o<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; SunOS 5.6 sun4u) [Netscape]">
</head>
<body>

<h4>
In this paper we describe our experience with model checking randomized</h4>

<h4>
distributed algorithms using PRISM, a symbolic model checker for</h4>

<h4>
concurrent probabilistic systems currently being developed. PRISM</h4>

<h4>
uses Multi-Terminal Binary Decision Diagrams (MTBDDs) as supplied</h4>

<h4>
by the CUDD package of Fabio Somenzi. Implemented in Java, PRISM</h4>

<h4>
supports model checking of the probabilistic temporal logic PCTL (also</h4>

<h4>
under fairness constraints) and has a system description language similar</h4>

<h4>
to Reactive Modules, based on modular composition. Our experiments</h4>

<h4>
indicate that through a direct translation from this language into MTBDDs,</h4>

<h4>
an efficient symbolic encoding is obtained, exploiting structure in the
system</h4>

<h4>
being modelled. In particular, we are able to construct models of up to
10^30</h4>

<h4>
states in seconds. Model checking of `with probability 1' PCTL properties
is</h4>

<h4>
also fast. The efficiency of numerical computation with MTBDDs, however,</h4>

<h4>
and hence also model checking of quantitative probabilistic temporal logic</h4>

<h4>
properties, is still considerably poorer than for example sparse matrices.</h4>

<h4>
Descriptions and statistics obtained for several case studies can be found
at</h4>

<h4>
<a href="http://www.cs.bham.ac.uk/~dxp/prism/">http://www.cs.bham.ac.uk/~dxp/prism/.</a></h4>

</body>
</html>