Compositional Reasoning for Probabilistic Automata with Uncertainty

Abstract: This paper develops an assume-guarantee (AG) framework for the compositional verification of probabilistic automata (PAs) with uncertain transition probabilities. We study parametric probabilistic automata (pPAs), where probabilities are given by polynomial functions over a finite set of real-valued parameters and robust probabilistic automata (rPAs)-a generalisation of interval probabilistic automata (iPAs)-where transition probabilities range over potentially uncountable uncertainty sets. Towards pPAs, an existing AG framework for PAs is lifted to the parametric setting. We establish asymmetric, circular, and interleaving proof rules to enable compositional verification of a broad class of multi-objective queries, encompassing probabilistic reachability properties and parametric expected total rewards. In addition, we introduce a dedicated AG rule for compositional reasoning about parameter monotonicity. For convex rPAs and iPAs with history-dependent (memory-full) nature, we establish sound AG rules via a reduction to infinite PAs. We further show that AG reasoning can not straightforwardly be applied to non-convex rPAs, memoryless (once-and-for-all) nature semantics, and the common interval-arithmetic relaxation of parallel composition. Finally, we develop a simulation-based AG style for pPAs: we define strong simulation and robust-strong simulation relations for pPAs and derive their corresponding proof rules.

• The paper introduces an assume-guarantee reasoning framework that verifies probabilistic automata with parameters and uncertainty.
• It extends classical methods to parametric and robust models using simulation-based AG rules and multi-objective verification techniques.
• It identifies both positive results for convex, memoryful settings and limitations for non-convex or memoryless scenarios, guiding modular design.

Compositional Reasoning for Probabilistic Automata with Uncertainty

---

Introduction and Motivation

This paper formalizes an assume-guarantee (AG) reasoning framework for compositional verification of probabilistic automata (PAs) extended with parameter uncertainty and robust semantics. It generalizes existing AG frameworks for non-parametric PAs to parametric PAs (pPAs) and robust PAs (rPAs), enabling modular analysis of systems with uncertain or imprecise probabilistic transition information. The approach directly addresses the state-space explosion inherent in analyzing parallel compositions and provides compositional rules for multi-objective verification of temporal and quantitative properties.

The technical developments leverage and extend semantic foundations for parametric Markov processes and robust MDPs, incorporating parallel composition (with synchronization and interleaving) as well as model classes with interval or convex uncertainty. Key advances include AG rules for property satisfaction and monotonicity, as well as showing limitations of compositional reasoning under non-convex or memoryless nature situations.

---

Compositional Verification for Parametric Probabilistic Automata

Model Theory

A parametric PA (pPA) extends Segala's PAs by parameterizing transition probabilities as polynomials over a finite set of parameters. Instantiation by a parameter valuation yields a concrete PA, possibly with dependency between transitions at different states. Verification then considers property satisfaction universally over a parameter region.

Parallel composition of pPAs is defined with synchronization on shared transition labels and asynchronous interleaving of others. Compositional reasoning proceeds by projecting strategies and traces from the composition to the individual components, accounting for the interaction between global parameterization and local structure.

Assume-Guarantee Proof Rules

The AG verification methodology relies on AG triples: for pPA $M$ and queries $A$ (assumption) and $G$ (guarantee) over a parameter region $R$, $M, R \Vdash_{*} (A \Rightarrow G)$ denotes that every strategy satisfying $A$ under every valuation in $R$ also satisfies $G$.

The key asymmetric AG rule is: if

• $M_1, R_1 \Vdash_{*} A$
• $M_2, R_2 \Vdash_{*} (A \Rightarrow G)$

then $A$0, i.e. the global specification $A$1 can be established compositionally. Circular and multi-component generalizations are also presented, as well as fairness-aware and interleaving-specific variants.

Multi-objective (MO) queries (probabilistic reachability, expected reward, conjunctions) and parametric monotonicity reasoning are supported.

Monotonicity

Monotonicity of specifications with respect to parameters (i.e., whether the solution function for satisfaction probability or expected reward is monotone in a parameter) is addressed compositionally. The developed AG-style monotonicity rule allows inferring monotonicity in the composition from monotonicity in its components, crucial for the efficiency of synthesis and optimization in parameterized systems.

---

Compositional Reasoning for Robust PAs

Robust Model Classes

Robust PAs (rPAs) model local transition uncertainty using state-action indexed uncertainty sets of distributions. Two key subclasses:

• Convex rPAs: All uncertainty sets are convex, including polytopes and intervals.
• Interval PAs (iPAs): Uncertainty per transition is an axis-aligned box (interval).

A nature adversary, possibly memoryful, picks the transition distribution in each step.

Limitations of Compositional Reasoning

Strong negative results are established: the AG framework for ordinary PAs does not directly apply to rPAs under several conditions:

• Memoryless nature: The composition can admit behaviors not implementable by local, memoryless nature in components, breaking the AG property.
• Non-convex uncertainty: Without convexity, compositional natures may not be decomposable, again invalidating AG soundness.
• Interval-arithmetic relaxation for iPAs: The common practice of using interval-arithmetic relaxations in the composition introduces spurious behaviors, so AG rules can be unsound.

Compositionality for Convex (History-Dependent) rPAs

Positive results: for convex rPAs under a memoryful-nature semantics, a PA-reduction is possible, mapping robust choices into strategy nondeterminism. Compositional AG rules are valid under a convexity-preserving parallel composition (i.e., taking convex hulls of product uncertainty sets at each global transition). The paper formalizes this equivalence and shows that sound and complete AG reasoning is recoverable for this subclass with these semantic conventions.

---

Simulation-Based AG Reasoning

Beyond property-based reasoning, a simulation-based AG approach is developed, extending [Komuravelli et al., 2012] to the parametric PA setting. The authors define both a valuation-dependent strong simulation relation, and a robust-strong simulation—the latter requiring a single witness relation for all parameter values in a region. Both are proved to be preorders and compositional. A simulation-based AG rule is proven sound and complete: if $A$2 and $A$3, then $A$4.

Since strong simulation preorders preserve satisfaction of safety fragments of PCTL, this yields a specification-preserving compositional verification scheme for parametric and robust PAs at the semantic level.

---

Numerical Results, Contradictory Claims, and Theoretical Implications

Though numeric benchmarks are not presented, the paper demonstrates, with technical counterexamples and model-theoretic arguments, that:

• The AG methodology for PAs cannot, in general, be lifted to rPAs under standard composition, memoryless nature, or non-convex uncertainty.
• Compositionality is rescued only in highly-structured settings with convexity, history-dependent nature, and convex-hull closure at the composition interface.

These results refute naive generalization practices found in some tool implementations of interval analysis or robust model-checking.

The compositional monotonicity reasoning for pPAs is rigorous, and forms a sufficient criterion for global monotonicity based on local monotonicity, without explicit denesting of the compositional structure.

---

Practical and Theoretical Impact

This paper provides a foundational basis for scalable and modular verification and synthesis of distributed/randomized systems under parameter and uncertainty modeling. The AG framework covers multi-objective, reward-based logic, and parametric interval analysis, significantly expanding the applicability of probabilistic model checking.

• Practically, the framework can be adopted in model checkers and contract-based design tools as evidenced in works on service-oriented architectures, neural-controlled agents, and large-scale distributed protocols.
• The AG monotonicity reasoning and strategy projection theory set a basis for further algorithmic advances (e.g., compositional parameter synthesis, scalable robust control).

The negative results impose necessary constraints on the modeling and semantic choices for correctness in symbolic or abstraction-based compositional verification.

---

Future Work

Critical future directions include: (1) implementation of the AG framework for parameterized and robust models, (2) integration with efficient multi-objective algorithms for parameter and robust synthesis, (3) extension to average-reward, visiting times, and more general stochastic games, (4) algorithmic advances for learning-based or abstraction-refinement compositional verification, and (5) applicability to partial observability, distributed schedulers, and more general uncertainty semantics.

---

Conclusion

The paper establishes a rigorous theory for compositional, property-based, and simulation-based reasoning for probabilistic models with parametric and robust uncertainty, delineating its precise scope and limitations. It advances the formal methods literature by mapping the boundaries of compositional verification for models with various flavors of uncertainty, and gives essential guidelines for modular analysis in both foundational and algorithmic contexts (2603.29550).