Arnd Hartmanns

A Modest Approach to Checking Probabilistic Timed Automata

Probabilistic timed automata (PTA) combine discrete probabilistic choice, real time and nondeterminism. This paper presents a fully automatic tool for model checking PTA with respect to probabilistic and expected reachability properties. PTA are specified in Modest, a high-level compositional modelling language that includes features such as exception handling, dynamic parallelism and recursion, and thus enables model specification in a convenient fashion. For model checking, we use an integral semantics of time, representing clocks with bounded integer variables. This makes it possible to use the probabilistic model checker PRISM as analysis backend. We describe details of the approach and its implementation, and report results obtained for three different case studies.

Partial order methods for statistical model checking and simulation

Statistical model checking has become a promising technique to circumvent the state space explosion problem in model-based verification. It trades time for memory, via a probabilistic simulation and exploration of the model behaviour--often combined with effective a posteriori hypothesis testing. However, as a simulation-based approach, it can only provide sound verification results if the underlying model is a stochastic process. This drastically limits its applicability in verification, where most models are indeed variations of nondeterministic transition systems. In this paper, we describe a sound extension of statistical model checking to scenarios where nondeterminism is present. We focus on probabilistic automata, and discuss how partial order reduction can be twisted such as to apply statistical model checking to models with spurious nondeterminism. We report on an implementation of this technique and on promising results in the context of verification and dependability analysis of distributed systems.

A compositional modelling and analysis framework for stochastic hybrid systems

The theory of hybrid systems is well-established as a model for real-world systems consisting of continuous behaviour and discrete control. In practice, the behaviour of such systems is also subject to uncertainties, such as measurement errors, or is controlled by randomised algorithms. These aspects can be modelled and analysed using stochastic hybrid systems. In this paper, we present HModest, an extension to the Modest modelling language—which is originally designed for stochastic timed systems without complex continuous aspects—that adds differential equations and inclusions as an expressive way to describe the continuous system evolution. Modest is a high-level language inspired by classical process algebras, thus compositional modelling is an integral feature. We define the syntax and semantics of HModest and show that it is a conservative extension of Modest that retains the compositional modelling approach. To allow the analysis of HModest models, we report on the implementation of a connection to recently developed tools for the safety verification of stochastic hybrid systems, and illustrate the language and the tool support with a set of small, but instructive case studies.

The Modest Toolset: An Integrated Environment for Quantitative Modelling and Verification

Probabilities, real-time behaviour and continuous dynamics are the key ingredients of quantitative models enabling formal studies of non-functional properties such as dependability and performance. The Toolset is based on networks of stochastic hybrid automata (SHA) as an overarching semantic foundation. Many existing automata-based formalisms are special cases of SHA. The toolset aims to facilitate reuse of modelling expertise via Modest, a high-level compositional modelling language; to allow reuse of existing models by providing import and export facilities for existing languages; and to permit reuse of existing tools by integrating them in a unified modelling and analysis environment.

Simulation and statistical model checking for modestly nondeterministic models

Modest is a high-level compositional modelling language for stochastic timed systems with a formal semantics in terms of stochastic timed automata. The analysis of Modest models is supported by the Toolset, which includes the discrete-event simulator modes. modes handles arbitrary deterministic models as well as models that include nondeterminism due to concurrency through the use of methods inspired by partial order reduction. In this paper, we present version 1.4 of modes, which includes several enhancements compared to previous prototypical versions, such as support for recursive data structures, interactive simulation and statistical model checking.

On-the-fly confluence detection for statistical model checking

Statistical model checking is an analysis method that circumvents the state space explosion problem in model-based verification by combining probabilistic simulation with statistical methods that provide clear error bounds. As a simulation-based technique, it can only provide sound results if the underlying model is a stochastic process. In verification, however, models are usually variations of nondeterministic transition systems. The notion of confluence allows the reduction of such transition systems in classical model checking by removing spurious nondeterministic choices. In this paper, we show that confluence can be adapted to detect and discard such choices on-the-fly during simulation, thus extending the applicability of statistical model checking to a subclass of Markov decision processes. In contrast to previous approaches that use partial order reduction, the confluence-based technique can handle additional kinds of nondeterminism. In particular, it is not restricted to interleavings. We evaluate our approach, which is implemented as part of the modes simulator for the Modest modelling language, on a set of examples that highlight its strengths and limitations and show the improvements compared to the partial order-based method.

Model-checking and simulation for stochastic timed systems

For verification and performance evaluation, system models that can express stochastic as well as real-time behaviour are of increasing importance. Although an integrated stochastic-timed verification procedure is highly desirable, both model-checking and simulation currently fall short of providing a complete, fully automatic verification solution. For model-checking, the problem lies in the extreme expressiveness of such a model, while simulation is limited to stochastic processes and cannot deal with nondeterminism. In this paper, we review the use of stochastic timed automata as an overarching formalism to model stochastic timed systems and present two analysis approaches: Model-checking for the (large) subset corresponding to probabilistic timed automata with deadlines, for which solid implementations are appearing, and simulation, which we have recently shown to be applicable to models that also include spurious nondeterministic choices.

Modelling and decentralised runtime control of self-stabilising power micro grids

Electric power production infrastructures around the globe are shifting from centralised, controllable production to decentralised structures based on distributed microgeneration. As the share of renewable energy sources such as wind and solar power increases, electric power production becomes subject to unpredictable and significant fluctuations. This paper reports on formal behavioural models of future power grids with a substantial share of renewable, especially photovoltaic, microgeneration. We give a broad overview of the various system aspects of interest and the corresponding challenges in finding suitable abstractions and developing formal models. We focus on current developments within the German power grid, where enormous growth rates of microgeneration start to induce stability problems of a new kind. We build formal models to investigate runtime control algorithms for photovoltaic microgenerators in terms of grid stability, dependability and fairness. We compare the currently implemented and proposed runtime control strategies to a set of approaches that take up and combine ideas from randomised distributed algorithms widely used in communication protocols today. Our models are specified in Modest, an expressive modelling language for stochastic timed systems with a well-defined semantics. Current tool support for Modest allows the evaluation of the models using simulation as well as model-checking techniques.

Reachability and Reward Checking for Stochastic Timed Automata

Stochastic timed automata are an expressive formal model for hard and soft real-time systems. They support choices and delays that can be deterministic, nondeterministic or stochastic. Stochastic choices and delays can be based on arbitrary discrete and continuous distributions. In this paper, we present an analysis approach for stochastic timed automata based on abstraction and probabilistic model checking. It delivers upper/lower bounds on maximum/minimum reachability probabilities and expected cumulative reward values. Based on theory originally developed for stochastic hybrid systems, it is the first fully automated model checking technique for stochastic timed automata. Using an implementation as part of the MODESTTOOLSETand four varied examples, we show that the approach works in practice and present a detailed evaluation of its applicability, its efficiency, and current limitations.

A comparative analysis of decentralized power grid stabilization strategies

This paper reports on formal behavioral models of power grids with a substantial share of photovoltaic microgeneration. Simulation studies show that the current legislatory framework in Germany can induce frequency oscillations. This phenomenon is indeed recognized by the German Federal Network Agency responsible for overseeing the national power grids, and new regulations are currently being identified to counter this phenomenon. We study the currently valid proposal, and compare it with a set of alternative approaches that take up and combine ideas from communication protocol design, such as additive-increase/multiplicative-decrease known from TCP, and exponential backoff used in CSMA variations. We classify these alternatives with respect to their availability and goodput. The models are specified in the modeling language Modest, and simulated with the help of the modes simulator.