# Simulative Model Checking of Steady State and Time-Unbounded Temporal Operators

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Simulative Model Checking of Steady State and Time-Unbounded Temporal Operators Christian Rohr Department of Computer Science Brandenburg University of Technology Cottbus June 25, 2012

2 Outline 1 Introduction 2 Model checking 3 MARCIE 4 Example 5 Conclusion & Outlook Christian Rohr (BTU Cottbus) June 25, / 33

3 Outline 1 Introduction 2 Model checking 3 MARCIE 4 Example 5 Conclusion & Outlook Christian Rohr (BTU Cottbus) June 25, / 33

4 Introduction Stochastic models are used for a long time to model technical systems, and become increasingly popluar in Systems Biology. They are compulsory, if the stochastic noise is crucial for the behavioural properties to be investigated. Systems are getting more and more complex number of states grows Unbounded models number of states is simulative approach to handle such models Christian Rohr (BTU Cottbus) June 25, / 33

5 Introduction Stochastic Petri net Definition A stochastic Petri net SPN = (P, T, f, v, s 0 ) is defined as followed P a finite, non empty set of places T a finite, non empty set of transitions f : ((P T) (T P)) N 0 (weighted directed arcs) s 0 : initial state v: T H (stochastic firing rate functions) with H := { } t T h t h t : N t 0 R + v(t) = h t for all transitions t T Semantic: Continuous Time Markov Chain (CTMC) Christian Rohr (BTU Cottbus) June 25, / 33

6 Introduction Continuous Time Markov Chain Definition CTMC is a 3-tuple (S, R, s 0 ) with S denoting the state space of the underlying net and s 0 the initial state. R : S S R 0 { R(s, s h ) = j (s) t j T : s tj s 0 otherwise. E(s) = s S R(s, s ), exit rate of state s The transient probability π(α, s, τ) to be in a certain state s at a certain time point τ starting with a probability distribution α. Generalized to probability π(α, τ) for all reachable states at time point τ. The transient probability for infinite time π(α) is called the steady state property. Christian Rohr (BTU Cottbus) June 25, / 33

7 Introduction Stochastic Simulation creates a single finite path through the possibly infinite CTMC direct method introduced by Gillespie 1 next reaction method by Gibson & Bruck 2 The probability that a transition t j T will occur in the infinitesimal time interval [τ, τ + τ) is given by: P(τ + τ, t j s) = h j (s) e E(s) τ So, the enabled transitions in the net compete in a race condition. The fastest one determines the next state and the simulation time elapsed. In the new state, the race condition starts anew. 1 Gillespie 1977a. 2 Gibson et al Christian Rohr (BTU Cottbus) June 25, / 33

8 Introduction Stochastic Simulation Basically, each variant performs the following steps: 1 Initialise time t = t 0 and the system s state X at time t 0. 2 Repeat: 1 determine time increment τ R 2 select next reaction type j depending on the current state X(t) 3 perform state transition imposed by reaction of type j and update state vector X 4 update time t = t + τ. until simulation time is reached. Christian Rohr (BTU Cottbus) June 25, / 33

9 Introduction Stochastic Simulation To achieve an appropriate accuracy of the results, several simulation runs need to be done. The method of our choice is the confidence interval 3. Assuming an accuracy of the results of 10 5 and a confidence level of 95% leads to 38, 000, 000 runs. The number of required simulation runs increases exponentially with the accuracy. speed up simulation by running several simulations in parallel (multiple threads, multiple processes) 3 Sandmann et al Christian Rohr (BTU Cottbus) June 25, / 33

10 Outline 1 Introduction 2 Model checking 3 MARCIE 4 Example 5 Conclusion & Outlook Christian Rohr (BTU Cottbus) June 25, / 33

11 Model checking A more sophisticated analysis approach. automatically determines whether a system satisfies a specific property expressed in some kind of temporal logic Probabilistic Linear-time Temporal Logic with numerical constraints PLTLc Example What is the probability to reach a state satisfying some state property σ? P =? [F(σ)] state property σ i.e. A = B, A + B > C, B 5,... Christian Rohr (BTU Cottbus) June 25, / 33

12 Model checking Linear-time Temporal Logic Linear-time Temporal Logic (LTL) 4 is the fragment of full Computational Tree Logic (CTL) 5 without path quantifiers, implicitly quantifying universally over all paths. Definition φ := X I φ F I φ G I φ φ U I φ φ φ φ φ φ σ I = {x R + x 1 x x 2 }, omit I = [0, ) σ := σ σ σ σ σ value value true false {<,,, >, =, } value := value value Place Int Real function {+,,, /} LTL formulae return true if the trace fulfils the formula, false otherwise. 4 Pnueli Clarke et al Christian Rohr (BTU Cottbus) June 25, / 33

13 Model checking Linear-time Temporal Logic Definition Temporal operators: X φ : next, for at the next time point φ 1 U φ 2 : until, indicates that a future state where its second argument (φ 2 ) holds is reached while its first argument (φ 1 ) continuously holds F φ : finally, for at some time point in the future G φ : globally, for at all time points in the future Dualities: X φ X φ; F φ true U φ; G φ F φ; F φ G φ; G φ F φ Christian Rohr (BTU Cottbus) June 25, / 33

14 Model checking LTL with numerical constraints Numerical constraints 6 are added to the language by including free variables" fvariable in the definition of value. Definition value := fvariable value value Place Int Real function {+,,, /} LTLc formulae return the domain D φ N n of the free variables so that φ becomes true. 6 Fages et al Christian Rohr (BTU Cottbus) June 25, / 33

15 Model checking Probabilistic LTLc Probabilistic LTLc 7 enhances LTLc by the inclusion of a probability operator, and the probabilistic interpretation of the domains for the free variables. Definition ψ := P x [φ] P =? [φ] {<,,, >}, x [0, 1] PLTLc formulae of type P =? [φ] return the probability that φ is true, P 0.5 [φ] return true if the probability that φ holds is lower or equal to 0.5, false otherwise. 7 Donaldson et al Christian Rohr (BTU Cottbus) June 25, / 33

16 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

17 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

18 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

19 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

20 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

21 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

22 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

23 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

24 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

25 Model checking Time-Unbounded Until When to stop the simulation trace? a fixed, large number of simulation steps a fixed, long end time for simulation trace reaching the steady state is a reasonable stopping criteria in steady state numerous properties don t change in time for any property p of the system p t = 0 recently observed behaviour of the system will continue into the future the probabilities that various states will be repeated will remain constant Christian Rohr (BTU Cottbus) June 25, / 33

26 Model checking Steady State Steady state simulation generally poses two problems: 1 The existence of a transient phase may cause the estimate to be biased. 2 The simulation runs are long, and usually one cannot afford to carry out many independent simulations. Algorithms: 1 batch means method 2 method of independent replicas 3 regeneration method Christian Rohr (BTU Cottbus) June 25, / 33

27 Model checking Steady State Skart 8 an automated sequential procedure for on-the-fly steady-state simulation output analysis exhibit competitive sampling efficiency substantially closer conformance to the given CI coverage probabilities than other procedures 9 sample batch means algorithm make one long run and partition into batches compute an average statistic for each batch construct an interval estimate using the batch means sum up occupation time of fulfilling state S = occupation time/simulation time but: several runs needed, because of multiple strongly connected components 8 Tafazzoli et al ASAP3, WASSP, SBatch, ABATCH, LBATCH Christian Rohr (BTU Cottbus) June 25, / 33

28 Model checking Steady State Extension of PLTLc with steady state operator S. Definition ψ := P x [φ] P =? [φ] S x [σ] S =? [σ] {<,,, >}, x [0, 1] φ := X I φ F I φ G I φ φ U I φ φ φ φ φ φ σ I = {x R + x 1 x x 2 }, omit I = [0, ) σ := σ σ σ σ σ value value true false {<,,, >, =, } value := value value Place Int Real function {+,,, /} Christian Rohr (BTU Cottbus) June 25, / 33

29 Outline 1 Introduction 2 Model checking 3 MARCIE 4 Example 5 Conclusion & Outlook Christian Rohr (BTU Cottbus) June 25, / 33

30 MARCIE symbolic and simulative analysis tool for stochastic Petri nets efficient Interval Decision Diagram (IDD) implementation symbolic state space analysis including efficient saturation-based state space generation evaluation of standard Petri net properties as well as CTL model checking symbolic Continuous Stochastic Reward Logic (CSRL) model checking Christian Rohr (BTU Cottbus) June 25, / 33

31 MARCIE two exact simulation algorithms direct method 10 next reaction method 11 parallelised simulation engine using multiple threads or Message Passing Interface (MPI) simulative PLTLc model checking (on-the-fly, offline) available at 10 Gillespie 1977b. 11 Gibson et al Christian Rohr (BTU Cottbus) June 25, / 33

32 Outline 1 Introduction 2 Model checking 3 MARCIE 4 Example 5 Conclusion & Outlook Christian Rohr (BTU Cottbus) June 25, / 33

33 Example RKIP inhibited ERK pathway Raf1Star RKIP r1 r2 ERKpp Raf1Star_RKIP r8 r3 r4 r11 MEKpp_ERK Raf1Star_RKIP_ERKpp RKIPp_RP r6 r7 r5 r9 r10 MEKpp ERK RKIPp RP non-linear ODE model 12, Petri net model 13 stochastic Petri net SPN ERK with 11 places and 11 transitions connected by 34 arcs mass action kinetics with original parameter values 12 Cho et al Gilbert et al. 2006; Heiner et al. 2010b. Christian Rohr (BTU Cottbus) June 25, / 33

34 Example RKIP inhibited ERK pathway State space The size of the state space for different initial markings of SPN ERK computed with MARCIE s symbolic state space generation. All places which carry one token in SPN ERK have now initially N tokens. N states N states N states N states 5 1, ,696, ,414, , ,723, , ,721, Christian Rohr (BTU Cottbus) June 25, / 33

35 Example RKIP inhibited ERK pathway Reachability We first check the reachability of a state at some time in the future, such that the number of tokens on place MEKpp is between 60% and 80% of N: P =? [F [MEKpp N 0.6 MEKpp N 0.8]]. This is the same property as in Heiner et al. 2010a, but without time bounds. Christian Rohr (BTU Cottbus) June 25, / 33

36 Example RKIP inhibited ERK pathway Result Reachability analysis for different initial markings N of SPN ERK. The total time is given for different numbers of workers. N result 20 0m56s 0m28s 0m14s 0m7s 0m3s 0m2s 0m0s [1,1] 30 1m17s 0m38s 0m19s 0m10s 0m4s 0m3s 0m1s [1,1] 40 1m38s 0m48s 0m24s 0m12s 0m6s 0m3s 0m1s [1,1] 50 1m57s 0m59s 0m30s 0m15s 0m7s 0m4s 0m2s [1,1] 60 2m23s 1m9s 0m35s 0m17s 0m8s 0m5s 0m3s [1,1] In any case such a state was reached, therefore the probability of the formula is 1. Christian Rohr (BTU Cottbus) June 25, / 33

37 Example RKIP inhibited ERK pathway Steady State Since we know now that such a state is eventually reached, we want to compute the steady state probability of being in such a state, where the number of tokens on place MEKpp is between 60% and 80% of N: S =? [MEKpp N 0.6 MEKpp N 0.8]. This is the same property as in Heiner et al. 2010a, so we can verify the correctness of the results. Christian Rohr (BTU Cottbus) June 25, / 33

38 Example RKIP inhibited ERK pathway Result Steady state analysis for different initial markings N of SPN ERK. The total time is given for different numbers of workers. N result 20 7m31s 3m46s 1m53s 0m57s 0m27s 0m17s 0m10s [ , ] 30 7m34s 3m43s 1m51s 0m57s 0m28s 0m17s 0m11s [ , ] 40 7m40s 3m43s 1m56s 0m57s 0m28s 0m18s 0m11s [ , ] 50 7m43s 3m57s 1m57s 1m0s 0m30s 0m17s 0m11s [ , ] 60 7m53s 3m59s 1m56s 1m1s 0m28s 0m17s 0m12s [ , ] The resulting confidence interval covers the probability computed by the Jacobi method in Heiner et al. 2010a. The algorithm scales nearly linear with the number of worker processes. Christian Rohr (BTU Cottbus) June 25, / 33

39 Outline 1 Introduction 2 Model checking 3 MARCIE 4 Example 5 Conclusion & Outlook Christian Rohr (BTU Cottbus) June 25, / 33

40 Conclusion efficient stochastic simulation (direct, next reaction method) simulative PLTLc model checking simulative steady state computation time-unbounded temporal operators on-the-fly and offline multi-threaded and distributed computation Christian Rohr (BTU Cottbus) June 25, / 33

41 Outlook extensive comparisons to other simulative/statistical model checking methods/tools simulation & model checking at the colored level simulative model checking of hybrid Petri nets reinvestigate GPGPU for simulative model checking Christian Rohr (BTU Cottbus) June 25, / 33

42 Thank you for your attention!

### T-79.186 Reactive Systems: Introduction and Finite State Automata

T-79.186 Reactive Systems: Introduction and Finite State Automata Timo Latvala 14.1.2004 Reactive Systems: Introduction and Finite State Automata 1-1 Reactive Systems Reactive systems are a class of software

### Development of dynamically evolving and self-adaptive software. 1. Background

Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Requirements Functional requirements

### Formal Verification Methods 3: Model Checking

Formal Verification Methods 3: Model Checking John Harrison Intel Corporation Marktoberdorf 2003 Fri 1st August 2003 (11:25 12:10) This presentation was not given in Marktoberdorf since it mostly duplicates

### On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems 29 August 2011 What are workflows to us? Plans or schedules that map users or resources to tasks Such mappings may

### Formal Verification and Linear-time Model Checking

Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging

### Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection Martin Leucker Technische Universität München (joint work with Andreas Bauer, Christian Schallhart et. al) FLACOS

### Temporal Logics. Computation Tree Logic

Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving

### The Righteous and the Wicked: Efficient high-level methods for performance analysis

The Righteous and the Wicked: Efficient high-level methods for performance analysis Stephen Gilmore Joint work with Anne Benoit, Murray Cole and Jane Hillston Enhance project, LFCS, University of Edinburgh

### Testing LTL Formula Translation into Büchi Automata

Testing LTL Formula Translation into Büchi Automata Heikki Tauriainen and Keijo Heljanko Helsinki University of Technology, Laboratory for Theoretical Computer Science, P. O. Box 5400, FIN-02015 HUT, Finland

### Automata-based Verification - I

CS3172: Advanced Algorithms Automata-based Verification - I Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2006 Supporting and Background Material Copies of key slides (already

### CS556 Course Project Performance Analysis of M-NET using GSPN

Performance Analysis of M-NET using GSPN CS6 Course Project Jinchun Xia Jul 9 CS6 Course Project Performance Analysis of M-NET using GSPN Jinchun Xia. Introduction Performance is a crucial factor in software

### Monitoring Metric First-order Temporal Properties

Monitoring Metric First-order Temporal Properties DAVID BASIN, FELIX KLAEDTKE, SAMUEL MÜLLER, and EUGEN ZĂLINESCU, ETH Zurich Runtime monitoring is a general approach to verifying system properties at

### HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction

### Software Modeling and Verification

Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015 Algorithmic verification Correctness problem Is the software/hardware system

### Bisimulation and Logical Preservation for Continuous-Time Markov Decision Processes

Bisimulation and Logical Preservation for Continuous-Time Markov Decision Processes Martin R. Neuhäußer 1,2 Joost-Pieter Katoen 1,2 1 RWTH Aachen University, Germany 2 University of Twente, The Netherlands

### Algorithmic Software Verification

Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal

### Markov Chains and Queueing Networks

CS 797 Independent Study Report on Markov Chains and Queueing Networks By: Vibhu Saujanya Sharma (Roll No. Y211165, CSE, IIT Kanpur) Under the supervision of: Prof. S. K. Iyer (Dept. Of Mathematics, IIT

### A Visualization System and Monitoring Tool to Measure Concurrency in MPICH Programs

A Visualization System and Monitoring Tool to Measure Concurrency in MPICH Programs Michael Scherger Department of Computer Science Texas Christian University Email: m.scherger@tcu.edu Zakir Hussain Syed

### Coding and decoding with convolutional codes. The Viterbi Algor

Coding and decoding with convolutional codes. The Viterbi Algorithm. 8 Block codes: main ideas Principles st point of view: infinite length block code nd point of view: convolutions Some examples Repetition

### Formal Verification by Model Checking

Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking

### Fluid models in performance analysis

Fluid models in performance analysis Marco Gribaudo 1, Miklós Telek 2 1 Dip. di Informatica, Università di Torino, marcog@di.unito.it 2 Dept. of Telecom., Technical University of Budapest telek@hitbme.hu

### Static Program Transformations for Efficient Software Model Checking

Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

### State Space Analysis: Properties, Reachability Graph, and Coverability graph. prof.dr.ir. Wil van der Aalst

State Space Analysis: Properties, Reachability Graph, and Coverability graph prof.dr.ir. Wil van der Aalst Outline Motivation Formalization Basic properties Reachability graph Coverability graph PAGE 1

### A Petri Net Model for High Availability in Virtualized Local Disaster Recovery

2011 International Conference on Information Communication and Management IPCSIT vol.16 (2011) (2011) IACSIT Press, Singapore A Petri Net Model for High Availability in Virtualized Local Disaster Recovery

### Model Checking: An Introduction

Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI

### Formal Verification Problems in a Bigdata World: Towards a Mighty Synergy

Dept. of Computer Science Formal Verification Problems in a Bigdata World: Towards a Mighty Synergy Matteo Camilli matteo.camilli@unimi.it http://camilli.di.unimi.it ICSE 2014 Hyderabad, India June 3,

### The Analysis Method about Change Domain of Business Process Model Based on the Behavior Profile of Petri Net

Appl. Math. Inf. Sci. 6-3S, No. 3, 943-949 (2012) 943 Applied Mathematics & Information Sciences An International Journal The Analysis Method about Change Domain of Business Process Model Based on the

### A Classification of Model Checking-based Verification Approaches for Software Models

A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software

### Cassandra. References:

Cassandra References: Becker, Moritz; Sewell, Peter. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. 2004. Li, Ninghui; Mitchell, John. Datalog with Constraints: A Foundation

### Programma della seconda parte del corso

Programma della seconda parte del corso Introduction Reliability Performance Risk Software Performance Engineering Layered Queueing Models Stochastic Petri Nets New trends in software modeling: Metamodeling,

### Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Today s Agenda Quiz 4 Temporal Logic Formal Methods in Software Engineering 1 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 2 1 Buchi Automata

### Introduction to Scheduling Theory

Introduction to Scheduling Theory Arnaud Legrand Laboratoire Informatique et Distribution IMAG CNRS, France arnaud.legrand@imag.fr November 8, 2004 1/ 26 Outline 1 Task graphs from outer space 2 Scheduling

### MIN-MAX CONFIDENCE INTERVALS

MIN-MAX CONFIDENCE INTERVALS Johann Christoph Strelen Rheinische Friedrich Wilhelms Universität Bonn Römerstr. 164, 53117 Bonn, Germany E-mail: strelen@cs.uni-bonn.de July 2004 STOCHASTIC SIMULATION Random

### IEOR 6711: Stochastic Models, I Fall 2012, Professor Whitt, Final Exam SOLUTIONS

IEOR 6711: Stochastic Models, I Fall 2012, Professor Whitt, Final Exam SOLUTIONS There are four questions, each with several parts. 1. Customers Coming to an Automatic Teller Machine (ATM) (30 points)

### Railway Network Modelling Using Petri Nets

Mandira Banik et al IJCSET July 2013 Vol 3, Issue 7,249-255 Railway Network Modelling Using Petri Nets Mandira Banik, Sudeep Ghosh Guru Nanak Institute of Technology, West Bengal,India Abstract - This

### From Workflow Design Patterns to Logical Specifications

AUTOMATYKA/ AUTOMATICS 2013 Vol. 17 No. 1 http://dx.doi.org/10.7494/automat.2013.17.1.59 Rados³aw Klimek* From Workflow Design Patterns to Logical Specifications 1. Introduction Formal methods in software

### A Logic Approach for LTL System Modification

A Logic Approach for LTL System Modification Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au

### Reinforcement Learning

Reinforcement Learning LU 2 - Markov Decision Problems and Dynamic Programming Dr. Martin Lauer AG Maschinelles Lernen und Natürlichsprachliche Systeme Albert-Ludwigs-Universität Freiburg martin.lauer@kit.edu

### Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 8-1-2007 Using Patterns and Composite Propositions to Automate the Generation of Complex

### Introduction to Software Verification

Introduction to Software Verification Orna Grumberg Lectures Material winter 2013-14 Lecture 4 5.11.13 Model Checking Automated formal verification: A different approach to formal verification Model Checking

### Lecture 2: The Complexity of Some Problems

IAS/PCMI Summer Session 2000 Clay Mathematics Undergraduate Program Basic Course on Computational Complexity Lecture 2: The Complexity of Some Problems David Mix Barrington and Alexis Maciel July 18, 2000

### Model Checking II Temporal Logic Model Checking

1/32 Model Checking II Temporal Logic Model Checking Edmund M Clarke, Jr School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 2/32 Temporal Logic Model Checking Specification Language:

### logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling

### Response time behavior of distributed voting algorithms for managing replicated data

Information Processing Letters 75 (2000) 247 253 Response time behavior of distributed voting algorithms for managing replicated data Ing-Ray Chen a,, Ding-Chau Wang b, Chih-Ping Chu b a Department of

### On Recognizable Timed Languages FOSSACS 2004

On Recognizable Timed Languages Oded Maler VERIMAG Grenoble France Amir Pnueli NYU and Weizmann New York and Rehovot USA FOSSACS 2004 Nutrition Facts Classical (Untimed) Recognizability Timed Languages

### Specification and Analysis of Contracts Lecture 1 Introduction

Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.

### University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when

### Informatics 2D Reasoning and Agents Semester 2, 2015-16

Informatics 2D Reasoning and Agents Semester 2, 2015-16 Alex Lascarides alex@inf.ed.ac.uk Lecture 30 Markov Decision Processes 25th March 2016 Informatics UoE Informatics 2D 1 Sequential decision problems

### Reinforcement Learning

Reinforcement Learning LU 2 - Markov Decision Problems and Dynamic Programming Dr. Joschka Bödecker AG Maschinelles Lernen und Natürlichsprachliche Systeme Albert-Ludwigs-Universität Freiburg jboedeck@informatik.uni-freiburg.de

### Software Active Online Monitoring Under. Anticipatory Semantics

Software Active Online Monitoring Under Anticipatory Semantics Changzhi Zhao, Wei Dong, Ji Wang, Zhichang Qi National Laboratory for Parallel and Distributed Processing P.R.China 7/21/2009 Overview Software

### Kirsten Sinclair SyntheSys Systems Engineers

Kirsten Sinclair SyntheSys Systems Engineers Kirsten Sinclair SyntheSys Systems Engineers Spicing-up IBM s Enterprise Architecture tools with Petri Nets On Today s Menu Appetiser: Background Starter: Use

### Neuro-Dynamic Programming An Overview

1 Neuro-Dynamic Programming An Overview Dimitri Bertsekas Dept. of Electrical Engineering and Computer Science M.I.T. September 2006 2 BELLMAN AND THE DUAL CURSES Dynamic Programming (DP) is very broadly

### Business Process Verification: The Application of Model Checking and Timed Automata

Business Process Verification: The Application of Model Checking and Timed Automata Luis E. Mendoza Morales Processes and Systems Department, Simón Bolívar University, P.O. box 89000, Baruta, Venezuela,

### Lecture 9 verifying temporal logic

Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models

### Lecture 7: Finding Lyapunov Functions 1

Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.243j (Fall 2003): DYNAMICS OF NONLINEAR SYSTEMS by A. Megretski Lecture 7: Finding Lyapunov Functions 1

### Process Modelling from Insurance Event Log

Process Modelling from Insurance Event Log P.V. Kumaraguru Research scholar, Dr.M.G.R Educational and Research Institute University Chennai- 600 095 India Dr. S.P. Rajagopalan Professor Emeritus, Dr. M.G.R

### Coverability for Parallel Programs

2015 http://excel.fit.vutbr.cz Coverability for Parallel Programs Lenka Turoňová* Abstract We improve existing method for the automatic verification of systems with parallel running processes. The technique

### The Model Checker SPIN

The Model Checker SPIN Author: Gerard J. Holzmann Presented By: Maulik Patel Outline Introduction Structure Foundation Algorithms Memory management Example/Demo SPIN-Introduction Introduction SPIN (Simple(

### Formal Verification of Software

Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

### Verification of hybrid dynamical systems

Verification of hybrid dynamical systems Jüri Vain Tallinn Technical University/Institute of Cybernetics vain@ioc.ee Outline What are Hybrid Systems? Hybrid automata Verification of hybrid systems Verification

### System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

System modeling Business process modeling how to do it right Partially based on Process Anti-Patterns: How to Avoid the Common Traps of Business Process Modeling, J Koehler, J Vanhatalo, IBM Zürich, 2007.

### itesla Project Innovative Tools for Electrical System Security within Large Areas

itesla Project Innovative Tools for Electrical System Security within Large Areas Samir ISSAD RTE France samir.issad@rte-france.com PSCC 2014 Panel Session 22/08/2014 Advanced data-driven modeling techniques

### A Tunnel Freezing Process with Adaptive Control A Stochastic Modeling Approach

A Tunnel Freezing Process with Adaptive Control A Stochastic Modeling Approach S. Ramakrishnan N. Gautam R. A. Wysk Department of Industrial and Manufacturing Engineering Pennsylvania State University

### Average System Performance Evaluation using Markov Chain

Designing high performant Systems: statistical timing analysis and optimization Average System Performance Evaluation using Markov Chain Weiyun Lu Supervisor: Martin Radetzki Sommer Semester 2006 Stuttgart

### Introduction to Flocking {Stochastic Matrices}

Supelec EECI Graduate School in Control Introduction to Flocking {Stochastic Matrices} A. S. Morse Yale University Gif sur - Yvette May 21, 2012 CRAIG REYNOLDS - 1987 BOIDS The Lion King CRAIG REYNOLDS

### Development of global specification for dynamically adaptive software

Development of global specification for dynamically adaptive software Yongwang Zhao School of Computer Science & Engineering Beihang University zhaoyw@act.buaa.edu.cn 22/02/2013 1 2 About me Assistant

### Chapter 2: Binomial Methods and the Black-Scholes Formula

Chapter 2: Binomial Methods and the Black-Scholes Formula 2.1 Binomial Trees We consider a financial market consisting of a bond B t = B(t), a stock S t = S(t), and a call-option C t = C(t), where the

### Using the Theory of Reals in. Analyzing Continuous and Hybrid Systems

Using the Theory of Reals in Analyzing Continuous and Hybrid Systems Ashish Tiwari Computer Science Laboratory (CSL) SRI International (SRI) Menlo Park, CA 94025 Email: ashish.tiwari@sri.com Ashish Tiwari

### Formal Modeling Approach for Supply Chain Event Management

Formal Modeling Approach for Supply Chain Event Management Rong Liu and Akhil Kumar Smeal College of Business Penn State University University Park, PA 16802, USA {rul110,akhilkumar}@psu.edu Wil van der

### MODEL CHECKING ONE-CLOCK PRICED TIMED AUTOMATA

MODEL CHECKING ONE-CLOCK PRICED TIMED AUTOMATA PATRICIA BOUYER, KIM G. LARSEN, AND NICOLAS MARKEY LSV, CNRS & ENS de Cachan, France Oxford University Computing Laboratory, UK e-mail address: bouyer@lsv.ens-cachan.fr

### Software Verification and Testing. Lecture Notes: Temporal Logics

Software Verification and Testing Lecture Notes: Temporal Logics Motivation traditional programs (whether terminating or non-terminating) can be modelled as relations are analysed wrt their input/output

### Algorithms for Monitoring Real-time Properties

Algorithms for Monitoring Real-time Properties David Basin, Felix Klaedtke, and Eugen Zălinescu Computer Science Department, ETH Zurich, Switzerland Abstract. We present and analyze monitoring algorithms

### On strong fairness in UNITY

On strong fairness in UNITY H.P.Gumm, D.Zhukov Fachbereich Mathematik und Informatik Philipps Universität Marburg {gumm,shukov}@mathematik.uni-marburg.de Abstract. In [6] Tsay and Bagrodia present a correct

System Modelingg Models of Computation and their Applications Axel Jantsch Laboratory for Electronics and Computer Systems (LECS) Royal Institute of Technology, Stockholm, Sweden February 4, 2005 System

### Automata and Languages

Automata and Languages Computational Models: An idealized mathematical model of a computer. A computational model may be accurate in some ways but not in others. We shall be defining increasingly powerful

### DiPro - A Tool for Probabilistic Counterexample Generation

DiPro - A Tool for Probabilistic Counterexample Generation Husain Aljazzar, Florian Leitner-Fischer, Stefan Leue, and Dimitar Simeonov University of Konstanz, Germany Abstract. The computation of counterexamples

### Context-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition

### Load Balancing and Switch Scheduling

EE384Y Project Final Report Load Balancing and Switch Scheduling Xiangheng Liu Department of Electrical Engineering Stanford University, Stanford CA 94305 Email: liuxh@systems.stanford.edu Abstract Load

### http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86

Atlantic Electronic http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 AUTOMATED RECOGNITION OF STUTTER INVARIANCE OF LTL FORMULAS Jeffrey Dallien 1 and Wendy

### Model Checking based Software Verification

Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24

### Forecasting methods applied to engineering management

Forecasting methods applied to engineering management Áron Szász-Gábor Abstract. This paper presents arguments for the usefulness of a simple forecasting application package for sustaining operational

### COMBINING THE METHODS OF FORECASTING AND DECISION-MAKING TO OPTIMISE THE FINANCIAL PERFORMANCE OF SMALL ENTERPRISES

COMBINING THE METHODS OF FORECASTING AND DECISION-MAKING TO OPTIMISE THE FINANCIAL PERFORMANCE OF SMALL ENTERPRISES JULIA IGOREVNA LARIONOVA 1 ANNA NIKOLAEVNA TIKHOMIROVA 2 1, 2 The National Nuclear Research

### Numerical Methods for Option Pricing

Chapter 9 Numerical Methods for Option Pricing Equation (8.26) provides a way to evaluate option prices. For some simple options, such as the European call and put options, one can integrate (8.26) directly

### 8.5 PETRI NETS. Figure A computer program. Figure 8.5.2

8.5 PETRI NETS Consider the computer program shown in Figure 8.5.1. Normally, the instructions would be processed sequentially first, A = 1, then B = 2, and so on. However, notice that there is no logical

### Queueing Networks with Blocking - An Introduction -

Queueing Networks with Blocking - An Introduction - Jonatha ANSELMI anselmi@elet.polimi.it 5 maggio 006 Outline Blocking Blocking Mechanisms (BAS, BBS, RS) Approximate Analysis - MSS Basic Notation We

### PETRI NET BASED SUPERVISORY CONTROL OF FLEXIBLE BATCH PLANTS. G. Mušič and D. Matko

PETRI NET BASED SUPERVISORY CONTROL OF FLEXIBLE BATCH PLANTS G. Mušič and D. Matko Faculty of Electrical Engineering, University of Ljubljana, Slovenia. E-mail: gasper.music@fe.uni-lj.si Abstract: The

### Scheduling Algorithms for Downlink Services in Wireless Networks: A Markov Decision Process Approach

Scheduling Algorithms for Downlink Services in Wireless Networks: A Markov Decision Process Approach William A. Massey ORFE Department Engineering Quadrangle, Princeton University Princeton, NJ 08544 K.

### Efficiently Identifying Inclusion Dependencies in RDBMS

Efficiently Identifying Inclusion Dependencies in RDBMS Jana Bauckmann Department for Computer Science, Humboldt-Universität zu Berlin Rudower Chaussee 25, 12489 Berlin, Germany bauckmann@informatik.hu-berlin.de

### CONTINUOUS DYNAMIC ABSTRACTION FOR RELIABILITY AND SAFETY ANALYSIS OF HYBRID SYSTEMS. Nabil SADOU* Hamid DEMMOU* Jean-Claude PASCAL* Robert VALETTE*

CONTINUOUS DYNAMIC ABSTRACTION FOR RELIABILITY AND SAFETY ANALYSIS OF HYBRID SYSTEMS Nabil SADOU* Hamid DEMMOU* Jean-Claude PASCAL* Robert VALETTE* * LAAS-CNRS F-31077 Toulouse Cedex 4, France Abstract:

### Safety verification of software using structured Petri nets

Safety verification of software using structured Petri nets Krzysztof Sacha Warsaw University of Technology, Institute of Control and Computation Engineering, ul. Nowowiejska 15/19, 00-665 Warszawa, Poland

### AUTOMATING DISCRETE EVENT SIMULATION OUTPUT ANALYSIS AUTOMATIC ESTIMATION OF NUMBER OF REPLICATIONS, WARM-UP PERIOD AND RUN LENGTH.

Proceedings of the 2009 INFORMS Simulation Society Research Workshop L.H. Lee, M. E. Kuhl, J. W. Fowler and S.Robinson, eds. AUTOMATING DISCRETE EVENT SIMULATION OUTPUT ANALYSIS AUTOMATIC ESTIMATION OF

### Model Checking CobWeb Protocols for Verification of HTML Frames Behavior

Model Checking CobWeb Protocols for Verification of HTML Frames Behavior David Stotts Dept. of Computer Science Univ. of North Carolina Chapel Hill, North Carolina stotts@cs.unc.edu Jaime Navon Dept. of

### S. Boyd EE102. Lecture 1 Signals. notation and meaning. common signals. size of a signal. qualitative properties of signals.

S. Boyd EE102 Lecture 1 Signals notation and meaning common signals size of a signal qualitative properties of signals impulsive signals 1 1 Signals a signal is a function of time, e.g., f is the force

### DATA MINING IN FINANCE

DATA MINING IN FINANCE Advances in Relational and Hybrid Methods by BORIS KOVALERCHUK Central Washington University, USA and EVGENII VITYAEV Institute of Mathematics Russian Academy of Sciences, Russia

### Constructing Automata from Temporal Logic Formulas : A Tutorial

Constructing Automata from Temporal Logic Formulas : A Tutorial Pierre Wolper Université de Liège, Institut Montefiore, B28, 4000 Liège, Belgium pw@montefiore.ulg.ac.be, http://www.montefiore.ulg.ac.be/~pw/

### Software Performance Evaluation Utilizing UML Specification and SRN Model and Their Formal Representation

Software Performance Evaluation Utilizing UML Specification and SRN Model and Their Formal Representation Razib Hayat Khan*, Poul E. Heegaard Norwegian University of Science & Technology (NTNU), Trondheim,

### Project management: a simulation-based optimization method for dynamic time-cost tradeoff decisions

Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 2009 Project management: a simulation-based optimization method for dynamic time-cost tradeoff decisions Radhamés

### MODELING AND ANALYZING OF A CONSTRUCTION PROJECT CONSIDERING RESOURCE ALLOCATION THROUGH A HYBRID METHODOLOGY: PETRI NETS AND FUZZY RULE BASED SYSTEMS

MODELING AND ANALYZING OF A CONSTRUCTION PROJECT CONSIDERING RESOURCE ALLOCATION THROUGH A HYBRID METHODOLOGY: PETRI NETS AND FUZZY RULE BASED SYSTEMS Kemal SUBULAN 1, Alper SALTABAS 1, A.Serdar TASAN