Results 11  20
of
109
Verifying Hybrid Systems
 In Grossman et al
, 1993
"... . Hybrid systems are modeled as phase transition systems with sampling semantics. By identifying a set of important events it is ensured that all significant state changes are observed, thus correcting previous drawbacks of the sampling computations semantics. A proof rule for verifying properties o ..."
Abstract

Cited by 73 (1 self)
 Add to MetaCart
(Show Context)
. Hybrid systems are modeled as phase transition systems with sampling semantics. By identifying a set of important events it is ensured that all significant state changes are observed, thus correcting previous drawbacks of the sampling computations semantics. A proof rule for verifying properties of hybrid systems is presented and illustrated on several examples. Keywords: Temporal logic, realtime, specification, verification, hybrid systems, statecharts, proof rules, phase transition system, sampling semantics, important events. 1 Introduction Hybrid systems are reactive systems that intermix discrete and continuous components. Typical examples are digital controllers that interact with continuously changing physical environments. A formal model for hybrid systems was proposed in [MMP92], based on the notion of phase transition systems (PTS). Two types of semantics were considered in [MMP92]. The first semantics, to which we refer here as the super dense semantics, is based on hyb...
Temporal Proof Methodologies for Realtime Systems
 In Proceedings of the 18th Annual Symposium on Principles of Programming Languages
, 1991
"... . We extend the specification language of temporal logic, the corresponding verification framework, and the underlying computational model to deal with realtime properties of concurrent and reactive systems. A global, discrete, and asynchronous clock is incorporated into the model by defining the a ..."
Abstract

Cited by 66 (11 self)
 Add to MetaCart
(Show Context)
. We extend the specification language of temporal logic, the corresponding verification framework, and the underlying computational model to deal with realtime properties of concurrent and reactive systems. A global, discrete, and asynchronous clock is incorporated into the model by defining the abstract notion of a realtime transition system as a conservative extension of traditional transition systems: qualitative fairness requirements are replaced (and superseded) by quantitative lowerbound and upperbound realtime requirements for transitions. We show how to model realtime systems that communicate either through shared variables or by message passing, and how to represent the important realtime constructs of priorities (interrupts), scheduling, and timeouts in this framework. Two styles for the specification of realtime properties are presented. The first style uses bounded versions of the temporal operators; the realtime requirements expressed in this style are classified ...
On the decidability of metric temporal logic
 In Proc. LICS
, 2005
"... Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with nonprimitive recursive complexity. We also consider the modelchecking problem for MTL: whether all w ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
(Show Context)
Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with nonprimitive recursive complexity. We also consider the modelchecking problem for MTL: whether all words accepted by a given AlurDill timed automaton satisfy a given MTL formula. We show that this problem is decidable over finite words. Over infinite words, we show that model checking the safety fragment of MTL—which includes invariance and timebounded response properties—is also decidable. These results are quite surprising in that they contradict various claims to the contrary that have appeared in the literature. The question of the decidability of MTL over infinite words remains open. 1.
Specification of Realtime Systems Using ASTRAL
 IEEE Transactions on Software Engineering
, 1997
"... Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime sy ..."
Abstract

Cited by 39 (19 self)
 Add to MetaCart
Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL’s design. ASTRAL’s specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications. Index Terms—Formal methods, formal specification and verification, assertions, temporal logic, realtime systems, timing
Verifying Clocked Transition Systems
 In Proceedings of the Fifth International Workshop on Languages and Compilers for Parallel Machines
, 1996
"... . This paper presents a new computational model for realtime systems, called the clocked transition system (cts) model. The cts model is a development of our previous timed transition model, where some of the changes are inspired by the model of timed automata. The new model leads to a simpler s ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
. This paper presents a new computational model for realtime systems, called the clocked transition system (cts) model. The cts model is a development of our previous timed transition model, where some of the changes are inspired by the model of timed automata. The new model leads to a simpler style of temporal specification and verification, requiring no extension of the temporal language. We present verification rules for proving safety properties (including timebounded response properties) of clocked transition systems, and separate rules for proving (timeunbounded) response properties. All rules are associated with verification diagrams. The verification of response properties requires adjustments of the proof rules developed for untimed systems, reflecting the fact that progress in the real time systems is ensured by the progress of time and not by fairness. The style of the verification rules is very close to the verification style of untimed systems which allows t...
Formal Methods for the Specification and Design of RealTime Safety Critical Systems
, 1992
"... Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in cat ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in catastrophic failures. This paper surveys formal methods for specifying, designing and verifying realtime systems, so as to improve their safety and reliability. # To appear in Journal of Systems and Software,Vol. 18, Number 1, pages 33#60, April 1992. Jonathan Ostro# is with the Department of Computer Science, York University 4700 Keele Street, North York, Ontario, Canada, M3J 1P3. This work is supported by the Natural Sciences and Engineering Research Council of Canada. 1 CONTENTS 2 Contents 1 Introduction 3 2 De#ning the terms 6 2.1 Major issues that formal theories must address ::::::: 13 3 RealTime Programming Languages 14 4 Structured Methods and#or Graphical Languages 15 4.1 Str...
Automatic Generation of State Invariants from Requirements Specifications
 FSE6
, 1998
"... Automatic generation of state invariants, properties that hold in every reachable state of a state machine model, can be valuable in software development. Not only can such invariants be presented to system users for validation, in addition, they can be used as auxiliary assertions in proving other ..."
Abstract

Cited by 32 (16 self)
 Add to MetaCart
(Show Context)
Automatic generation of state invariants, properties that hold in every reachable state of a state machine model, can be valuable in software development. Not only can such invariants be presented to system users for validation, in addition, they can be used as auxiliary assertions in proving other invariants. This paper describes an algorithm for the automatic generation of state invariants that, in contrast to most other such algorithms, which operate on programs, derives invariants from requirements specifications. Generating invariants from requirements specifications rather than programs has two advantages: 1) because requirements specifications, unlike programs, are at a high level of abstraction, generation of and analysis using such invariants is easier, and 2) using invariants to detect errors during the requirements phase is considerably more costeffective than using invariants later in software development. To illustrate the algorithm, we use it to generate state invariants from requirements specifications of an automobile cruise control system and a simple control system for a nuclear plant. The invariants are derived from specifications expressed in the SCR (Software Cost Reduction) tabular notation.
Halforder Modal Logic: How To Prove Realtime Properties
 IN PROCEEDINGS OF THE NINTH ANNUAL SYMPOSIUM ON PRINCIPLES OF DISTRIBUTED COMPUTING
, 1990
"... We introduce a novel extension of propositional modal logic that is interpreted over Kripke structures in which a value is associated with every possible world. These values are, however, not treated as full firstorder objects; they can be accessed only by a very restricted form of quantificati ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
We introduce a novel extension of propositional modal logic that is interpreted over Kripke structures in which a value is associated with every possible world. These values are, however, not treated as full firstorder objects; they can be accessed only by a very restricted form of quantification: the "freeze" quantifier binds a variable to the value of the current world. We present a complete proof system for this ("halforder") modal logic. As a special case, we obtain the realtime temporal logic TPTL of [AH89]: the models are restricted to infinite sequences of states, whose values are monotonically increasing natural numbers. The ordering relation between states is interpreted as temporal precedence, while the value associated with a state is interpreted as its "real" time. We extend our proof system to be complete for TPTL, and demonstrate how it can be used to derive realtime properties.
Deductive verification of realtime systems using STeP
 COMPUTER SCIENCE DEPARTMENT, STANFORD UNIVERSITY
, 1998
"... We present a modular framework for proving temporal properties of realtime systems, based on clocked transition systems and lineartime temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of realtim ..."
Abstract

Cited by 30 (8 self)
 Add to MetaCart
We present a modular framework for proving temporal properties of realtime systems, based on clocked transition systems and lineartime temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of realtime systems in this framework. We also discuss global and modular proofs of the branchingtime property of nonZenoness. As an example, we present the mechanical verification of the generalized railroad crossing case study using the Stanford Temporal Prover, STeP.
Linear time logic control of discretetime linear systems
 IEEE Transactions on Automatic Control
, 2006
"... Abstract. The control of complex systems poses new challenges that fall beyond the traditional methods of control theory. One of these challenges is given by the need to control, coordinate and synchronize the operation of several interacting submodules within a system. The desired objectives are no ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
(Show Context)
Abstract. The control of complex systems poses new challenges that fall beyond the traditional methods of control theory. One of these challenges is given by the need to control, coordinate and synchronize the operation of several interacting submodules within a system. The desired objectives are no longer captured by usual control specifications such as stabilization or output regulation. Instead, we consider specifications given by Linear Temporal Logic (LTL) formulas. We show that existence of controllers for discretetime controllable linear systems and LTL specifications can be decided and that such controllers can be effectively computed. The closedloop system is of hybrid nature, combining the original continuous dynamics with the automatically synthesized switching logic required to enforce the specification. 1.