The assurance of quality of service properties is an important aspect of service-oriented software engineering. Notations for so-called service level agreements (SLAs), such as the Web Service Level Agreement (WSLA) language, provide a formal syntax to specify such assurances in terms of (legally binding) contracts between a service provider and a customer. On the other hand, formal methods for verification of probabilistic real-time behavior have reached a level of expressiveness and efficiency which allows to apply them in real-world scenarios. In this paper, we suggest to employ the recently introduced model of Interval Probabilistic Timed Automata (IPTA) for formal verification of QoS properties of service-oriented systems. Specifically, we show that IPTA in contrast to Probabilistic Timed Automata (PTA) are able to capture the guarantees specified in SLAs directly. A particular challenge in the analysis of IPTA is the fact that their naive semantics usually yields an infinite set of states and infinitely-branching transitions. However, using symbolic representations, IPTA can be analyzed rather efficiently. We have developed the first implementation of an IPTA model checker by extending the PRISM tool and show that model checking IPTA is only slightly more expensive than model checking comparable PTA.
{"title":"Model Checking Probabilistic Real-Time Properties for Service-Oriented Systems with Service Level Agreements","authors":"Christian Krause, H. Giese","doi":"10.4204/EPTCS.73.8","DOIUrl":"https://doi.org/10.4204/EPTCS.73.8","url":null,"abstract":"The assurance of quality of service properties is an important aspect of service-oriented software engineering. Notations for so-called service level agreements (SLAs), such as the Web Service Level Agreement (WSLA) language, provide a formal syntax to specify such assurances in terms of (legally binding) contracts between a service provider and a customer. On the other hand, formal methods for verification of probabilistic real-time behavior have reached a level of expressiveness and efficiency which allows to apply them in real-world scenarios. In this paper, we suggest to employ the recently introduced model of Interval Probabilistic Timed Automata (IPTA) for formal verification of QoS properties of service-oriented systems. Specifically, we show that IPTA in contrast to Probabilistic Timed Automata (PTA) are able to capture the guarantees specified in SLAs directly. A particular challenge in the analysis of IPTA is the fact that their naive semantics usually yields an infinite set of states and infinitely-branching transitions. However, using symbolic representations, IPTA can be analyzed rather efficiently. We have developed the first implementation of an IPTA model checker by extending the PRISM tool and show that model checking IPTA is only slightly more expensive than model checking comparable PTA.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"19 1","pages":"64-78"},"PeriodicalIF":0.0,"publicationDate":"2011-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74715261","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider here systems with piecewise linear dynamics that are periodically sampled with a given period {tau} . At each sampling time, the mode of the system, i.e., the parameters of the linear dynamics, can be switched, according to a switching rule. Such systems can be modelled as a special form of hybrid automata, called "switched systems", that are automata with an infinite real state space. The problem is to find a switching rule that guarantees the system to still be in a given area V at the next sampling time, and so on indefinitely. In this paper, we will consider two approaches: the indirect one that abstracts the system under the form of a finite discrete event system, and the direct one that works on the continuous state space. �Our methods rely on previous works, but we specialize them to a simplified context (linearity, periodic switching instants, absence of control input), which is motivated by the features of a focused case study: a DC-DC boost converter built by electronics laboratory SATIE (ENS Cachan). Our enhanced methods allow us to treat successfully this real-life example.
{"title":"Synthesis of Switching Rules for Ensuring Reachability Properties of Sampled Linear Systems","authors":"L. Fribourg, B. Revol, R. Soulat","doi":"10.4204/EPTCS.73.6","DOIUrl":"https://doi.org/10.4204/EPTCS.73.6","url":null,"abstract":"We consider here systems with piecewise linear dynamics that are periodically sampled with a given period {tau} . At each sampling time, the mode of the system, i.e., the parameters of the linear dynamics, can be switched, according to a switching rule. Such systems can be modelled as a special form of hybrid automata, called \"switched systems\", that are automata with an infinite real state space. The problem is to find a switching rule that guarantees the system to still be in a given area V at the next sampling time, and so on indefinitely. In this paper, we will consider two approaches: the indirect one that abstracts the system under the form of a finite discrete event system, and the direct one that works on the continuous state space. \u0000Our methods rely on previous works, but we specialize them to a simplified context (linearity, periodic switching instants, absence of control input), which is motivated by the features of a focused case study: a DC-DC boost converter built by electronics laboratory SATIE (ENS Cachan). Our enhanced methods allow us to treat successfully this real-life example.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"57 1","pages":"35-48"},"PeriodicalIF":0.0,"publicationDate":"2011-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81545440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We exploit (co)inductive specifications and proofs to appro ach the evaluation of low-level programs for the Unlimited Register Machine (URM)within the Coq system, a proof assistant based on the Calculus of (Co)Inductive Constructionstype theory. Our formalization allows us to certify the implementation of partial functions, thus it can be regarde d as a first step towards the development of a workbench for the formal analysis and verification of both c onverging and diverging computations.
{"title":"A coinductive semantics of the Unlimited Register Machine","authors":"Alberto Ciaffaglione","doi":"10.4204/EPTCS.73.7","DOIUrl":"https://doi.org/10.4204/EPTCS.73.7","url":null,"abstract":"We exploit (co)inductive specifications and proofs to appro ach the evaluation of low-level programs for the Unlimited Register Machine (URM)within the Coq system, a proof assistant based on the Calculus of (Co)Inductive Constructionstype theory. Our formalization allows us to certify the implementation of partial functions, thus it can be regarde d as a first step towards the development of a workbench for the formal analysis and verification of both c onverging and diverging computations.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"73 1","pages":"49-63"},"PeriodicalIF":0.0,"publicationDate":"2011-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80799032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Classic distributed control problems have an interesting dichotomy: they are either trivial or undecidable. If we allow the controllers to fully synchronize, then synthesis is trivial. In this case, controllers can effectively act as a single controller with complete information, resulting in a trivial control problem. But when we eliminate communication and restrict the supervisors to locally available information, the problem becomes undecidable. In this paper we argue in favor of a middle way. Communication is, in most applications, expensive, and should hence be minimized. We therefore study a solution that tries to communicate only scarcely and, while allowing communication in order to make joint decision, favors local decisions over joint decisions that require communication.
{"title":"Practical Distributed Control Synthesis","authors":"D. Peled, S. Schewe","doi":"10.4204/EPTCS.73.2","DOIUrl":"https://doi.org/10.4204/EPTCS.73.2","url":null,"abstract":"Classic distributed control problems have an interesting dichotomy: they are either trivial or undecidable. If we allow the controllers to fully synchronize, then synthesis is trivial. In this case, controllers can effectively act as a single controller with complete information, resulting in a trivial control problem. But when we eliminate communication and restrict the supervisors to locally available information, the problem becomes undecidable. In this paper we argue in favor of a middle way. Communication is, in most applications, expensive, and should hence be minimized. We therefore study a solution that tries to communicate only scarcely and, while allowing communication in order to make joint decision, favors local decisions over joint decisions that require communication.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"12 1","pages":"2-17"},"PeriodicalIF":0.0,"publicationDate":"2011-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82426164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bernard Boigelot, Julien Brusten, Jean-François Degbomont
This paper addresses the symbolic representation of non-convex real polyhedra, i.e., sets of real vectors satisfying arbitrary Boolean combinations of linear constraints. We develop an original data structure for representing such sets, based on an implicit and concise encoding of a known structure, the Real Vector Automaton. The resulting formalism provides a canonical representation of polyhedra, is closed under Boolean operators, and admits an efficient decision procedure for testing the membership of a vector.
{"title":"Implicit Real Vector Automata","authors":"Bernard Boigelot, Julien Brusten, Jean-François Degbomont","doi":"10.4204/EPTCS.39.5","DOIUrl":"https://doi.org/10.4204/EPTCS.39.5","url":null,"abstract":"This paper addresses the symbolic representation of non-convex real polyhedra, i.e., sets of real vectors satisfying arbitrary Boolean combinations of linear constraints. We develop an original data structure for representing such sets, based on an implicit and concise encoding of a known structure, the Real Vector Automaton. The resulting formalism provides a canonical representation of polyhedra, is closed under Boolean operators, and admits an efficient decision procedure for testing the membership of a vector.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"30 1","pages":"63-76"},"PeriodicalIF":0.0,"publicationDate":"2010-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75512493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Deterministic graph grammars generate regular graphs, that form a structural extension of configuration graphs of pushdown systems. In this paper, we study a probabilistic extension of regular graphs obtained by labelling the terminal arcs of the graph grammars by probabilities. Stochastic properties of these graphs are expressed using PCTL, a probabilistic extension of computation tree logic. We present here an algorithm to perform approximate verification of PCTL formulae. Moreover, we prove that the exact model-checking problem for PCTL on probabilistic regular graphs is undecidable, unless restricting to qualitative properties. Our results generalise those of EKM06, on probabilistic pushdown automata, using similar methods combined with graph grammars techniques.
{"title":"Probabilistic regular graphs","authors":"N. Bertrand, Christophe Morvan","doi":"10.4204/EPTCS.39.6","DOIUrl":"https://doi.org/10.4204/EPTCS.39.6","url":null,"abstract":"Deterministic graph grammars generate regular graphs, that form a structural extension of configuration graphs of pushdown systems. In this paper, we study a probabilistic extension of regular graphs obtained by labelling the terminal arcs of the graph grammars by probabilities. Stochastic properties of these graphs are expressed using PCTL, a probabilistic extension of computation tree logic. We present here an algorithm to perform approximate verification of PCTL formulae. Moreover, we prove that the exact model-checking problem for PCTL on probabilistic regular graphs is undecidable, unless restricting to qualitative properties. Our results generalise those of EKM06, on probabilistic pushdown automata, using similar methods combined with graph grammars techniques.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"17 1","pages":"77-90"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77988034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present here Imitator II, a new version of Imitator, a tool implementing the "inverse method" for parametric timed automata: given a reference valuation of the parameters, it synthesizes a constraint such that, for any valuation satisfying this constraint, the system behaves the same as under the reference valuation in terms of traces, i.e., alternating sequences of locations and actions. Imitator II also implements the "behavioral cartography algorithm", allowing us to solve the following good parameters problem: find a set of valuations within a given bounded parametric domain for which the system behaves well. We present new features and optimizations of the tool, and give results of applications to various examples of asynchronous circuits and communication protocols.
{"title":"IMITATOR II: A Tool for Solving the Good Parameters Problem in Timed Automata","authors":"É. André","doi":"10.4204/EPTCS.39.7","DOIUrl":"https://doi.org/10.4204/EPTCS.39.7","url":null,"abstract":"We present here Imitator II, a new version of Imitator, a tool implementing the \"inverse method\" for parametric timed automata: given a reference valuation of the parameters, it synthesizes a constraint such that, for any valuation satisfying this constraint, the system behaves the same as under the reference valuation in terms of traces, i.e., alternating sequences of locations and actions. Imitator II also implements the \"behavioral cartography algorithm\", allowing us to solve the following good parameters problem: find a set of valuations within a given bounded parametric domain for which the system behaves well. We present new features and optimizations of the tool, and give results of applications to various examples of asynchronous circuits and communication protocols.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"104 1","pages":"91-99"},"PeriodicalIF":0.0,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75014856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose an extension of the zone-based algorithmics for analyzing timed automata to handle systems where timing uncertainty is considered as probabilistic rather than set-theoretic. We study duration probabilistic automata (DPA), expressing multiple parallel processes admitting memoryfull continuously-distributed durations. For this model we develop an extension of the zone-based forward reachability algorithm whose successor operator is a density transformer, thus providing a solution to verification and performance evaluation problems concerning acyclic DPA (or the bounded-horizon behavior of cyclic DPA).
{"title":"On Zone-Based Analysis of Duration Probabilistic Automata","authors":"O. Maler, K. Larsen, B. Krogh","doi":"10.4204/EPTCS.39.3","DOIUrl":"https://doi.org/10.4204/EPTCS.39.3","url":null,"abstract":"We propose an extension of the zone-based algorithmics for analyzing timed automata to handle systems where timing uncertainty is considered as probabilistic rather than set-theoretic. We study duration probabilistic automata (DPA), expressing multiple parallel processes admitting memoryfull continuously-distributed durations. For this model we develop an extension of the zone-based forward reachability algorithm whose successor operator is a density transformer, thus providing a solution to verification and performance evaluation problems concerning acyclic DPA (or the bounded-horizon behavior of cyclic DPA).","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"1 1","pages":"33-46"},"PeriodicalIF":0.0,"publicationDate":"2010-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89555341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with the reachability analysis of {P,A}-Time Petri nets ({P,A}-TPN in short) in the context of strong semantics. It investigates the convexity of the union of state classes reached by different interleavings of the same set of transitions. In BB08, the authors have considered the T-TPN model and its Contracted State Class Graph (CSCG) and shown that this union is not necessarily convex. They have however established some sufficient conditions which ensure convexity. This paper shows that for the CSCG of {P,A}-TPN, this union is convex and can be computed without computing intermediate state classes. These results allow to improve the forward reachability analysis by agglomerating, in the same state class, all state classes reached by different interleavings of the same set of transitions (abstraction by convex-union).
{"title":"On interleaving in {P,A}-Time Petri nets with strong semantics","authors":"H. Boucheneb, Kamel Barkaoui","doi":"10.4204/EPTCS.39.2","DOIUrl":"https://doi.org/10.4204/EPTCS.39.2","url":null,"abstract":"This paper deals with the reachability analysis of {P,A}-Time Petri nets ({P,A}-TPN in short) in the context of strong semantics. It investigates the convexity of the union of state classes reached by different interleavings of the same set of transitions. In BB08, the authors have considered the T-TPN model and its Contracted State Class Graph (CSCG) and shown that this union is not necessarily convex. They have however established some sufficient conditions which ensure convexity. This paper shows that for the CSCG of {P,A}-TPN, this union is convex and can be computed without computing intermediate state classes. These results allow to improve the forward reachability analysis by agglomerating, in the same state class, all state classes reached by different interleavings of the same set of transitions (abstraction by convex-union).","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"99 1","pages":"17-31"},"PeriodicalIF":0.0,"publicationDate":"2010-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78385643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-09-30DOI: 10.1109/PDMC-HIBI.2010.9
J. Barnat, L. Brim, Milan Ceska, Petr Ročkai
Model checking became a standard method of analyzing complex systems in many application domains. No doubt, a number of applications is placing great demands on model checking tools. The process of analysis of complex and real-life systems often requires vast computation resources, memory in particular. This phenomenon, referred to as the state space explosion problem, has been tackled by many researchers during the past two decades. A plethora of more or less successful techniques to fight the problem have been introduced, including parallel and distributed-memory processing. DiVinE is a tool for LTL model checking and reach ability analysis of discrete distributed systems. The tool is able to efficiently exploit the aggregate computing power of multiple network-interconnected multi-cored workstations in order to deal with extremely large verification tasks. As such it allows to analyze systems whose size is far beyond the size of systems that can be handled with regular sequential tools. While the main focus of the tool is on high-performance explicit state model checking, an emphasis is also put on ease of deployment and usage. Additionally, the component architecture and publicly available source code of Divine allow for its usage as a platform for research on parallel and distributed-memory model checking techniques.
{"title":"DiVinE: Parallel Distributed Model Checker","authors":"J. Barnat, L. Brim, Milan Ceska, Petr Ročkai","doi":"10.1109/PDMC-HIBI.2010.9","DOIUrl":"https://doi.org/10.1109/PDMC-HIBI.2010.9","url":null,"abstract":"Model checking became a standard method of analyzing complex systems in many application domains. No doubt, a number of applications is placing great demands on model checking tools. The process of analysis of complex and real-life systems often requires vast computation resources, memory in particular. This phenomenon, referred to as the state space explosion problem, has been tackled by many researchers during the past two decades. A plethora of more or less successful techniques to fight the problem have been introduced, including parallel and distributed-memory processing. DiVinE is a tool for LTL model checking and reach ability analysis of discrete distributed systems. The tool is able to efficiently exploit the aggregate computing power of multiple network-interconnected multi-cored workstations in order to deal with extremely large verification tasks. As such it allows to analyze systems whose size is far beyond the size of systems that can be handled with regular sequential tools. While the main focus of the tool is on high-performance explicit state model checking, an emphasis is also put on ease of deployment and usage. Additionally, the component architecture and publicly available source code of Divine allow for its usage as a platform for research on parallel and distributed-memory model checking techniques.","PeriodicalId":31175,"journal":{"name":"Infinity","volume":"54 1","pages":"4-7"},"PeriodicalIF":0.0,"publicationDate":"2010-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90775560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: