Results 1  10
of
18
NUSMV: a new symbolic model checker
 International Journal on Software Tools for Technology Transfer
, 2000
"... This paper describes a new symbolic model checker, called NUSMV, developed as part of a joint project between CMU and IRST. NUSMV is the result of the reengineering, reimplementation, and, to a limited extent, extension of the CMU SMV model checker. The core of this paper consists of a detailed de ..."
Abstract

Cited by 157 (19 self)
 Add to MetaCart
This paper describes a new symbolic model checker, called NUSMV, developed as part of a joint project between CMU and IRST. NUSMV is the result of the reengineering, reimplementation, and, to a limited extent, extension of the CMU SMV model checker. The core of this paper consists of a detailed description of the NUSMV functionalities, architecture, and implementation.
Parametric Temporal Logic for "Model Measuring"
, 1999
"... ; F.3.1 [Logics and Meanings of Programs]: Specifying,Verifying and Reasoning about Programslogics of programs General Terms: Theory, Verification Additional Key Words and Phrases: Model checking, quantitative analysis, temporal logic A preliminary version of this paper appeared in ICALP' ..."
Abstract

Cited by 30 (1 self)
 Add to MetaCart
; F.3.1 [Logics and Meanings of Programs]: Specifying,Verifying and Reasoning about Programslogics of programs General Terms: Theory, Verification Additional Key Words and Phrases: Model checking, quantitative analysis, temporal logic A preliminary version of this paper appeared in ICALP'99: Proceedings of the 26th International Colloquium on Automata, Languages, and Programming, Lecture Notes in Computer Science, vol. 1644, pp. 159168, SpringerVerlag, 1999. This work was partially supported by NSF CAREER award CCR9734115, by DARPA/NASA grant NAG21214, by SRC contract 99TJ688, and by an Alfred P. Sloan Faculty Fellowship. Authors' addresses: R. Alur and S. La Torre: Dept. of Computer and Information Science, University of Pennsylvania, 200 South 33rd St., Philadelphia, PA 19104, email: falur,latorreg@cis.upenn.edu; K. Etessami and D. Peled: Bell Labs, 700 Mountain Ave., Murray Hill, NJ 079
A road map of interval temporal logics and duration calculi
 Journal of Applied NonClassical Logics
, 2004
"... ..."
Exact high level WCET analysis of synchronous programs by symbolic state space exploration
 in DATE 2003. IEEE Computer Society
"... In this paper, a novel approach to highlevel (i.e. architecture independent) worst case execution time (WCET) analysis is presented that automatically computes exact bounds for all inputs. To this end, we make use of the distinction between micro and macro steps as usually done by synchronous la ..."
Abstract

Cited by 22 (9 self)
 Add to MetaCart
(Show Context)
In this paper, a novel approach to highlevel (i.e. architecture independent) worst case execution time (WCET) analysis is presented that automatically computes exact bounds for all inputs. To this end, we make use of the distinction between micro and macro steps as usually done by synchronous languages. As macro steps must not contain loops, a later lowlevel WCET analysis (architecture dependent) is simplified to a large extent. Checking exact execution times for all inputs is a complex task that can nevertheless be efficiently done when implicit state space representations are used. With our tools, it is not only possible to compute path information by exploring all computations, but also to verify given path information. 1.
The Verus tool: A quantitative approach to the formal verification of realtime systems
 Proc.9 th Int.Conf.CAV ’97, Haifa, IL,LNCS 1254
, 1997
"... The task of checking if a computer system satisfies its timing specifications is extremely important. These systems are often used in critical applications where failure to meet a deadline can have serious or even fatal consequences. This work describes Verus, an efficient tool for performing this v ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
The task of checking if a computer system satisfies its timing specifications is extremely important. These systems are often used in critical applications where failure to meet a deadline can have serious or even fatal consequences. This work describes Verus, an efficient tool for performing this verification task. Using our tool,
The Verus Language: Representing Time Efficiently with BDDs
 ELSEVIER SCIENCE
, 2001
"... There have been significant advances on formal methods to verify complex systems recently. Nevertheless, these methods have not yet been accepted as a realistic alternative to the verification of industrial systems. One reason for this is that formal methods are still difficult to apply efficien ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
There have been significant advances on formal methods to verify complex systems recently. Nevertheless, these methods have not yet been accepted as a realistic alternative to the verification of industrial systems. One reason for this is that formal methods are still difficult to apply efficiently. Another reason is that current verification algorithms are still not efficient enough to handle many complex systems. This work addresses the problem by presenting a language designed especially to simplify writing timecritical programs. It is an imperative language with a syntax similar to C. Special constructs are provided to allow the straightforward expression of timing properties. The familiar syntax makes it easier for nonexperts to use the tool. The special constructs make it possible to model the timing characteristics of the system naturally and accurately. A symbolic representation using BDDs, model checking and quantitative algorithms are used to check system timing properties.
Analysis and Verification of RealTime Systems using Quantitative Symbolic Algorithms
 JOURNAL OF SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
, 1999
"... The task of checking if a computer system satisfies its timing specifications is extremely important. These systems are often used in critical applications where failure to meet a deadline can have serious or even fatal consequences. This paper presents an efficient method for performing this verifi ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
The task of checking if a computer system satisfies its timing specifications is extremely important. These systems are often used in critical applications where failure to meet a deadline can have serious or even fatal consequences. This paper presents an efficient method for performing this verification task. In the proposed method a realtime system is modeled by a statetransition graph represented by binary decision diagrams. Efficient symbolic algorithms exhaustively explore the state space to determine whether the system satisfies a given specification. In addition, our approach computes quantitative timing information such as minimum and maximum time delays between given events. These results provide insight into the behavior of the system and assist in the determination of its temporal correctness. The technique evaluates how well the system works or how seriously it fails, as opposed to only whether it works or not. Based on these techniques a verification tool called Verus...
Abstract interpretation with applications to timing validation
 In CAV
, 2008
"... Abstract. Abstract interpretation is one of the main verification technologies besides model checking and deductive verification. Abstract interpretation has a rich theory of abstraction and strong support for the construction of abstract domains. It allows to express a precise relation to the (conc ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Abstract. Abstract interpretation is one of the main verification technologies besides model checking and deductive verification. Abstract interpretation has a rich theory of abstraction and strong support for the construction of abstract domains. It allows to express a precise relation to the (concrete) semantics of the programming language inducing a clear relation between the results of an abstract interpretation and the properties of the analyzed program. It permits trading efficiency against precision and offers means to enforce termination where this is not guaranteed. We explain abstract interpretation using examples from a particular application domain: the determination of bounds on the execution times of programs. These bounds are used to show reliably that hard realtime systems satisfy their timing constraints. The application domain requires a number of static analyses and domains with different characteristics. Most domains exhibit Galois connections, a few do not. Some analyses require widening to leap infinite ascending chains and ensure termination. 1
Formal Verification and Analysis of Multimedia Systems
 In Proceedings of the 7th ACM International Conference on Multimedia (Part
, 1999
"... In this work we discuss the use of formal methods tools, particularly symbolic model checking, in the verification and analysis of multimedia systems. We focus on the use of the Verus tool. Verus is based on symbolic model checking and has been used to verify a number of realtime applications. We s ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
In this work we discuss the use of formal methods tools, particularly symbolic model checking, in the verification and analysis of multimedia systems. We focus on the use of the Verus tool. Verus is based on symbolic model checking and has been used to verify a number of realtime applications. We show that it can be used not only to check the correctness of a multimedia system, but also to assist in the design of more efficient systems. In this work in particular, we apply Verus to the verification of a low cost video on demand server called ALMADEMVoD. Modeling this server in Verus provides great insight into its design and its dynamic behavior. Using the quantitative estimates provided by Verus, we check the empirical results generated by our server. Such comparative analysis allows us to identify imperfections in the model and also to detect programming mistakes in the implementation of our server, which would have been difficult to detect otherwise. The correction of such mistake...
Finding Extremal Models of Discrete Duration Calculus Formulae Using Symbolic Search
 In Proc. AVOCS’2004
, 2004
"... QDDC is a logic for specifying quantitative timing aspects of synchronous programs. Properties such as worstcase response time and latency (when known) can be specified elegantly in this logic and model checked. However, computing these values require finding by trial and error the least/greatest v ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
QDDC is a logic for specifying quantitative timing aspects of synchronous programs. Properties such as worstcase response time and latency (when known) can be specified elegantly in this logic and model checked. However, computing these values require finding by trial and error the least/greatest value of a parameter k making a formula D(k) valid for a program. In this paper, we discuss how an automata theoretic decision procedure for QDDC together with symbolic search for shortest/longest path can be used to compute the lengths of extremal (least/greatest length) models of a formula D. These techniques have been implemented into the DCVALID verifier for QDDC formulae. We illustrate the use of this technique by efficiently computing response and dead times of some synchronous bus arbiter circuits.