Results 1  10
of
52
HYTECH: The next generation
 In Proceedings of the 16th IEEE RealTime Systems Symposium
, 1995
"... Abstract. We describe a new implementation of HyTech 1,asymbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HyTech automatically computes the conditions on the parameters under which the system satis es its safety ..."
Abstract

Cited by 122 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a new implementation of HyTech 1,asymbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HyTech automatically computes the conditions on the parameters under which the system satis es its safety and timing requirements. While the original HyTech prototype was based on the symbolic algebra tool Mathematica, the new implementation is written in C ++ and builds on geometric algorithms instead of formula manipulation. The new HyTech o ers a cleaner and more expressive input language, greater portability, superior performance (typically two to three orders of magnitude), and new features such as diagnostic errortrace generation. We illustrate the e ectiveness of the new implementation by applying HyTech to the automatic parametric analysis of the generic railroad crossing benchmark problem [HJL93] and to an active structure control algorithm [ECB94]. 1
The Generalized Railroad Crossing: A Case Study in Formal Verification of RealTime Systems
 IN PROC., REALTIME SYSTEMS SYMP
, 1994
"... A new solution to the Generalized Railroad Crossing problem, based on timed automata, invariants and simulation mappings, is presented and evaluated. The solution shows formally the correspondence between four system descriptions: an axiomatic specification, an operational specification, a discrete ..."
Abstract

Cited by 99 (20 self)
 Add to MetaCart
A new solution to the Generalized Railroad Crossing problem, based on timed automata, invariants and simulation mappings, is presented and evaluated. The solution shows formally the correspondence between four system descriptions: an axiomatic specification, an operational specification, a discrete system implementation, and a system implementation that works with a continuous gate model.
Model checking timed UML state machines and collaborations
 7th Intl. Symp. Formal Techniques in RealTime and Fault Tolerant Systems (FTRTFT 2002
, 2002
"... Abstract. We describe a prototype tool, hugo/RT, that is designed to automatically verify whether the timed state machines in a UML model interact according to scenarios specified by timeannotated UML collaborations. Timed state machines are compiled into timed automata that exchange signals and op ..."
Abstract

Cited by 57 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a prototype tool, hugo/RT, that is designed to automatically verify whether the timed state machines in a UML model interact according to scenarios specified by timeannotated UML collaborations. Timed state machines are compiled into timed automata that exchange signals and operations via a network automaton. A collaboration with time constraints is translated into an observer timed automaton. The model checker uppaal is called upon to verify the timed automata representing the model against the observer timed automaton. 1
Benchmarks for Hybrid Systems Verification
 In Hybrid Systems: Computation and Control (HSCC 2004) (2004
, 2004
"... There are numerous application examples for hybrid systems verification in recent literature. Most of them were introduced to illustrate a new approach to hybrid systems verification, and are therefore of a limited size. Others are case studies that serve to prove that an approach can be applied to ..."
Abstract

Cited by 51 (1 self)
 Add to MetaCart
(Show Context)
There are numerous application examples for hybrid systems verification in recent literature. Most of them were introduced to illustrate a new approach to hybrid systems verification, and are therefore of a limited size. Others are case studies that serve to prove that an approach can be applied to real world problems. Verification of these typically requires a lot of domain experience to obtain a tractable, verifiable model. Verification of a case study yields a singular result that is hard to compare and timeconsuming to reproduce.
VERSA: A Tool for the Specification and Analysis of ResourceBound RealTime Systems
 Journal of Computer and Software Engineering
, 1995
"... VERSA is a tool that assists in the algebraic analysis of realtime systems. It is based on ACSR, a timed process algebra designed to express resourcebound realtime distributed systems. VERSA is designed to be both a usable and useful tool for the analysis of ACSR specifications. Usability is a ..."
Abstract

Cited by 38 (27 self)
 Add to MetaCart
(Show Context)
VERSA is a tool that assists in the algebraic analysis of realtime systems. It is based on ACSR, a timed process algebra designed to express resourcebound realtime distributed systems. VERSA is designed to be both a usable and useful tool for the analysis of ACSR specifications. Usability is assured by a flexible user interface that uses ACSR's traditional notation augmented with conventions from programming languages and mathematics that allow concise specification of realistic systems. Usefulness is the result of the breadth of analysis techniques planned and currently implemented, including algebraic term rewriting and statespace exploration based techniques. 1 Introduction Reliability in realtime systems can be improved through the use of formal methods for the specification and analysis of realtime systems. Formal methods treat system components as mathematical objects and provide mathematical models to describe and predict the observable properties and behaviors of...
Mechanical Verification of Timed Automata: A Case Study
 In Proc. 1996 IEEE RealTime Technology and Applications Symp. (RTAS'96). IEEE Computer
, 1996
"... This paper reports the results of a case study on the feasibility of developing and applying mechanical methods, based on the proof system PVS, to prove propositions about realtime systems specified in the LynchVaandrager timed automata model. In using automated provers to prove propositions about ..."
Abstract

Cited by 33 (10 self)
 Add to MetaCart
(Show Context)
This paper reports the results of a case study on the feasibility of developing and applying mechanical methods, based on the proof system PVS, to prove propositions about realtime systems specified in the LynchVaandrager timed automata model. In using automated provers to prove propositions about systems described by a specific mathematical model, both the proofs and the proof process can be simplified by exploiting the special properties of the mathematical model. Because both specifications and methods of reasoning about them tend to be repetitive, the use of a standard template for specifications, accompanied by standard shared theories and standard proof strategies or tactics, is often feasible. Presented are the PVS specification of three theories that underlie the timed automata model, a template for specifying timed automata models in PVS, and an example of its instantiation. Both hand proofs and the corresponding PVS proofs of two propositions are provided to illustrate h...
Deductive verification of realtime systems using STeP
 COMPUTER SCIENCE DEPARTMENT, STANFORD UNIVERSITY
, 1998
"... We present a modular framework for proving temporal properties of realtime systems, based on clocked transition systems and lineartime temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of realtim ..."
Abstract

Cited by 33 (8 self)
 Add to MetaCart
(Show Context)
We present a modular framework for proving temporal properties of realtime systems, based on clocked transition systems and lineartime temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of realtime systems in this framework. We also discuss global and modular proofs of the branchingtime property of nonZenoness. As an example, we present the mechanical verification of the generalized railroad crossing case study using the Stanford Temporal Prover, STeP.
Verification of RealTime Systems Using PVS
, 1993
"... We present an approach to the verification of the realtime behavior of concurrent programs and describe its mechanization using the PVS proof checker. Our approach to realtime behavior extends previous verification techniques for concurrent programs by proposing a simple model for realtime comput ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
We present an approach to the verification of the realtime behavior of concurrent programs and describe its mechanization using the PVS proof checker. Our approach to realtime behavior extends previous verification techniques for concurrent programs by proposing a simple model for realtime computation and introducing a new operator for reasoning about absolute time. This model is formalized and mechanized within the higherorder logic of PVS. The interactive proof checker of PVS is used to develop the proofs of two illustrative examples: Fischer's realtime mutual exclusion protocol and a railroad crossing controller. This work was supported by National Aeronautics and Space Administration Langley Research Center and the US Naval Research Laboratory under contract NAS118969 and by the US Naval Research Laboratory contract N0001592C2177. Connie Heitmeyer (NRL) suggested the railroad crossing example. Sam Owre (SRI) assisted with the use of PVS. The helpful comments of John Rush...
Safety Property Verification of ESTEREL Programs and Applications to Telecommunications Software
 In Proceedings of the 7th International Conference on Computer Aided Verification, Volume 939 of the Lecture Notes in Computer Science
, 1996
"... . We present a technique for automatically verifying lineartime temporal logic safety properties of programs written in ESTEREL, a formallydefined language for programming reactive systems. In our approach, lineartime temporal logic safety properties are first translated into ESTEREL programs ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
. We present a technique for automatically verifying lineartime temporal logic safety properties of programs written in ESTEREL, a formallydefined language for programming reactive systems. In our approach, lineartime temporal logic safety properties are first translated into ESTEREL programs that model these properties. Using the ESTEREL compiler, the translations are compiled in parallel with the ESTEREL program to be verified. A trivial reachability analysis of the output of the compiler then indicates whether or not the safety property is satisfied by the program. We describe two realworld software problems  ESTEREL versions of two features of the AT&T 5ESS R fl switching system  and one wellknown benchmark problem  the generalized railroad crossing problem  that we have verified using our technique and associated tool set. 1 Introduction The ESTEREL programming language [5] is a formallydefined, highlevel language designed specifically for progra...
Requirements & Specification Exemplars
, 1996
"... Specification exemplars are familiar to most software engineering researchers. For instance, many will have encountered the well known library and lift "problems", and will have seen one or more published solutions. Exemplars may serve several purposes: as drivers of and communication vehi ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
Specification exemplars are familiar to most software engineering researchers. For instance, many will have encountered the well known library and lift "problems", and will have seen one or more published solutions. Exemplars may serve several purposes: as drivers of and communication vehicles for individual research advances; to establish research agendas and to compare and contrast alternative approaches; and, ultimately, to lead to advances in software development practices. Because of their prevalence in the literature, exemplars are worth critical study. In this paper we consider the purposes that exemplars may serve, and explore the incompatibilities inherent in trying to simultaneously serve several of them at once. Researchers should therefore be clear about what successfully handling an exemplar demonstrates. We go on to examine the use of exemplars for not only specifications (an end product of requirements engineering), but also for the requirements engineering process itsel...