Showing papers by "Joost-Pieter Katoen published in 2011"
TL;DR: The Markov Reward Model Checker is a software tool for verifying properties over probabilistic models that supports PCTL and CSL model checking, and their reward extensions.
319 citations
TL;DR: A component-based modelling approach to system-software co-engineering of real-time embedded systems, in particular aerospace systems, centred around the standardized Architecture Analysis and Design Language (AADL) modelling framework is presented.
Abstract: This paper presents a component-based modelling approach to system-software co-engineering of real-time embedded systems, in particular aerospace systems. Our method is centred around the standardized Architecture Analysis and Design Language (AADL) modelling framework. We formalize a significant subset of AADL, incorporating its recent Error Model Annex for modelling faults and repairs. The major distinguishing aspects of this component-based approach are the possibility to describe nominal hardware and software operations, hybrid (and timing) aspects, as well as probabilistic faults and their propagation and recovery. Moreover, it supports dynamic (i.e. on-the-fly) reconfiguration of components and inter-component connections. The operational semantics gives a precise interpretation of specifications by providing a mapping onto networks of event-data automata. These networks are then subject to different kinds of formal analysis such as model checking, safety and dependability analysis and performance evaluation. Mature tool support realizes these analyses. The activities reported in this paper are carried out in the context of the correctness, modelling, and performance of aerospace systems, project which is funded by the European Space Agency.
216 citations
TL;DR: In this paper, the authors study the verification of a finite continuous-time Markov chain (CTMC) against a linear real-time specification given as a deterministic timed automaton (DTA) A with finite or Muller acceptance conditions.
Abstract: We study the verification of a finite continuous-time Markov chain (CTMC) C against a linear real-time specification given as a deterministic timed automaton (DTA) A with finite or Muller acceptance conditions. The central question that we address is: what is the probability of the set of paths of C that are accepted by A, i.e., the likelihood that C satisfies A? It is shown that under finite acceptance criteria this equals the reachability probability in a finite piecewise deterministic Markov process (PDP), whereas for Muller acceptance criteria it coincides with the reachability probability of terminal strongly connected components in such a PDP. Qualitative verification is shown to amount to a graph analysis of the PDP. Reachability probabilities in our PDPs are then characterized as the least solution of a system of Volterra integral equations of the second type and are shown to be approximated by the solution of a system of partial differential equations. For single-clock DTA, this integral equation system can be transformed into a system of linear equations where the coefficients are solutions of ordinary differential equations. As the coefficients are in fact transient probabilities in CTMCs, this result implies that standard algorithms for CTMC analysis suffice to verify single-clock DTA specifications.
104 citations
23 Jan 2011
TL;DR: This paper has developed a complete abstraction theory for PAs, and also proposes the first specification theory for them, which supports both satisfaction and refinement operators, together with classical stepwise design operators.
Abstract: Probabilistic Automata (PAs) are a widely-recognized mathematical framework for the specification and analysis of systems with non-deterministic and stochastic behaviors. This paper proposes Abstract Probabilistic Automata (APAs), that is a novel abstraction model for PAs. In APAs uncertainty of the non-deterministic choices is modeled by may/must modalities on transitions while uncertainty of the stochastic behaviour is expressed by (underspecified) stochastic constraints. We have developed a complete abstraction theory for PAs, and also propose the first specification theory for them. Our theory supports both satisfaction and refinement operators, together with classical stepwise design operators. In addition, we study the link between specification theories and abstraction in avoiding the state-space explosion problem.
69 citations
26 Mar 2011
TL;DR: It is shown that verifying 1-clock DTA can be done by analyzing subgraphs of the product of CTMC C and the region graph of DTA A and improves upon earlier results and allows to only use standard analysis algorithms.
Abstract: This paper makes verifying continuous-time Markov chains (CTMCs) against deterministic timed automata (DTA) objectives practical. We show that verifying 1-clock DTA can be done by analyzing subgraphs of the product of CTMC C and the region graph of DTA A. This improves upon earlier results and allows to only use standard analysis algorithms. Our graph decomposition approach naturally enables bisimulation minimization as well as parallelization. Experiments with various examples confirm that these optimizations lead to significant speed-ups. We also report on experiments with multiple-clock DTA objectives. The objectives and the size of the problem instances that can be checked with our prototypical tool go (far) beyond what could be checked so far.
46 citations
12 Apr 2011
TL;DR: This work shows that these quantitative verification problems can be reduced to computing reachability probabilities over the product of an automaton and the DTSHS under study, and quantitatively approximated by procedures over discrete-time Markov chains.
Abstract: This paper considers the quantitative verification of discrete-time stochastic hybrid systems (DTSHS) against linear time objectives The central question is to determine the likelihood of all the trajectories in a DTSHS that are accepted by an automaton on finite or infinite words This verification covers regular and ω-regular properties, and thus comprises the linear temporal logic LTL This work shows that these quantitative verification problems can be reduced to computing reachability probabilities over the product of an automaton and the DTSHS under study The computation of reachability probabilities can be performed in a backward-recursive manner, and quantitatively approximated by procedures over discrete-time Markov chains A case study shows the feasibility of the approach
41 citations
26 May 2011
TL;DR: A normal form for hyperedge replacement Grammars is introduced as a generalisation of the Greibach Normal Form for string grammars and the adapted construction to support the required concretisations.
Abstract: Heap-based data structures play an important role in modern programming concepts. However standard verification algorithms cannot cope with infinite state spaces as induced by these structures. A common approach to solve this problem is to apply abstraction techniques. Hyperedge replacement grammars provide a promising technique for heap abstraction as their production rules can be used to partially abstract and concretise heap structures. To support the required concretisations, we introduce a normal form for hyperedge replacement grammars as a generalisation of the Greibach Normal Form for string grammars and the adapted construction.
31 citations
11 Oct 2011
TL;DR: This paper introduces a novel counterexample generation approach for the verification of discrete-time Markov chains (DTMCs) with two main advantages: (1) It generates abstractcounterexamples which can be refined in a hierarchical manner, and (2) It aims at minimizing the number of states involved in the counts, and compute a critical subsystem of the DTMC whose paths form a countereXample.
Abstract: This paper introduces a novel counterexample generation approach for the verification of discrete-time Markov chains (DTMCs) with two main advantages: (1) We generate abstract counterexamples which can be refined in a hierarchical manner. (2) We aim at minimizing the number of states involved in the counterexamples, and compute a critical subsystem of the DTMC whose paths form a counterexample. Experiments show that with our approach we can reduce the size of counterexamples and the number of computation steps by several orders of magnitude.
31 citations
TL;DR: In this paper, the authors propose Abstract Probabilistic Automata (APAs), a framework for the specification and analysis of systems with non-deterministic and stochastic behaviors.
Abstract: Probabilistic Automata (PAs) are a widely-recognized mathematical framework for the specification and analysis of systems with non-deterministic and stochastic behaviors. This paper proposes Abstract Probabilistic Automata (APAs), that is a novel abstraction model for PAs. In APAs uncertainty of the non-deterministic choices is modeled by may/must modalities on transitions while uncertainty of the stochastic behaviour is expressed by (underspecified) stochastic constraints. We have developed a complete abstraction theory for PAs, and also propose the first specification theory for them. Our theory supports both satisfaction and refinement operators, together with classical stepwise design operators. In addition, we study the link between specification theories and abstraction in avoiding the state-space explosion problem.
26 citations
20 Jun 2011
TL;DR: This paper discusses APAs over dissimilar alphabets, a determinisation operator, conjunction of non-deterministic APAs, and an APA-embedding of Interface Automata, and concludes introducing a tool for automatic manipulation of APAs.
Abstract: Probabilistic Automata (PAs) are a recognized framework for modeling and analysis of nondeterministic systems with stochastic behavior. Recently, we proposed Abstract Probabilistic Automata (APAs) -- an abstraction framework for PAs. In this paper, we discuss APAs over dissimilar alphabets, a determinisation operator, conjunction of non-deterministic APAs, and an APA-embedding of Interface Automata. We conclude introducing a tool for automatic manipulation of APAs.
25 citations
27 Jun 2011
TL;DR: A novel structural definition of weighted lumpability is provided, some elementary properties are proved, and the probability of satisfying a deterministic timed automaton specification coincides for a CTMC and its weigthed lumped analogue.
Abstract: This paper reconsiders Bernardo's T-lumpability on continuous-time Markov chains (CTMCs) This notion allows for a more aggressive state-level aggregation than ordinary lumpability We provide a novel structural definition of (what we refer to as) weighted lumpability, prove some elementary properties, and investigate its compatibility with linear real-time objectives The main result is that the probability of satisfying a deterministic timed automaton specification coincides for a CTMC and its weigthed lumped analogue The same holds for metric temporal logic formulas
28 Sep 2011
TL;DR: This paper considers the verification of continuous-time Markov decision process (CTMDPs) against single-clock deterministic timed automata (DTA) specifications and shows that this problem can be reduced to a linear programming problem whose coefficients are maximum timed reachability probabilities in a set of CTMDPs.
Abstract: This paper considers the verification of continuous-time Markov decision process (CTMDPs) against single-clock deterministic timed automata (DTA) specifications. The central issue is to compute the maximum probability of the set of timed paths of a CTMDP C that are accepted by a DTA A. We show that this problem can be reduced to a linear programming problem whose coefficients are maximum timed reachability probabilities in a set of CTMDPs, which are obtained via a graph decomposition of the product of the CTMDP C and the region graph of the DTA A.
01 Jan 2011
TL;DR: This paper shows that checking classical and combined probabilistic similarity are EXPTIME-complete in both directions and become polynomial if both the number of control states of the pPDA and the size of the finite-state system are fixed.
Abstract: This paper studies the decidability and computational complexity of checking probabilistic simulation pre-order between probabilistic pushdown automata (pPDA) and (probabilistic)finite-state systems.
We show that checking classical and combined probabilistic similarity are EXPTIME-complete in both directions and become polynomial if both the number of control states of the pPDA and the size of the finite-state system are fixed. These results show that checking probabilistic similarity is as hard as checking similarity
in the standard, i.e., non-probabilistic setting.
02 Aug 2011
TL;DR: This paper recently developed a coherent and multidisciplinary approach towards developing space systems at architectural design level, linking all of the aforementioned aspects, and assessed it with several industrial evaluations.
Abstract: The need for an integrated system-software co-engineering framework to support the design of modern space systems is pressing. The current tools and formalisms tend to be tailored to specific analysis techniques and are not amenable for the full spectrum of required system aspects such as safety, dependability and performability. Additionally, they cannot handle the intertwining of hardware and software interaction. As such, the current practices lack integration and coherence. We recently developed a coherent and multidisciplinary approach towards developing space systems at architectural design level, linking all of the aforementioned aspects, and assessed it with several industrial evaluations. This paper reports on the approach, the evaluations and our perspective on current and future developments.
01 Dec 2011
TL;DR: A novel stochastic extension of timed automata, i.e. Markovian Timed Automata, is proposed and Bellman equations to characterize the probability are proposed, and two approaches to solve the Bellman equation are provided, namely, a discretization and a reduction to Hamilton-Jacobi-Bellman equations.
Abstract: We propose a novel stochastic extension of timed automata, i.e. Markovian Timed Automata. We study the problem of optimizing time-bounded reachability probabilities in this model, i.e., the maximum likelihood to hit a set of goal locations within a given deadline. We propose Bellman equations to characterize the probability, and provide two approaches to solve the Bellman equations, namely, a discretization and a reduction to Hamilton-Jacobi-Bellman equations.
TL;DR: Results show that grid-like schemes, in contrast to chain- and tree-like ones, yield extremely precise approximations for rather coarse abstractions in the field of performance evaluation.
TL;DR: A two-step scheme for approximate model checking of discrete time stochastic hybrid systems is described and the probabilistic invariance property is considered and it is shown that, under certain regularity conditions, the invariance probability computed using the approximating Markov chain converges to the invariances probability of the original stochastics hybrid system, as the grid used in the approximation gets finer.
22 Aug 2011
TL;DR: A formal model of an energy-efficient MAC protocol for gossip-based wireless sensor networks, and an amendment of the distributed slotted Aloha protocol by a simple dynamic power assignment scheme, which significantly reduces the energy consumption and speeds up the message transmission.
Abstract: This paper is concerned with the formal modelling and simulative analysis of an energy-efficient MAC protocol for gossip-based wireless sensor networks. This protocol is a variant of classical slotted Aloha in which the number of active TDMA slots is dynamically changed depending on the number of neighbours of a node. We provide a formal model of this protocol, and analyse energy consumption under the signal-to-interference plus noise ratio (SINR) radio model. We propose an amendment of the distributed slotted Aloha protocol by a simple dynamic power assignment scheme, and show that this significantly reduces the energy consumption (30%) and speeds up the message transmission.
20 Apr 2011
TL;DR: This short paper discusses three non-standard applications of model checking, taken from systems biology, and shows the relevance of probabilistic reachability, and discusses a stochastic job scheduling problem that can be solved using model checking.
Abstract: Model checking is an automated verification technique that actively is applied to find bugs in hardware and software designs. Companies like IBM and Cadence developed their in-house model checkers, and acted as driving forces behind the design of the IEEE-standardized temporal logic PSL. On the other hand, model checking C-, C#- and .NET-program code is an intensive research topic at, for instance, Microsoft and NASA. In this short paper, we briefly discuss three non-standard applications of model checking. The first example is taken from systems biology and shows the relevance of probabilistic reachability. Then, we show how to determine the optimal scheduling policy for multiple-battery systems so as to optimize the system's lifetime. Finally, we discuss a stochastic job scheduling problem that --thanks to recent developments-- can be solved using model checking.
01 Jan 2011
TL;DR: This book constitutes the refereed proceedings of the 22nd International Conference on Concurrency Theory, CONCUR 2011, held in Aachen, Germany, September 5-10, 2011 and contains 32 revised full papers.
Abstract: This book constitutes the refereed proceedings of the 22nd International Conference on Concurrency Theory, CONCUR 2011, held in Aachen, Germany, September 5-10, 2011. The 32 revised full papers were carefully reviewed and selected from 94 submissions. The papers are organized in topics such as real-time systems, probabilistic systems, automata, separation logic, pi-calculus, Petri nets, process algebra and modeling, verification, games, and bisimulation.
Book•
01 Jan 2011
TL;DR: The refereed proceedings of the 22nd International Conference on Concurrency Theory, CONCUR 2011, held in Aachen, Germany, September 5-10, 2011, were published in this article.
Abstract: This book constitutes the refereed proceedings of the 22nd International Conference on Concurrency Theory, CONCUR 2011, held in Aachen, Germany, September 5-10, 2011. The 32 revised full papers were carefully reviewed and selected from 94 submissions. The papers are organized in topics such as real-time systems, probabilistic systems, automata, separation logic, pi-calculus, Petri nets, process algebra and modeling, verification, games, and bisimulation.
TL;DR: It is shown that this set of paths is measurable and computing its probability can be reduced to computing the reachability probability in a piecewise deterministic Markov process (PDP).
Abstract: We study the verification of a finite continuous-time Markov chain (CTMC) C against a linear real-time specification given as a deterministic timed automaton (DTA) A with finite or Muller acceptance conditions. The central question that we address is: what is the probability of the set of paths of C that are accepted by A, i.e., the likelihood that C satisfies A? It is shown that under finite acceptance criteria this equals the reachability probability in a finite piecewise deterministic Markov process (PDP), whereas for Muller acceptance criteria it coincides with the reachability probability of terminal strongly connected components in such a PDP. Qualitative verification is shown to amount to a graph analysis of the PDP. Reachability probabilities in our PDPs are then characterized as the least solution of a system of Volterra integral equations of the second type and are shown to be approximated by the solution of a system of partial differential equations. For single-clock DTA, this integral equation system can be transformed into a system of linear equations where the coefficients are solutions of ordinary differential equations. As the coefficients are in fact transient probabilities in CTMCs, this result implies that standard algorithms for CTMC analysis suffice to verify single-clock DTA specifications.
29 Aug 2011
TL;DR: Building modern aerospace systems is highly demanding and they should be extremely dependable, but for on-board systems it is not.
Abstract: Building modern aerospace systems is highly demanding. They should be extremely dependable. They must offer service without interruption (i.e., without failure) for a very long time — typically years or decades. Whereas “five nines” dependability, i.e., a 99.999 % availability, is satisfactory for most safety-critical systems, for on-board systems it is not. Faults are costly and may severly damage reputations. Dramatic examples are known. Fatal defects in the control software of the Ariane-5 rocket and the Mars Pathfinder have led to headlines in newspapers all over the world. Rigorous design support and analysis techniques are called for. Bugs must be found as early as possible in the design process while performance and reliability guarantees need to be checked whenever possible. The effect of fault diagnosis, isolation and recovery must be quantifiable