Results 11  20
of
89
Verifying Hybrid Systems
 In Grossman et al
, 1993
"... . Hybrid systems are modeled as phase transition systems with sampling semantics. By identifying a set of important events it is ensured that all significant state changes are observed, thus correcting previous drawbacks of the sampling computations semantics. A proof rule for verifying properties o ..."
Abstract

Cited by 73 (1 self)
 Add to MetaCart
. Hybrid systems are modeled as phase transition systems with sampling semantics. By identifying a set of important events it is ensured that all significant state changes are observed, thus correcting previous drawbacks of the sampling computations semantics. A proof rule for verifying properties of hybrid systems is presented and illustrated on several examples. Keywords: Temporal logic, realtime, specification, verification, hybrid systems, statecharts, proof rules, phase transition system, sampling semantics, important events. 1 Introduction Hybrid systems are reactive systems that intermix discrete and continuous components. Typical examples are digital controllers that interact with continuously changing physical environments. A formal model for hybrid systems was proposed in [MMP92], based on the notion of phase transition systems (PTS). Two types of semantics were considered in [MMP92]. The first semantics, to which we refer here as the super dense semantics, is based on hyb...
Temporal Proof Methodologies for Realtime Systems
 In Proceedings of the 18th Annual Symposium on Principles of Programming Languages
, 1991
"... . We extend the specification language of temporal logic, the corresponding verification framework, and the underlying computational model to deal with realtime properties of concurrent and reactive systems. A global, discrete, and asynchronous clock is incorporated into the model by defining the a ..."
Abstract

Cited by 63 (11 self)
 Add to MetaCart
. We extend the specification language of temporal logic, the corresponding verification framework, and the underlying computational model to deal with realtime properties of concurrent and reactive systems. A global, discrete, and asynchronous clock is incorporated into the model by defining the abstract notion of a realtime transition system as a conservative extension of traditional transition systems: qualitative fairness requirements are replaced (and superseded) by quantitative lowerbound and upperbound realtime requirements for transitions. We show how to model realtime systems that communicate either through shared variables or by message passing, and how to represent the important realtime constructs of priorities (interrupts), scheduling, and timeouts in this framework. Two styles for the specification of realtime properties are presented. The first style uses bounded versions of the temporal operators; the realtime requirements expressed in this style are classified ...
Specification of Realtime Systems Using ASTRAL
 IEEE Transactions on Software Engineering
, 1997
"... Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime sy ..."
Abstract

Cited by 39 (19 self)
 Add to MetaCart
Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL’s design. ASTRAL’s specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications. Index Terms—Formal methods, formal specification and verification, assertions, temporal logic, realtime systems, timing
Verifying Clocked Transition Systems
 In Proceedings of the Fifth International Workshop on Languages and Compilers for Parallel Machines
, 1996
"... . This paper presents a new computational model for realtime systems, called the clocked transition system (cts) model. The cts model is a development of our previous timed transition model, where some of the changes are inspired by the model of timed automata. The new model leads to a simpler s ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
. This paper presents a new computational model for realtime systems, called the clocked transition system (cts) model. The cts model is a development of our previous timed transition model, where some of the changes are inspired by the model of timed automata. The new model leads to a simpler style of temporal specification and verification, requiring no extension of the temporal language. We present verification rules for proving safety properties (including timebounded response properties) of clocked transition systems, and separate rules for proving (timeunbounded) response properties. All rules are associated with verification diagrams. The verification of response properties requires adjustments of the proof rules developed for untimed systems, reflecting the fact that progress in the real time systems is ensured by the progress of time and not by fairness. The style of the verification rules is very close to the verification style of untimed systems which allows t...
Formal Methods for the Specification and Design of RealTime Safety Critical Systems
, 1992
"... Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in cat ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in catastrophic failures. This paper surveys formal methods for specifying, designing and verifying realtime systems, so as to improve their safety and reliability. # To appear in Journal of Systems and Software,Vol. 18, Number 1, pages 33#60, April 1992. Jonathan Ostro# is with the Department of Computer Science, York University 4700 Keele Street, North York, Ontario, Canada, M3J 1P3. This work is supported by the Natural Sciences and Engineering Research Council of Canada. 1 CONTENTS 2 Contents 1 Introduction 3 2 De#ning the terms 6 2.1 Major issues that formal theories must address ::::::: 13 3 RealTime Programming Languages 14 4 Structured Methods and#or Graphical Languages 15 4.1 Str...
Deductive verification of realtime systems using STeP
 COMPUTER SCIENCE DEPARTMENT, STANFORD UNIVERSITY
, 1998
"... We present a modular framework for proving temporal properties of realtime systems, based on clocked transition systems and lineartime temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of realtim ..."
Abstract

Cited by 30 (8 self)
 Add to MetaCart
We present a modular framework for proving temporal properties of realtime systems, based on clocked transition systems and lineartime temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of realtime systems in this framework. We also discuss global and modular proofs of the branchingtime property of nonZenoness. As an example, we present the mechanical verification of the generalized railroad crossing case study using the Stanford Temporal Prover, STeP.
Automatic Generation of State Invariants from Requirements Specifications
 FSE6
, 1998
"... Automatic generation of state invariants, properties that hold in every reachable state of a state machine model, can be valuable in software development. Not only can such invariants be presented to system users for validation, in addition, they can be used as auxiliary assertions in proving other ..."
Abstract

Cited by 28 (15 self)
 Add to MetaCart
Automatic generation of state invariants, properties that hold in every reachable state of a state machine model, can be valuable in software development. Not only can such invariants be presented to system users for validation, in addition, they can be used as auxiliary assertions in proving other invariants. This paper describes an algorithm for the automatic generation of state invariants that, in contrast to most other such algorithms, which operate on programs, derives invariants from requirements specifications. Generating invariants from requirements specifications rather than programs has two advantages: 1) because requirements specifications, unlike programs, are at a high level of abstraction, generation of and analysis using such invariants is easier, and 2) using invariants to detect errors during the requirements phase is considerably more costeffective than using invariants later in software development. To illustrate the algorithm, we use it to generate state invariants from requirements specifications of an automobile cruise control system and a simple control system for a nuclear plant. The invariants are derived from specifications expressed in the SCR (Software Cost Reduction) tabular notation.
Halforder Modal Logic: How To Prove Realtime Properties
 IN PROCEEDINGS OF THE NINTH ANNUAL SYMPOSIUM ON PRINCIPLES OF DISTRIBUTED COMPUTING
, 1990
"... We introduce a novel extension of propositional modal logic that is interpreted over Kripke structures in which a value is associated with every possible world. These values are, however, not treated as full firstorder objects; they can be accessed only by a very restricted form of quantificati ..."
Abstract

Cited by 26 (6 self)
 Add to MetaCart
We introduce a novel extension of propositional modal logic that is interpreted over Kripke structures in which a value is associated with every possible world. These values are, however, not treated as full firstorder objects; they can be accessed only by a very restricted form of quantification: the "freeze" quantifier binds a variable to the value of the current world. We present a complete proof system for this ("halforder") modal logic. As a special case, we obtain the realtime temporal logic TPTL of [AH89]: the models are restricted to infinite sequences of states, whose values are monotonically increasing natural numbers. The ordering relation between states is interpreted as temporal precedence, while the value associated with a state is interpreted as its "real" time. We extend our proof system to be complete for TPTL, and demonstrate how it can be used to derive realtime properties.
Combining Dynamic Deontic Logic and Temporal Logic for the Specification of Deadlines
, 1997
"... ..."
A Unit Two Variable Per Inequality Integer Constraint Solver for Constraint Logic Programming
 In Proceedings of the Twentieth Australasian Computer Science Conference
, 1995
"... One of the problems with the traditional finite domains approach to solving integer problems in a constraint logic programming context is that all variables require explicit bounds. If no explicit bounds are available then the finite domain solver can be very inefficient on certain classes of proble ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
One of the problems with the traditional finite domains approach to solving integer problems in a constraint logic programming context is that all variables require explicit bounds. If no explicit bounds are available then the finite domain solver can be very inefficient on certain classes of problem. We present an alternative approach to solving integer constraints based on a polynomialtime solver for a restricted class of integer constraints. This approach does not require bounds information, avoids bad behaviour for a larger class of problems, and is competitive with bounds propagation for the types of problem examined. We give a detailed description of the implementation of the core solver, discuss how it can be used to as the basis of a more general solver, and present some computational results. 1 Introduction Integer constraints are an important class used to represent many forms of problems of practical interest. For example scheduling, resource allocation and route plannin...