13,546 research outputs found
Model exploration and analysis for quantitative safety refinement in probabilistic B
The role played by counterexamples in standard system analysis is well known;
but less common is a notion of counterexample in probabilistic systems
refinement. In this paper we extend previous work using counterexamples to
inductive invariant properties of probabilistic systems, demonstrating how they
can be used to extend the technique of bounded model checking-style analysis
for the refinement of quantitative safety specifications in the probabilistic B
language. In particular, we show how the method can be adapted to cope with
refinements incorporating probabilistic loops. Finally, we demonstrate the
technique on pB models summarising a one-step refinement of a randomised
algorithm for finding the minimum cut of undirected graphs, and that for the
dependability analysis of a controller design.Comment: In Proceedings Refine 2011, arXiv:1106.348
Formal Verification of Differential Privacy for Interactive Systems
Differential privacy is a promising approach to privacy preserving data
analysis with a well-developed theory for functions. Despite recent work on
implementing systems that aim to provide differential privacy, the problem of
formally verifying that these systems have differential privacy has not been
adequately addressed. This paper presents the first results towards automated
verification of source code for differentially private interactive systems. We
develop a formal probabilistic automaton model of differential privacy for
systems by adapting prior work on differential privacy for functions. The main
technical result of the paper is a sound proof technique based on a form of
probabilistic bisimulation relation for proving that a system modeled as a
probabilistic automaton satisfies differential privacy. The novelty lies in the
way we track quantitative privacy leakage bounds using a relation family
instead of a single relation. We illustrate the proof technique on a
representative automaton motivated by PINQ, an implemented system that is
intended to provide differential privacy. To make our proof technique easier to
apply to realistic systems, we prove a form of refinement theorem and apply it
to show that a refinement of the abstract PINQ automaton also satisfies our
differential privacy definition. Finally, we begin the process of automating
our proof technique by providing an algorithm for mechanically checking a
restricted class of relations from the proof technique.Comment: 65 pages with 1 figur
An expectation transformer approach to predicate abstraction and data independence for probabilistic programs
In this paper we revisit the well-known technique of predicate abstraction to
characterise performance attributes of system models incorporating probability.
We recast the theory using expectation transformers, and identify transformer
properties which correspond to abstractions that yield nevertheless exact bound
on the performance of infinite state probabilistic systems. In addition, we
extend the developed technique to the special case of "data independent"
programs incorporating probability. Finally, we demonstrate the subtleness of
the extended technique by using the PRISM model checking tool to analyse an
infinite state protocol, obtaining exact bounds on its performance
Quantitative Safety: Linking Proof-Based Verification with Model Checking for Probabilistic Systems
This paper presents a novel approach for augmenting proof-based verification
with performance-style analysis of the kind employed in state-of-the-art model
checking tools for probabilistic systems. Quantitative safety properties
usually specified as probabilistic system invariants and modeled in proof-based
environments are evaluated using bounded model checking techniques.
Our specific contributions include the statement of a theorem that is central
to model checking safety properties of proof-based systems, the establishment
of a procedure; and its full implementation in a prototype system (YAGA) which
readily transforms a probabilistic model specified in a proof-based environment
to its equivalent verifiable PRISM model equipped with reward structures. The
reward structures capture the exact interpretation of the probabilistic
invariants and can reveal succinct information about the model during
experimental investigations. Finally, we demonstrate the novelty of the
technique on a probabilistic library case study
MeGARA: Menu-based Game Abstraction and Abstraction Refinement of Markov Automata
Markov automata combine continuous time, probabilistic transitions, and
nondeterminism in a single model. They represent an important and powerful way
to model a wide range of complex real-life systems. However, such models tend
to be large and difficult to handle, making abstraction and abstraction
refinement necessary. In this paper we present an abstraction and abstraction
refinement technique for Markov automata, based on the game-based and
menu-based abstraction of probabilistic automata. First experiments show that a
significant reduction in size is possible using abstraction.Comment: In Proceedings QAPL 2014, arXiv:1406.156
PrIC3: Property Directed Reachability for MDPs
IC3 has been a leap forward in symbolic model checking. This paper proposes
PrIC3 (pronounced pricy-three), a conservative extension of IC3 to symbolic
model checking of MDPs. Our main focus is to develop the theory underlying
PrIC3. Alongside, we present a first implementation of PrIC3 including the key
ingredients from IC3 such as generalization, repushing, and propagation
Language-based Abstractions for Dynamical Systems
Ordinary differential equations (ODEs) are the primary means to modelling
dynamical systems in many natural and engineering sciences. The number of
equations required to describe a system with high heterogeneity limits our
capability of effectively performing analyses. This has motivated a large body
of research, across many disciplines, into abstraction techniques that provide
smaller ODE systems while preserving the original dynamics in some appropriate
sense. In this paper we give an overview of a recently proposed
computer-science perspective to this problem, where ODE reduction is recast to
finding an appropriate equivalence relation over ODE variables, akin to
classical models of computation based on labelled transition systems.Comment: In Proceedings QAPL 2017, arXiv:1707.0366
Distributed Markovian Bisimulation Reduction aimed at CSL Model Checking
The verification of quantitative aspects like performance and dependability by means of model checking has become an important and vivid area of research over the past decade.\ud
\ud
An important result of that research is the logic CSL (continuous stochastic logic) and its corresponding model checking algorithms. The evaluation of properties expressed in CSL makes it necessary to solve large systems of linear (differential) equations, usually by means of numerical analysis. Both the inherent time and space complexity of the numerical algorithms make it practically infeasible to model check systems with more than 100 million states, whereas realistic system models may have billions of states.\ud
\ud
To overcome this severe restriction, it is important to be able to replace the original state space with a probabilistically equivalent, but smaller one. The most prominent equivalence relation is bisimulation, for which also a stochastic variant exists (Markovian bisimulation). In many cases, this bisimulation allows for a substantial reduction of the state space size. But, these savings in space come at the cost of an increased time complexity. Therefore in this paper a new distributed signature-based algorithm for the computation of the bisimulation quotient of a given state space is introduced.\ud
\ud
To demonstrate the feasibility of our approach in both a sequential, and more important, in a distributed setting, we have performed a number of case studies
Practical applications of probabilistic model checking to communication protocols
Probabilistic model checking is a formal verification technique for the analysis of systems that exhibit stochastic behaviour. It has been successfully employed in an extremely wide array of application domains including, for example, communication and multimedia protocols, security and power management. In this chapter we focus on the applicability of these techniques to the analysis of communication protocols. An analysis of the performance of such systems must successfully incorporate several crucial aspects, including concurrency between multiple components, real-time constraints and randomisation. Probabilistic model checking, in particular using probabilistic timed automata, is well suited to such an analysis. We provide an overview of this area, with emphasis on an industrially relevant case study: the IEEE 802.3 (CSMA/CD) protocol. We also discuss two contrasting approaches to the implementation of probabilistic model checking, namely those based on numerical computation and those based on discrete-event simulation. Using results from the two tools PRISM and APMC, we summarise the advantages, disadvantages and trade-offs associated with these techniques
- ā¦