Strong, Weak and Branching Bisimulation for Transition Systems and Markov Reward Chains: A Unifying Matrix Approach

We first study labeled transition systems with explicit successful termination. We establish the notions of strong, weak, and branching bisimulation in terms of boolean matrix theory, introducing thus a novel and powerful algebraic apparatus. Next we consider Markov reward chains which are standardly presented in real matrix theory. By interpreting the obtained matrix conditions for bisimulations in this setting, we automatically obtain the definitions of strong, weak, and branching bisimulation for Markov reward chains. The obtained strong and weak bisimulations are shown to coincide with some existing notions, while the obtained branching bisimulation is new, but its usefulness is questionable

Real and stochastic time in process algebras for performance evaluation

Process algebras are formalisms for abstract modeling of systems for the purpose of qualitative veri¯cation and quantitative evaluation. The purpose of veri¯cation is to show that the system behaves correctly, e.g., it does not contain a deadlock or a state with some desired property is eventually going to be reached. The quantitative or performance evaluation part gives an approximation how well the system will behave, e.g., the average time of a message to get through is 10 time units or the utilization (percentage of time that something is used) of some machine is 23.5 percent. Originally, process algebras were only developed for qualitative model- ing, but gradually they have been extended with time, probabilities, and Markovian (exponential) and generally-distributed stochastic time. The ex- tensions up to stochastic time typically conservatively extended previous well-established theories. However, mostly due to the nature of the under- lying (non-)Markovian performance models, the stochastic process algebras were built from scratch. These extensions were carried out as orthogonal extensions of untimed process theories with exponential delays or stochastic clocks. The underlying performance model is obtained by abstracting from the qualitative behavior using some weak behavioral equivalence. The thesis investigates several issues: (1) What is the relationship be- tween discrete real and generally-distributed stochastic time in the process theories? (2) Is it possible, and if so, how, to extend timed process theories with stochastic time? (3) Reversely, is it possible, and if so, how, to embed discrete real time in generally distributed process theories? Additionally, (4) is the abstraction using the weak behavioral equivalence in Markovian process theories (and other modeling formalisms as well) performance pre- serving, and is such an approach compositional? In the end, (5) how can we do performance analysis using discrete-time and probabilistic choices? The contents of the thesis is as follows. First, we introduce the central concept of a race condition that de¯nes the interaction between stochastic timed delays. We introduce a new type of race condition, which enables the synchronization of stochastic delays with the same sample as in timed process theories. This gives the basis for the notion of a timed delay in a racing context, which models the expiration of stochastic delays. In this new setting, we de¯ne a strong bisimulation relation that deals with the (probabilistic) race condition on a symbolic level. Next, we show how to derive stochastic delays as guarded recursive speci¯cation involving timed delays in a racing context and we derive a ground-complete stochastic-time process theory. Then, we take the opposite viewpoint and we develop a stochastic process theory from scratch, relying on the same interpretation of the race condition. We embed real time in the stochastic-time setting by using context-sensitive interpolation, a restricted notion of time additiv- ity. Afterwards, we turn to Markovian process theories and we show com- positionality of the Markov reward chains with fast and silent transitions with respect to lumping-based and reduction-based aggregation methods. These methods can be used to show preservation of performance measures when eliminating probabilistic choices and non-deterministic silent steps in Markovian process theories. Then, we specify the underlying model of prob- abilistic timed process theories as a discrete-time probabilistic reward graph and we show its transformation to a discrete-time Markov reward chain. The approach is illustrated by extending the environment of the modeling language Â. The developed theories are illustrated by specifying a version of the concurrent alternating bit protocol and analyzing it in the  toolset

Real and stochastic time in process algebras for performance evaluation

Process algebras are formalisms for abstract modeling of systems for the purpose of qualitative veri¯cation and quantitative evaluation. The purpose of veri¯cation is to show that the system behaves correctly, e.g., it does not contain a deadlock or a state with some desired property is eventually going to be reached. The quantitative or performance evaluation part gives an approximation how well the system will behave, e.g., the average time of a message to get through is 10 time units or the utilization (percentage of time that something is used) of some machine is 23.5 percent. Originally, process algebras were only developed for qualitative model- ing, but gradually they have been extended with time, probabilities, and Markovian (exponential) and generally-distributed stochastic time. The ex- tensions up to stochastic time typically conservatively extended previous well-established theories. However, mostly due to the nature of the under- lying (non-)Markovian performance models, the stochastic process algebras were built from scratch. These extensions were carried out as orthogonal extensions of untimed process theories with exponential delays or stochastic clocks. The underlying performance model is obtained by abstracting from the qualitative behavior using some weak behavioral equivalence. The thesis investigates several issues: (1) What is the relationship be- tween discrete real and generally-distributed stochastic time in the process theories? (2) Is it possible, and if so, how, to extend timed process theories with stochastic time? (3) Reversely, is it possible, and if so, how, to embed discrete real time in generally distributed process theories? Additionally, (4) is the abstraction using the weak behavioral equivalence in Markovian process theories (and other modeling formalisms as well) performance pre- serving, and is such an approach compositional? In the end, (5) how can we do performance analysis using discrete-time and probabilistic choices? The contents of the thesis is as follows. First, we introduce the central concept of a race condition that de¯nes the interaction between stochastic timed delays. We introduce a new type of race condition, which enables the synchronization of stochastic delays with the same sample as in timed process theories. This gives the basis for the notion of a timed delay in a racing context, which models the expiration of stochastic delays. In this new setting, we de¯ne a strong bisimulation relation that deals with the (probabilistic) race condition on a symbolic level. Next, we show how to derive stochastic delays as guarded recursive speci¯cation involving timed delays in a racing context and we derive a ground-complete stochastic-time process theory. Then, we take the opposite viewpoint and we develop a stochastic process theory from scratch, relying on the same interpretation of the race condition. We embed real time in the stochastic-time setting by using context-sensitive interpolation, a restricted notion of time additiv- ity. Afterwards, we turn to Markovian process theories and we show com- positionality of the Markov reward chains with fast and silent transitions with respect to lumping-based and reduction-based aggregation methods. These methods can be used to show preservation of performance measures when eliminating probabilistic choices and non-deterministic silent steps in Markovian process theories. Then, we specify the underlying model of prob- abilistic timed process theories as a discrete-time probabilistic reward graph and we show its transformation to a discrete-time Markov reward chain. The approach is illustrated by extending the environment of the modeling language Â. The developed theories are illustrated by specifying a version of the concurrent alternating bit protocol and analyzing it in the  toolset

Methodologies synthesis

This deliverable deals with the modelling and analysis of interdependencies between critical infrastructures, focussing attention on two interdependent infrastructures studied in the context of CRUTIAL: the electric power infrastructure and the information infrastructures supporting management, control and maintenance functionality. The main objectives are: 1) investigate the main challenges to be addressed for the analysis and modelling of interdependencies, 2) review the modelling methodologies and tools that can be used to address these challenges and support the evaluation of the impact of interdependencies on the dependability and resilience of the service delivered to the users, and 3) present the preliminary directions investigated so far by the CRUTIAL consortium for describing and modelling interdependencies

Dependability analysis of a safety critical system: the LHC Beam Dumping System at CERN

Il sistema di estrazione del fascio del nuovo acceleratore LHC del CERN (LHC Beam Dumping System, LBDS) ha il compito di rimuovere il fascio di particelle dall’anello in caso di anomalie, guasti nella macchina o al termine di una operazione. Il sistema rappresenta uno dei componenti critici per la sicurezza dell’acceleratore LHC. Il suo malfunzionamento puo’ portare alla mancata o parziale estrazione del fascio che, per le elevatissime energie raggiunte (7 TeV), ha la capacita’ di distruggere i magneti superconduttori dell’acceleratore e determinare l’arresto delle operazioni per un lungo periodo. La tesi affronta lo studio della sicurezza del sistema di estrazione del fascio di particelle ed il suo impatto sulla vita operativa del sistema in termini di numero aborto missioni(failsafe modes). Un modello dinamico ad eventi discreti stocastico del processo di guasto del sistema e’ stato ricavato partendo da una accurata analisi della sua architettura, dei modi e delle statistiche di guasto di ciascun componente. Il modello e’ stato analizzato rispetto a diversi scenari operativi, fornendo le stime della sicurezza e del numero aborto missioni per un anno di operazioni. L’analisi ha anche valutato l’efficacia delle soluzioni architetturali che sono state adottate per tollerare e prevenire il guasto nei componenti piu’ critici. I risultati ottenuti hanno dimostrato che il sistema rispetta i requisiti SIL3 dello standard di sicurezza IEC 61508, e non interferisce oltre misura sul normale funzionamento della macchina. Lo studio include anche una valutazione della sicurezza complessiva ottenuta per mezzo del sistema di protezione di cui il sistema LBDS e’ parte integrante