Results 1  10
of
11
Some lessons from the HyTech experience
 In Proceedings of the 40th Annual Conference on Decision and Control
, 2001
"... We provide an overview of the current status of the tool HyTech, and re ect on some of the lessons learned from our experiences with the tool. HyTech is a symbolic model checker for mixed discretecontinuous systems that are modeled as automata with piecewiseconstant polyhedral di erential inclusio ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
We provide an overview of the current status of the tool HyTech, and re ect on some of the lessons learned from our experiences with the tool. HyTech is a symbolic model checker for mixed discretecontinuous systems that are modeled as automata with piecewiseconstant polyhedral di erential inclusions. The use of a formal input language and automated procedures for statespace traversal lay the foundation for formally verifying properties of hybrid dynamical systems. We describe some recent experiences analyzing three hybrid systems. We point out the successes and limitations of the tool. The analysis procedure has been extended in a number of ways to address some of the tool's shortcomings. We evaluate these extensions, and conclude with some desiderata for veri cation tools for hybrid systems. 1
Analysis and Verification of RealTime Systems using Quantitative Symbolic Algorithms
 JOURNAL OF SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
, 1999
"... The task of checking if a computer system satisfies its timing specifications is extremely important. These systems are often used in critical applications where failure to meet a deadline can have serious or even fatal consequences. This paper presents an efficient method for performing this verifi ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
The task of checking if a computer system satisfies its timing specifications is extremely important. These systems are often used in critical applications where failure to meet a deadline can have serious or even fatal consequences. This paper presents an efficient method for performing this verification task. In the proposed method a realtime system is modeled by a statetransition graph represented by binary decision diagrams. Efficient symbolic algorithms exhaustively explore the state space to determine whether the system satisfies a given specification. In addition, our approach computes quantitative timing information such as minimum and maximum time delays between given events. These results provide insight into the behavior of the system and assist in the determination of its temporal correctness. The technique evaluates how well the system works or how seriously it fails, as opposed to only whether it works or not. Based on these techniques a verification tool called Verus...
Using Partial Evaluation to Enable Verification of Concurrent Software
, 1998
"... ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept, ACM Inc., 1515 Broadway, New York, N ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept, ACM Inc., 1515 Broadway, New York, NY 10036 USA, fax +1 (212) 8690481, or permissions@acm.org. 2 \Delta M. Dwyer, J. Hatcliff, and M. Nanda 1. INTRODUCTION Modern computing applications increasingly require software systems that are extremely reliable and concurrent or distributed. Unfortunately, current software validation techniques are unable to provide high levels of assurance of correctness for these systems due to system size and complexity as well as the fundamental difficulties of reasoning about concurrency. Finitestate verification (FSV) techniques (originally developed for hardware verification) are emerging as a promising technology for assuring highquality in modern software systems. In FSV, one describes th...
Staging Static Analyses Using Abstractionbased Program Specialization
 In Principles of Declarative Programming: 10th International Symposium, PLILP'98, LNCS 1490
, 1998
"... Conventional partial evaluators specialize programs with respect to concrete values, but programs can also be specialized with respect to abstractions of concrete values. We present a novel method for staging static analyses using abstractionbased program specialization (ABPS). Building on earlier ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Conventional partial evaluators specialize programs with respect to concrete values, but programs can also be specialized with respect to abstractions of concrete values. We present a novel method for staging static analyses using abstractionbased program specialization (ABPS). Building on earlier work by Consel and Khoo and Jones, we give an ABPS system that serves as a formal foundation for a suite of analysis and verification tools that we are developing for Ada programs. Our tool set makes use of existing verification packages. Currently many programs must be handtransformed before they can be submitted to these packages. We have determined that these handtransformations can be carried out automatically using ABPS. Thus, preprocessing programs using ABPS can significantly extend the applicability of existing tools without modifying the tools themselves.
Unit Verification: The CARA Experience
, 2004
"... The ComputerAided Resuscitation Algorithm, or ... device for treating blood loss experienced by combatants injured on the battlefield. CARA is responsible for automatically stabilizing a patient’s blood pressure by infusing blood as needed, based on bloodpressure data the CARA system collects. The ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The ComputerAided Resuscitation Algorithm, or ... device for treating blood loss experienced by combatants injured on the battlefield. CARA is responsible for automatically stabilizing a patient’s blood pressure by infusing blood as needed, based on bloodpressure data the CARA system collects. The control part of the system is implemented in software, which is extremely safetycritical and thus must perform correctly. This paper describes a case study in which a verification tool, the Concurrency Workbench of the New Century (CWBNC), is used to analyze a model of the CARA system. The huge state space of the CARA makes it problematic to conduct traditional “pushbutton” automatic verification, such as model checking. Instead, we develop a technique, called unit verification, which entails taking small units of a system, putting them in a “verification harness ” that exercises relevant executions appropriately within the unit, and then model checking these more tractable units. For systems, like CARA, whose requirements are localized to individual system components or interactions between small numbers of components, unit verification offers a means of coping with huge state spaces.
Software Technology Maturation Study: Model Checking Techniques and Tools
, 2001
"... this paper we report the results of the maturation study of model checking techniques and tools. Model checking techniques are a subset of Formal Methods, which are defined as "mathematicallybased languages, techniques, and tools for specifying and verifying programs". We are interested tracing the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
this paper we report the results of the maturation study of model checking techniques and tools. Model checking techniques are a subset of Formal Methods, which are defined as "mathematicallybased languages, techniques, and tools for specifying and verifying programs". We are interested tracing the maturation of the research results that have established the mathematical, theoretical basis for formal verification technologies. Further, we would like to trace how formal verification tools have become accepted by the industry and what factors have influence such acceptance. This study complements parallel studies on integrated development environments by Halloran, on software design and modeling environments (CASE tools) by Fairbanks, and on software analysisbased software maintenance tools by Sutherland
BranchingTime Temporal Logics with Minimal Model Quantifiers
, 2009
"... Abstract. Temporal logics are a well investigated formalism for the specification and verification of reactive systems. Using formal verification techniques, we can ensure the correctness of a system with respect to its desired behavior (specification), by verifying whether a model of the system sat ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Temporal logics are a well investigated formalism for the specification and verification of reactive systems. Using formal verification techniques, we can ensure the correctness of a system with respect to its desired behavior (specification), by verifying whether a model of the system satisfies a temporal logic formula modeling the specification. From a practical point of view, a very challenging issue in using temporal logic in formal verification is to come out with techniques that automatically allow to select small critical parts of the system to be successively verified. Another challenging issue is to extend the expressiveness of classical temporal logics, in order to model more complex specifications. In this paper, we address both issues by extending the classical branchingtime temporal logic CTL ∗ with minimal model quantifiers (MCTL ∗). These quantifiers allow to extract, from a model, minimal submodels on which we check the specification (also given by an MCTL ∗ formula). We show that MCTL ∗ is strictly more expressive than CTL ∗. Nevertheless, we prove that the model checking problem for MCTL ∗ remains decidable and in particular in PSPACE. Moreover, differently from CTL ∗ , we show that MCTL ∗ does not have the tree model property, is not bisimulationinvariant and is sensible to unwinding. As far as the satisfiability concerns, we prove that MCTL ∗ is highly undecidable. We further investigate the model checking and satisfiability problems for MCTL ∗ sublogics, such as MPML, MCTL, and MCTL +, for which we obtain interesting results. Among the others, we show that MPML retains the finite model property and the decidability of the satisfiability problem.
Systems, inc Reactive
"... Language). To establish a formula 2 as an invariant, Salsa carries out an induction proof that utilizes tightly integrated decision procedures (currently a combination of binarydecisiondiagram (BDD) algorithms and a constraint solver for integer linear arithmetic) for discharging the verication ..."
Abstract
 Add to MetaCart
Language). To establish a formula 2 as an invariant, Salsa carries out an induction proof that utilizes tightly integrated decision procedures (currently a combination of binarydecisiondiagram (BDD) algorithms and a constraint solver for integer linear arithmetic) for discharging the verication conditions. Unlike most other inductive provers, Salsa works in a totally automatic fashion. Its user interface mimics that of a model checker: given a formula and a model, Salsa either establishes the formula as an invariant of the model or provides a counter example. In either case, the algorithm will terminate. Unlike model checkers, Salsa returns only a statepair as a counterexample (the states before and after the state that is reached where the invariant does not hold) rather than an entire execution sequence. Also, due to the incompleteness of induction, users must validate the counterexamples. The use of induction enables Salsa to combat the stateexplosion problem that plagues m...
Enhancement of Feedback Congestion Control Mechanisms by Deploying Active Congestion Control
, 2003
"... Active networking offers a change in the usual network paradigm: from passive carrier of bits to a more general computing engine. Active networking not only allows the network nodes to perform computations on the data but also allow their users to inject customized programs into the nodes of the net ..."
Abstract
 Add to MetaCart
Active networking offers a change in the usual network paradigm: from passive carrier of bits to a more general computing engine. Active networking not only allows the network nodes to perform computations on the data but also allow their users to inject customized programs into the nodes of the network, that may modify, redirect or store the user data flowing through the network. In this thesis, we focus on the benefits of active networking with respect to a problem that is unlikely to disappear in the near future: network congestion. Rather than applying congestion reduction mechanisms generically and broadly, we discuss the mechanism that allows each application to specify how losses to its data should occur in a controlled fashion. Congestion is a prime candidate for active networking, since it is specifically an intranetwork event and is potentially far removed from the application. Further, the time that is required for congestion notification information to propagate back to the sender limits the speed with which an application can selfregulate to reduce congestion. In this thesis, we propose a model for Active Congestion control, using active queue
Branching Data Structures for RealTime Model Checking Not As Good As Thought
"... Abstract. Clock Difference Diagrams (CDDs), a BDDlike data structure for model checking of timed automata, were presented in 1999. After the original article the work on them seems to have stopped, although there are still important open questions. CDD definition required that repeated subtrees wer ..."
Abstract
 Add to MetaCart
Abstract. Clock Difference Diagrams (CDDs), a BDDlike data structure for model checking of timed automata, were presented in 1999. After the original article the work on them seems to have stopped, although there are still important open questions. CDD definition required that repeated subtrees were aliased, but no clear algorithm was presented for producing such compact representation, which seems costly to achieve. Also, since then, case studies have increased in size. In this article we revisit CDDs by comparing their performance against DBMs on current case studies, with and without repeated subtrees. Our experiments show that CDDs still require more time and memory than DBMs, that eliminating repetitions is still not enough. Thus, this article reopens issues that previous work on the topic considered closed. 1 Introduction and Previous Work In current days timed systems are both pervasive and critical, ranging from