The paper presents a new tool for automated veri cation of Timed Automata as well as protocols written in the speci cation language Estelle. The current version oers an automatic translation from Estelle speci cations to timed automata, and two complementary methods of reachability analysis, the rst of which is based on Bounded Model Checking (BMC), while the second one is an on-the-y veri cation on an abstract model of the system.

We describe a prototype extension of the Uppaal real-time model checking tool with symmetry reduction. The symmetric data type scalarset, which is also used in the Mur' model checker, was added to Uppaal's system description language to support the easy static detection of symmetries. Our prototype tool uses state swaps, described and proven sound earlier by Hendriks, to reduce the space and memory consumption of Uppaal. Moreover, under certain assumptions the reduction strategy is canonical, which means that the symmetries are optimally used. For all examples that we experimented with (both academic toy examples and industrial cases), we obtained a drastic reduction of both computation time and memory usage, exponential in the size of the scalar sets used.

Abstract Different time scales do often occur in real-time systems, e.g., a polling real-time system samples the environment many times per second, whereas the environment may only change a few times per second. When these systems are modeled as (networks of) timed automata, the validation using symbolic model checking techniques can significantly be slowed down by unnecessary fragmentation of the symbolic state space. This paper introduces a syntactical adjustment to a subset of timed automata that addresses this fragmentation problem and that can speed-up forward symbolic reachability analysis in a significant way. We prove that this syntactical adjustment does not alter reachability properties and that it indeed is effective. We illustrate our exact acceleration technique with run-time data obtained with the model checkers Uppaal and Kronos. Moreover, we demonstrate that automated application of our exact acceleration technique can significantly speed-up the verification of the run-time behavior of LEGO Mindstorms programs. 1 We thank Oliver M"oller for interesting discussions and we thank Jozef Hooman and the four anonymous reviewers for valuable comments on earlier versions of this paper. 2 Email: martijnh@cs.kun.nl

We present a compositional method for translating real-time programs into networks of timed automata. Programs are written in an assembly like real-time language and translated into models supported by the tool Uppaal. We have implemented the translation and give an example of its application on a simple control program for a car. Some properties of the behaviour of the control program are verified using the derived model.

We report about the reachability analysis of fully parametrized models of the IEEE 1394 root contention protocol. This protocol uses timing constraints in order to elect a leader. The interesting point is that the timing constraints involve some parameters (transmission delay, bounds of waiting intervals), and the behavior of the protocol strongly depends on the relation between these parameters. In order to synthesize the relation ensuring the correct behavior of the protocol, we apply the symbolic reachability techniques implemented in the TReX tool. We take the unparameterized model of Root Contention protocol proposed in [24] and study different parametrized versions of this model. We are able to synthesize automatically all the relations already found by proof or experiments on the unparameterized versions. We compare our results with those reported or obtained using other tools for parametrized systems.

Using an automata-theoretic approach, we investigate the decidability of liveness properties (called Presburger liveness properties) for timed automata when Presburger formulas on configurations are allowed. While the general problem of checking a temporal logic such as TPTL augmented with Presburger clock constraints is undecidable, we show that there are various classes of Presburger liveness properties which are decidable for discrete timed automata. For instance, it is decidable, given a discrete timed automaton A and a Presburger property P , whether there exists an !-path of A where P holds infinitely often. We also show that other classes of Presburger liveness properties are indeed undecidable for discrete timed automata, e.g., whether P holds infinitely often for each !-path of A . These results might give insights into the corresponding problems for timed automata over dense domains, and help in the definition of a fragment of linear temporal logic, augmented with Presburger conditions on configurations, which is decidable for model checking timed automata.

Recently timed automata models have been used to solve realistic scheduling problems. In this paper we want to establish the relation between timed automata and job shop scheduling problems. The timed automata models of the scheduling problems can serve as input for a forward reachability checker. In contrast to job shop algorithms the forward reachability algorithms will usually not yield an optimal solution. There are also only few ways to direct the exploration of the state space. Starting from job shop problem we will describe how forward reachability can be equipped with two concepts from branch and bound methods: heuristics and bounding. This extended algorithm is then applicable to all kinds of timed automata models. Keywords and Phrases: Timed automata, Static Scheduling, Reachability, Model Checking, UPPAAL, Branch and Bound Algorithms, Job Shop, Heuristics AMS Subject Classification: 68M14, 68W20, 90B35, 90B90 CR Subject Classification:D.2.2., D.2.4, F.1.1, F.3...

Efficiency is one of the major concerns in the world of model checking. Consequently, many techniques to optimize the time and space usage of model checking algorithms have been invented. One of these techniques is reduction of the searchable state space through arguments of symmetry. This technique can be very profitable and has been implemented in various model checkers, but not yet in Uppaal, a model checker for timed systems. This paper

This paper provides a brief overview of ve projects in which Honeywell has successfully used or developed model checking methods in the veri cation and synthesis of safety-critical systems. 1

Various researchers have proposed using self-timed networks to generate and distribute clocks and other timing signals. We consider one of the simplest self-timed networks, a ring, and note that for timing applications, self-timed rings should maintain uniform spacing of events.