FlyFast: A Scalable Approach to Probabilistic Model-Checking Based on Mean-Field Approximation

  • Diego Latella
  • Michele LoretiEmail author
  • Mieke Massink
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10500)


Model-checking is an effective formal verification technique that has also been extended to quantitative logics and models such as PCTL and DTMCs as well as CSL and CTMCs/CTMDPs. Unfortunately, the state-space explosion problem of classical model-checking algorithms affects also quantitative extensions. Mean-field techniques provide approximations of the mean behaviour of large population models. These approximations are deterministic: a unique value of the fractions of agents in each state is computed for each time instant. A drastic reduction of the size of the model is obtained enabling the definition of an efficient model-checking algorithm. This paper is a survey of work we have done in the last few years in the area of mean-field approximated probabilistic model-checking. We start with a brief description of FlyFast, an on-the-fly model checker we have developed for approximated bounded PCTL model-checking, based on mean-field population DTMC approximation. Then we show an example of use of FlyFast in the context of Collective Adaptive Systems. We also discuss two additional interesting front-ends for FlyFast; the first one is a translation from CTMC-based population models and (a fragment of) CSL that allows for approximate probabilistic model-checking in the continuous stochastic time setting; the second one is a translation from a predicate-based process interaction language that allows for probabilistic model-checking of models based on components equipped both with behaviour and with attributes, on which predicates are defined that can be used in component interaction primitives.


Probabilistic on-the-fly model-checking Mean-field approximation Discrete time Markov chains Time bounded probabilistic computation tree logic Collective Adaptive Systems 



In the late 80’s of the previous century, Diego met Ed, who was chairing a Work Package of the EU Lotosphere project, in which Diego participated as well. At that time, Diego was fascinated by the early work on probabilistic process algebras by Scott Smolka, Kim Larsen and others and he was applying similar ideas to LOTOS, together with Paola Quaglia. At the same time, he was loving the work of Rom, supervised by Ed, on Bundle Event Structures as a mathematical model underlying a truly concurrent semantics for LOTOS. The obvious step was to start thinking of probabilistic extensions of Bundle Event Structures. Accidentally, Diego and Mieke had met at a Lotosphere workshop in The Hague and they found themselves nicely synchronised in their professional interests, and beyond ...

Not surprisingly, Diego moved to Twente where he spent 12 months, from july 1992 to june 1993, and together with Ed, Rom and Joost-Pieter, started investigating probabilistic, deterministically timed and stochastically timed Bundle Event Structures. This was the start of a lively friendship of the four of them as well as of a series of headaches when trying to find finite graph-like representations of such structures suitable for analysis. They have been struggling together for years, searching for cut-off events in those slippery structures. Eventually, Mieke moved to Italy and joined the group of cut-off events hunters. It was fun! Maybe we did not manage to completely master the analysis of quantitative Bundle Event Structures, but we are aware of a couple of things: our current work on probabilistic systems is rooted back to those days (and headaches ...) and our friendship too. All this thanks to Ed, who accepted having Diego around in Twente in 1992–93.


  1. 1.
    Aziz, A., Sanwal, K., Singhal, V., Brayton, R.: Model checking continuous time Markov chains. ACM Trans. Comput. Log. 1(1), 162–170 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Baier, C., Haverkort, B., Hermanns, H., Katoen, J.P.: Model-checking algorithms for continuous-time Markov chains. IEEE Trans. Softw. Eng. IEEE CS 29(6), 524–541 (2003)CrossRefzbMATHGoogle Scholar
  3. 3.
    Baier, C., Katoen, J.P.: Principles of Model Checking. The MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  4. 4.
    Bernardo, M., De Nicola, R., Hillston, J. (eds.): Formal Methods for the Quantitative Evaluation of Collective Adaptive Systems. LNCS, vol. 9700. Springer, Heidelberg (2016). ISBN 978-3-319-34095-1 (print), 978-3-319-34096-8 (online), ISSN 0302-9743(2016)Google Scholar
  5. 5.
    Bhat, G., Cleaveland, R., Grumberg, O.: Efficient on-the-fly model checking for CTL*. In: LICS, pp. 388–397. IEEE Computer Society (1995)Google Scholar
  6. 6.
    Bortolussi, L., De Nicola, R., Galpin, V., Gilmore, S., Hillston, J., Latella, D., Loreti, M., Massink, M.: CARMA: collective adaptive resource-sharing Markovian agents. In: Bertrand, N., Tribastone, M. (eds.) Proceedings Thirteenth Workshop on Quantitative Aspects of Programming Languages and Systems, QAPL 2015, London, UK, 11th–12th April 2015, EPTCS, vol. 194, pp. 16–31 (2015).
  7. 7.
    Bortolussi, L., Hillston, J.: Fluid model checking. In: Koutny, M., Ulidowski, I. (eds.) CONCUR 2012. LNCS, vol. 7454, pp. 333–347. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32940-1_24 CrossRefGoogle Scholar
  8. 8.
    Bortolussi, L., Hillston, J.: Model checking single agent behaviours by fluid approximation. Inf. Comput. 242, 183–226 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Bortolussi, L., Hillston, J., Latella, D., Massink, M.: Continuous approximation of collective system behaviour: a tutorial. Perform. Eval. 70(5), 317–349 (2013).
  10. 10.
    Bradley, J.T., Gilmore, S.T., Hillston, J.: Analysing distributed internet worm attacks using continuous state-space approximation of process algebra models. J. Comput. Syst. Sci. 74(6), 1013–1032 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Buchholz, P., Hahn, E.M., Hermanns, H., Zhang, L.: Model checking algorithms for CTMDPs. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 225–242. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22110-1_19 CrossRefGoogle Scholar
  12. 12.
    Chaintreau, A., Le Boudec, J.Y., Ristanovic, N.: The age of gossip: spatial mean field regime. In: Douceur, J.R., Greenberg, A.G., Bonald, T., Nieh, J. (eds.) SIGMETRICS/Performance, pp. 109–120. ACM (2009)Google Scholar
  13. 13.
    Ciancia, V., Latella, D., Loreti, M., Massink, M.: Specifying and verifying properties of space. In: Diaz, J., Lanese, I., Sangiorgi, D. (eds.) TCS 2014. LNCS, vol. 8705, pp. 222–235. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44602-7_18. ISBN 978-3-662-44601-0 (print), 978-3-662-44602-7 (online), ISSN 0302-9743Google Scholar
  14. 14.
    Ciancia, V., Latella, D., Loreti, M., Massink, M.: Model checking spatial logics for closure spaces. Log. Methods Comput. Sci. 12(4), 1–51 (2016). doi: 10.2168/LMCS-12(4:2)2016. Published online: 11 October 2016. ISSN 1860-5974
  15. 15.
    Ciancia, V., Latella, D., Massink, M.: On-the-fly mean-field model-checking for attribute-based coordination. In: Lluch Lafuente, A., Proença, J. (eds.) COORDINATION 2016. LNCS, vol. 9686, pp. 67–83. Springer, Cham (2016). doi: 10.1007/978-3-319-39519-7_5. ISSN 0302-9743, ISBN 978-3-319-39518-0 (print), 978-3-319-39519-7 (online)Google Scholar
  16. 16.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)CrossRefzbMATHGoogle Scholar
  17. 17.
    Courcoubetis, C., Vardi, M., Wolper, P., Yannakakis, M.: Memory-efficient algorithms for the verification of temporal properties. Form. Methods Syst. Des. 1(2–3), 275–288 (1992)CrossRefzbMATHGoogle Scholar
  18. 18.
    Darling, R., Norris, J.: Differential equation approximations for Markov chains. Probab. Surv. 5, 37–79 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Dayar, T., Mikeev, L., Wolf, V.: On the numerical analysis of stochastic Lotka-Volterra models. In: IMCSIT, pp. 289–296 (2010)Google Scholar
  20. 20.
    De Nicola, R., et al.: The SCEL language: design, implementation, verification. In: Wirsing, M., Hölzl, M., Koch, N., Mayer, P. (eds.) Software Engineering for Collective Autonomic Systems. LNCS, vol. 8998, pp. 3–71. Springer, Cham (2015). doi: 10.1007/978-3-319-16310-9_1. ISBN 978-3-319-16309-3 (print), 978-3-319-16310-9 (online), ISSN 0302-9743Google Scholar
  21. 21.
    Della Penna, G., Intrigila, B., Melatti, I., Tronci, E., Zilli, M.V.: Bounded probabilistic model checking with the Mur\(\alpha \) verifier. In: Hu, A.J., Martin, A.K. (eds.) FMCAD 2004. LNCS, vol. 3312, pp. 214–229. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30494-4_16 CrossRefGoogle Scholar
  22. 22.
    Din, Q.: Dynamics of a discrete Lotka-Volterra model. Adv. Diff. Equ. 95, 1–13 (2013)MathSciNetGoogle Scholar
  23. 23.
    Donzé, A., Ferrère, T., Maler, O.: Efficient robust monitoring for STL. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 264–279. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_19 CrossRefGoogle Scholar
  24. 24.
    Donzé, A., Maler, O.: Robust satisfaction of temporal logic over real-valued signals. In: Chatterjee, K., Henzinger, T.A. (eds.) FORMATS 2010. LNCS, vol. 6246, pp. 92–106. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15297-9_9 CrossRefGoogle Scholar
  25. 25.
    Gast, N., Gaujal, B.: A mean field model of work stealing in large-scale systems. In: Misra, V., Barford, P., Squillante, M.S. (eds.) SIGMETRICS, pp. 13–24. ACM (2010)Google Scholar
  26. 26.
    Gnesi, S., Mazzanti, F.: An abstract, on the fly framework for the verification of service-oriented systems. In: Wirsing, M., Hölzl, M. (eds.) Rigorous Software Engineering for Service-Oriented Systems. LNCS, vol. 6582, pp. 390–407. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20401-2_18 CrossRefGoogle Scholar
  27. 27.
    Goel, N.S., Maitra, S.C., Montroll, E.W.: On the volterra and other nonlinear models of interacting populations. Rev. Mod. Phys. 43, 231–276 (1971).
  28. 28.
    Guirado, G., Hérault, T., Lassaigne, R., Peyronnet, S.: Distribution, approximation and probabilistic model checking. In: PDMC 2005. LNCS, vol. 135. pp. 19–30. Springer, Heidelberg (2006)Google Scholar
  29. 29.
    Hahn, E.M., Hermanns, H., Wachter, B., Zhang, L.: INFAMY: an infinite-state Markov model checker. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 641–647. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02658-4_49 CrossRefGoogle Scholar
  30. 30.
    Hansson, H., Jonsson, B.: A logic for reasoning about time and reliability. Formal Aspects of Comput. 6, 512–535 (1994)CrossRefzbMATHGoogle Scholar
  31. 31.
    Hérault, T., Lassaigne, R., Magniette, F., Peyronnet, S.: Approximate probabilistic Model checking. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 73–84. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24622-0_8 CrossRefGoogle Scholar
  32. 32.
    Holzmann, G.J.: The SPIN Model Checker - Primer and Reference Manual. Addison-Wesley, Boston (2004)Google Scholar
  33. 33.
    Kolesnichenko, A., de Boer, P.T., Remke, A., Haverkort, B.R.: A logic for model-checking mean-field models. In: DSN13 (2013)Google Scholar
  34. 34.
    Kolesnichenko, A.V., Remke, A.K.I., de Boer, P.T., Haverkort, B.: A logic for model-checking of mean-field models. Technical report TR-CTIT-12-11 (2012).
  35. 35.
    Kurtz, T.: Solutions of ordinary differential equations as limits of pure jump Markov processes. J. Appl. Probab. 7, 49–58 (1970)MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Kwiatkowska, M., Norman, G., Parker, D.: Probabilistic symbolic model checking using PRISM: a hybrid approach. STTT 6(2), 128–142 (2004)CrossRefzbMATHGoogle Scholar
  37. 37.
    Larsen, K.G., Legay, A.: Statistical model checking: past, present, and future. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 3–15. Springer, Cham (2016). doi: 10.1007/978-3-319-47166-2_1 CrossRefGoogle Scholar
  38. 38.
    Latella, D., Loreti, M., Massink, M.: On-the-fly fast mean-field model-checking. In: Abadi, M., Lluch Lafuente, A. (eds.) TGC 2013. LNCS, vol. 8358, pp. 297–314. Springer, Cham (2014). doi: 10.1007/978-3-319-05119-2_17 CrossRefGoogle Scholar
  39. 39.
    Latella, D., Loreti, M., Massink, M.: On-the-fly PCTL fast mean-field model-checking for self-organising coordination - preliminary version. Technical report TR-QC-01-2013, QUANTICOL (2013)Google Scholar
  40. 40.
    Latella, D., Loreti, M., Massink, M.: On-the-fly probabilistic model checking. In: Lanese, I., Sokolova, A. (eds.) Proceedings of the 7th Interaction and Concurrency Experience (ICE 2014), 6 June 2014, Berlin, Germany. EPTCS, vol. 166, pp. 45–59 (2014). doi: 10.4204/EPTCS.166.6,, ISSN 2075-2180
  41. 41.
    Latella, D., Loreti, M., Massink, M.: On-the-fly fluid model checking via discrete time population models. In: Beltrán, M., Knottenbelt, W., Bradley, J. (eds.) EPEW 2015. LNCS, vol. 9272, pp. 193–207. Springer, Cham (2015). doi: 10.1007/978-3-319-23267-6_13. ISSN 0302-9743CrossRefGoogle Scholar
  42. 42.
    Latella, D., Loreti, M., Massink, M.: On-the-fly PCTL fast mean-field approximated model-checking for self-organising coordination. Sci. Comput. Program. 110, 23–50 (2015). doi: 10.1016/j.scico.2015.06.009, ISSN 0167-6423
  43. 43.
    Latella, D., Loreti, M., Massink, M.: FlyFast: a mean field model checker. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10206, pp. 303–309. Springer, Heidelberg (2017). doi: 10.1007/978-3-662-54580-5_18. ISSN 0302-9743CrossRefGoogle Scholar
  44. 44.
    Latella, D., Massink, M.: Design and optimisation of the FlyFast front-end for attribute-based coordination. In: de Vink, E.P., Wiklicky, H. (eds.) Proceedings of the Fifteenth Workshop on Quantitative Aspects of Programming Languages (QAPL 2017). Electronic Proceedings in Theoretical Computer Science, EPTCS (2017, to appear). Available also as QUANTICOL Technical report TR-QC-01-2017 (2017)Google Scholar
  45. 45.
    Latella, D.: Comunicazione basata su proprietà nei sistemi decentralizzati [property-based inter-process communication in decentralized systems], December 1983. Graduation thesis. Istituto di Scienze dell’Informazione. Univ. of Pisa (in italian)Google Scholar
  46. 46.
    Le Boudec, J.Y., McDonald, D., Mundinger, J.: A generic mean field convergence result for systems of interacting objects. In: QEST07, pp. 3–18. IEEE Computer Society Press (2007). ISBN 978-0-7695-2883-0Google Scholar
  47. 47.
    LeVeque, R.J.: Finite Difference Methods for Ordinary and Partial Differential Equations. SIAM, Philadelphia (2007)CrossRefzbMATHGoogle Scholar
  48. 48.
    Lotka, A.J.: Elements of Mathematical Biology. Williams and Wilkins Company, Philadelphia (1924)Google Scholar
  49. 49.
    de Oca, M.A.M., Ferrante, E., Scheidler, A., Pinciroli, C., Birattari, M., Dorigo, M.: Majority-rule opinion dynamics with differential latency: a mechanism for self-organized collective decision-making. Swarm Intell. 5(3–4), 305–327 (2011)Google Scholar
  50. 50.
    Nenzi, L., Bortolussi, L., Ciancia, V., Loreti, M., Massink, M.: Qualitative and quantitative monitoring of spatio-temporal properties. In: Bartocci, E., Majumdar, R. (eds.) RV 2015. LNCS, vol. 9333, pp. 21–37. Springer, Cham (2015). doi: 10.1007/978-3-319-23820-3_2 CrossRefGoogle Scholar
  51. 51.
    Volterra, V.: Fluctuations in the abundance of a species considered mathematically. Nature 118, 558–560 (1926)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.CNR-ISTIPisaItaly
  2. 2.Università di FirenzeFirenzeItaly

Personalised recommendations