This paper presents a method for computer-aided verification of timing properties of real-time systems. A timed automaton model, along with invariant assertion and simulation techniques for proving properties of real-time systems, is formalized within the Larch Shared Language. This framework is then used to prove time bounds for two sample algorithms -- a simple counter and Fischer's mutual exclusion protocol. The proofs are checked using the Larch Prover.

A formal representation and machine-checked proof are given for the Bounded Concurrent Timestamp (BCTS) algorithm of Dolev and Shavit. The proof uses invariant assertions and a forward simulation mapping to a corresponding Unbounded Concurrent Timestamp (UCTS) algorithm, following a strategy developed by Gawlick, Lynch, and Shavit. The proof was produced interactively, using the Larch Prover. Keywords Verification, validation and testing; tools and tool support; Larch; input/output automata; concurrent timestamps 1 INTRODUCTION In this paper, we describe a computer-assisted verification, using the Larch Prover (Garland and Guttag, 1991), of one of the most complicated algorithms in the distributed systems theory literature: the Bounded Concurrent Timestamp (BCTS) algorithm of Dolev and Shavit (1989). This algorithm runs in the single-writer, multi-reader, read/write shared memory model. The verified algorithm is a slight simplification, due to Gawlick, Lynch, and Shavit (1992), of t...