Results 1  10
of
12
Expressiveness of updatable timed automata
 Theoretical Computer Science
, 2000
"... Abstract. We investigate extensions of Alur and Dill’s timed automata, based on the possibility to update the clocks in a more elaborate way than simply reset them to zero. We call these automata updatable timed automata. They form an undecidable class of models, in the sense that emptiness checking ..."
Abstract

Cited by 36 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate extensions of Alur and Dill’s timed automata, based on the possibility to update the clocks in a more elaborate way than simply reset them to zero. We call these automata updatable timed automata. They form an undecidable class of models, in the sense that emptiness checking is not decidable. However, using an extension of the region graph construction, we exhibit interesting decidable subclasses. In a surprising way, decidability depends on the nature of the clock constraints which are used, diagonalfree or not, whereas these constraints play identical roles in timed automata. We thus describe in a quite precise way the thin frontier between decidable and undecidable classes of updatable timed automata. We also study the expressive power of updatable timed automata. It turns out that any updatable automaton belonging to some decidable subclass can be effectively transformed into an equivalent timed automaton without updates but with silent transitions. The transformation suffers from an enormous combinatorics blowup which seems unavoidable. Therefore, updatable timed automata appear to be a concise model for representing and analyzing large classes of timed systems. 1
Error Detection with Directed Symbolic Model Checking
 In World Congress on Formal Methods
, 1999
"... . In practice due to entailed memory limitations the most important problem in model checking is state space explosion. Therefore, to prove the correctness of a given design binary decision diagrams #BDDs# are widely used as a concise and symbolic state space representation. Nevertheless, BDDs a ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
. In practice due to entailed memory limitations the most important problem in model checking is state space explosion. Therefore, to prove the correctness of a given design binary decision diagrams #BDDs# are widely used as a concise and symbolic state space representation. Nevertheless, BDDs are not able to avoid an exponential blowup in general. If we restrict ourselves to #nd an error of a design which violates a safety property,inmany cases a complete state space exploration is not necessary and the introduction of a heuristic to guide the search can help to keep both the explored part and the associated BDD representation smaller than with the classical approach. In this paper we will show that this idea can be extended with an automatically generated heuristic and that it is applicable to a large class of designs. Since the proposed algorithm can be expressed in terms of BDDs it is even possible to use an existent model checker without any internal changes. 1
Objects, Types and Modal Logics
, 1996
"... In this paper we present a modal logic for describing properties of terms in the object calculus of Abadi and Cardelli [AC96]. The logic is essentially the modal mucalculus of [Koz83]. The fragment allows us to express the temporal modalities of the logic CTL [BAMP83]. We investigate the connec ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
In this paper we present a modal logic for describing properties of terms in the object calculus of Abadi and Cardelli [AC96]. The logic is essentially the modal mucalculus of [Koz83]. The fragment allows us to express the temporal modalities of the logic CTL [BAMP83]. We investigate the connection between the type system Ob 1!: and the mucalculus, providing a translation of types into modal formulae and an ordering on formulae that is sound w.r.t. to the subtype ordering of Ob 1!: .
Testing HennessyMilner Logic with Recursion
 Foundations of Software Science and Computation Structures: Second International Conference, FoSSaCS ’99 Proceedings, LNCS
, 1998
"... This study oers a characterization of the collection of properties expressible in HennessyMilner Logic (HML) with recursion that can be tested using nite LTSs. In addition to actions used to probe the behaviour of the tested system, the LTSs that we use as tests will be able to perform a disting ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
This study oers a characterization of the collection of properties expressible in HennessyMilner Logic (HML) with recursion that can be tested using nite LTSs. In addition to actions used to probe the behaviour of the tested system, the LTSs that we use as tests will be able to perform a distinguished action nok to signal their dissatisfaction during the interaction with the tested process. A process s passes the test T i T does not perform the action nok when it interacts with s. A test T tests for a property in HML with recursion i it is passed by exactly the states that satisfy . The paper gives an expressive completeness result oering a characterization of the collection of properties in HML with recursion that are testable in the above sense.
XEVE: an ESTEREL Verification Environment (Version v1_3)
, 1997
"... Xeve is a verification environment for Esterel programs modeled as Finite State Machines (FSMs) with a userfriendly graphical interface. It works on implicitly defined FSMs described as a set of boolean equations with latches, as generated by the Esterel compiler. It is based on the TiGeR library w ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Xeve is a verification environment for Esterel programs modeled as Finite State Machines (FSMs) with a userfriendly graphical interface. It works on implicitly defined FSMs described as a set of boolean equations with latches, as generated by the Esterel compiler. It is based on the TiGeR library which provides data structures and algorithms to manipulate FSMs symbolically using BDDs. The set of boolean equations is given in the Blif format, the input format of Xeve. Xeve provides two main verification functions. The first function is the FSM state minimization using a notion of bisimulation equivalence that relates states indistinguishable when exploring the FSM graph from them. The minimization is made modulo a set of input/output signals declared as hidden. Minimized FSMs are generated explicitly in a textual format called Fc2 that can be loaded in the tool ATG for graphical exploration. The other verification function is the checking of the status of output signals: one can verif...
Requirement Capture, Formal Description and Verification of an Invoicing System
"... The Invoicing case study is a typical business system proposed by Henri Habrias as a common example for a contest on the capacity of particular formal methods to capture requirements from the client. For this, the case study is informally described by half a page of English text. In this report, we ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
The Invoicing case study is a typical business system proposed by Henri Habrias as a common example for a contest on the capacity of particular formal methods to capture requirements from the client. For this, the case study is informally described by half a page of English text. In this report, we use the formal description technique Lotos for requirement capture, formal description and verication of the Invoicing case study. First, we analyse and interpret the informal requirements of the case study using the Lotos approach for description of systems. This leads to a set of twenty questions about the informal description. By answering to these questions, we obtain a highlevel specication architecture that can be formalised. Then, we present the formal description of the case study in Lotos and, for comparison, in ELotos, the new version of Lotos currently being standardized. Since Lotos allows a balance to be struck between processoriented and dataoriented modeling, description...
Interpreting functions as πcalculus processes: a tutorial
, 1999
"... This paper is concerned with the relationship betweencalculus and ��calculus. Thecalculus talks about functions and their applicative behaviour. This contrasts with the ��calculus, that talks about processes and their interactive behaviour. Application is a special form of interaction, and there ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This paper is concerned with the relationship betweencalculus and ��calculus. Thecalculus talks about functions and their applicative behaviour. This contrasts with the ��calculus, that talks about processes and their interactive behaviour. Application is a special form of interaction, and therefore functions can be seen as a special form of processes. We study how the functions of thecalculus (the computable functions) can be represented as ��calculus processes. The ��calculus semantics of a language induces a notion of equality on the terms of that language. We therefore also analyse the equality among functions that is induced by their representation as ��calculus processes. This paper is intended as a tutorial. It however contains some original contributions. The main ones are: the use of wellknown Continuation Passing Style transforms to derive the encodings into ��calculus and prove their correctness; the encoding of typedcalculi.