Results 1  10
of
24
Proving the correctness of reactive systems using sized types
, 1996
"... { rjmh, pareto, sabry We have designed and implemented a typebased analysis for proving some baaic properties of reactive systems. The analysis manipulates rich type expressions that contain information about the sizes of recursively defined data structures. Sized types are useful for detecting d ..."
Abstract

Cited by 122 (2 self)
 Add to MetaCart
{ rjmh, pareto, sabry We have designed and implemented a typebased analysis for proving some baaic properties of reactive systems. The analysis manipulates rich type expressions that contain information about the sizes of recursively defined data structures. Sized types are useful for detecting deadlocks, nontermination, and other errors in embedded programs. To establish the soundness of the analysis we have developed an appropriate semantic model of sized types. 1 Embedded Functional Programs In a reactive system, the control software must continuously react to inputs from the environment. We distinguish a class of systems where the embedded programs can be naturally expressed as functional programs manipulating streams. This class of programs appears to be large enough for many purposes [2] and is the core of more expressive formalisms that accommodate asynchronous events, nondeterminism, etc. The fundamental criterion for the correctness of programs embedded in reactive systems is Jwene.ss. Indeed, before considering the properties of the output, we must ensure that there is some output in the first place: the program must continuous] y react to the input streams by producing elements on the output streams. This latter property may fail in various ways: e the computation of a stream element may depend on itself creating a “black hole, ” or e the computation of one of the output streams may demand elements from some input stream at different rates, which requires unbounded buffering, or o the computation of a stream element may exhaust the physical resources of the machine or even diverge.
vUML: a Tool for Verifying UML Models
, 1999
"... The Unified Modelling Language (UML) is a standardised notation for describing objectoriented software designs. We present vUML, a tool that automatically verifies UML models. vUML verifies models where the behaviour of the objects is described using UML Statecharts diagrams. It supports concurrent ..."
Abstract

Cited by 82 (3 self)
 Add to MetaCart
The Unified Modelling Language (UML) is a standardised notation for describing objectoriented software designs. We present vUML, a tool that automatically verifies UML models. vUML verifies models where the behaviour of the objects is described using UML Statecharts diagrams. It supports concurrent and distributed models containing active objects and synchronous and asynchronous communication between objects. The tool uses the SPIN model checker to perform the verification, but the user does not have to know how to use SPIN or the PROMELA language. If an error is found during the veri cation, the tool creates a UML sequence diagram showing how to reproduce the error in the UML model.
Hierarchical automata as model for statecharts (Extended Abstract)
, 1997
"... Statecharts are a very rich graphical specification formalism supported by the commercial tool Statemate. Statecharts comprises powerful concepts such as interlevel transitions, multiplesource/multipletarget transitions, priority amongst transitions and simultaneous execution of maximal nonconfli ..."
Abstract

Cited by 53 (3 self)
 Add to MetaCart
Statecharts are a very rich graphical specification formalism supported by the commercial tool Statemate. Statecharts comprises powerful concepts such as interlevel transitions, multiplesource/multipletarget transitions, priority amongst transitions and simultaneous execution of maximal nonconflicting sets of transitions. Every addon tool which is supposed to be linked with the Statemate tool have to deal with the rather involved semantics of these concepts. We propose extended hierarchical automata as an intermediate format to facilitate the linking of new tools to the Statemate environment, whose main idea is to devise a simple formalism with a more restricted syntax than statecharts which nevertheless allows to capture the richer formalism. We define the format, give operational semantics to it, and translate statecharts to it.
Implementing statecharts in Promela/Spin
, 1998
"... We translate statecharts into PROMELA, the input language of the SPIN verification system, using extended hierarchical automata as an intermediate format We discuss two possible frameworks for this translation, leading to either sequential or parallel code. We show that in this context the sequentia ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
We translate statecharts into PROMELA, the input language of the SPIN verification system, using extended hierarchical automata as an intermediate format We discuss two possible frameworks for this translation, leading to either sequential or parallel code. We show that in this context the sequential code can be verified more efficiently than the parallel code. We conclude with the discussion of an application of the resulting translator to a wellknown case study, which demonstrates the feasibility of linear temporal logic model checking of statecharts. 1
Verification of safety properties using integer programming: Beyond the state equation
, 1997
"... . The state equation is a verification technique that has been applied  not always under this name  to numerous systems modelled as Petri nets or communicating automata. Given a safety property P, the state equation is used to derive a necessary condition for P to hold which can be mechanically c ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
. The state equation is a verification technique that has been applied  not always under this name  to numerous systems modelled as Petri nets or communicating automata. Given a safety property P, the state equation is used to derive a necessary condition for P to hold which can be mechanically checked. The necessary conditions derived from the state equation are known to be of little use for systems communicating by means of shared variables, in the sense that many of these systems satisfying the property but not the conditions. In this paper, we use traps, a wellknown notion of net theory, to obtain stronger conditions that can still be efficiently checked. We show that the new conditions significantly extend the range of verifiable systems. Keywords: State equation, traps, approximation techniques, linear programming 1. Introduction The application of linear algebra and integer programming techniques to verification problems has been the subject of a large number of papers [3,...
Automatic Dependability Analysis for Supporting Design Decisions in UML
 Proc. of the 4 th IEEE International Symposium on High Assurance Systems Engineering. IEEE
, 1999
"... Even though a thorough system specification improves the quality of the design , it is not sufficient to guarantee that a system will satisfy its reliability targets. Within this paper, we present an application example of one of the activities performed in the European ESPRIT project HIDE, aim ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
Even though a thorough system specification improves the quality of the design , it is not sufficient to guarantee that a system will satisfy its reliability targets. Within this paper, we present an application example of one of the activities performed in the European ESPRIT project HIDE, aiming at the creation of an integrated environment where design toolsets based on UML are augmented with modeling and analysis tools for the automatic validation of the system under design. We apply an automatic transformation from UML diagrams to Timed Petri Nets for model based dependability evaluation. It allows a designer to use UML as a frontend for the specification of both the system and the user requirements, and to evaluate dependability figures of the system since the early phases of the design, thus obtaining precious clues for design refinement. The transformation completely hides the mathematical background, thus eliminating the need for a specific expertise in abstract mathematics and the tedious remodeling of the system for mathematical analysis. 1
A HighLevel Modular Definition of the Semantics of C#
 Journal Theoretical Computer Science
, 2004
"... We propose a structured mathematical definition of the semantics of C# programs to provide a platformindependent interpreter view of the language for the C# programmer, which can also be used for a precise analysis of the ECMA [22] standard of the language and as a reference model for teaching. The ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
We propose a structured mathematical definition of the semantics of C# programs to provide a platformindependent interpreter view of the language for the C# programmer, which can also be used for a precise analysis of the ECMA [22] standard of the language and as a reference model for teaching. The definition takes care to reflect directly and faithfully  as much as possible without becoming inconsistent or incomplete  the descriptions in the C# standard to become comparable with the corresponding models for Java in [37] and to provide for implementors the possibility to check their basic design decisions against an accurate highlevel model. The model sheds light on some of the dark corners of C# and on some critical differences between the ECMA standard and the implementations of the language.
Quantitative Analysis of Dependability Critical Systems Based on UML Statechart Models
, 2000
"... The paper introduces a method which allows quantitative performance and dependability analysis of systems modeled by using UML statechart diagrams. The analysis is performed by transforming the UML model to Stochastic Reward Nets (SRN). A large subset of statechart model elements is supported includ ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
The paper introduces a method which allows quantitative performance and dependability analysis of systems modeled by using UML statechart diagrams. The analysis is performed by transforming the UML model to Stochastic Reward Nets (SRN). A large subset of statechart model elements is supported including event processing, state hierarchy and transition priorities. The transformation is presented by a set of SRN design patterns. Performance measures can be directly derived using SRN tools, while dependability analysis requires explicit modeling of erroneous states and faulty behavior. 1
Modelling and Testing OO Distributed Systems with Temporal Logic Formalisms
 In 18th International IASTED Conference Applied Informatics’2000
, 2000
"... Our ability to test a distributed system is directly related to the quality of the system's specification. The specification must be complete. That is, the system should have a specified behavior for every point in the input space. The specifications of all of the components in the system must be co ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Our ability to test a distributed system is directly related to the quality of the system's specification. The specification must be complete. That is, the system should have a specified behavior for every point in the input space. The specifications of all of the components in the system must be consistent with each other. Ultimately the specification must accurately (i.e., correctly) model the real system. The usefulness of a modeling language is directly related to its ability to express the constructs required. For modelling distributed systems, time is often a critical dimension of the specification. Concurrent and distributed systems require specification languages that can express information about the temporal ordering of a series of actions. OCL does not currently have operators for expressing such sequences. This makes it impossible to express complete invariants for distributed OO components. The contribution of this paper is to describe the status of our work in modelling and te...
Automated Computation of Decomposable Synchronization Conditions
 Second IEEE High−Assurance Systems Engineering Workshop HASE 97
, 1997
"... The most important aspect of concurrent and distributed computation is the interaction between system components. Integration of components into a system requires some synchronization that prevents the components from interacting in ways that may endanger the system users, its correctness or perform ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
The most important aspect of concurrent and distributed computation is the interaction between system components. Integration of components into a system requires some synchronization that prevents the components from interacting in ways that may endanger the system users, its correctness or performance. The undesirable interactions are usually described using temporal logic, or safety and liveness assertions. Automated synthesis of synchronization conditions is a portable alternative to the manual design of system synchronization, and it is already widespread in the hardware CAD domain. The automated synchronization for concurrent software systems is hindered by their excessive complexity, because their state spaces can rarely be exhaustively analyzed to compute the synchronization conditions. The analysis of global state spaces is required for liveness and realtime properties, but simple safety rules depend only on the referenced components and not on the rest of the system or it...