This paper presents the Timed Input/Output Automaton (TIOA) modeling framework, a basic mathematical framework to support description and analysis of timed systems. An important feature of this model is its support for decomposing timed system descriptions. In particular, the framework includes a notion of external behavior for a timed I/O automaton, which captures its discrete interactions with its environment. The framework also denes what it means for one TIOA to implement another, based on an inclusion relationship between their external behavior sets, and de nes notions of simulations, which provide sucient conditions for demonstrating implementation relationships. The framework includes a composition operation for TIOAs, which respects external behavior, and a notion of receptiveness, which implies that a TIOA does not block the passage of time. The TIOA framework supports the statement and verication of safety and liveness properties for timed systems. It denes what it means for a property to be a safety or a liveness property, includes basic results about safety-liveness classication, and

Abstract not found

The IEEE 1394 high performance serial multimedia bus protocol allows several components to communicate with each other at high speed. In this paper we present a formal model and verification of a leader election algorithm that forms the core of the tree identify phase of the physical layer of the 1394 protocol. We describe the algorithm formally in the I/O automata model of Lynch and Tuttle, and verify that for an arbitrary tree topology exactly one leader is elected. A large part of our verification has been checked mechanically with PVS, a verification system for higher-order logic.

This paper presents various semantics in the branching-time spectrum of discrete-time and continuous-time Markov chains (DTMCs and CTMCs). Strong and weak bisimulation equivalence and simulation pre-orders are covered and are logically characterised in terms of the temporal logics PCTL (Probabilistic Computation Tree Logic) and CSL (Continuous Stochastic Logic). Apart from presenting various existing branching-time relations in a uniform manner, this paper presents the following new results: (i) strong simulation for CTMCs, (ii) weak simulation for CTMCs and DTMCs, (iii) logical characterizations thereof (including weak bisimulation for DTMCs), (iv) a relation between weak bisimulation and weak simulation equivalence, and (v) various connections between equivalences and pre-orders in the continuous- and discrete-time setting. The results are summarized in a branching-time spectrum for DTMCs and CTMCs elucidating their semantics as well as their relationship. Key Words: comparative semantics, Markov chain, (weak) simulation, (weak) bisimulation, temporal logic

A new approach to simulations is proposed within the theory of coalgebras by taking a notion of order on a functor as primitive. Such an order forms a basic building block for a "lax relation lifting", or "relator" as used by other authors. Simulations appear as coalgebras of this lifted functor, and similarity as greatest simulation. Two-way similarity is then similarity in both directions. In general, it is different from bisimilarity (in the usual coalgebraic sense), but a su#cient condition is formulated (and illustrated) to ensure that bisimilarity and two-way similarity coincide. Also, suitable conditions are identified which ensures that similarity on a final coalgebra forms an (algebraic) dcpo structure. This involves a close investigation of the iterated applications F (#) and F (1) of a functor F with an order to the initial and final sets.

The trace assertion method is a formal state machine based method for specifying module interfaces ([3, 15, 25, 28, 32, 36]). A module interface specification treats the module as a black-box, identifying all module's access programs (i.e. programs that can be invoked from outside of the module), and describing their externally visible effects. A formal model for the trace assertion method is proposed. The concept of step-traces is introduced and applied. The role of non-determinism, normal and exceptional behaviour, value functions and multi-object modules are discussed. The relationship with the Algebraic Specification ([9, 37]) is analyzed. Contents 1 Introduction 2 2 Introductory Examples 4 3 Alphabet 6 4 Normal and Exceptional Behaviour 7 5 Value Functions 8 6 Languages and Automata 9 6.1 Deterministic and Non-deterministic Automata : : : : : : : : : : : : : : : : : : : 9 6.2 Mealy Machines vs Automata : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 10 6.3 Right Congru...

A testing scenario in the sense of De Nicola and Hennessy is developed to measure the worst-case efficiency of asynchronous systems using dense time. For all three variants considered, it is shown that one can equivalently use discrete time; in the discrete versions, one variant coincides with an approach based on discrete time in [Vog95b], and thus we can clarify the assumptions behind this approach. The resulting testing-preorders are characterized with some kind of refusal traces and shown to satisfy some properties that make them attractive as faster-than relations. The three testing-preorders are incomparable in general, but for some interesting classes of systems implications are shown. 1 Introduction In the testing approach of [DNH84], reactive systems are compared by embedding them -- with a parallel composition operator k -- in arbitrary test environments. One variant of testing (must-testing) considers the worst-case behaviour: a system N performs successfully in an environm...

. In existing simulation proof techniques, a single step in a lowlevel system may be simulated by an extended execution fragment in a high-level system. As a result, it is undecidable whether a given relation is a simulation, even if tautology checking is decidable for the underlying specification logic. This paper introduces various types of normed simulations. In a normed simulation, each step in a low-level system can be simulated by at most one step in the high level system, for any related pair of states. We show that it is decidable whether a given relation is a normed simulation relation, given that tautology checking is decidable. We also prove that, at the semantic level, normed simulations form a complete proof method for establishing behavior inclusion, provided that the high-level system has finite invisible nondeterminism. As an illustration of our method we discuss the verification in PVS of a leader election algorithm that is used within the IEEE 1394 protocol. 1 Introdu...

Abstract not found

Abstract not found