Results 1  10
of
119
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 2651 (32 self)
 Add to MetaCart
(Show Context)
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
Timed automata: Semantics, algorithms and tools
 Lectures on Concurrency and Petri Nets: Advances in Petri Nets, number 3098 in LNCS
, 2004
"... Abstract. This chapter is to provide a tutorial and pointers to results and related work on timed automata with a focus on semantical and algorithmic aspects of verification tools. We present the concrete and abstract semantics of timed automata (based on transition rules, regions and zones), decisi ..."
Abstract

Cited by 169 (5 self)
 Add to MetaCart
Abstract. This chapter is to provide a tutorial and pointers to results and related work on timed automata with a focus on semantical and algorithmic aspects of verification tools. We present the concrete and abstract semantics of timed automata (based on transition rules, regions and zones), decision problems, and algorithms for verification. A detailed description on DBM (Difference Bound Matrices) is included, which is the central data structure behind several verification tools for timed systems. As an example, we give a brief introduction to the tool UPPAAL. 1
Runtime verification for LTL and TLTL
, 2007
"... This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued ..."
Abstract

Cited by 63 (12 self)
 Add to MetaCart
(Show Context)
This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued semantics (with truth values true, false, inconclusive) as an adequate interpretation as to whether a partial observation of a running system meets an LTL or TLTL property. For LTL, a conceptually simple monitor generation procedure is given, which is optimal in two respects: First, the size of the generated deterministic monitor is minimal, and, second, the monitor identifies a continuously monitored trace as either satisfying or falsifying a property as early as possible. The feasibility of the developed methodology is demontrated using a collection of realworld temporal logic specifications. Moreover, the presented approach is related to the properties monitorable in general and is compared to existing concepts in the literature. It is shown that the set of monitorable properties does not only encompass the safety and cosafety properties but is strictly larger. For TLTL, the same road map is followed by first defining a threevalued semantics. The corresponding construction of a timed monitor is more involved, yet, as shown, possible.
Monitoring of realtime properties
 In Proceedings of the 26th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), volume 4337 of LNCS
, 2006
"... Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for unti ..."
Abstract

Cited by 55 (15 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for untimed and timed formulae, in that standard models of linear temporal logic are infinite traces, whereas in runtime verification only finite system behaviours are at hand. Therefore, a 3valued semantics (true, false, inconclusive) for LTL and TLTL on finite traces is defined that resembles the infinite trace semantics in a suitable and intuitive manner. Then, the paper describes how to construct, given a (T)LTL formula, a deterministic monitor with three output symbols that reads a finite trace and yields its according 3valued (T)LTL semantics. Notably, the monitor rejects a trace as early as possible, in that any minimal bad prefix results in false as a return value. 1
Alternating Timed Automata
 IN FOSSACS’05, VOLUME 3441 OF LNCS
, 2005
"... A notion of alternating timed automata is proposed. It is shown that such automata with only one clock have decidable emptiness problem over finite words. This gives a new class of timed languages which is closed under boolean operations and which has an effective presentation. We prove that the co ..."
Abstract

Cited by 44 (4 self)
 Add to MetaCart
(Show Context)
A notion of alternating timed automata is proposed. It is shown that such automata with only one clock have decidable emptiness problem over finite words. This gives a new class of timed languages which is closed under boolean operations and which has an effective presentation. We prove that the complexity of the emptiness problem for alternating timed automata with one clock is nonprimitive recursive. The proof gives also the same lower bound for the universality problem for nondeterministic timed automata with one clock. We investigate extension of the model with epsilontransitions and prove that emptiness is undecidable. Over infinite words, we show undecidability of the universality problem.
An Algebraic Approach to Data Languages and Timed Languages
, 2003
"... Algebra offers an elegant and powerful approach to understand regular languages and finite automata. Such framework has been notoriously lacking for timed languages and timed automata. We introduce the notion of monoid recognizability for data languages, which includes timed languages as special cas ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
Algebra offers an elegant and powerful approach to understand regular languages and finite automata. Such framework has been notoriously lacking for timed languages and timed automata. We introduce the notion of monoid recognizability for data languages, which includes timed languages as special case, in a way that respects the spirit of the classical situation. We study closure properties and hierarchies in this model, and prove that emptiness is decidable under natural hypotheses. Our class of recognizable languages properly includes many families of deterministic timed languages that have been proposed until now, and the same holds for nondeterministic versions.
Revisiting Digitization, Robustness, and Decidability for Timed Automata
 In Proceedings of LICS 03
, 2003
"... We consider several questions related to the use of digitization techniques for timed automata. These very successful techniques reduce densetime language inclusion problems to discrete time, but are applicable only when the implementation is closed under digitization and the specification is close ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
(Show Context)
We consider several questions related to the use of digitization techniques for timed automata. These very successful techniques reduce densetime language inclusion problems to discrete time, but are applicable only when the implementation is closed under digitization and the specification is closed under inverse digitization. We show that, for timed automata, the former (whether the implementation is closed under digitization) is decidable, but not the latter. We also investigate digitization questions in connection with the robust semantics for timed automata. The robust modelling approach introduces a timing fuzziness through the semantic removal of equality testing. Since its introduction half a decade ago, research into the robust semantics has suggested that it yields roughly the same theory as the standard semantics. This paper shows that, surprisingly, this is not the case: the robust semantics is significantly less tractable, and differs from the standard semantics in many key respects. In particular, the robust semantics yields an undecidable (nonregular) discretetime theory, in stark contrast with the standard semantics. This makes it virtually impossible to apply digitization techniques together with the robust semantics. On the positive side, we show that the robust languages of timed automata remain recursive.
On the language inclusion problem for timed automata: Closing a decidability gap
 in Proc. LICS’04. IEEE
"... We consider the language inclusion problem for timed automata: given two timed automata A and B, are all the timed traces accepted by B also accepted by A? While this problem is known to be undecidable, we show here that it becomes decidable if A is restricted to having at most one clock. This is so ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
We consider the language inclusion problem for timed automata: given two timed automata A and B, are all the timed traces accepted by B also accepted by A? While this problem is known to be undecidable, we show here that it becomes decidable if A is restricted to having at most one clock. This is somewhat surprising, since it is wellknown that there exist timed automata with a single clock that cannot be complemented. The crux of our proof consists in reducing the language inclusion problem to a reachability question on an infinite graph; we then construct a suitable wellquasiorder on the nodes of this graph, which ensures the termination of our search algorithm. We also show that the language inclusion problem is decidable if the only constant appearing among the clock constraints of A is zero. Moreover, these two cases are essentially the only decidable instances of language inclusion, in terms of restricting the various resources of timed automata. 1.
Automated test generation from timed automata
 STTT
"... Abstract. Testing is the most dominating validation activity used by industry today, and there is an urgent need for improving its effectiveness, both with respect to the time and resources for test generation and execution, and obtained test coverage. We present a new technique for automatic genera ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Testing is the most dominating validation activity used by industry today, and there is an urgent need for improving its effectiveness, both with respect to the time and resources for test generation and execution, and obtained test coverage. We present a new technique for automatic generation of realtime blackbox conformance tests for nondeterministic systems from a determinizable class of timed automata specifications with a dense time interpretation. In contrast to other attempts, our tests are generated using a coarse equivalence class partitioning of the specification. To analyze the specification, to synthesize the timed tests, and to guarantee coverage with respect to a coverage criterion, we use the efficient symbolic techniques recently developed for model checking of realtime systems. Application of our prototype tool to a realistic specification shows promising results in terms of both the test suite size, and the time and space used for test generation. 1
Decidability and complexity results for timed automata via channel machines
 In Proc. ICALP, volume 3580 of Springer LNCS
, 2005
"... Abstract. This paper is concerned with the language inclusion problem for timed automata: given timed automata A and B, is every word accepted by B also accepted by A? Alur and Dill [5] showed that the language inclusion problem is decidable if A has no clocks and undecidable if A has two clocks ( ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
(Show Context)
Abstract. This paper is concerned with the language inclusion problem for timed automata: given timed automata A and B, is every word accepted by B also accepted by A? Alur and Dill [5] showed that the language inclusion problem is decidable if A has no clocks and undecidable if A has two clocks (with no restriction on B). However, the status of the problem when A has one clock is not determined by [5]. In this paper we close this gap for timed automata over innite words by showing that the oneclock language inclusion problem is undecidable. For timed automata over nite words, building on our earlier paper [19], we show that the oneclock language inclusion problem is decidable with nonprimitive recursive complexity. This reveals a surprising divergence between the theory of timed automata over nite words and over innite words. Finally, we show that if "transitions or nonsingular postconditions are allowed, then the oneclock language inclusion problem is undecidable over both nite and innite words. 1