. We introduce a temporal logic for the specification of real-time systems. Our logic, TPTL, employs a novel quantifier construct for referencing time: the freeze quantifier binds a variable to the time of the local temporal context. TPTL is both a natural language for specification and a suitable formalism for verification. We present a tableau-based decision procedure and a model checking algorithm for TPTL. Several generalizations of TPTL are shown to be highly undecidable. 1 Introduction Linear temporal logic is a widely accepted language for specifying properties of reactive systems and their behavior over time [Pnu77, OL82, MP92]. The tableau-based satisfiability algorithm for its propositional version, PTL, forms the basis for the automatic verification and synthesis of finite-state systems [LP84, MW84]. PTL is interpreted over models that abstract away from the actual times at which events occur, retaining only temporal ordering information about the states of a system. The a...

The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about real-time systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via a monotonic function that maps every state to its time. The resulting theory of timed state sequences is shown to be decidable, albeit nonelementary, and its expressive power is characterized by! -regular sets. Several more expressive variants are proved to be highly undecidable. This framework allows us to classify a wide variety of real-time logics according to their complexity and expressiveness. Indeed, it follows that most formalisms proposed in the literature cannot be decided. We are, however, able to identify two elementary real-time temporal logics as expressively complete fragments of the theory of timed state sequences, and we present tableau-based decision procedures for checking validity. Consequently, these two formalisms are well-suited for the speci cation and veri cation of real-time systems.

We survey logic-based and automata-based languages and techniques for the specification and verification of real-time systems. In particular, we discuss three syntactic extensions of temporal logic: time-bounded operators, freeze quantification, and time variables. We also discuss the extension of finite-state machines with clocks and the extension of transition systems with time bounds on the transitions. All of the resulting notations can be interpreted over a variety of different models of time and computation, including linear and branching time, interleaving and true concurrency, discrete and continuous time. For each choice of syntax and semantics, we summarize the results that are known about expressive power, algorithmic finite-state verification, and deductive verification.

. Real-time systems operate in "real," continuous time and state changes may occur at any real-numbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a real-time system has been shown "correct" for integral observations? Integer time verification techniques suffice if the problem of whether all real-numbered behaviors of a system satisfy a property can be reduced to the question of whether the integral observations satisfy a (possibly modified) property. We show that this reduction is possible for a large and important class of systems and properties: the class of systems includes all systems that can be modeled as timed transition systems; the class of properties includes time-bounded invariance and time-bounded response. 1 Introduction Over the past few years, we have seen a proliferation of formal methodologies for software and hardware design that emphasize the treatm...

. We incorporate time into an interleaving model of concurrency. In timed transition systems, the qualitative fairness requirements of traditional transition system are replaced (and superseded) by quantitative lower-bound and upperbound timing constraints on transitions. The purpose of this paper is to explore the scope of applicability for the abstract model of timed transition systems. We demonstrate that the model can represent a wide variety of phenomena that routinely occur in conjunction with the timed execution of concurrent processes. Our treatment covers both processes that are executed in parallel on separate processors and communicate either through shared variables or by message passing, and processes that time-share a limited number of processors under a given scheduling policy. Often it is this scheduling policy that determines if a system meets its real-time requirements. Thus we explicitly address such questions as time-outs, interrupts, static and dynamic priorities. ...

We extend the specification language of temporal logic, the corresponding verification framework, and the underlying computational model to deal with real-time properties of reactive systems. The abstract notion of timed transition systems generalizes traditional transition systems conservatively: qualitative fairness requirements are replaced (and superseded) by quantitative lower-bound and upper-bound timing constraints on transitions. This framework can model realtime systems that communicate either through shared variables or by message passing and real-time issues such as timeouts, process priorities (interrupts), and process scheduling. We exhibit two styles for the specification of real-time systems. While the first approach uses time-bounded versions of the temporal operators, the second approach allows explicit references to time through a special clock variable. Corresponding to the two styles of specification, we present and compare two different proof methodologies for t...

NOTICE: This is the author’s version of a work that was accepted for publication in Science of Computer Programming. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. A definitive version was subsequently published in Science of Computer Programming, 64(2007):115-139.

Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in catastrophic failures. This paper surveys formal methods for specifying, designing and verifying real-time systems, so as to improve their safety and reliability. # To appear in Journal of Systems and Software,Vol. 18, Number 1, pages 33#60, April 1992. Jonathan Ostro# is with the Department of Computer Science, York University 4700 Keele Street, North York, Ontario, Canada, M3J 1P3. This work is supported by the Natural Sciences and Engineering Research Council of Canada. 1 CONTENTS 2 Contents 1 Introduction 3 2 De#ning the terms 6 2.1 Major issues that formal theories must address ::::::: 13 3 Real-Time Programming Languages 14 4 Structured Methods and#or Graphical Languages 15 4.1 Str...

Abstract. Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with non-primitive recursive complexity. We also consider the model-checking problem for MTL: whether all words accepted by a given Alur-Dill timed automaton satisfy a given MTL formula. We show that this problem is decidable over finite words. Over infinite words, we show that model checking the safety fragment of MTL— which includes invariance and time-bounded response properties—is also decidable. These results are quite surprising in that they contradict various claims to the contrary that have appeared in the literature. 1.

We investigate the verification problem of timed automata w.r.t. linear-time dense time temporal logics. We propose a real-time logic TATL which extends the propositional temporal logic with constraints involving timed automata. These constraints allow to require that the computation segment since some designated point is accepted by a given timed automaton. We identify an expressively powerful fragment of this logic, called TATL + for which the verification problem is decidable. To establish this result, we define a fragment of TATL, called TATL \Theta , such that the negation of any formula in TATL + is equivalent to a TATL \Theta formula, and then, we prove that every TATL \Theta formula can be characterized by a nondeterministic timed Buchi automaton. 1 Introduction Real-time temporal logics are widely accepted as suitable specification formalisms for systems with hard timing constraints [5, 7, 12, 11, 2, 8, 4]. These logics are interpreted on either discrete or dense t...