Probabilistic Computation Tree Logic

Probabilistic Computation Tree Logic (PCTL) [22, 111] is a branching-time tem- poral logic for describing properties of DTMCs. To this end, PCTL extends the non- probabilistic Computation Tree Logic [13, 182] with a probabilistic operator P. In this thesis, we use the cost-reward augmented PCTL variant with the syntax from [148], as detailed below.

Definition 2.7. The syntax of Probabilistic Computation Tree Logic (PCTL) is given by the following grammar:

Φ ::= true_{| a | ¬Φ | Φ ∧ Φ | P}./p [φ]

φ ::= XΦ_{| Φ}S≤k Φ

and the cost/reward augmented PCTL state formulae are defined by the grammar:

R./r[C≤k]| R./r[I=k]| R./r[F Φ]

where:

• a ∈ AP is an atomic proposition with AP being a set of atomic propositions; • ./ ∈ {<, ≤, ≥, >} is a relational operator;

• k ∈ N ∪ {∞};

• p ∈ [0, 1] is a probability bound (or threshold); • r ∈ R≥0 is a reward bound.

In order to analyse the properties of a DTMC model, PCTL formulae specify con- ditions over the states of the model. In the definition above, state formulaeΦ and path formulae φ are evaluated over model states and paths, respectively. Note that path formulae can only occur within the scope of the probabilistic operator P./p [·]. This

operator defines upper or lower bounds on the probability of system evolution. For instance, a state s satisfies a formula P./p[φ] if the probability of the future system

evolution meets the bound ./ p. For a path π, the “next” formula XΦ holds if Φ is satisfied in the next state. The “bounded until” formula Φ1S≤kΦ2 holds if before Φ2

0, 1, . . . , x− 1. If k = ∞, the formula is termed “unbounded until”. Finally, P=?[φ] can

be used to quantify the probability of a path formulaφ.

Given a state s, the high-level interpretation of the cost/reward operator R is: • R./r[C≤k] holds, if from state s the expected cumulative reward up to time step

k meets the bound ./ r;

• R./r[I=k] is true if the expected state reward at time step k satisfies ./ r;

• R./r[F Φ] holds, if from state s the expected cumulative reward before reaching a

state that satisfiesΦ meets the bound ./ r.

As before, R=?[·] can be used to quantify over states and transitions, and to compute

the expected value of a reward.

Formally, the semantics of PCTL over DTMCs are defined as follows.

Definition 2.8. Let D = (S, ¯s, P, L) be a labelled DTMC. For any state s _{∈ S, k ∈} N∪ {∞} and r ∈ R≥0, the satisfaction relation |= is defined inductively by:

s_{|= true for all s ∈ S} s_{|= a ⇔ a ∈ L(s)} s_{|= ¬Φ ⇔ s 6|= Φ}

s_{|= Φ}1∧ Φ2 ⇔ s |= Φ1∧ s |= Φ2

s|= P./p[φ] ⇔ P r(s |= φ) ./ p

where P r(s_{|= φ) = P r}s(π∈ P athD(s)|π |= φ) is the probability that a path

starting froms satisfies φ.

Moreover, for any path π∈ P athD_(s)

π_{|= P}./p[XΦ] ⇔ π(1) |= Φ

π|= P./p[Φ1S≤kΦ2] ⇔ ∃0 ≤ i ≤ k.(π(i) |= Φ2∧ ∀0 ≤ j < i.(π(j) |= Φ1))

π _{|= P}./p[Φ1S Φ2] ⇔ ∃i ≥ 0.(π(i) |= Φ2∧ ∀0 ≤ j < i.(π(j) |= Φ1))

Finally, for the cost/reward structures

s|= R./r[C≤k] ⇔ ExpD(s, XC≤k) ./ r

s_{|= R}./r[I=k] ⇔ ExpD(s, XI=k) ./ r

s|= R./r[FΦ] ⇔ ExpD(s, XFΦ) ./ r

where ExpD_{(s, X}

Evaluating a PCTL formula for a DTMC

The algorithm for model checking a PCTL formula takes as inputs a labelled DTMC D = (S, s0, P, L) and a PCTL state formula Φ. First, the set of states satisfying Φ is

determined. When the question is whether a given state s satisfies Φ, it is sufficient to check if s is in that set. However, if the focus is on quantitative results of the form P./p[φ], we need to compute the probability for all states s of the DTMC satisfying

formula φ, and then compare these values to the bound p.

Model checking DTMCs against PCTL formulae involves the combination of graph traversal algorithms and analytical solution approaches. The former is mainly used for reachability analysis, for example, to examine whether it is possible from the initial state to reach a failure state. Computing the likelihood of an event occurring is carried out by analytical techniques. In particular, formula P./p[XΦ] requires one matrix-

vector multiplication, while the result of formulae specifying bounded until probabilities Φ1S≤kΦ2, instantaneous rewards R./r[I=k], and cumulative rewards R./r[C≤k] can

be estimated using k matrix-vector multiplications. Finally, computing unbounded until probabilitiesP./p[Φ1S Φ2] and cumulative rewards R./r[F Φ] reduces to solving a

system of linear equations. We refer the interested reader to [148, 182] for a complete description of the technical details.

Example 2.3. Consider again the e-commerce system with the DTMC model from Figure 2.2. Table 2.1 shows a set of example QoS requirements, including an informal description and their formalisation in PCTL.

Table 2.1: QoS requirements for the train booking system

ID Informal description PCTL

R1 (Workflow reliability ): “Workflow executions must complete successfully with probability at least 90%”

P≥0.9[F s = s4]

R2 (Buy probability ): “A customer is expected to purchase at least one ticket within the first 7 time steps with probability at least 85%”

P≥0.85[F≤7s = s2]

R3 (No shipping ): “At least 75% of the purchased tickets are printed by customers”

P≥0.75[¬s = s3S s = s4]

R4 (Search cost ): “The expected cost incurred be- cause of searching for tickets during the first 10 time steps must be less than 10 cents”

R“search”