Results 1  10
of
13
Uppaal 4.0
 In Quantitative Evaluation of Systems  (QEST’06
, 2006
"... Abstract — UPPAAL 4.0 is the result of over two and a half years of development and contains many new features, additions to the modeling language, performance improvements, enhancements and polish to the the easy to use graphical user interface, and is accompanied by several open source libraries. ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
Abstract — UPPAAL 4.0 is the result of over two and a half years of development and contains many new features, additions to the modeling language, performance improvements, enhancements and polish to the the easy to use graphical user interface, and is accompanied by several open source libraries. The tool and libraries are available free of charge for academic, educational and evaluation purposes from
Virtual Symmetry Reduction
 In Logic in Computer Science (LICS
, 2000
"... We provide a general method for ameliorating state explosion via symmetry reduction in certain asymmetric systems, such as systems with many similar, but not identical, processes. The method applies to systems whose structures (i.e., state transition graphs) have more state symmetries than arc sy ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
We provide a general method for ameliorating state explosion via symmetry reduction in certain asymmetric systems, such as systems with many similar, but not identical, processes. The method applies to systems whose structures (i.e., state transition graphs) have more state symmetries than arc symmetries. We introduce a new notion of "virtual symmetry" that strictly subsumes earlier notions of "rough symmetry" and "near symmetry" [ET99]. Virtual symmetry is the most general condition under which the structure of a system is naturally bisimilar to its quotient by a group of state symmetries.
A CLP proof method for timed automata
 In 25th RTSS
, 2004
"... Constraint Logic Programming (CLP) has been used to model programs and transition systems for the purpose of verification problems. In particular, it has been used to model Timed Safety Automata (TSA). In this paper, we start with a systematic translation of TSA into CLP. The main contribution is an ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Constraint Logic Programming (CLP) has been used to model programs and transition systems for the purpose of verification problems. In particular, it has been used to model Timed Safety Automata (TSA). In this paper, we start with a systematic translation of TSA into CLP. The main contribution is an expressive assertion language and a new CLP inference method for proving assertions. A distinction of the assertion language is that it can specify important properties beyond traditional safety properties. We highlight one important property: that a system of processes is symmetric. The new inference mechanism is based upon the wellknown method of tabling in logic programming. It is distinguished by its ability to use assertions that are not yet proven, using a principle of coinduction. Apart from given assertions, the proof mechanism can also prove implicit assertions such as discovering a lower or upper bound of a variable. Finally, we demonstrate significant improvements over stateoftheart systems using standard TSA benchmark examples. 1
Analysis of a protocol for dynamic configuration of IPv4 link local addresses using Uppaal
, 2003
"... Formal methods have been applied frequently to analyze (critical parts of) standards for communication protocols and it has been demonstrated that their application may help to improve the quality of these standards. Nevertheless, despite several decades of formal methods research, formal methods no ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
Formal methods have been applied frequently to analyze (critical parts of) standards for communication protocols and it has been demonstrated that their application may help to improve the quality of these standards. Nevertheless, despite several decades of formal methods research, formal methods notations have rarely been included in the authoritative part of protocol standards. Also, the relationships between (abstract) formal models and informal protocol standards are typically obscure. It is our ambition to improve this situation. To establish the current stateoftheart, we report in this paper on a case study in which Uppaal is used to formally model parts of Zeroconf, a protocol for dynamic configuration of IPv4 linklocal addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a model that (a) is easy to understand by engineers, (b) comes as close as possible to the informal text (for each transition in the model there should be a corresponding piece of text in the RFC), and (c) may serve as a basis for formal verification. Our conclusion is that Uppaal, which combines extended finite state machines, Clike syntax and concepts from timed automata theory, is able to model Zeroconf in a faithful and intuitive manner, using notations that are familiar to protocol engineers. Our modeling efforts revealed several errors (or at least ambiguities) in the RFC that no one else spotted before. We also identify a number of points where Uppaal still can be improved. After applying a number of abstractions, Uppaal is able to fully explore the state space of an instance of our model with three hosts, and to establish some correctness properties.
Model Checking the Time to Reach Agreement
 FORMATS
"... The timed automaton framework of Alur and Dill is a natural choice for the specification of partially synchronous distributed systems. The past has shown, however, that verification of these systems by model checking usually is very difficult. Therefore, model checking techniques have thus far not r ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
The timed automaton framework of Alur and Dill is a natural choice for the specification of partially synchronous distributed systems. The past has shown, however, that verification of these systems by model checking usually is very difficult. Therefore, model checking techniques have thus far not really been used for their design, even though these techniques are widely used in other areas, e.g., hardware verification. The present paper demonstrates that the revolutionary development of both the usability and the efficiency of model checking tools may change this. It is shown that a complex partially synchronous distributed algorithm can easily be modeled with the Uppaal model checker, and that it is possible to analyze some interesting and nontrivial instances with reasonable computational resources. Clearly, such analysis results can greatly support the design of these systems: model checking tools may provide valuable early feedback on subtle design errors and hint at system invariants that can subsequently be used in the general correctness proof.
Adaptive symmetry reduction
 In ComputerAided Verification (CAV
, 2007
"... Abstract. Symmetry reduction is a technique to counter state explosion for systems of regular structure. It relies on idealistic assumptions about indistinguishable components, which in practice may only be similar. In this paper we present a flexible algebraic approach to symmetry reduction for exp ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. Symmetry reduction is a technique to counter state explosion for systems of regular structure. It relies on idealistic assumptions about indistinguishable components, which in practice may only be similar. In this paper we present a flexible algebraic approach to symmetry reduction for exploring a structure without any prior knowledge about its global symmetry. The more behavior is shared among the components, the more compression takes effect. The idea is to annotate each encountered state with information about how symmetry is violated along the path leading to it. Previous solutions only allow specific types of asymmetry, such as up to bisimilarity, or seem to require expensive preprocessing of the structure. In contrast, our method appeals through its balance between generality and simplicity. We include analytic and experimental results to document its efficiency. 1
Formal Specification and Analysis of Zeroconf Using Uppaal
"... We report on a case study in which the model checker Uppaal is used to formally model parts of Zeroconf, a protocol for dynamic configuration of IPv4 linklocal addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a model that (a) is easy to understand by engineers ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We report on a case study in which the model checker Uppaal is used to formally model parts of Zeroconf, a protocol for dynamic configuration of IPv4 linklocal addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a model that (a) is easy to understand by engineers, (b) comes as close as possible to the informal text (for each transition in the model there should be a corresponding piece of text in the RFC), and (c) may serve as a basis for formal verification. Our modeling efforts revealed several errors (or at least ambiguities) in the RFC that no one else spotted before. We present two proofs of the mutual exclusion property for Zeroconf (for an arbitrary number of hosts and IP addresses): a manual, operational proof, and a proof that combines model checking with the application of a new abstraction relation that is compositional with respect to committed locations. The model checking problem has been solved using Uppaal, and the abstractions have been checked either by hand or by using UppaalTiga.
Using nonconvex approximations for efficient analysis of timed automata: Extended version
 arXiv – Computing Research Repository
, 2011
"... Abstract. The reachability problem for timed automata asks if there exists a path from an initial state to a target state. The standard solution to this problem involves computing the zone graph of the automaton, which in principle could be infinite. In order to make the graph finite, zones are appr ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. The reachability problem for timed automata asks if there exists a path from an initial state to a target state. The standard solution to this problem involves computing the zone graph of the automaton, which in principle could be infinite. In order to make the graph finite, zones are approximated using an extrapolation operator. For reasons of efficiency in current algorithms extrapolation of a zone is always a zone; and in particular it is convex. In this paper, we propose to solve the reachability problem without such extrapolation operators. To ensure termination, we provide an efficient algorithm to check if a zone is included in the so called region closure of another. Although theoretically better, closure cannot be used in the standard algorithm since a closure of a zone may not be convex. An additional benefit of the proposed approach is that it permits to calculate approximating parameters onthefly during exploration of the zone graph, as opposed to the current methods which do it by a static analysis of the automaton prior to the exploration. This allows for further improvements in the algorithm. Promising experimental results are presented. 1
Formalization and Verification of the Shim6 Protocol
"... 1.1 Background................................ 7 ..."