Optimal Time-Bounded Reachability Analysis for Concurrent Systems

. Eﬃcient optimal scheduling for concurrent systems on a ﬁnite horizon is a challenging task up to date: Not only does time have a continuous domain, but in addition there are exponentially many possible decisions to choose from at every time point. In this paper we present a solution to the problem of optimal time-bounded reachability for Markov automata, one of the most general formalisms for modelling concurrent systems. Our algorithm is based on the discretisation of the time horizon. In contrast to most existing algorithms for similar problems, the discretisation step is not ﬁxed. We attempt to discretise only in those time points when the optimal scheduler in fact changes its decision. Our empirical evaluation demonstrates that the algorithm improves on existing solutions up to several orders of magnitude.


Introduction
Modern technologies grow and complexify rapidly, making it hard to ensure their dependability and reliability. Formal approaches to describing these systems include (generalised) stochastic Petri nets [Mol82,MCB84,MBC+98,Bal07], stochastic activity networks [MMS85], dynamic fault trees [BCS10] and others. The semantics of these modelling languages is often defined in terms of continuous time Markov chains (CTMCs). CTMCs can model the behaviour of seemingly independent processes evolving in memoryless continuous time (according to exponential distributions).
Modelling a system as a CTMC, however, strips it of any notion of choice, e. g., which of a number of requests to process first, or how to optimally balance the load over multiple servers of a cluster. Making sure that the system is safe for all possible choices of this kind is an important issue when assessing its reliability. Non-determinism allows the modeller to capture these choices. Modelling systems with non-determinism is possible in formalisms such as interactive Markov chains [Her02], or Markov automata (MA) [EHKZ13]. The latter are one of the most general models for concurrent systems available and can serve as a semantics for generalised stochastic Petri nets and dynamic fault trees.
A similar formalism, continuous time Markov decision processes (CTMDPs) [Ber00,Put94], has seen wide-spread use in control theory and operations research. In fact, MA and CTMDPs are closely related: They both can model exponential Markovian transitions and non-determinism. However, MA are compositional, while CTMDPs are not: In general it is not possible to model a system as a CTMDP by modelling each of its sub-components as smaller CTMDP and then combining them. This is why modelling large systems with many communicating sub-components as a CTMDP is cumbersome and error-prone. In fact, most modern model checkers, such as Storm [DJKV17], Modest [HH14] and PRISM [KNP11], do not offer any support for CTMDPs.
In the analysis of MA and CTMDPs, one of the most challenging problems is the approximation of optimal time-bounded reachability probability, i. e. the maximal (or minimal) probability of a system to reach a set of goal states (e. g. unsafe states) within a given time bound. Due to the presence of non-determinism this value depends on which decisions are taken at which time points. Since the optimal strategy is time dependent there are continuously many different strategies. Classically, one deals with continuity by discretising the values, as is the case in most algorithms for CTMDPs and MA [Neu10,FRSZ16,HH15,BS11]: The time horizon is discretised into finitely many intervals, and the value within each interval is approximated by e. g. polynomial or exponential functions. Discretisation is closely related to the scheduler that is optimal for a specific MA. As an example, consider Fig. 1: The plot shows the probabilities of reaching a goal state for a certain time bound, by choosing options 1 and 2. If less than 0.9 seconds remain, option 1 has a higher probability of reaching the goal set, while option 2 is preferable as long as more than 0.9 seconds are left. In this example it is enough to discretise the time horizon with roughly 2 intervals: [0, 0.9] and (0.9, 1.5]. The algorithms known to date however use from 200 to 2·10 6 intervals, which is far too many. The solution that we present in this paper discretises the time horizon in only three intervals for this example.
Our contribution consists in an algorithm that computes time bounded reachability probabilities for Markov automata. The algorithm discretises the time horizon by intervals of variable length, making them smaller near those time points where the optimal scheduler switches from one decision to another. We give a characterisation of these time points, as well as tight sufficient conditions for no such time point to exist within an interval. We present an empirical evaluation of the performance of the algorithm and compare it to other algorithms available for Markov automata. The algorithm does perform well in the comparison, improving in some cases by several orders of magnitude, but does not strictly outperform available solutions.

Preliminaries
Given a finite set S, a probability distribution over S is a function μ : S → [0, 1], s. t. s∈S μ(s) = 1. We denote the set of all probability distributions over S by Dist(S). The sets of rational, real and natural numbers are denoted with Q, R and N resp., where S is a finite set of states partitioned into probabilistic (PS ) and Markovian (MS ), G ⊆ S is a set of goal states, Act is a finite set of actions,  This disallows e. g., probabilistic states with no outgoing transitions, or with only self-loop transitions.
A (timed) path in M is a finite or infinite sequence ρ = s 0 The set of all finite (infinite) paths of M is denoted by Paths * (Paths).
Time passes continuously in Markovian states. The system leaves the state after the amount of time that is governed by an exponential distribution, i. e. the probability of leaving s ∈ MS within t ≥ 0 time units is given by 1 − e −E(s)·t , after which the next state s is chosen with probability Q(s, s )/E(s).
Probabilistic transitions happen instantaneously. Whenever the system is in a probabilistic state s and an action α ∈ Act(s) is chosen, the successor s is selected according to the distribution P[s, α, ·] and the system moves from s to s right away. Thus, the residence time in probabilistic states is always 0.

Time-Bounded Reachability
In this work we are interested in the probability to reach a certain set of states of a Markov automaton within a given time bound. However, due to the presence of multiple actions in probabilistic states the behaviour of a Markov automaton is not a stochastic process and thus no probability measure can be defined. This issue is resolved by introducing the notion of a scheduler.
A general scheduler (or strategy) π : Paths * → Dist(Act) is a measurable function, s. t. ∀ρ ∈ Paths * if ρ↓ ∈ PS then π(ρ) ∈ Dist(Act(ρ↓)). General schedulers provide a distribution over enabled actions of a probabilistic state given that the path ρ has been observed from the beginning of the system evolution. We call stationary such a general scheduler π that can be represented as π : PS → Act, i. e. it is non-randomised and depends only on the current state. The set of all general (stationary) schedulers is denoted by Π gen (Π stat resp.).
Given a general scheduler π, the behaviour of a Markov automaton is a fully defined stochastic process. For the definition of the probability measure Pr π M on Markov automata we refer to [Hat17].
Let s ∈ S, T ∈ Q 0 be a time bound and π ∈ Π gen be a general scheduler. The (time-bounded) reachability probability (or value) for a scheduler π and state s in M is defined as follows: Optimal Schedulers. For the time-bounded reachability problem it is known [RS13] that there exists an optimal scheduler π of the form π : PS × R 0 → Act. This scheduler does not need to know the full history of the system, but only the current probabilistic state it is in and the total time left until time bound. It is deterministic, i. e. not randomised, and additionally, this scheduler is piecewise constant, meaning that there exists a finite partition I(π) of the time interval [0, T ] into intervals I 0 = [t 0 , t 1 ], I 1 = (t 1 , t 2 ], · · · , I k−1 = (t k−1 , t k ], such that t 0 = 0, t k = T and the value of the scheduler remains constant throughout each interval of the partition, i. e. ∀I ∈ I(π), ∀t 1 , t 2 ∈ I, ∀s ∈ PS : π(s, t 1 ) = π(s, t 2 ). The value of π on an interval I ∈ I(π) and s ∈ PS is denoted by π(s, I), i. e. π(s, I) = π(s, t) for any t ∈ I.
As an example, consider the MA in Fig. 2 and time bound T = 1. Here the optimal scheduler for state s 1 chooses the reliable but slow action β if there is enough time, i. e. if at least 0.62 time is left. Otherwise the optimal scheduler switches to a more risky, but faster path via action α.
In the literature this subclass of schedulers is sometimes referred to as totaltime positional deterministic, piecewise constant schedulers. From now on we call a scheduler from this subclass simply a scheduler (or strategy) and denote the set of such schedulers with Π. An important notion of schedulers is the switching point, the point of time separating two intervals of constant decisions: Definition 2. For a scheduler π and s ∈ PS we call τ ∈ R 0 a switching point, iff ∃I 1 , I 2 ∈ I(π), s. t. τ = sup I 1 and τ = inf I 2 and ∃s ∈ PS : π(s, I 1 ) = π(s, I 2 ).
Whether the switching points can be computed exactly or not is an open problem. In fact, the theorem of Lindemann-Weierstrass suggests that switching points are non-algebraic numbers, what hints at a negative answer.

Related Work
In this section we briefly review the algorithms designed to approximate time bounded reachability probabilities. We only discuss the algorithms that guarantee to compute ε-close approximation of the reachability value.
The majority of the algorithms [Neu10,BS11,FRSZ16,SSM18,BHHK15] are available for continuous time Markov decision processes (CTMDPs) [Ber00]. Two of those, [Neu10] and [BHHK15], are also applicable to MA. We compare to them in our empirical evaluation in Sect. 5. All the algorithms utilise such known techniques as discretisation, uniformisation, or a combination thereof. The drawback of most of the algorithms is that they do not adapt to a specific instance of a problem. Namely, given a model M to analyse, they perform as many computations as is needed for M, which is the worst-case model in a subclass of models that share certain parameters with M, such as E max , for example. Experimental evaluation performed in [BHHK15] shows that such approaches are not promising, because most of the time the algorithms perform too many unnecessary computations. This is not the case for [BS11] and [BHHK15]. The latter performs the analysis via uniformisation and schedulers that cannot observe time. The former, designed for CTMDPs, performs discretisation of the time horizon with intervals of variable length, however is not applicable to MA. Just like in [BS11], our approach is to adapt the discretisation of the time horizon to a specific instance of the problem.

Our Solution
In this section we present a novel approach to approximating optimal timebounded reachability and the optimal scheduler for an arbitrary Markov automaton. Throughout the section we work with an MA M = (S, Act, P, Q, G), time bound T ∈ Q 0 and precision ε ∈ Q >0 . To simplify the presentation we concentrate on supremum reachability probability.
Given a scheduler, computation (or approximation) of the reachability probability is relatively easy: Lemma 1. For a scheduler π ∈ Π and a state s ∈ S, the function val M,π s : is the solution to the following system of equations: (1) (τ i ) as boundary conditions. Later in Sect. 4.1 we will show that the approximation of the solution for each interval (τ i−1 , τ i ] can be achieved via a combination of known techniques, such as uniformisation (for the Markovian states) and untimed reachability analysis (for probabilistic states).
Thus, given an optimal scheduler, Lemma 1 can be used to compute or approximate the optimal reachability value. Finding an optimal scheduler is therefore the challenge for optimal time-bounded reachability analysis. Our solution is based on approximating the optimal reachability value up to an arbitrary ε > 0 by discretising the time horizon with intervals of variable length. On each interval the value of our ε-optimal scheduler remains constant. The discretisation we use attempts to reflect the partition I(π) of a minimal 2 optimal scheduler π, i. e. it mimics intervals on which π has constant value.
Our solution is presented in Algorithm 1. It computes an ε-optimal scheduler π opt and approximates the system of Equations (1)-(2) for π opt . The algorithm iterates over intervals of constant decisions of an ε-optimal strategy. At each iteration it computes: (i) a stationary scheduler π that is close to be optimal on the current interval (line 7), (ii) length δ of the interval, on which π introduces acceptable error (line 8) and (iii) the reachability values for time t + δ (line 9). The following sections discuss the steps of the algorithm in more detail.  δmin, u(t), εΨ, εr, π) 9: compute u(t + δ) according to (5) for εΨ and εr 10: 12: return us(T ), πopt

Computing the Reachability Value
In this section we discuss steps 4 and 9, that require computation of the reachability probability according to the system of Equations (1)-(2). Our approach is based on the approximation of the solution. The presence of two types of states, probabilistic and Markovian, demands separate treatment of those. Informally, we will combine two techniques: time-bounded reachability analysis on continuous time Markov chains 3 for Markovian states and time-unbounded reachability analysis on discrete time Markov chains 4 for probabilistic states. Parameters w and ε i of Algorithm 1 control the error allowed by the approximation. Here ε i bounds the error for the very first instance of time-unbounded reachability in line 4. While w defines the fraction of the error that can be used by the approximations in subsequent iterations (ε Ψ and ε r ). We start with time-unbounded reachability analysis for probabilistic states. Let π ∈ Π stat , s, s ∈ S. We define  (0) is the optimal probability to reach any goal state via only probabilistic transitions. We denote it by R * (s, G) = max π∈Πstat R(s, π, G) (step 4). It is a well-known problem on discrete time Markov decision processes [Put94] and can be computed or approximated by policy iteration, linear programming [Put94] or interval value iteration [HM14,QK18,BKL+17]. If the value is approximated up to , we denote it by R * (s, G).
The reachability analysis on Markovian states is solved with the well-known uniformisation approach [Jen53]. Informally, Markovian states will be implicitly uniformised : The exit rate for each Markovian state will be equal E max (by adding a self-loop transition), but this will not affect the reachability value.
We will first define the discrete probability to reach the target vector within k Markovian transitions. Let x ∈ [0, 1] |S| be a vector of values for each state. For k ∈ N 0 , π ∈ Π stat we define D k x (s, π) = 1 if s ∈ G and otherwise: (4) The value D k x (s, π) is the weighted sum over all states s of the value x s and the probability to reach s starting from s within k Markovian transitions. Therefore the counter k decreases only when a Markovian state performs a transition and is not affected by probabilistic transitions. If values R(s, π, s ) are approximated up to precision , i. e. R (s, π, s ) is used for probabilistic states instead of R(s, π, s ) in (4), we use the notation D k x, (s, π). We denote with Ψ λ the probability mass function of the Poisson distribution with parameter λ. For a τ ∈ R 0 and ε Ψ ∈ (0, 1], N (τ, ε Ψ ) is some natural number satisfying [BHHK15], where e is the Euler's number.
We are now in position to describe a way to compute u(t + δ) at line 9 of Algorithm 1. Let u(t) ∈ [0, 1] |S| be a vector of values computed by the previous iteration of Algorithm 1 for time t. Let val M,π (t + δ) be the solution of the system of Equation (1) for time point t + δ, a stationary scheduler π : PS → Act and where u(t) is used instead of val M,π (t) as the boundary condition 5 . The following Lemma shows that val M,π (t + δ) can be efficiently approximated up to ε Ψ + ε r : Then ∀s ∈ S : u s (t + δ) val M,π s (t + δ) u s (t + δ) + ε Ψ + ε r , where:

Choosing a Strategy
The strategy for the next interval is computed in Step 7 and implicitly in Step 4. The latter has been discussed in Sect. 4.1. We proceed to Step 7.
Here we search for a strategy that remains constant for all time points within interval (t, t + δ], for some δ > 0, and introduces only an acceptable error. Analogously to results for continuous time Markov decision processes [Mil68], we prove that derivatives of function u(τ ) at time τ = t help finding the strategy π that remains optimal for interval (t, t + δ], for some δ > 0. This is rooted in the Taylor expansion of function u(t + δ) via the values of u(t). We define sets π (s) = s ∈MS ∪G R(s, π, s ) · u s (t) and for i 1: The value d (i) π (s) is the i th derivative of u s (t) at time t for a scheduler π.
Lemma 3. If π ∈ F |S|+1 then ∃δ > 0 such that π is optimal on (t, t + δ]. Thus in order to compute a stationary strategy that is optimal on timeinterval (t, t+δ], for some δ > 0, one needs to compute at most |S|+1 derivatives of u(τ ) at time t. Procedure FindStrategy does exactly that. It computes sets F i until for some j ∈ 0..(|S| + 1) there is only 1 strategy left, i. e. |F j | = 1. Otherwise it outputs any strategy in F |S|+1 . Similarly to Sect. 4.1, the scheduler that maximises the values R(s, π, s ) can be approximated. This question and other optimisations are discussed in detail in Sect. 4.4.

Finding Switching Points
Given that a strategy π is computed by FindStrategy, we need to know for how long this strategy can be followed before the action has to change for at least one of the states. We consider the behaviour of the system in the time interval [t, T ]. Recall the function val π (t + δ), δ ∈ [0, T − t], defined in Sect. 4.1 (Lemma 2) as the solution of the system of Equation (1) with the boundary condition u(t), for a stationary scheduler π. For a probabilistic state s the following holds: Let s ∈ PS , π ∈ Π stat , α ∈ Act(s). Consider the following function: val π,s→α This function denotes the reachability value for time bound t + δ and a scheduler that is different from π. Namely, this is such a scheduler, that all states follow strategy π, except for state s, that selects action α for the very first transition, and afterwards selects action π(s). Between two switching points the strategy π is optimal and therefore the value of val π,s→α s (t+δ) is not greater than val π s (t+δ) for all s ∈ PS , α ∈ Act(s). If for some δ ∈ [0, T −t], s ∈ PS , α ∈ Act(s) it holds that val π,s→α s (t + δ) > val π s (t + δ), then action α is better for s then π(s), and therefore π(s) is not optimal for s at t + δ. We show that the next switching point after time point t is such a value t + δ, δ ∈ (0, T − t], that and ∃s ∈ PS , α ∈ Act(s) : val π s (t + δ) < val π,s→α Procedure FindStep approximates switching points iteratively. It splits the time interval [0, T ] into subintervals [t 1 , t 2 ], . . . , [t n−1 , t n ] and at each iteration k checks whether (7) holds for some δ ∈ [t k , t k+1 ]. The latter is performed by procedure CheckInterval. If ∀δ ∈ [t k , t k+1 ] (7) does not hold, FindStep repeats by increasing k. Otherwise, it outputs the largest δ ∈ [t k , t k+1 ] for which (7) does not hold (line 11). This is done by binary search up to distance δ min . Later in this section we will show that establishing that (7) does not hold for all δ ∈ [t k , t k+1 ] can be efficiently performed by considering only 2 time points of the interval [t k , t k+1 ] and a subset of state-action pairs.
At every iteration k we choose such a time point t k that the MA is very likely to perform at most k Markovian transitions within time t k . "Very likely" here means with probability 1 − ε Ψ . For k ∈ N we define T Ψ (k, ε Ψ ) as follows: T Ψ (1, ε Ψ ) = δ min , and for k > 1: Searching for switching points within [t k , t k+1 ]. In order to check whether val π (t+ δ) val π,s→α (t + δ) for all δ ∈ [t k , t k+1 ] we only have to check whether the maximum of function diff(s, α, t + δ) = val π,s→α s (t + δ) − val π s (t + δ) is at most 0 on this interval for all s ∈ PS , α ∈ Act(s). In order to achieve this we work on the approximation of diff(s, α, t + δ) derived from Lemma 2, thus establishing a sufficient condition for the scheduler to remain optimal: val π,s→α Here R s→α,εN (s, π, s ) (R s→α,εN (s, π, G)) denotes an under-approximation of the value R s→α (s, π, s ) (R s→α (s, π, G) resp.) up to ε N , defined in Lemma 2. And analogously for val π (t + δ). Simple rewriting leads to the following: εN (s, α), (9) where B i π,εN (s, α) = s ∈MS \G R s→α,εN (s, π, s )−R εN (s, π, s ) ·D i u (t),εN (s , π) and C π,εN (s, α) = R s→α,εN (s, π, G) − R εN (s, π, G) + ε Ψ + ε r . In order to find the supremum of the right-hand side of (9) over all δ ∈ [a, b] we search for extremum of each y i (δ) = Ψ Emax(t+δ) (i) · B i π,εN (s, α), i = 0..k, separately as a function of δ. Simple derivative analysis shows that the extremum of these functions is achieved at δ = i/E max . Truncation of the time interval by ( t k · E max + 1)/E max (step 4, Algorithm 2) ensures that for all i = 0..k the extremum of y i (δ) is attained at either δ = t k or δ = t k+1 . where CheckInterval returns false iff for all s ∈ PS , α ∈ Act the right-hand side of (10) is less or equal to 0. Since Lemma 4 over-approximates diff(s, α, t+δ) false positives are inevitable. Namely, it is possible that procedure CheckInterval suggests that there exists a switching point within [t k , t k+1 ], while in reality there is none. This however does not affect correctness of the algorithm and only its running time.
Finding Maximal Transitions. Here we show that there exists a subset of states, such that, if the optimal strategy for these states does not change on an interval, then the optimal strategy for all states does not change on this interval.
We prove that if inequality (10) holds for all transitions from T max (k), then it holds for all transitions. Thus only transitions from T max (k) have to be checked by procedure CheckInterval. In our implementation we only compute T max (k) before the call to CheckInterval at line 11 of Algorithm 2, and use the set A = PS × Act within the while-loop.

Optimisation for Large Models
Here we discuss a number of implementation improvements developers should consider when applying our algorithm to large case studies: Switching points. It may happen that the optimal strategy switches very often on a time interval, while the effect of these frequent switches is negligible. The difference may be so small that the ε-optimal strategy actually stays stationary on this interval. In addition, floating-point computations may lead to imprecise results: Values that are 0 in theory might be represented by non-zero float-point numbers, making it seem as if the optimal strategy changed its decision, when in fact it did not. To counteract these issues we can modify CheckInterval such that it outputs false even if the right-hand side of (10) is positive, as long as it is sufficiently small. The following lemma proves that the error introduced by not switching the decision is acceptable: ] the right-hand side of (10) is not greater than (ε δ/T − )/N (δ, ), then π is ε δ/T -optimal in [t k , t k+1 ].
Optimal strategy. In some cases computation of the optimal strategy in the way it was described in Sect. 4.2 is computationally expensive, or is not possible at all. For example, if some values |d (i) π (s)| are larger than the maximal floating point number that a computer can store, or if the computation of |S| + 1 derivatives is already too prohibitive for models of large state space, or if the values R(s, π, s ) can only be approximated and not computed precisely. With the help of Lemma 5 and minor modifications to Algorithm 1, the correctness and convergence of Algorithm 1 can be preserved even when the strategy computed by FindStrategy is not guaranteed to be optimal.

Empirical Evaluation
We implemented our algorithm as a part of IMCA [GHKN12]. Experiments were conducted as single-thread processes on an Intel Core i7-4790 with 32 GB of RAM. We compare the algorithm presented in this paper with [Neu10] and [BHHK15]. Both are available in IMCA. We use the following abbreviations to refer to the algorithms: FixStep for [Neu10], Unif + for [BHHK15] and SwitchStep for Algorithm 1. The value of the parameter w in Algorithm 1 is set to 0.1, ε i = 0. We keep the default values of all other algorithms. The evaluation is performed on a set of published benchmarks: dpm-j-k: A model of a dynamic power management system [QWP99], representing the internals of a Fujitsu disk drive. The model contains a queue, service requester, service provider and a power manager. The requester generates tasks of j types differing in energy requirements, that are stored in the queue of size k. The power manager selects the processing mode for the service provider. A state is a goal state if the queue of at least one task type is full.
qs-j-k and ps-j-k: Models of a queuing system [HH12] and a polling system [GHH+13] where incoming requests of j types are buffered in two queues of size k each, until they are processed by the server. We consider the state with both queues being full to form the goal state set.
The memory required by all three algorithms is polynomial in the size of the model. For the evaluation we therefore concentrate on runtime only. We set the time limit for the experiments to 15 minutes. Timeouts are marked by x in the plots. Runtimes are given in seconds. All the plots use the log-log axis.

Results
SwitchStep vs FixStep. Figure 3 compares runtimes of SwitchStep and FixStep. For these experiments precision is set to 10 −3 and the state space size ranges from 10 2 to 10 5 . This plot represents the general trend observed in many experiments: The algorithm FixStep does not scale well with the size of the problem (state space, precision, time bound). For larger benchmarks it usually required more than 15 minutes. This is likely due to the fact that the discretisation step used by FixStep is very small, which means that the algorithm performs many iterations. In fact Table 1 reports on the size of the discretisation steps for both FixStep and SwitchStep on a few benchmarks. Here the column δ F shows the length of the discretisation step of FixStep. As we mentioned in Sect. 3, this step is fixed for the selected values of time bound and precision. Columns min δ S , avgδ S and max δ S show minimal, average and maximal steps used by SwitchStep respectively. The average step used by SwitchStep is several orders of magnitude larger than that of FixStep. Therefore SwitchStep performs much less iterations. Even though each iteration takes longer, overall significant decrease in the amount of iterations leads to much smaller total runtime. SwitchStep vs Unif + . In order to compare SwitchStep with Unif + we have to restrict ourselves to a subclass of Markov automata in which probabilistic and Markovian states alternate, and probabilistic states have only 1 successor for each action. This is due to the fact that Unif + is available in IMCA only for this subclass of models.  Figure 4 shows the comparison of running times of SwitchStep and Unif + . For the plot on the left we varied those model parameters that affect state space size, number of non-deterministic actions and maximal exit rate. In the plot on the right the model parameters are fixed, but precision and time bounds used for the experiments are differing. Table 2 shows the parameters of the models used in these experiments. We observe that there are cases in which SwitchStep performs remarkably better than Unif + , and cases of the opposite. Consider the experiments in Fig. 4, right. They show that Unif + may be highly sensitive to variations of time bounds and precision, while SwitchStep is more robust in this respect. This is due to the fact that the scheduler computed by Unif + does not have means to observe time precisely and can only guess it. This may be good enough, which is the case on the ps benchmark. However if it is not, then better precision will require many more computations. Additionally Unif + does not use discretisation. This means that the increase of the time bound from T 1 to T 2 may significantly increase the overall running time, even if no new switching points appear on the interval [T 1 , T 2 ]. SwitchStep does not suffer from these issues due to the fact that it considers schedulers that observe the time precisely and uses the discretisation. Large time intervals that introduce no switching points will likely be handled within one iteration.
In general, SwitchStep performs at its best when there are not too many switching points, which is what is observed in most published case studies.