Quantitative Safety: Linking Proof-Based Verification with Model Checking for Probabilistic Systems

This paper presents a novel approach for augmenting proof-based verification with performance-style analysis of the kind employed in state-of-the-art model checking tools for probabilistic systems. Quantitative safety properties usually specified as probabilistic system invariants and modeled in proof-based environments are evaluated using bounded model checking techniques. Our specific contributions include the statement of a theorem that is central to model checking safety properties of proof-based systems, the establishment of a procedure; and its full implementation in a prototype system (YAGA) which readily transforms a probabilistic model specified in a proof-based environment to its equivalent verifiable PRISM model equipped with reward structures. The reward structures capture the exact interpretation of the probabilistic invariants and can reveal succinct information about the model during experimental investigations. Finally, we demonstrate the novelty of the technique on a probabilistic library case study

Markovian Testing Equivalence and Exponentially Timed Internal Actions

In the theory of testing for Markovian processes developed so far, exponentially timed internal actions are not admitted within processes. When present, these actions cannot be abstracted away, because their execution takes a nonzero amount of time and hence can be observed. On the other hand, they must be carefully taken into account, in order not to equate processes that are distinguishable from a timing viewpoint. In this paper, we recast the definition of Markovian testing equivalence in the framework of a Markovian process calculus including exponentially timed internal actions. Then, we show that the resulting behavioral equivalence is a congruence, has a sound and complete axiomatization, has a modal logic characterization, and can be decided in polynomial time

Communicating Processes with Data for Supervisory Coordination

We employ supervisory controllers to safely coordinate high-level discrete(-event) behavior of distributed components of complex systems. Supervisory controllers observe discrete-event system behavior, make a decision on allowed activities, and communicate the control signals to the involved parties. Models of the supervisory controllers can be automatically synthesized based on formal models of the system components and a formalization of the safe coordination (control) requirements. Based on the obtained models, code generation can be used to implement the supervisory controllers in software, on a PLC, or an embedded (micro)processor. In this article, we develop a process theory with data that supports a model-based systems engineering framework for supervisory coordination. We employ communication to distinguish between the different flows of information, i.e., observation and supervision, whereas we employ data to specify the coordination requirements more compactly, and to increase the expressivity of the framework. To illustrate the framework, we remodel an industrial case study involving coordination of maintenance procedures of a printing process of a high-tech Oce printer.Comment: In Proceedings FOCLASA 2012, arXiv:1208.432

Verifying Real-Time Systems using Explicit-time Description Methods

Timed model checking has been extensively researched in recent years. Many new formalisms with time extensions and tools based on them have been presented. On the other hand, Explicit-Time Description Methods aim to verify real-time systems with general untimed model checkers. Lamport presented an explicit-time description method using a clock-ticking process (Tick) to simulate the passage of time together with a group of global variables for time requirements. This paper proposes a new explicit-time description method with no reliance on global variables. Instead, it uses rendezvous synchronization steps between the Tick process and each system process to simulate time. This new method achieves better modularity and facilitates usage of more complex timing constraints. The two explicit-time description methods are implemented in DIVINE, a well-known distributed-memory model checker. Preliminary experiment results show that our new method, with better modularity, is comparable to Lamport's method with respect to time and memory efficiency

Modelling Clock Synchronization in the Chess gMAC WSN Protocol

We present a detailled timed automata model of the clock synchronization algorithm that is currently being used in a wireless sensor network (WSN) that has been developed by the Dutch company Chess. Using the Uppaal model checker, we establish that in certain cases a static, fully synchronized network may eventually become unsynchronized if the current algorithm is used, even in a setting with infinitesimal clock drifts

A Process Algebra for Supervisory Coordination

A supervisory controller controls and coordinates the behavior of different components of a complex machine by observing their discrete behaviour. Supervisory control theory studies automated synthesis of controller models, known as supervisors, based on formal models of the machine components and a formalization of the requirements. Subsequently, code generation can be used to implement this supervisor in software, on a PLC, or embedded microprocessor. In this article, we take a closer look at the control loop that couples the supervisory controller and the machine. We model both event-based and state-based observations using process algebra and bisimulation-based semantics. The main application area of supervisory control that we consider is coordination, referred to as supervisory coordination, and we give an academic and an industrial example, discussing the process-theoretic concepts employed.Comment: In Proceedings PACO 2011, arXiv:1108.145

Towards supervisory control of interactive Markov chains : controllability

We propose a model-based systems engineering framework for supervisory control of stochastic discrete-event systems with unrestricted nondeterminism. We intend to develop the proposed framework in four phases outlined in this paper. Here, we study in detail the first step which comprises investigation of the underlying model and development of a corresponding notion of controllability. The model of choice is termed Interactive Markov Chains, which is a natural semantic model for stochastic variants of process calculi and Petri nets, and it requires a process-theoretic treatment of supervisory control theory. To this end, we define a new behavioral preorder, termed Markovian partial bisimulation, that captures the notion of controllability while preserving correct stochastic behavior. We provide a sound and ground-complete axiomatic characterization of the preorder and, based on it, we define two notion of controllability. The first notion conforms to the traditional way of reasoning about supervision and control requirements, whereas in the second proposal we abstract from the stochastic behavior of the system. For the latter, we intend to separate the concerns regarding synthesis of an optimal supervisor. The control requirements cater only for controllability, whereas we ensure that the stochastic behavior of the supervised plant meets the performance specification by extracting directive optimal supervisors

Performance-model abstraction in a synthesis-centric model-driven systems engineering framework

Supervisory control theory deals with automated synthesis of models of supervisory controllers that coordinate and control discrete-event high-level system behavior. These controllers ensure safe and nonblocking functioning of the system, but there do not exist efficient synthesis procedures for controllers that can ascertain complex liveness and performance guarantees. To this end, the supervised system must be validated to ensure that the desired functionality and performance is preserved. To verify that the supervised system also satisfies the performance requirements, a performance model is derived by abstracting the model of the supervised system. The latter is modeled by stochastic extensions of discrete-events systems with Markovian (exponential) delays. The resulting performance model is a continuous-time Markov chain with state labels. There exist algorithms for extraction of the Markov process, which optimize the number of states of the performance model. We show that this optimization leads to an abstraction that is not always suitable for performance evaluation by stochastic model checking. The abstracted states form paths that are not justifiable in the original system, which may lead to wrong performance metrics. We formalize the relationship between the original stochastic discrete-event and the performance model, and we propose a new abstraction that does not introduce these insupportable properties in the performance model