Certificates and Witnesses for Probabilistic Model Checking

The ability to provide succinct information about why a property does, or does not, hold in a given system is a key feature in the context of formal verification and model checking. It can be used both to explain the behavior of the system to a user of verification software, and as a tool to aid automated abstraction and synthesis procedures. Counterexample traces, which are executions of the system that do not satisfy the desired specification, are a classical example. Specifications of systems with probabilistic behavior usually require that an event happens with sufficiently high (or low) probability. In general, single executions of the system are not enough to demonstrate that such a specification holds. Rather, standard witnesses in this setting are sets of executions which in sum exceed the required probability bound. In this thesis we consider methods to certify and witness that probabilistic reachability constraints hold in Markov decision processes (MDPs) and probabilistic timed automata (PTA). Probabilistic reachability constraints are threshold conditions on the maximal or minimal probability of reaching a set of target-states in the system. The threshold condition may represent an upper or lower bound and be strict or non-strict. We show that the model-checking problem for each type of constraint can be formulated as a satisfiability problem of a system of linear inequalities. These inequalities correspond closely to the probabilistic transition matrix of the MDP. Solutions of the inequalities are called Farkas certificates for the corresponding property, as they can indeed be used to easily validate that the property holds. By themselves, Farkas certificates do not explain why the corresponding probabilistic reachability constraint holds in the considered MDP. To demonstrate that the maximal reachability probability in an MDP is above a certain threshold, a commonly used notion are witnessing subsystems. A subsystem is a witness if the MDP satisfies the lower bound on the optimal reachability probability even if all states not included in the subsystem are made rejecting trap states. Hence, a subsystem is a part of the MDP which by itself satisfies the lower-bounded threshold constraint on the optimal probability of reaching the target-states. We consider witnessing subsystems for lower bounds on both the maximal and minimal reachability probabilities, and show that Farkas certificates and witnessing subsystems are related. More precisely, the support (i.e., the indices with a non-zero entry) of a Farkas certificate induces the state-space of a witnessing subsystem for the corresponding property. Vice versa, given a witnessing subsystem one can compute a Farkas certificate whose support corresponds to the state-space of the witness. This insight yields novel algorithms and heuristics to compute small and minimal witnessing subsystems. To compute minimal witnesses, we propose mixed-integer linear programming formulations whose solutions are Farkas certificates with minimal support. We show that the corresponding decision problem is NP-complete even for acyclic Markov chains, which supports the use of integer programs to solve it. As this approach does not scale well to large instances, we introduce the quotient-sum heuristic, which is based on iteratively solving a sequence of linear programs. The solutions of these linear programs are also Farkas certificates. In an experimental evaluation we show that the quotient-sum heuristic is competitive with state-of-the-art methods. A large part of the algorithms proposed in this thesis are implemented in the tool SWITSS. We study the complexity of computing minimal witnessing subsystems for probabilistic systems that are similar to trees or paths. Formally, this is captured by the notions of tree width and path width. Our main result here is that the problem of computing minimal witnessing subsystems remains NP-complete even for Markov chains with bounded path width. The hardness proof identifies a new source of combinatorial hardness in the corresponding decision problem. Probabilistic timed automata generalize MDPs by including a set of clocks whose values determine which transitions are enabled. They are widely used to model and verify real-time systems. Due to the continuously-valued clocks, their underlying state-space is inherently uncountable. Hence, the methods that we describe for finite-state MDPs do not carry over directly to PTA. Furthermore, a good notion of witness for PTA should also take into account timing aspects. We define two kinds of subsystems for PTA, one for maximal and one for minimal reachability probabilities, respectively. As for MDPs, a subsystem of a PTA is called a witness for a lower-bounded constraint on the (maximal or minimal) reachability probability, if it itself satisfies this constraint. Then, we show that witnessing subsystems of PTA induce Farkas certificates in certain finite-state quotients of the PTA. Vice versa, Farkas certificates of such a quotient induce witnesses of the PTA. Again, the support of the Farkas certificates corresponds to the states included in the subsystem. These insights are used to describe algorithms for the computation of minimal witnessing subsystems for PTA, with respect to three different notions of size. One of them counts the number of locations in the subsystem, while the other two take into account the possible clock valuations in the subsystem.:1 Introduction 2 Preliminaries 3 Farkas certificates 4 New techniques for witnessing subsystems 5 Probabilistic systems with low tree width 6 Explications for probabilistic timed automata 7 Conclusio

Comic Convergence: Toward a Prismatic Rhetoric for Composition Studies

This dissertation examines the feminist intersections of composition studies, visual rhetoric, and comics studies in order to identify a rhetorically interdisciplinary approach to composition that moves beyond composition studies’ persistent separation of qualitative and quantitative research methodologies, rhetoric and ideology, and analysis and composition. Chapter one transgresses the qualitative/quantitative divide using keyword analysis and visualization of 2,573 dissertation and thesis abstracts published between 1979 – 2012 to engage in what composition studies scholar Derek Mueller terms a “distant reading” of the extent and contexts of composition studies’ self-identified interdisciplinarity. Complementing my more traditional literature review, the results of this analysis validate the necessity of my analytical and pedagogical interventions by suggesting that composition studies has not yet addressed comics through the feminist intersections of visual rhetoric and critical pedagogy. Chapters two and three develop a rhetorical analytical approach to comics that moves beyond comics studies’ persistent separation of rhetoric and ideology by positing conflict as an identifiable form of rhetorical persuasion in the Martha Washington comics. These comics were collaboratively created by Frank Miller and Dave Gibbons between 1989 – 2007. Following feminist rhetorician Susan Jarratt’s case for rhetorical conflict as a pedagogical tool and extending Chicana feminist Chela Sandoval’s conceptualization of meta-ideologizing in which oppressive ideologies are re-signified via recontextualizations that juxtapose ‘old’ and ‘new’ signs of ideological meaning, I explore the rhetorically persuasive conflict arising from visual, conceptual, and embodied juxtapositions of race, class, and gender made visible in these comics. Chapter four outlines a feminist, critical, visual rhetorical – what I call prismatic – approach to composition pedagogy that requires (1) contexts in which differences and conflicts can be identified and engaged, (2) explicable sites of intersection between ideological perspectives and rhetorical construction, and (3) models for the transition from ideological critique to (re)composition. This is not an add-pop-genre-and-stir approach to composition pedagogy; rather, it intentionally deploys comics’ inherent multimodality as a challenge to students’ often narrow definitions of rhetoric and composition