STOCHASTIC SPECIFICATION
AND
VERIFICATION
Fatemeh Ghassemi
OUTLINE
Introduction
| Motivation Towards Stochastic Process Algebra
| Running Example
| Stochastic Process Algebra : PEPA
| PEPA Tool
|
2
INTRODUCTION
|
Classic Verification
P t iN
Petri
Nets
t
Process
Algebra
System
Specification
Semantics
Labeled
Transition
System
Qualitative Properties :
CTL, LTL, CTL*
Model Checking
Techniques
3
INTRODUCTION (CON.)
|
Performance Verification
Stochastic
Petri Nets
System
y
Specification
Stochastic
Process Algebra
Semantics
Intermediate
Model
Mapping
Quantitative Properties:
CSL, CSRL
Model Checking
Techniques
Specification Level
Morkovian Level
Markov
Chain
4
INTRODUCTION (CON.)
|
There are lots of formal stochastic models
y
Markov models :
Continuous Time Markov Chain (CTMC)
and
d Discrete
Di
Time
Ti
Markov
M k Chain
Ch i (DTMC)
| Markov Decision Process (MDP) is turned
into a set of Markov chains
| A very strong automated tool : PRISM
|
Queuing model
y Stochastic Petri Nets
y
5
Motivation Towards Stochastic Process
Algebra
Enough
g expressiveness
p
| Formal interpretation
| Compositionality
|
6
Motivation Towards Stochastic Process
Algebra (Con.)
|
Queuing networks solve complex systems using
product
d
fform solution
l i property
The steady-state solution of the network is the
product of the steady-state solutions of individual
queues.
y π(s1 × s2) = π(s1) × π(s2)
y
|
Shortcomings of queuing
queuing-based
based models are due to
their lack of descriptive power of : (which destroy
product form condition )
Synchronization
y Blocking
y Splitting of customers
y
|
We need more expressive stochastic models
7
Motivation Towards Stochastic Process
Algebra (Con.)
Markov chains
Markov Decision
Queuing Networks
Stochastic Petri Nets
Compositionality
Stochastic
S
h i P
Process
Algebra
Enough Expressiveness
Techniques in
Specification Level
Enough Expressiveness,
Formal and Compositional
State Explosion
8
RUNNING EXAMPLE
|
Reader – Writer
reader
Release, λ2
Release, λ4
Acquire, λ1
buffer
writer
A
Acquire,
i λ3
9
RUNNING EXAMPLE (CON.)
|
Try
y to model running
g example
p with a Markov
Chain or Queue Model :
y
Markov Chain
λ2
λ3
λ1
λ4
y
Queue Model
λ1
λ3
M/M/1/1
M/M/1/1
λ2
+
λ4
10
STOCHASTIC PROCESS ALGEBRA : PEPA
|
Processes are defined as follows:
y
y
y
y
y
y
y
S ::= (α,λ).S | S+S | CS
P ::= P L P| P/L | C
S denotes
d
t a sequential
ti l componentt
P denotes a model component
C stands for a constant which denotes either a
sequential component or a model component
CS stands for a constants which denote sequential
components.
PEPA components are constrained to the sequential
cooperative processes
|
This a necessary condition
Thi
diti for
f associated
i t d
Markov chain to be ergodic
11
STOCHASTIC PROCESS ALGEBRA (CON.)
|
Informal definition :
Prefix
(α,λ).P
After performing action α with a
rate λ, process behaves like P
Choice
P+Q
Process behaves as P or Q
Synchronization
P
Restriction
P/M
L
Q
Processes P and Q are synchronized
on the set of actions L
The set of action M is hidden from
outside processes
12
STOCHASTIC PROCESS ALGEBRA (CON.)
|
Formal definition (semantics)
(
)
Prefix
Synchronization
Hiding
Choice
Constant
13
STOCHASTIC PROCESS ALGEBRA (CON.)
reader = ((bufferAcq,λ
q, 1)).(bufferRel,
(
, λ2)).reader
| writer = (bufferAcq,λ3).(bufferRel, λ4). writer
| buffer = (bufferAcq,T). (bufferRel,T).buffer
| System =reader L writer L buffer where
L={bufferAcq,bufferRel)
|
reader
Relbuffer
Relbuffer
writer
Acqbuffer
Acqbuffer
RelBuffer
buffer
Acqbuffer
14
STOCHASTIC PROCESS ALGEBRA (CON.)
|
The negative
g
exponential
p
distribution of actions
preserves expansion low
((a,r).Stop║(b,s).Stop
,)
p║( , )
p
S ║(b ) S
Stop║(b,s).Stop
((a,r).Stop║Stop
) S ║S
Stop║Stop
y
(a,r).Stop║(b,s).Stop =
(a,r).(b.s).(Stop||Stop)+(b,s).(a,r).(Stop || Stop)
15
STOCHASTIC PROCESS ALGEBRA
Consider miss its data with p
probability
yP
| reader = (bufferAcq,λ1).
|
((bufferRel, (1-P)λ2)+(leak,P λ5).reader)
| writer = (bufferAcq,λ3).(bufferRel, λ4). writer
| buffer = (bufferAcq,T). (bufferRel,T).buffer
| System =reader
writer L buffer where
L
L={bufferAcq,bufferRel)
|
16
MODEL ANALYSIS
=reader
System
y
L
writer
L
buffer ,L={bufferAcq,bufferRel)
, {
q,
)
Specification Level
Markovian Level
bufferAcq, λ1
System
bufferRel, λ2
bufferRel, λ4 bufferAcq, λ3
reader
L
bufferRel, λ5
Reader’
L
writer
L
buffer’
leak, μ
writer’ L buffer’
0 ⎤
λ1
λ3
⎡− (λ1 + λ3 )
⎢ λ
⎥
(
)
0
−
λ
+
μ
μ
2
2
⎢
⎥
⎢ λ4
− λ4 0 ⎥
0
⎥
⎢
0
0 − λ5 ⎦
⎣ λ5
Reader’’ writer
L
L
buffer’
17
ADVANTAGES
Compositionality
p
y allows to model a system
y
as the
interaction of its subsystems.
| Formality gives a precise meaning to all the
terms.
| Abstraction allows to build up complex models
from detailed components but disregarding their
internal behavior when it is appropriate.
| Qualitative analysis allows to verify correct
f
functionality
i
li and
d timeliness
i li
response align
li
quantitative analysis.
|
18
PEAP TOOLS SET
|
PEPA,, Jane Hilston
PEPA WorkBench
y Mobius
y
19
PEPA TOOL
lambda = 0.74;
PEPA
Workench
mu= 1.0;
mu
1 0;
|
Queue = (arrive,infty).Queue1;
Queue1= (arrive,infty).Queue2+(service,mu).Queue;
Q
Queue2=
2 ((arrive,infty).Queue3+(service,mu).Queue1;
i i f )Q
3 (
i
)Q
1
Queue3= (arrive,infty).Queue4+(service,mu).Queue2;
Queue4= (arrive,infty).Queue5+(service,mu).Queue3;
Queue5= (arrive,infty).Queue6+(service,mu).Queue4;
Q
(
,
y) Q
(
, )Q
;
Queue6= (arrive,infty).Queue7+(service,mu).Queue5;
Queue7= (arrive,infty).Queue8+(service,mu).Queue6;
Queue8= (arrive,infty).Queue9+(service,mu).Queue7;
Q
Queue9=
9 ((arrive,infty).Queue10+(service,mu).Queue8;
i i ft ) Q
10+(
i
)Q
8
Queue10= (service,mu).Queue9;
)
(
y)
Customer = ((arrive,lambda).Customer+(service,infty).Customer;
20
Queue<arrive,service>Customer
PEPA TOOL (CON.)
λ=0 74 Pb=0.013286502346907493
λ=0.74,
=0 013286502346907493
Pb=0.013287
error = 0.000001
21
MOBIUS
You can use p
parametric specifications
p
and
conditions
| Queue[n]=[n<10]=>(arrive,lamba).Queue[n+1]+
[n>0 ] =>(service,T).Queue[n-1]
|
22
© Copyright 2026 Paperzz