Shepherding Hordes of Markov Chains

This paper considers large families of Markov chains (MCs) that are defined over a set of parameters with finite discrete domains. Such families occur in software product lines, planning under partial observability, and sketching of probabilistic programs. Simple questions, like `does at least one family member satisfy a property?', are NP-hard. We tackle two problems: distinguish family members that satisfy a given quantitative property from those that do not, and determine a family member that satisfies the property optimally, i.e., with the highest probability or reward. We show that combining two well-known techniques, MDP model checking and abstraction refinement, mitigates the computational complexity. Experiments on a broad set of benchmarks show that in many situations, our approach is able to handle families of millions of MCs, providing superior scalability compared to existing solutions.Comment: Full version of TACAS'19 submissio

Modeling Role-Based Systems with Exogenous Coordination

The concept of roles is a promising approach to cope with context dependency and adaptivity of modern software systems. While roles have been investigated in conceptual modeling, programming languages and multi-agent systems, they have been given little consideration within component-based systems. In this paper, we propose a hierarchical role-based approach for modeling relationships and collaborations between components. In particular, we consider the channel-based, exogenous coordination language Reo and discuss possible realizations of roles and related concepts. The static requirements on the binding of roles are modeled by rule sets expressed in many-sorted second-order logic and annotations on the Reo networks for role binding, context and collaborations, while Reo connectors are used to model the coordination of runtime role playing. The ideas presented in this paper may serve as a basis for the formalization and formal analysis of role-based software systems

Family-Based Modeling and Analysis for Probabilistic Systems

Feature-based formalisms provide an elegant way to specify families of systems that share a base functionality and differ in certain features. They can also facilitate an all-in-one analysis, where all systems of the family are analyzed at once on a single family model instead of one-by-one. This paper presents the basic concepts of the tool ProFeat, which provides a guarded-command language for modeling families of probabilistic systems and an automatic translation of family models to the input language of the probabilistic model checker PRISM. This translational approach enables a family-based quantitative analysis with PRISM. Besides modeling families of systems that differ in system parameters such as the number of identical processes or channel sizes, ProFeat also provides special support for the modeling and analysis of (probabilistic) product lines with dynamic feature switches, multi-features and feature attributes. By means of several case studies we show how ProFeat eases family-based modeling and compare the one-by-one and all-in-one analysis approach

Statistical Model Checking for Product Lines

International audienceWe report on the suitability of statistical model checking forthe analysis of quantitative properties of product line models by an extendedtreatment of earlier work by the authors. The type of analysis thatcan be performed includes the likelihood of specific product behaviour,the expected average cost of products (in terms of the attributes of theproducts’ features) and the probability of features to be (un)installed atruntime. The product lines must be modelled in QFLan, which extendsthe probabilistic feature-oriented language PFLan with novel quantitativeconstraints among features and on behaviour and with advancedfeature installation options. QFLan is a rich process-algebraic specifi-cation language whose operational behaviour interacts with a store ofconstraints, neatly separating product configuration from product behaviour.The resulting probabilistic configurations and probabilistic behaviourconverge in a discrete-time Markov chain semantics, enablingthe analysis of quantitative properties. Technically, a Maude implementationof QFLan, integrated with Microsoft’s SMT constraint solver Z3,is combined with the distributed statistical model checker MultiVeStA,developed by one of the authors. We illustrate the feasibility of our frameworkby applying it to a case study of a product line of bikes

Verificação, prototipação e análise de estratégias de escalonamento e controle para sistemas auto adaptativos tempo real

Trabalho de conclusão de curso (graduação)—Universidade de Brasília, Faculdade de Tecnologia, Curso de Graduação em Engenharia de Controle e Automação, 2019.O avanço tecnológico intenso da última década possibilitou a criação de sistemas cada vez maiores e mais complexos. A tendência é que tais sistemas venham a se expandir a aumentar sua complexidade cada vez mais rápido. Nesse contexto, surge a necessidade de abordagens inovadoras para o projeto e manutenção de tais sistemas, sendo o aumento das suas capacidades de auto-adaptação uma ideia promissora. A Rede de Sensores Corporais, (Body Sensor Network (BSN) em inglês), aparece como um exemplo de sistema onde a característica de auto-adaptação pode trazer diversas melhorias em sua qualidade, principalmente no que diz respeito à garantia de dependabilidade. Além disso, o potencial da BSN em uma área crítica como a área médica cria uma necessidade da garantia de requisitos de tempo, fazendo com que ela possua características de tempo real e tornando sua classificação como um sistema auto-adaptativo em tempo real razoável. Ademais, tal classe de sistemas traz consigo diversos desafios de projetos que devem ser solucionados. Dois importantes desafios são: (1) a decisão da política de escalonamento para garantir comportamento tempo real, e (2) a elaboração de um controlador para a garantia da auto-adaptatividade em si. Nesse sentido, o objetivo do presente trabalho é a implementação de um modelo de um escalonador EDF (Earliest Deadline First) juntamente com a BSN, que foi o sistmea escolhido para ser utilizado como estudo de caso, o qual é antes formalmente verificado no UPPAAL e depois implementado no middleware OpenDaVINCI. Além disso, este escalonador atua também como controlador da prioridade de escalonamento dos módulos a ele conectados, a partir de uma malha fechada com realimentação negativa. Os resultados mostram que o escalonador EDF com a ação de controle possibilita o escalonamento de módulos com diversas frequências e que respeita às deadlines sempre que possível dadas as limitações do hardware utilizado, o que não era possível anteriormente, garantindo também um escalonamento justo dos mesmos se assim for desejado.The intense technological advances in the last decade made feasible the creation of even bigger and more complex systems. The tendency is that these systems come to expand and increase their complexity each time faster. In this context arises the need for new ways of designing and mantaining them, whereby increasing their capability to self-adapt turns out to be a very promising approach. The Body Sensor Network (BSN) comes out as an example of system where this self-adaptation characteristic can bring several improvements in its quality, mainly concerning dependability guarantees. Additionally, the BSN’s potential in a critical area such as the medical one creates the need to comply with time requirements, giving it real-time characteristics and making reasonable its classification as a real-time self-adaptive system. Furthermore, such class of systems brings with it several design challenges that must be overcome. Two extremely important challenges are: (1) the decision of the scheduling policy, to ensure real-time behaviour, and (2) the elaboration of a controller, to assure self-adaptivity. In this sense, the goal of the present work is the implementation of a formally verified of an Earliest Deadline First (EDF) scheduler together with the BSN, which is the system chosen to be used as a case study, and its posterior implementation in the OpenDaVINCI middleware. Moreover, the scheduler also acts as a controller of the scheduling priority of the modules connected to it, using a closed loop with negative feedback. The results show that the EDF scheduler with the control ability enables the scheduing of modules with different frequencies and that respects the deadlines whenever possible given the utilized hardware limitations, what was not possible before, also guaranteeing a fair scheduling of them if desired