Structured Language for Specifications of Quantitative Requirements
|
|
- Scot Chapman
- 6 years ago
- Views:
Transcription
1 Structured Language for Specifications of Quantitative Requirements Mario Dal Cin University of Erlangen-Nuremberg Informatik 3 dalcin@infomatik.uni-erlangen.de Abstract Requirements for dependable systems need to be understandable and, at the same time, have to satisfy consistency and unambiguity properties. We provide a means to specify nonfunctional requirements in terms of structured English sentences. We define their the syntax by a clear and consistent notation. For verification these sentences have to be transformed to a notation that can be interpreted by analysis tools. It is shown how this can be achieved via several translation steps. 1. Introduction Assurance of dependability properties demands to specify and to verify non-functional system requirements. Otherwise, pure functional specifications leave the system s behavior undefined in the presence of a fault. In a quantitative setting it is typically checked whether the probability for a certain property meets a given lower or upper bound. In a risk-based approach these bounds are derived from risk measures. Then, the analysis gives useful information to improve system performance and to reduce risk. However, as computer-based analysis deals with more complex system behavior a rigorous specification language for non-functional, quantitative requirements becomes a prerequisite for this approach. If a mathematical, stochastic-related language is used, it often turns out that engineers even with mathematical background have severe problems to compile correct requirement specifications. In this paper, we introduce a grammar for an English like language which allows to specify non-functional dependability and performance requirements in an unambiguous way. We claim that requirements expressed in this language can easier be communicated to other persons and can be used for documentation purposes. We follow a three-step approach, see Figure 1.1. In the first step, non-functional properties are specified in general terms using a notation called SQIRL. In the second step, this specification is refined within the context of the system model. The final step is required to translate this specification (and the system model) to a notation that can be interpreted by an analysis tool. Requirement Model Reward Functions Figure 1.1 Steps Non-functional Requirements SQIRL Analysis System Model Stochastic Reward Net For the second step we employ in this paper stochastic Petri nets, an alternative could be Statecharts. Stochastic Petri nets have been used successfully to represent systems under design in order to study their performance, safety, reliability and availability [20]. They provide compact representations of Markov processes and reveal concurrent behavior. For the last steps, we use the language of Stochastic Reward Nets (SRN) [11] for which we have developed a powerful analysis tool. This step presumes a well defined transformation from the requirement and
2 system models to the analysis model [12]. The paper is organized as follows. The next section gives a brief overview of related work. Section 3 introduces the basic structure of our language. In section 4 we briefly introduce General Stochastic Petri Nets and give some examples. Thereafter (section 5) we introduce Stochastic Reward Nets and the syntax of property functions. In section 6 the transformation of requirement specifications to Markov reward processes is explained. Finally, in section 7 we briefly present our analysis tool. 2. Related Work A similar problem is encountered in model checking where understanding specifications through means of temporal logic formulae can cause severe problems for the engineer. The effort to acquire an adequate level of expertise in writing these specifications is quite high and represents a substantial obstacle. Some approaches tackle this problem by introducing temporal logic patterns for the representation of frequently identified temporal requirements. They are mostly based on CTL or LTL. A property specification pattern is a generalised description of a commonly occurring requirement for the permissible state/event sequence in a finite-state model of a system. It describes the essential structure of some aspect of a system's behavior in a common formalism [22]. An extensive systematic classification of specification patterns based on CTL for model checking was published in [23]. However, CTLpatterns representing generic properties of some complexity still tend to be hard to understand. Usually an expert in formal logic is required to create and use them. Paper [13] introduces patterns for the specification of properties in structured English. Each pattern corresponds to a Clocked CTL formula. Clocked CTL is a variant of timed CTL. Paper [21] presents a graphical language for specification of properties of real-time systems which is again based on CTL. Two levels of compiling specifications are proposed. At the first level, an expert constructs partial formulae that capture the user`s intuition for the problem domain. At the second level, the user uses the patterns provided by the experts at the first level, to express properties of his system. Stochastic model checking has been discussed in [9,18] introducing a branching temporal logic called Continuous Stochastic Logic (CSL) to express quantitative requirements for continuous-time Markov process models. The logic is an extension of the equally named logic of [7]. Apart from the usual path formulae like next and until, a time-bounded until and a time-bounded eventually together with probabilistic operators are incorporated. In [17] an implementation of probabilistic CTL model checking using symbolic techniques is presented. In [16] a language called SPNL is defined which combines textual and graphical elements and provides a reward concept. A powerful concept for specifying rewards for Petri nets has also been discussed in [15], however, without saying how to implement it. 3. Stochastic Quantitative Requirement Language In this section, we introduce a structured Englishoriented notation as a user front-end for the specification of non-functional requirements. We refer to this language as the stochastic quantitative requirement language (SQIRL). Using this notation the user can compile English sentences from a list of English fragments. The sentences represent (stochastic) requirements which are the basis for the evaluation of stochastic models. Non-functional requirements given in structured English can easier be communicated to other persons. Furthermore, structured English sentences are non-ambiguous and, therefore, can be used for documentation purposes. Note, that SQIRL sentences are independent of the modeling language used, e.g. Statecharts or Petri nets, and the concrete system model. To define their precise semantics they have, therefore, to be translated to the modeling environment. Our language has a very simple basic structure. Figure 3.1 gives the definition of its syntax. <requirement> ::=< query>[<constraint>]. <constraint> ::= (= < > )REAL <query >::= [If <condition> Then] <measure>[<timescope>] <measure> ::= ( [cumulative ]probability [accumulated] expectation variance) of <domain> <timescope> ::= at time REAL within time interval REAL to ( REAL infinity ) <domain> ::= <property>[until <property>] <property>::= <property>{(and or)<property>} For condition and property see below. Reals are positive. Figure 3.1 SQIRL Each requirement is a query followed by an optional constraint, often a probability limit. A requirement without a constraint is a query and the request for a computation. Query specifies a measure with an optional time scope. If no time scope is specified all times are set to infinity, that is, the measure refers to 2
3 the steady state of the system s model. The first part of a query (condition) is a fragment which specifies an initial condition for the system. We refer to the initial condition, as given by the modeler of the system, as ' initial_condition '. (Then the fragment `If initial_condition Then can be omitted in the requirement specifications.) The non-terminal property is a fragment (or a sequence of fragments) defining a nonfunctional property of the system like throughput, availability or reliability. Let us look at some examples of structured SQIRL sentences. In this paper we are mainly interested in dependability properties and less in performance. Therefore, we will not use fragments like `(accumulated) expectation of. Here we assume that properties like the fragments system functioning, system up, or repaired as well as the condition power down are defined elsewhere (Section 4 and 5). A simple query is: probability of system functioning. which means that the steady state availability is to be computed. Next, we can specify the requirement: probability of system functioning 0.9. which means that the steady state availability of the system should not be less than 0.9. Sentence cumulative probability of system_up within time interval 0 to infinity. denotes the mean time to failure and may be abbreviated as MTTF. An other example is : If power down Then system functioning until repaired > Next we show how system properties can be specified within the context of a system model. We do this within the context of Generalized Stochastic Petri Nets. We assume that the reader is familiar with Stochastic Petri Nets. Stochastic Petri Nets have been used successfully to represent systems under design in order to study their performance, safety, reliability and availability [20]. 4. Generalized Stochastic Petri Nets Generalized Stochastic Petri Nets (GSPN) are generalizations of Stochastic Petri Nets allowing transitions to have either zero firing times (immediate transitions) or exponentially distributed firing times (timed transitions). Immediate transitions which can be simultaneously enabled must have probabilities assigned. For timed transitions, the decision as to which transition fires next is decided by a race; the transition with the minimal delay prior to firing will fire next. Firing of immediate transitions has priority over firing timed transitions. Other extensions include inhibitor arcs (arcs with dots). In [1] it is shown that a GSPN is equivalent in modeling power to a continuous time Markov chain. Figures 4.1 and 4.2 present two simple examples of GSPNs. (Immediate transitions are depicted by solid bars and timed transitions by light bars.) These examples will serve us later on to illustrate our concepts. λ 1 Busy 1 Serve γ 1 1 Idle 1 µ 1 µ 2 γ 2 Poll 1 Poll 2 Serve 2 Busy 2 λ 2 Idle 2 Figure 4.1 Cyclic polling system Rates: µ i service rate, λ i transaction rate, γ i poll rate The example is taken from [20]. The system consists of two stations and one server. Place Idle i represents the event that station i is idle, and place Busy i represents the event that station i has generated a job for the server. The server visits the two stations in a cyclic manner. It first polls a station and then serves it. The times for generating a job, for polling and for serving are exponentially distributed with parameters λ i, γ i and µ i, respectively. In case that the server finds a station idle, service time is zero; that is, the server skips the station. This is modeled by the immediate transitions (and outgoing inhibitor arcs of places Busy). Our next example models a queuing system, Figure 4.2. The tokens in place Wait represent (at most K) jobs waiting for processing. Initially there are K tokens in place Wait. The server is operating if at least one token is in place Serve. The server failed, if a token is in place Down. The server can fail only when it is busy. The served job is served again (with probability p) when the server is repaired, or put back into the Waitqueue (with probability 1-p). Wait K α 1-p p Serve Rest λ β Up Down ρ repairing Figure 4.2 Queuing system with server breakdown 3
4 Rates: α arrival rate, β service rate, λ failure rate, ρ repair rate Within the context of GSPNs, the non-terminal condition in Figure 3.1 is defined as Boolean expression like sentence fragments in terms of: token`( <place_identifier>`) [INTEGER token`( <place_identifier>`) ], rate`( <transition_identifier>`) REAL enabled`( <transition_identifier>`), fire`( <transition_identifier>`), where is an element of { =, <, >,, }. Boolean operators are represented by the terminals : and, or, not. The term token(place_identifier) >0 can be substituted by the fragment in < place_identifier>. The non-terminal property in Figure 3.1 is defined as : <property> ::= <condition> {for (rate prob)`( <transition_identifier>`) = REAL } where the second part allows to redefine firing rates and firing probabilities. (This is necessary to compute, for example, the reliability of a system.) Referring to Figure 4.1, we then can, for example, specify: probability of not in Serve 2 until in Serve 1 within time interval 0 to 20 > That is, up to time 20, station 1 should be served before station 2 with probability greater than More precisely, the sentence asserts, that with probability greater 0.81 there is some x ε [0,x] such that not in Serve 2 continously holds during [0,x] and in Serve 1 becomes true at time instant x. For the steady state we can specify: probability of in Busy 1 and not in Serve 1 < 0.5. That is, in steady state, the probability of station 1 waiting to be served should be less than 0.5. The sentence If in Busy 1 and in Busy 2 Then probability of in Serve 1 at time 4 > means that if both stations are busy at time 0, station 1 should be served at time 4 with probability greater than 0.9. Referring to Figure 4.2, query availability, defined as probability of in Up., requires to compute the steady state probability π Up, whereas reliability queries require to compute the transient state probability π Up (t) for a given time under the assumption that the repair rate ρ is zero (required by the definition of reliability). That is, reliability at time 100 is specified as: probability of in Up for rate(repairing) = 0 at time 100. Sentence: If token(wait) = K and in Down then probability of fire(repairing) within time interval 0 to 5 > 0.7. means that the repair of a failed empty server should take at most 5 time units with probability greater than 0.7. A requirement for the accumulated expectation of idle times may be specified as : If token(busy 1 )=2 and token(busy 2 )=1 Then accumulated expectation of some_idle within time interval 0 to 300 < Stochastic Reward Nets In order to be able to mechanicaly compute a query or to check a requirement we translate properties to reward functions of Stochastic Reward Nets (SRN), see Figure 1.1. SRNs are a superset of GSPNs and substantially increase the modeling power of GSPNs. Extensions include guards, marking dependent arc multiplicities, general transition priorities, marking dependent firing rates for transitions, and reward rates. A guard is a predicate associated with a transition. Whenever a transition is otherwise enabled (in some marking), the guard is evaluated before finally enabling the transition. Marking dependent arc multiplicity allows to specify the number of tokens (in input or output places) required for a transition to be enabled. This number can be a function of the current marking. SRNs provide the same modeling power as Markov reward processes [10]. 5.1 Reward Functions In this section we define the semantics of SQIRLproperties in terms of their translation to so-called reward functions. Names of property fragments become now names of reward functions. In other words, in the context of SRN, the semantics of property fragments is given by reward functions. A reward function assigns numbers to certain model states. For example, it may assign 1 to all states where the system is up and 0 to all states where the system is down. These numbers are then used to compute 4
5 quantitative, non-functional measures, for example, probability measures. The syntax of reward functions is defined in Figure 5.1. <rewardfunction> ::= For (<statecondition> < transitioncondition>) Reward is < reward > Else <reward>. <reward >::= REAL token`( <place_identifier> `) [ x REAL] <transitioncondition> ::= fire`( <transition_identifier>`) {or fire`( <transition_identifier>`) } [<statecondition>] The non-terminal statecondition is a Boolean expression like sentence in terms of: token`( <place_identifier>`) [INTEGER token`( <place_identifier>`) ] enabled`( <transition_identifier>`) transient`( <place_identifier>`) absorbing`( <place_identifier>`) rate`( <transition_identifier>`) INTERGER Figure 5.1 Syntax of reward functions A place is absorbing, if it has no outgoing arcs to transitions with firing rate > 0 connected to other places. A place is transient, if it has ingoing and outgoing arcs. The property fragments for rate(t) = 0 and for prob(t) = 0 require that the transition rate and transition probability, respectively, is set to 0 before evaluation. Then a transient place may become absorbing. 5.2 Examples Let us again look at some simple examples. P is a place identifier, Ti are transition identifier. For token(p) > 1 and absorbing(p) Reward is token(p) x 10 Else 1. For fire(t1) or fire(t3) in P or enabled(t3) Reward is 5.5 Else 0. Referring to Figure 4.1, property some_idle is defined by reward function For token(idle 1 ) > 0 or token(idle 2 ) > 0 Reward is 1 Else 0. Referring to Figure 4.2, obviously property system functioning is defined by the reward function For token(up) = 1 Reward is 1 Else 0. Each SRN model can be converted to an equivalent Markov reward model. Each distinct marking of a SRN constitutes a state of the Markov reward process. These states are classified into two types: tangible and vanishing. A state is tangible if the only net transitions enabled in this state are timed transitions. A state is vanishing if one or more immediate net transitions are enabled in this state. 6. Transformation We have to distinguish between the net level description (N-level) and the Markov process level description (M-level). On the N-level we speak about places, net transitions, tokens, guards, markings, or capacities; on the M-level we speak about states and state-transitions. Requirements and reward functions are specified at N- level. For their evaluation, they have to be translated to M-level descriptions. So called state rewards and impulse rewards are defined at M-level. A state reward r i (reward rate) is obtained when the system is in state i and a impulse reward i ls k is obtained when the system takes transition k from state l to state s (There may be several transitions from state l to state s due to the firing of different net transitions.) State rewards define values (per unit of time) that are collected while the stochastic process spends time in a certain state; impulse rewards specify the reward that is gained when a certain state transition takes place due to the firing of a certain net transition. A reward function with statecondition defines state rewards; a reward function with transitioncondition defines impulse rewards. The transformation from N-level to M-level can be achieved by employing so-called characterising functions [2,6]. This transformation can be done automatically by an analysis tool. Characterising functions are the means to transfer information from N-level to M-level by connecting places and net transitions with states and state transitions. With these functions reward measures can be generated. Examples of characterising functions are: mark(p,s) returns the number of tokens of place p in state s, enabled(t,s) is true, if net transition t is enabled in state s otherwise it is false, fire(t,st) is true, if net transition t is responsible for state transition st. After the continuous time Markov chain (CTMC) has been generated from the net model, the characterising functions can be used to assign to each state and state transition a state and impulse reward, 5
6 respectively, as defined by the reward function. For an automatic evaluation, each state and state transition of the CTMC is annotated with the corresponding values of the characterising functions, so that, the reward conditions can be checked when computing queries. Sometimes it is necessary to automatically modify the net model before generating the CTMC. This is the case if the requirement contains the fragment 'If condition Then' or, if the reward function contains the fragment 'for rate...'. Similarly, if 'property1 until property2' is specified, all states for which property1 does not hold become absorbing states of the CTMC. When the state rewards r k and the impulse rewards i k have been generated, queries can be computed. For example, let property p define the reward function r. Furthermore, assume that reward function r in turn defines state rewards r k = 0 or 1, as it is often the case in dependability analysis. Then the query: probability of p at time t is computed as E(r(t)) = Σ r i π ι (t) where π i (t) is the transient state probability of the CTMC and the sum runs over all states of the CTMC. The general formula for the expectation of reward r at time t is: E(r(t)) = Σ r i π i (t) + Σ i kl i t k π k (t) where i kl i is an impulse reward and t k the state transition rate. The second sum is over all state transitions of the CTMC. 7. Tool support A tool that uses SQIRL as front-end to express and evaluate properties of stochastic models is being implemented as part of our analysis tool PANDA (Petri Net Analysis and Design Assistant). PANDA contains an UML- interface and an automatic mapping of UML dynamic models to Stochastic Reward Nets [12]. This UML-interface allows visually modeling system behavior by UML diagrams. PANDA [2,3,4,5] accepts not only exponential distribution functions, but also non-exponential ones (Erlang-k, Gamma, Weibull, Normal, Lognormal, Hyperexponential, etc.). Disregarding result measures, the net definition of PANDA is done in CSPL which is the C-code description language for Petri Nets used by the SPNP tool [11]. Dependability measures can be specified by reward functions. To this end, a stringent and clear reward concept has been developed based on reward rates and impulse rewards combining knowledge of the net model and the state space. That is, the net view is not lost when defining reward functions on the state space. PANDA is available for shared and distributed memory platforms. PANDA provides the following characterizing functions: long mark(char *placename) returns the number of tokens in place placename in the current marking, int enabled(char*transname) returns 1 if transition transname is enabled in the current marking and 0 otherwise, int absorbing(void) returns 1 if the current marking is absorbing and 0 otherwise, double rate(char*transname) returns the firing rate of transition transname if it is responsible for the current state transition and 0.0 otherwise, int fire(char *transname) returns 1 if the transition transname is responsible for the current state transition, 0 otherwise, void probval(char *transname, double value) sets the firing weight of transition transname to value and makes the transition an immediate transition, void rateval(char transname, double lambda) sets the firing rate of transition transname to lambda and makes the transition a timed, exponentially distributed transition, etc. The current marking is the missing parameter in these characterizing functions; it is set dynamically during state space generation or during the evaluation of the requirements. Other useful functions include, for example, void init(char *placename, unsigned int ntoken) initializes place placename with ntoken tokens. type_result expected(double (*rrew_fn)(), double (*irew_fn)()) returns the expected reward given by the state reward function rrew_fn and by the impulse reward function irew_fn which assign rewards to states and state transitions, respectively. Reward functions are translated to the corresponding functions built from these characteristic functions. PANDA then automatically computes the reward rates and the impulse rewards, defined by the reward function, and computes the result measures. That is, it computes rewards at a point in time (e.g. availability or throughput) as well as accumulated rewards. The development of PANDA has been part of the HIDE project [8,19] of the European Community. 7.Conclusion Due to the high level of complexity of real life models, modeler need support allowing to express desired model properties in a concise but understandable and unambiguous way. We presented a clear and consistent language for the specification of nonfunctional requirements and showed how to translate it to a representation suitably for analysis tools. 6
7 8. References [1] M. Ajmone Marsan, et al. (1986): Performance Models of Multiprocessor Systems, The MIT Press, [2] S. Allmaier, Parallele Lösungen für stochastische Modellierung, PhD thesis, Arbeitsberichte des IMMD, Nr13, Erlangen 1999 [3] S. Allmaier, D. Kreische, PANDA Petri Net Analysis and Design Assistant User's Guide, technical report 1/2000 Informatik 3 University of Erlangen [4] S. Allmaier, S. Dalibor, D. Kreische, Parallel graph generation algorithms for shared and distributed memory machines, Proc. Parallel Computing: Fundamentals, Applications and New directions, Vol 12 of Advances in Parallel Computing, pp , Elsevier, [5] S. Allmaier, D. Kreische, Parallel approaches to the numerical transient analysis of stochastic solution of GSPNs on a shared memory multiprocessor, Proc. IEEE Int. Workshop on Petri Nets and Performance Models (PNPM'97), [6] S. Allmaier, S. Dalibor (1997): PANDA -- Petri net ANalysis and Design Assistant, Tools Descriptions, 9th Int. Conf. on Modeling Techniques and Tools for Computer Performance Evaluation, St. Malo, [7] A. Aziz et al., Verifying continuous time Markov chains, Proc. Computer-Aided Verification, SLNCS 1102, , Proc. Fourth IEEE Int. High-Assurance System engineering Symposium (HASE'99 [8] A. Bondavalli, M. Dal Cin,, D. Latella, A. Pataricza, High-level integrated desin envoronment for dependability (HIDE), IEEE Proc. WORDS'99, [9] C. Baier, J.-P. Katonen, H. Hermanns, Approximate symbolic model checking of continuous-time Markov chains, Proc. Concurrency Theory, SLNCS 16664,pp , [10] G. Ciardo, et al., Automated generation and analysis of Markov reward models using Stochastic Reward Nets, Linear Algebra, Markov Chains and Queueing Models, Springer, 1992 [14] M.D Fraser, K. Kumar, V.K. Vaishnavi, Strategies for incorporating formal specifications in software development, Communications of the ACM, Vol 37, pp 74-86,1994 [15] F. German et al., Expected impulse rewards in Markov regenerative stochastic Petri nets Proc. 9 th Conf. Computer Performance Evaluation, Modelling Techniques and Tools, SLNCS, [16] F. German, SPNL: processes as language-oriented building blocks of stochastic Petri nets, Proc. 3 rd Int. Workshop Petri Nets and Performance Models (PNPM'97), SLNCS 1245,1997. [17] V. Haronas-Garmhause, S. Campos, E. Clarke, ProbVerus: Probabilistic Symbolic Model Checking, Proc ARTS'99,SLNCS 1601, pp , [18] H. Hermanns, et al. A markov chain model checker, Informatik 7, University of Erlangen, [19] HIDE: High-level Integrated Design Environment for Dependability, University of Erlangen-Nuremberg (FAU- IMMD3), Consortio Pisa Ricerche - Pisa Dependable Computing Centre (PDCC), Technical University of Budapest (TUB-MIT), MID GmbH, INTECS Sistemi S.p.A. [20] O.C. Ibe, K.S. Trivedi, Stochastic Petri net models of polling systems, IEEE J. On Se. Areas in Comms., pp , [21] I. Lee, O. Sokolsky, A graphical property specification language, Proc. IEEE Int. High-Assurance System engineering Symposium (HASE'97) pp ,1997. [22] B. Matthiew et al., Property specification patterns for finite-state verification, Proc. 2 nd Workshop on Formal Methods in Software Practice, [23] B. Matthiew et al., Property specification patterns for finite-state verification, Proc. 21. Int. Conf. on Software Engineering, [11] G. Ciardo, J. Muppala, K.S. Trivedi, SPNP: Stochasic Petri Net package, Proc IEEE Int Workshop on Petri Nets and Performance Models (PNPM'89) pp , [12] M. Dal Cin, G. Huszerl, K. Kosmidis, Qualitative evaluation of dependability critical systems based on guarded statechart models, Proc. Fourth IEEE Int. High-Assurance System engineering Symposium (HASE'99), pp 37-45, [13] S. Flake, W. Mueller, J. Ruf, Structured English for model checking specifications, Proc. Methoden u. Beschreibungssprachen zur Modellierung u. Verifikation von Schaltungen u. Systemen, VDE Verlag 2000B. 7
PRISM: Probabilistic Model Checking for Performance and Reliability Analysis
PRISM: Probabilistic Model Checking for Performance and Reliability Analysis Marta Kwiatkowska, Gethin Norman and David Parker Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford,
More informationStochastic Petri Net. Ben, Yue (Cindy) 2013/05/08
Stochastic Petri Net 2013/05/08 2 To study a formal model (personal view) Definition (and maybe history) Brief family tree: the branches and extensions Advantages and disadvantages for each Applications
More informationReliability Analysis of an Anti-lock Braking System using Stochastic Petri Nets
Reliability Analysis of an Anti-lock Braking System using Stochastic Petri Nets Kshamta Jerath kjerath@eecs.wsu.edu Frederick T. Sheldon sheldon@eecs.wsu.edu School of Electrical Engineering and Computer
More informationMulti-State Availability Modeling in Practice
Multi-State Availability Modeling in Practice Kishor S. Trivedi, Dong Seong Kim, Xiaoyan Yin Depart ment of Electrical and Computer Engineering, Duke University, Durham, NC 27708 USA kst@ee.duke.edu, {dk76,
More informationProxel-Based Simulation of Stochastic Petri Nets Containing Immediate Transitions
Electronic Notes in Theoretical Computer Science Vol. 85 No. 4 (2003) URL: http://www.elsevier.nl/locate/entsc/volume85.html Proxel-Based Simulation of Stochastic Petri Nets Containing Immediate Transitions
More informationSymbolic Semantics and Verification of Stochastic Process Algebras. Symbolische Semantik und Verifikation stochastischer Prozessalgebren
Symbolic Semantics and Verification of Stochastic Process Algebras Symbolische Semantik und Verifikation stochastischer Prozessalgebren Der Technischen Fakultät der Universität Erlangen-Nürnberg zur Erlangung
More information7. Queueing Systems. 8. Petri nets vs. State Automata
Petri Nets 1. Finite State Automata 2. Petri net notation and definition (no dynamics) 3. Introducing State: Petri net marking 4. Petri net dynamics 5. Capacity Constrained Petri nets 6. Petri net models
More informationADVANCED ROBOTICS. PLAN REPRESENTATION Generalized Stochastic Petri nets and Markov Decision Processes
ADVANCED ROBOTICS PLAN REPRESENTATION Generalized Stochastic Petri nets and Markov Decision Processes Pedro U. Lima Instituto Superior Técnico/Instituto de Sistemas e Robótica September 2009 Reviewed April
More informationRequirements Validation. Content. What the standards say (*) ?? Validation, Verification, Accreditation!! Correctness and completeness
Requirements Validation Requirements Management Requirements Validation?? Validation, Verification, Accreditation!! Check if evrything is OK With respect to what? Mesurement associated with requirements
More informationComposition of product-form Generalized Stochastic Petri Nets: a modular approach
Composition of product-form Generalized Stochastic Petri Nets: a modular approach Università Ca Foscari di Venezia Dipartimento di Informatica Italy October 2009 Markov process: steady state analysis Problems
More informationMULTIPLE CHOICE QUESTIONS DECISION SCIENCE
MULTIPLE CHOICE QUESTIONS DECISION SCIENCE 1. Decision Science approach is a. Multi-disciplinary b. Scientific c. Intuitive 2. For analyzing a problem, decision-makers should study a. Its qualitative aspects
More informationNumerical vs. Statistical Probabilistic Model Checking: An Empirical Study
Numerical vs. Statistical Probabilistic Model Checking: An Empirical Study Håkan L. S. Younes 1, Marta Kwiatkowska 2, Gethin Norman 2, and David Parker 2 1 Computer Science Department, Carnegie Mellon
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationStochastic Petri Nets. Jonatan Lindén. Modelling SPN GSPN. Performance measures. Almost none of the theory. December 8, 2010
Stochastic Almost none of the theory December 8, 2010 Outline 1 2 Introduction A Petri net (PN) is something like a generalized automata. A Stochastic Petri Net () a stochastic extension to Petri nets,
More informationA FRAMEWORK FOR PERFORMABILITY MODELLING USING PROXELS. Sanja Lazarova-Molnar, Graham Horton
A FRAMEWORK FOR PERFORMABILITY MODELLING USING PROXELS Sanja Lazarova-Molnar, Graham Horton University of Magdeburg Department of Computer Science Universitaetsplatz 2, 39106 Magdeburg, Germany sanja@sim-md.de
More informationTime and Timed Petri Nets
Time and Timed Petri Nets Serge Haddad LSV ENS Cachan & CNRS & INRIA haddad@lsv.ens-cachan.fr DISC 11, June 9th 2011 1 Time and Petri Nets 2 Timed Models 3 Expressiveness 4 Analysis 1/36 Outline 1 Time
More informationCASPA - A Tool for Symbolic Performance Evaluation and Stochastic Model Checking
CASPA - A Tool for Symbolic Performance Evaluation and Stochastic Model Checking Boudewijn R. Haverkort 1, Matthias Kuntz 1, Martin Riedl 2, Johann Schuster 2, Markus Siegle 2 1 : Universiteit Twente 2
More information57:022 Principles of Design II Final Exam Solutions - Spring 1997
57:022 Principles of Design II Final Exam Solutions - Spring 1997 Part: I II III IV V VI Total Possible Pts: 52 10 12 16 13 12 115 PART ONE Indicate "+" if True and "o" if False: + a. If a component's
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationSafety and Reliability of Embedded Systems. (Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Obscurities and Open Issues
(Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Obscurities and Open Issues Content What are Events? Examples for Problematic Event Semantics Inhibit, Enabler / Conditioning
More informationDiscrete Event Systems Exam
Computer Engineering and Networks Laboratory TEC, NSG, DISCO HS 2016 Prof. L. Thiele, Prof. L. Vanbever, Prof. R. Wattenhofer Discrete Event Systems Exam Friday, 3 rd February 2017, 14:00 16:00. Do not
More informationMODELING AND SIMULATION BY HYBRID PETRI NETS. systems, communication systems, etc). Continuous Petri nets (in which the markings are real
Proceedings of the 2012 Winter Simulation Conference C. Laroque, J. Himmelspach, R. Pasupathy, O. Rose, and A. M. Uhrmacher, eds. MODELING AND SIMULATION BY HYBRID PETRI NETS Hassane Alla Latéfa Ghomri
More informationModel Checking Infinite-State Markov Chains
Model Checking Infinite-State Markov Chains Anne Remke, Boudewijn R. Haverkort, and Lucia Cloth University of Twente Faculty for Electrical Engineering, Mathematics and Computer Science [anne,brh,lucia]@cs.utwente.nl
More informationSpecification models and their analysis Petri Nets
Specification models and their analysis Petri Nets Kai Lampka December 10, 2010 1 30 Part I Petri Nets Basics Petri Nets Introduction A Petri Net (PN) is a weighted(?), bipartite(?) digraph(?) invented
More informationAnalyzing Concurrent and Fault-Tolerant Software using Stochastic Reward Nets
Analyzing Concurrent and Fault-Tolerant Software using Stochastic Reward Nets Gianfranco Ciardo Software Productivity Consortium Herndon, VA 22070 Kishor S. Trivedi Dept. of Electrical Engineering Duke
More informationTheoretical Foundations of the UML
Theoretical Foundations of the UML Lecture 17+18: A Logic for MSCs Joost-Pieter Katoen Lehrstuhl für Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ws-1718/fuml/ 5.
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationFrom Stochastic Processes to Stochastic Petri Nets
From Stochastic Processes to Stochastic Petri Nets Serge Haddad LSV CNRS & ENS Cachan & INRIA Saclay Advanced Course on Petri Nets, the 16th September 2010, Rostock 1 Stochastic Processes and Markov Chains
More informationA REACHABLE THROUGHPUT UPPER BOUND FOR LIVE AND SAFE FREE CHOICE NETS VIA T-INVARIANTS
A REACHABLE THROUGHPUT UPPER BOUND FOR LIVE AND SAFE FREE CHOICE NETS VIA T-INVARIANTS Francesco Basile, Ciro Carbone, Pasquale Chiacchio Dipartimento di Ingegneria Elettrica e dell Informazione, Università
More informationCOMPRESSED STATE SPACE REPRESENTATIONS - BINARY DECISION DIAGRAMS
QUALITATIVE ANALYIS METHODS, OVERVIEW NET REDUCTION STRUCTURAL PROPERTIES COMPRESSED STATE SPACE REPRESENTATIONS - BINARY DECISION DIAGRAMS LINEAR PROGRAMMING place / transition invariants state equation
More informationPerformance Evaluation of Queuing Systems
Performance Evaluation of Queuing Systems Introduction to Queuing Systems System Performance Measures & Little s Law Equilibrium Solution of Birth-Death Processes Analysis of Single-Station Queuing Systems
More informationTemporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.
EE 244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016 Temporal logic Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley) EE 244, Fall 2016
More informationVerifying Randomized Distributed Algorithms with PRISM
Verifying Randomized Distributed Algorithms with PRISM Marta Kwiatkowska, Gethin Norman, and David Parker University of Birmingham, Birmingham B15 2TT, United Kingdom {M.Z.Kwiatkowska,G.Norman,D.A.Parker}@cs.bham.ac.uk
More informationMODELLING DYNAMIC RELIABILITY VIA FLUID PETRI NETS
MODELLING DYNAMIC RELIABILITY VIA FLUID PETRI NETS Daniele Codetta-Raiteri, Dipartimento di Informatica, Università di Torino, Italy Andrea Bobbio, Dipartimento di Informatica, Università del Piemonte
More informationDependability Analysis
Software and Systems Verification (VIMIMA01) Dependability Analysis Istvan Majzik Budapest University of Technology and Economics Fault Tolerant Systems Research Group Budapest University of Technology
More informationComputer Science, Informatik 4 Communication and Distributed Systems. Simulation. Discrete-Event System Simulation. Dr.
Simulation Discrete-Event System Simulation Chapter 9 Verification and Validation of Simulation Models Purpose & Overview The goal of the validation process is: To produce a model that represents true
More informationStochastic Reward Nets for Reliability Prediction
Stochastic Reward Nets for Reliability Prediction Jogesh K. Muppala Dept. of Computer Science The Hong Kong University of Science and Technology Clear Water Bay Kowloon, Hong Kong Gianfranco Ciardo Dept.
More informationCONTROLLER DEPENDABILITY ANALYSIS BY PROBABILISTIC MODEL CHECKING. Marta Kwiatkowska, Gethin Norman and David Parker 1
CONTROLLER DEPENDABILITY ANALYSIS BY PROBABILISTIC MODEL CHECKING Marta Kwiatkowska, Gethin Norman and David Parker 1 School of Computer Science, University of Birmingham, Birmingham, B15 2TT, United Kingdom
More informationDES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models
4. Petri Nets Introduction Different Classes of Petri Net Petri net properties Analysis of Petri net models 1 Petri Nets C.A Petri, TU Darmstadt, 1962 A mathematical and graphical modeling method. Describe
More informationHYPENS Manual. Fausto Sessego, Alessandro Giua, Carla Seatzu. February 7, 2008
HYPENS Manual Fausto Sessego, Alessandro Giua, Carla Seatzu February 7, 28 HYPENS is an open source tool to simulate timed discrete, continuous and hybrid Petri nets. It has been developed in Matlab to
More informationQuantitative Safety Analysis of Non-Deterministic System Architectures
Quantitative Safety Analysis of Non-Deterministic System Architectures Adrian Beer University of Konstanz Department of Computer and Information Science Chair for Software Engineering Adrian.Beer@uni.kn
More informationAn Indian Journal FULL PAPER ABSTRACT KEYWORDS. Trade Science Inc.
[Type text] [Type text] [Type text] ISSN : 0974-7435 Volume 10 Issue 11 BioTechnology 2014 An Indian Journal FULL PAPER BTAIJ, 10(11), 2014 [5576-5583] Research on the probability of extended UML state
More informationQueueing systems. Renato Lo Cigno. Simulation and Performance Evaluation Queueing systems - Renato Lo Cigno 1
Queueing systems Renato Lo Cigno Simulation and Performance Evaluation 2014-15 Queueing systems - Renato Lo Cigno 1 Queues A Birth-Death process is well modeled by a queue Indeed queues can be used to
More informationFormal Verification Techniques. Riccardo Sisto, Politecnico di Torino
Formal Verification Techniques Riccardo Sisto, Politecnico di Torino State exploration State Exploration and Theorem Proving Exhaustive exploration => result is certain (correctness or noncorrectness proof)
More informationIntroduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either
Introduction to Temporal Logic The purpose of temporal logics is to specify properties of dynamic systems. These can be either Desired properites. Often liveness properties like In every infinite run action
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationSlides 9: Queuing Models
Slides 9: Queuing Models Purpose Simulation is often used in the analysis of queuing models. A simple but typical queuing model is: Queuing models provide the analyst with a powerful tool for designing
More informationExercises Solutions. Automation IEA, LTH. Chapter 2 Manufacturing and process systems. Chapter 5 Discrete manufacturing problems
Exercises Solutions Note, that we have not formulated the answers for all the review questions. You will find the answers for many questions by reading and reflecting about the text in the book. Chapter
More informationTime(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA
Time(d) Petri Net Serge Haddad LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA haddad@lsv.ens-cachan.fr Petri Nets 2016, June 20th 2016 1 Time and Petri Nets 2 Time Petri Net: Syntax and Semantic
More informationModel Checking CSL Until Formulae with Random Time Bounds
Model Checking CSL Until Formulae with Random Time Bounds Marta Kwiatkowska 1, Gethin Norman 1 and António Pacheco 2 1 School of Computer Science, University of Birmingham, Edgbaston, Birmingham B15 2TT,
More informationFigure 10.1: Recording when the event E occurs
10 Poisson Processes Let T R be an interval. A family of random variables {X(t) ; t T} is called a continuous time stochastic process. We often consider T = [0, 1] and T = [0, ). As X(t) is a random variable
More informationQueueing Theory I Summary! Little s Law! Queueing System Notation! Stationary Analysis of Elementary Queueing Systems " M/M/1 " M/M/m " M/M/1/K "
Queueing Theory I Summary Little s Law Queueing System Notation Stationary Analysis of Elementary Queueing Systems " M/M/1 " M/M/m " M/M/1/K " Little s Law a(t): the process that counts the number of arrivals
More informationSlicing Petri Nets. Astrid Rakow. Department für Informatik, Univeristät Oldenburg
Slicing Petri Nets Astrid Rakow Department für Informatik, Univeristät Oldenburg astrid.rakow@informatik.uni-oldenburg.de Abstract. In this paper we introduce the notion of net-slice to describe a subnet
More informationDescription Framework for Proxel-Based Simulation of a General Class of Stochastic Models
Description Framework for Proxel-Based Simulation of a General Class of Stochastic Models Sanja Lazarova-Molnar, Graham Horton Institute for Simulation and Graphics University of Magdeburg Universitaetsplatz
More informationEnvironment (E) IBP IBP IBP 2 N 2 N. server. System (S) Adapter (A) ACV
The Adaptive Cross Validation Method - applied to polling schemes Anders Svensson and Johan M Karlsson Department of Communication Systems Lund Institute of Technology P. O. Box 118, 22100 Lund, Sweden
More informationQueuing Analysis. Chapter Copyright 2010 Pearson Education, Inc. Publishing as Prentice Hall
Queuing Analysis Chapter 13 13-1 Chapter Topics Elements of Waiting Line Analysis The Single-Server Waiting Line System Undefined and Constant Service Times Finite Queue Length Finite Calling Problem The
More informationTransient behaviour in highly dependable Markovian systems: new regimes, many paths.
Transient behaviour in highly dependable Markovian systems: new regimes, many paths. Daniël Reijsbergen Pieter-Tjerk de Boer Werner Scheinhardt University of Twente RESIM, June 22nd, 2010 Outline Problem
More informationStochastic Model Checking
Stochastic Model Checking Marta Kwiatkowska, Gethin Norman, and David Parker School of Computer Science, University of Birmingham Edgbaston, Birmingham B15 2TT, United Kingdom Abstract. This tutorial presents
More information57:022 Principles of Design II Midterm Exam #2 Solutions
57:022 Principles of Design II Midterm Exam #2 Solutions Part: I II III IV V Total Possible Pts: 20 15 12 16 12 75 PART ONE Indicate "+" if True and "O" if False: _+_a. If a component's lifetime has exponential
More informationA Markov Reward Model for Software Reliability
A Markov Reward Model for Software Reliability YoungMin Kwon and Gul Agha Open Systems Laboratory Department of Computer Science University of Illinois at Urbana Champaign {ykwon4, agha}@cs.uiuc.edu ABSTRACT
More informationProbabilistic verification and approximation schemes
Probabilistic verification and approximation schemes Richard Lassaigne Equipe de Logique mathématique, CNRS-Université Paris 7 Joint work with Sylvain Peyronnet (LRDE/EPITA & Equipe de Logique) Plan 1
More informationLinear Temporal Logic and Büchi Automata
Linear Temporal Logic and Büchi Automata Yih-Kuen Tsay Department of Information Management National Taiwan University FLOLAC 2009 Yih-Kuen Tsay (SVVRL @ IM.NTU) Linear Temporal Logic and Büchi Automata
More informationFailure Diagnosis of Discrete-Time Stochastic Systems subject to Temporal Logic Correctness Requirements
Failure Diagnosis of Discrete-Time Stochastic Systems subject to Temporal Logic Correctness Requirements Jun Chen, Student Member, IEEE and Ratnesh Kumar, Fellow, IEEE Dept. of Elec. & Comp. Eng., Iowa
More informationIntroduction to Model Checking. Debdeep Mukhopadhyay IIT Madras
Introduction to Model Checking Debdeep Mukhopadhyay IIT Madras How good can you fight bugs? Comprising of three parts Formal Verification techniques consist of three parts: 1. A framework for modeling
More informationModelling M/G/1 queueing systems with server vacations using stochastic Petri nets
Volume 22 (2), pp. 131 154 http://www.orssa.org.za ORiON ISSN 529-191-X c 26 Modelling M/G/1 queueing systems with server vacations using stochastic Petri nets K Ramanath P Lakshmi Received: 12 November
More informationA tool for the numerical solution of cooperating Markov chains in product-form
HET-NETs 2010 ISBN XXX XXX pp. xx xx A tool for the numerical solution of cooperating Markov chains in product-form SIMONETTA BALSAMO GIAN-LUCA DEI ROSSI ANDREA MARIN a a Università Ca Foscari di Venezia
More informationChapter 6 Queueing Models. Banks, Carson, Nelson & Nicol Discrete-Event System Simulation
Chapter 6 Queueing Models Banks, Carson, Nelson & Nicol Discrete-Event System Simulation Purpose Simulation is often used in the analysis of queueing models. A simple but typical queueing model: Queueing
More informationOrganisation-Oriented Coarse Graining and Refinement of Stochastic Reaction Networks Mu, Chunyan; Dittrich, Peter; Parker, David; Rowe, Jonathan
Organisation-Oriented Coarse Graining and Refinement of Stochastic Reaction Networks Mu, Chunyan; Dittrich, Peter; Parker, David; Rowe, Jonathan DOI:.9/TCBB.8.895 License: None: All rights reserved Document
More informationMQNA - Markovian Queueing Networks Analyser
MQNA - Markovian Queueing Networks Analyser Leonardo Brenner Paulo Fernandes Afonso Sales PUCRS, Brazil PUCRS, Brazil PUCRS, Brazil lbrenner@inf.pucrs.br paulof@inf.pucrs.br asales@inf.pucrs.br Abstract
More informationLimiting Behavior of Markov Chains with Eager Attractors
Limiting Behavior of Markov Chains with Eager Attractors Parosh Aziz Abdulla Uppsala University, Sweden. parosh@it.uu.se Noomene Ben Henda Uppsala University, Sweden. Noomene.BenHenda@it.uu.se Sven Sandberg
More informationPopulation models from PEPA descriptions
Population models from PEPA descriptions Jane Hillston LFCS, The University of Edinburgh, Edinburgh EH9 3JZ, Scotland. Email: jeh@inf.ed.ac.uk 1 Introduction Stochastic process algebras (e.g. PEPA [10],
More informationIntroduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014
Introduction Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2013/2014 P. Cabalar ( Department Introduction of Computer Science University of Corunna, SPAIN2013/2014
More informationControl Synthesis of Discrete Manufacturing Systems using Timed Finite Automata
Control Synthesis of Discrete Manufacturing Systems using Timed Finite utomata JROSLV FOGEL Institute of Informatics Slovak cademy of Sciences ratislav Dúbravská 9, SLOVK REPULIC bstract: - n application
More informationCIS 842: Specification and Verification of Reactive Systems. Lecture Specifications: Specification Patterns
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Specification Patterns Copyright 2001-2002, Matt Dwyer, John Hatcliff, Robby. The syllabus and all lectures for this
More informationAnswers to selected exercises
Answers to selected exercises A First Course in Stochastic Models, Henk C. Tijms 1.1 ( ) 1.2 (a) Let waiting time if passengers already arrived,. Then,, (b) { (c) Long-run fraction for is (d) Let waiting
More informationCPSC 531: System Modeling and Simulation. Carey Williamson Department of Computer Science University of Calgary Fall 2017
CPSC 531: System Modeling and Simulation Carey Williamson Department of Computer Science University of Calgary Fall 2017 Motivating Quote for Queueing Models Good things come to those who wait - poet/writer
More informationLearning Automata Based Adaptive Petri Net and Its Application to Priority Assignment in Queuing Systems with Unknown Parameters
Learning Automata Based Adaptive Petri Net and Its Application to Priority Assignment in Queuing Systems with Unknown Parameters S. Mehdi Vahidipour, Mohammad Reza Meybodi and Mehdi Esnaashari Abstract
More informationQUEUING MODELS AND MARKOV PROCESSES
QUEUING MODELS AND MARKOV ROCESSES Queues form when customer demand for a service cannot be met immediately. They occur because of fluctuations in demand levels so that models of queuing are intrinsically
More informationUsing Patterns and Composite Propositions to Automate the Generation of LTL Specifications
Using Patterns and Composite Propositions to Automate the Generation of LTL Specifications Salamah Salamah, Ann Q. Gates, Vladik Kreinovich, and Steve Roach Dept. of Computer Science, University of Texas
More informationStochastic Petri Net
Stochastic Petri Net Serge Haddad LSV ENS Cachan & CNRS & INRIA haddad@lsv.ens-cachan.fr Petri Nets 2013, June 24th 2013 1 Stochastic Petri Net 2 Markov Chain 3 Markovian Stochastic Petri Net 4 Generalized
More informationOperations Research Letters. Instability of FIFO in a simple queueing system with arbitrarily low loads
Operations Research Letters 37 (2009) 312 316 Contents lists available at ScienceDirect Operations Research Letters journal homepage: www.elsevier.com/locate/orl Instability of FIFO in a simple queueing
More informationConcept of Statistical Model Checking. Presented By: Diana EL RABIH
Concept of Statistical Model Checking Presented By: Diana EL RABIH Introduction Model checking of stochastic systems Continuous-time Markov chains Continuous Stochastic Logic (CSL) Probabilistic time-bounded
More informationModel checking the basic modalities of CTL with Description Logic
Model checking the basic modalities of CTL with Description Logic Shoham Ben-David Richard Trefler Grant Weddell David R. Cheriton School of Computer Science University of Waterloo Abstract. Model checking
More informationUsing Coloured Petri Nets for integrated reliability and safety evaluations
Author manuscript, published in "4th IFAC Workshop on Dependable Control of Discrete Systems, York : United Kingdom (2013)" DOI : 10.3182/20130904-3-UK-4041.00016 Using Coloured Petri Nets for integrated
More informationGenerating Linear Temporal Logic Formulas for Pattern-Based Specifications
Generating Linear Temporal Logic Formulas for Pattern-Based Specifications Salamah Salamah, Vladik Kreinovich, and Ann Q. Gates Dept. of Computer Science, University of Texas at El Paso El Paso, TX 79968,
More informationCHAPTER 3 ANALYSIS OF RELIABILITY AND PROBABILITY MEASURES
27 CHAPTER 3 ANALYSIS OF RELIABILITY AND PROBABILITY MEASURES 3.1 INTRODUCTION The express purpose of this research is to assimilate reliability and its associated probabilistic variables into the Unit
More informationExtracting Passage Times from PEPA models with the HYDRA Tool: a Case Study
Extracting Passage Times from PEPA models with the HYDRA Tool: a Case Study Jeremy T. Bradley 1 Nicholas J. Dingle 1 Stephen T. Gilmore 2 William J. Knottenbelt 1 1 Department of Computing, Imperial College
More informationVarieties of Stochastic Calculi
Research is what I'm doing when I don't know what I'm doing. Wernher Von Braun. Artificial Biochemistry Varieties of Stochastic Calculi Microsoft Research Trento, 26-5-22..26 www.luca.demon.co.uk/artificialbiochemistry.htm
More informationVerification Using Temporal Logic
CMSC 630 February 25, 2015 1 Verification Using Temporal Logic Sources: E.M. Clarke, O. Grumberg and D. Peled. Model Checking. MIT Press, Cambridge, 2000. E.A. Emerson. Temporal and Modal Logic. Chapter
More informationExercises Stochastic Performance Modelling. Hamilton Institute, Summer 2010
Exercises Stochastic Performance Modelling Hamilton Institute, Summer Instruction Exercise Let X be a non-negative random variable with E[X ]
More informationPage 1. Outline. Modeling. Experimental Methodology. ECE 254 / CPS 225 Fault Tolerant and Testable Computing Systems. Modeling and Evaluation
Page 1 Outline ECE 254 / CPS 225 Fault Tolerant and Testable Computing Systems Modeling and Evaluation Copyright 2004 Daniel J. Sorin Duke University Experimental Methodology and Modeling Modeling Random
More informationPage 1. Outline. Experimental Methodology. Modeling. ECE 254 / CPS 225 Fault Tolerant and Testable Computing Systems. Modeling and Evaluation
Outline Fault Tolerant and Testable Computing Systems Modeling and Evaluation Copyright 2011 Daniel J. Sorin Duke University Experimental Methodology and Modeling Random Variables Probabilistic Models
More informationThe Need for and the Advantages of Generalized Tensor Algebra for Kronecker Structured Representations
The Need for and the Advantages of Generalized Tensor Algebra for Kronecker Structured Representations Leonardo Brenner, Paulo Fernandes, and Afonso Sales PUCRS, Av Ipiranga, 6681-90619-900 - Porto Alegre,
More informationDependable Computer Systems
Dependable Computer Systems Part 3: Fault-Tolerance and Modelling Contents Reliability: Basic Mathematical Model Example Failure Rate Functions Probabilistic Structural-Based Modeling: Part 1 Maintenance
More informationEE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2014
EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2014 Discrete Event Simulation Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley)
More informationDiscrete-event simulation of fluid stochastic Petri nets
Discrete-event simulation of fluid stochastic Petri nets Gianfranco Ciardo 1 David Nicol 2 Kishor S. Trivedi 3 ciardo@cs.wm.edu nicol@cs.dartmouth.edu kst@egr.duke.edu 1 Dept. of Computer Science, College
More informationof Business Workows using Generalized Stochastic Petri Nets A. Ferscha Institut fur Angewandte Informatik und Informationssysteme Universitat Wien
Qualitative and Quantitative Analysis of Business Workows using Generalized Stochastic Petri Nets A. Ferscha Institut fur Angewandte Informatik und Informationssysteme Universitat Wien Lenaugasse 2/8,
More informationPart I Stochastic variables and Markov chains
Part I Stochastic variables and Markov chains Random variables describe the behaviour of a phenomenon independent of any specific sample space Distribution function (cdf, cumulative distribution function)
More informationDiagram-based Formalisms for the Verication of. Reactive Systems. Anca Browne, Luca de Alfaro, Zohar Manna, Henny B. Sipma and Tomas E.
In CADE-1 Workshop on Visual Reasoning, New Brunswick, NJ, July 1996. Diagram-based Formalisms for the Verication of Reactive Systems Anca Browne, Luca de Alfaro, Zohar Manna, Henny B. Sipma and Tomas
More informationProbabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford
Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of Computer Science University of Oxford Overview CSL model checking basic algorithm untimed properties time-bounded until the
More information