynamics includes probab... more Probabilistic timed automata are a formalism for modelling systems whose dynamics includes probabilistic, nondeterministic and timed aspects including real-time systems. A variety of techniques have been proposed for the analysis of this formalism and successfully employed to analyse, for example, wireless communication protocols and computer security systems. Augmenting the model with prices (or, equivalently, costs or rewards) provides a means to verify more complex quantitative properties, such as the expected energy usage of a device or the expected number of messages sent during a protocol's execution. However, the analysis of these properties on probabilistic timed automata currently relies on a technique based on integer discretisation of real-valued clocks, which can be expensive in some cases. In this paper, we propose symbolic techniques for verification and optimal strategy synthesis for priced probabilistic timed automata which avoid this discretisation. We build upon recent work for the special case of expected time properties, using value iteration over a zone-based abstraction of the model.
Game-theoretic techniques and equilibria analysis facilitate the design and verification of compe... more Game-theoretic techniques and equilibria analysis facilitate the design and verification of competitive systems. While algorithmic complexity of equilibria computation has been extensively studied, practical implementation and application of game-theoretic methods is more recent. Tools such as PRISM-games support automated verification and synthesis of zero-sum and (epsilon-optimal subgame-perfect) social welfare Nash equilibria properties for concurrent stochastic games. However, these methods become inefficient as the number of agents grows and may also generate equilibria that yield significant variations in the outcomes for individual agents. Instead, we consider correlated equilibria, in which players can coordinate through public signals, and introduce an alternative optimality criterion of social fairness, which can be applied to both Nash and correlated equilibria. We show that correlated equilibria are easier to compute, are more equitable, and can also improve joint outcom...
UML compte maintenant parmi les langages de modélisation les plus répandus, enseignés et outillés... more UML compte maintenant parmi les langages de modélisation les plus répandus, enseignés et outillés pour le génie logiciel. Bien que langage de modélisation généraliste, UML a la capacité d'être adapté aux besoins d'un domaine particulier d'application au travers de la définition de stéréotypes, valeurs étiquetées et contraintes réunis dans un profil UML. C'est ainsi que UML s'est également répandu dans des domaines où initialement il n'aurait pas pu trouver sa place. On retrouve donc tout naturellement des propositions de méthode et d'outils basés sur UML et adressant le domaine particulier du développement d'applications temps-réel embarquées. Le but de ce papier est de montrer comment UML tient désormais une place au sein des langages de développement pour le temps-réel (TR). UML2 étant maintenant disponible, l'objet de cet article est d'une part de décrire rapidement les capacités intrinsèques de UML2 à modéliser des applications TR, et d'autre part à décrire ses profils spécifiques pour le TR. 3.4. De UML vers un espace technologique d'analyse Une fois le modèle annoté et c,e quelque soit le profil utilisé, l'exploitation d'un modèle en vue d'une analyse se fait usuellement via un outil externe (c.a.d. différent de l'outil de modélisation). Pour ce faire, il est nécessaire de définir une transformation de modèle de UML vers le
Although the populations of biological systems are inherently discrete and their dynamics are str... more Although the populations of biological systems are inherently discrete and their dynamics are strongly stochastic, it is usual to consider their limiting behaviour for large environments in order to study some of their features. Such limiting behaviour is described as the solution of a set of ordinary differential equations, i.e., a continuous and deterministic trajectory. It will be shown that this trajectory does not always average correctly the system behaviour, such as sustained oscillations, in the neighbourhood of deterministic equilibrium points. In order to overcome this mismatch, an alternative set of differential equations based on polar coordinates is proposed. This set of equations can be used to easily compute the average amplitude and frequency of stochastic oscillations.
We present an implementation of model checking for the probabilistic pi-calculus, a process algeb... more We present an implementation of model checking for the probabilistic pi-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) pi-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic pi-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a highlevel model description for the PRISM tool. The feasibility ...
We present an implementation of model checking for the probabilistic π-calculus, a pro-cess algeb... more We present an implementation of model checking for the probabilistic π-calculus, a pro-cess algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in sev-eral domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) π-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic π-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Sec-ondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a high-level model description for the PRISM tool. The feasibility...
Fourth International Conference on the Quantitative Evaluation of Systems (QEST 2007), 2007
We present an implementation of model checking for the probabilistic π-calculus, a process algebr... more We present an implementation of model checking for the probabilistic π-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) π-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic πcalculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a highlevel model description for the PRISM tool. The feasibility of our techniques is demonstrated through three case studies from the π-calculus literature.
Page 205. Verifying Randomized Byzantine Agreement⋆ Marta Kwiatkowska and Gethin Norman⋆⋆ School ... more Page 205. Verifying Randomized Byzantine Agreement⋆ Marta Kwiatkowska and Gethin Norman⋆⋆ School of Computer Science, University of Birmingham, Birmingham B15 2TT, United Kingdom {MZ Kwiatkowska, G. Norman}@ cs. bham. ac. uk Abstract. ...
We consider a simple divergence-free language RP for reactive processes which includes prefixing,... more We consider a simple divergence-free language RP for reactive processes which includes prefixing, deterministic choice, actionguarded probabilistic choice, synchronous parallel and recursion. We show that the probabilistic bisimulation of Larsen & Skou is a congruence for this language. Following the methodology introduced by de Bakker & Zucker we give denotational semantics to this language by means of a complete metric space of (deterministic) probabilistic trees defined in terms of the powerdomain of closed sets. This new metric, although not an ultra-metric, nevertheless specialises to the metric of de Bakker & Zucker. Our semantic domain admits a full abstraction result with respect to probabilistic bisimulation.
In an expected reachability-time game (ERTG) two players, Min and Max, move a token along the tra... more In an expected reachability-time game (ERTG) two players, Min and Max, move a token along the transitions of a probabilistic timed automaton, so as to minimise and maximise, respectively, the expected time to reach a target. These games are concurrent since at each step of the game both players choose a timed move (a time delay and action under their control), and the transition of the game is determined by the timed move of the player who proposes the shorter delay. A game is turn-based if at any step of the game, all available actions are under the control of precisely one player. We show that while concurrent ERTGs are not always determined, turn-based ERTGs are positionally determined. Using the boundary region graph abstraction, and a generalisation of Asarin and Maler's simple function, we show that the decision problems related to computing the upper/lower values of concurrent ERTGs, and computing the value of turn-based ERTGs are decidable and their complexity is in NEXPTIME ∩ co-NEXPTIME.
Gossip protocols have been proposed as a robust and efficient method for disseminating informatio... more Gossip protocols have been proposed as a robust and efficient method for disseminating information throughout dynamically changing networks. We present an analysis of a gossip protocol using probabilistic model checking and the tool PRISM. Since the behaviour of these protocols is both probabilistic and nondeterministic in nature, this provides a good example of the exhaustive, quantitative analysis that probabilistic model checking techniques can provide. In particular, we compute minimum and maximum values, representing the best-and worst-case performance of the protocol under any scheduling, and investigate both their relationship with the average values that would be obtained through simulation and the precise scheduling which achieve these values.
Electronic Proceedings in Theoretical Computer Science, 2010
ABSTRACT This volume contains the proceedings of the Eighth Workshop on Quantitative Aspects of P... more ABSTRACT This volume contains the proceedings of the Eighth Workshop on Quantitative Aspects of Programming Languages (QAPL 2010), held in Paphos, Cyprus, on March 27-28, 2010. QAPL 2010 is a satellite event of the European Joint Conferences on Theory and Practice of Software (ETAPS 2010). The workshop theme is on quantitative aspects of computation. These aspects are related to the use of physical quantities (storage space, time, bandwidth, etc.) as well as mathematical quantities (e.g. probability and measures for reliability, security and trust), and play an important (sometimes essential) role in characterising the behavior and determining the properties of systems. Such quantities are central to the definition of both the model of systems (architecture, language design, semantics) and the methodologies and tools for the analysis and verification of the systems properties. The aim of this workshop is to discuss the explicit use of quantitative information such as time and probabilities either directly in the model or as a tool for the analysis of systems.
We study the interaction between non-deterministic and probabilistic behaviour in systems with co... more We study the interaction between non-deterministic and probabilistic behaviour in systems with continuous state spaces, arbitrary probability distributions and uncountable branching. Models of such systems have been proposed previously. Here, we introduce a model that extends probabilistic automata to the continuous setting. We identify the class of schedulers that ensures measurability properties on executions, and show that such measurability properties are preserved by parallel composition. Finally, we demonstrate how these results allow us to define an alternative notion of weak bisimulation in our model.
In recent papers, the partial order reduction approach has been adapted to reason about the proba... more In recent papers, the partial order reduction approach has been adapted to reason about the probabilities for temporal properties in concurrent systems with probabilistic behaviours. This paper extends these results by presenting reduction criteria for a probabilistic branching time logic that allows specification of constraints on quantitative measures given by a reward or cost function for the actions of the system.
Continuous Time Markov Chains (CTMCs) are widely used as the underlying stochastic process in per... more Continuous Time Markov Chains (CTMCs) are widely used as the underlying stochastic process in performance and dependability analysis. Model checking of CTMCs against Continuous Stochastic Logic (CSL) has been investigated previously by a number of authors . CSL contains a time-bounded until operator that allows one to express properties such as "the probability of 3 servers becoming faulty within 7.01 seconds is at most 0.1". In this paper we extend CSL with a random time-bounded until operator, where the time bound is given by a random variable instead of a fixed real-valued time (or interval). With the help of such an operator we can state that the probability of reaching a set of goal states within some generally distributed delay while passing only through states that satisfy a certain property is at most (at least) some probability threshold. In addition, certain transient properties of systems which contain general distributions can be expressed with the extended logic. We extend the efficient model checking of CTMCs against the logic CSL developed in [13] to cater for the new operator. Our method involves precomputing a family of coefficients for a range of random variables which includes Pareto, uniform and gamma distributions, but otherwise carries the same computational cost as that for ordinary time-bounded until in . We implement the algorithms in Matlab and evaluate them by means of a queueing system example.
In this paper we extend CSL (Continuous Stochastic Logic) with an expected time and an expected r... more In this paper we extend CSL (Continuous Stochastic Logic) with an expected time and an expected reward operator, both of which are parameterized by a random terminal time. With the help of such operators we can state for example that the expected sojourn time in a set of goal states within some generally distributed delay is at most (at least)
Uploads
Papers by Gethin Norman