Results 1 
3 of
3
ModelChecking in Dense Realtime
 INFORMATION AND COMPUTATION
, 1993
"... Modelchecking is a method of verifying concurrent systems in which a statetransition graph model of the system behavior is compared with a temporal logic formula. This paper extends modelchecking for the branchingtime logic CTL to the analysis of realtime systems, whose correctness depends on t ..."
Abstract

Cited by 273 (7 self)
 Add to MetaCart
(Show Context)
Modelchecking is a method of verifying concurrent systems in which a statetransition graph model of the system behavior is compared with a temporal logic formula. This paper extends modelchecking for the branchingtime logic CTL to the analysis of realtime systems, whose correctness depends on the magnitudes of the timing delays. For specifications, we extend the syntax of CTL to allow quantitative temporal operators such as 93!5 , meaning "possibly within 5 time units." The formulas of the resulting logic, Timed CTL (TCTL), are interpreted over continuous computation trees, trees in which paths are maps from the set of nonnegative reals to system states. To model finitestate systems we introduce timed graphs  statetransition graphs annotated with timing constraints. As our main result, we develop an algorithm for modelchecking, for determining the truth of a TCTLformula with respect to a timed graph. We argue that choosing a dense domain instead of a discrete domain to mo...
Timing Analysis in COSPAN
 In Hybrid Systems III
, 1996
"... . We describe how to model and verify realtime systems using the formal verification tool Cospan. The verifier supports automatatheoretic verification of coordinating processes with timing constraints. We discuss different heuristics, and our experiences with the tool for certain benchmark problems ..."
Abstract

Cited by 43 (7 self)
 Add to MetaCart
(Show Context)
. We describe how to model and verify realtime systems using the formal verification tool Cospan. The verifier supports automatatheoretic verification of coordinating processes with timing constraints. We discuss different heuristics, and our experiences with the tool for certain benchmark problems appearing in the verification literature. 1 Introduction Model checking is a method of automatically verifying concurrent systems in which a finitestate model of a system is compared with a correctness requirement. This method has been shown to be very effective in detecting errors in highlevel designs, and has been implemented in various tools. We consider the tool Cospan that is based on the theory of !automata (!automata are finite automata accepting infinite sequences, see [Tho90] for a survey, and [VW86, Kur94] for applications to verification). The system to be verified is modeled as a collection of coordinating processes described in the language S/R [Kur94]. The semantics of su...
Mechanically Verifying Safety and Liveness Properties of Delay Insensitive Circuits
 the BoyerMoore Prover. 1991 International Workshop on Formal Methods in VLSI Design
, 1994
"... This paper describes, by means of an example, how one may mechanically verify delay insensitive circuits on an automated theorem prover. It presents the verification of both the safety and liveness properties of an nnode delay insensitive FIFO circuit[20]. The proof system used is a mechanized impl ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
This paper describes, by means of an example, how one may mechanically verify delay insensitive circuits on an automated theorem prover. It presents the verification of both the safety and liveness properties of an nnode delay insensitive FIFO circuit[20]. The proof system used is a mechanized implementation of Unity[7] on the BoyerMoore prover[4], described in [12]. This paper describes the circuit formally in the BoyerMoore logic and presents the mechanically verified correctness theorems. The formal description also captures the protocol that the circuit expects its environment to obey and specifies a class of suitable initial states. This paper demonstrates how a general purpose automated proof system for concurrent programs may be used to mechanically verify both the safety and liveness properties of arbitrary sized delay insensitive circuits. Keywords: Automated theorem proving, hardware verification, delay insensitive circuits. Author's Address: Naval Research Laboratory, C...