Results 11  20
of
44
Verification of RealTime DEVS Models
"... Discrete Event System Specification (DEVS) has been widely used to describe hierarchical models of discrete systems. DEVS has also been used successfully to model with RealTime constraints. In this paper, we introduce a methodology to verify RealTime DEVS models, and describe the methodology by us ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
Discrete Event System Specification (DEVS) has been widely used to describe hierarchical models of discrete systems. DEVS has also been used successfully to model with RealTime constraints. In this paper, we introduce a methodology to verify RealTime DEVS models, and describe the methodology by using a case study of a DEVS model of an elevator system. Our methodology applies recent advances in theoretical model checking to DEVS models. The methodology also handles the cases where theoretical approach is not feasible to cross the gap between abstract Timed Automata models and the complexity of the DEVS Realtime implementation by empirical software engineering methods. The case study is a system composed of an elevator along an elevator controller, and we show how the methodology can be applied to a real case like this one in order to improve the quality of such realtime applications. Keywords: DEVS, Formal methods verification, RealTime software, Timed automata. I.
Feature Interaction in PEPA
 In Priami [84
"... We consider the feature interaction problem in the context of the use of the PEPA stochastic process algebra. We introduce a notation for characterising a class of features and discuss its implementation. 1 Introduction The featureoriented approach to the specification and design of complex softwa ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
We consider the feature interaction problem in the context of the use of the PEPA stochastic process algebra. We introduce a notation for characterising a class of features and discuss its implementation. 1 Introduction The featureoriented approach to the specification and design of complex software systems offers great promise. The idea of a system which has been built by composing a number of wellengineered features appeals to both system designerswho are concerned with a compositional or structured approach to the construction of a systemand to system userswho wish to learn and understand complex systems in terms of substantive concepts. The widespread acceptance of the importance of features makes them a very desirable concept to build into a specification language since one of the uses of a specification language can be to provide a common working language between designers and users. The feature interaction problem is concerned with the unexpected conflicts which can ...
Model Checking Timed Automata
"... Currently, formal verification of reactive, critical or embedded systems is a crucial problem, and automatic verification, more specifically model checking, has been widely developed during the last 20 years (see [CLA 99, SCH 01] for surveys). In this approach, we build a formal model M (e.g. an aut ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Currently, formal verification of reactive, critical or embedded systems is a crucial problem, and automatic verification, more specifically model checking, has been widely developed during the last 20 years (see [CLA 99, SCH 01] for surveys). In this approach, we build a formal model M (e.g. an automaton, Petri net, etc.) describing
Stursberg: Verification of PLC Programs given as Sequential Function Charts
 In: Integration of Software Specification Techniques for Applications in Eng., Springer, LNCS
"... Abstract. Programmable Logic Controllers (PLC) are widespread in the manufacturing and processing industries to realize sequential procedures and to avoid safetycritical states. For the specification and the implementation of PLC programs, the graphical and hierarchical language Sequential Function ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. Programmable Logic Controllers (PLC) are widespread in the manufacturing and processing industries to realize sequential procedures and to avoid safetycritical states. For the specification and the implementation of PLC programs, the graphical and hierarchical language Sequential Function Charts (SFC) is increasingly used in industry. To investigate the correctness of SFC programs with respect to a given set of requirements, this contribution advocates the use of formal verification. We present two different approaches to convert SFC programs algorithmically into automata models that are amenable to model checking. While the first approach translates untimed SFC into the input language of the tool Cadence SMV, the second converts timed SFC into timed automata which can be analyzed by the tool Uppaal. Fordifferent processing system examples, we illustrate the complete verification procedure consisting of controller specification, model transformation, integration of dynamic plant models, and identifying errors in the control program by model checking.
Specification and Analysis of RealTime Systems with PARAGON
, 1999
"... This paper describes a methodology for the speci cation and analysis of distributed realtime systems using the toolset called PARAGON. PARAGON is based on the Communicating Shared Resources paradigm, which allows a realtime system to be modeled as a set of communicating processes that compete for ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
This paper describes a methodology for the speci cation and analysis of distributed realtime systems using the toolset called PARAGON. PARAGON is based on the Communicating Shared Resources paradigm, which allows a realtime system to be modeled as a set of communicating processes that compete for shared resources. PARAGON supports both visual and textual languages for describing realtime systems. It o ers automatic analysis based on state space exploration as well as userdirected simulation. Our experience with using PARAGON in several case studies resulted in a methodology that includes design patterns and abstraction heuristics, as well as an overall process. This paper brie y overviews the communicating shared resource paradigm and its toolset PARAGON, including the textual and visual speci cation languages. The paper then describes our methodology with special emphasis on heuristics that can be used in PARAGON to reduce the state space. To illustrate the methodology, we use examples from a reallife system case study.
Interrupt Timed Automata: verification and expressiveness
 FORM METHODS SYST DES
, 2012
"... We introduce the class of Interrupt Timed Automata (ITA), a subclass of hybrid automata well suited to the description of timed multitask systems with interruptions in a single processor environment. While the reachability problem is undecidable for hybrid automata we show that it is decidable fo ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We introduce the class of Interrupt Timed Automata (ITA), a subclass of hybrid automata well suited to the description of timed multitask systems with interruptions in a single processor environment. While the reachability problem is undecidable for hybrid automata we show that it is decidable for ITA. More precisely we prove that the untimed language of an ITA is regular, by building a finite automaton as a generalized class graph. We then establish that the reachability problem for ITA is in NEXPTIME and in PTIME when the number of clocks is fixed. To prove the first result, we define a subclass ITA − of ITA, and show that (1) any ITA can be reduced to a languageequivalent automaton in ITA − and (2) the reachability problem in this subclass is in NEXPTIME (without any class graph). In the next step, we investigate the verification of real time properties over ITA. We prove that model checking SCL, a fragment of a timed linear time logic, is undecidable. On the other hand, we give model checking procedures for two fragments of timed branching time logic. We also compare the expressive power of classical timed automata and ITA and prove that the corresponding families of accepted languages are incomparable. The result also holds for languages accepted by controlled realtime automata (CRTA), that extend timed automata. We finally combine ITA with CRTA, in a model which encompasses both classes and show that the reachability problem is still decidable. Additionally we show that the languages of ITA are neither closed under complementation nor under intersection.
Testing HennessyMilner Logic with Recursion
 Foundations of Software Science and Computation Structures: Second International Conference, FoSSaCS ’99 Proceedings, LNCS
, 1998
"... This study oers a characterization of the collection of properties expressible in HennessyMilner Logic (HML) with recursion that can be tested using nite LTSs. In addition to actions used to probe the behaviour of the tested system, the LTSs that we use as tests will be able to perform a disting ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
This study oers a characterization of the collection of properties expressible in HennessyMilner Logic (HML) with recursion that can be tested using nite LTSs. In addition to actions used to probe the behaviour of the tested system, the LTSs that we use as tests will be able to perform a distinguished action nok to signal their dissatisfaction during the interaction with the tested process. A process s passes the test T i T does not perform the action nok when it interacts with s. A test T tests for a property in HML with recursion i it is passed by exactly the states that satisfy . The paper gives an expressive completeness result oering a characterization of the collection of properties in HML with recursion that are testable in the above sense.
Botlan. Verification of RealTime Specification Patterns on Time Transitions Systems
, 2011
"... Abstract. We address the problem of checking properties of Time Transition Systems (TTS), a generalization of Time Petri Nets with data variables and priorities. We are specifically interested by timerelated properties expressed using realtime specification patterns, a language inspired by propert ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. We address the problem of checking properties of Time Transition Systems (TTS), a generalization of Time Petri Nets with data variables and priorities. We are specifically interested by timerelated properties expressed using realtime specification patterns, a language inspired by properties commonly found during the analysis of reactive systems. Our verification approach is based on the use of observers in order to transform the verification of timed patterns into the verification of simpler LTL formulas. While the use of observers for modelchecking timed extensions of temporal logics is fairly common, our approach is original in several ways. In addition to traditional observers based on the monitoring of places and transitions, we propose a new class of observers for TTS models based on the monitoring of data modifications that appears to be more efficient in practice. Moreover, we provide a formal framework to prove that observers are correct and nonintrusive, meaning that they do not affect the system under observation. Our approach has been integrated in a verification toolchain for Fiacre, a formal modeling language that can be compiled into TTS. 1
Formal Modeling and Analysis of an Audio/Video Protocol: An Industrial . . .
, 1997
"... A formal and automatic verification of a reallife protocol is presented. The protocol, about 2800 lines of assembler code, has been used in products from the audio/video company Bang & Olufsen throughout more than a decade, and its purpose is to control the transmission of messages between a ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
A formal and automatic verification of a reallife protocol is presented. The protocol, about 2800 lines of assembler code, has been used in products from the audio/video company Bang & Olufsen throughout more than a decade, and its purpose is to control the transmission of messages between audio/video components over a single bus. Such communications may collide, and one essential purpose of the protocol is to detect such collisions. The functioning is highly dependent on realtime considerations. Though the protocol was known to be faulty in that messages were lost occasionally, the protocol was too complicated in order for Bang & Olufsen to locate the bug using normal testing. However, using the realtime verification tool UPPAAL, an error trace was automatically generated, which caused the detection of "the error" in the implementation. The error was corrected and the correction was automatically proven correct, again using UPPAAL. A future, and more automated, version of the protocol, where this error is fatal, will incorporate the correction. Hence, this work is an elegant demonstration of how model checking has had an impact on practical software development. The effort of modeling this protocol has in addition generated a number of suggestions for enriching the UPPAAL language. Hence, it's also an excellent example of the reverse impact.
Dealing with practical limitations of distributed timed model checking
 Formal Methods in System Design
, 2006
"... Abstract. Two base algorithms are known for reachability verification over timed automata. They are called forward and backwards, and traverse the automata edges using either successors or predecessors. Both usually work with a data structure called Difference Bound Matrices (DBMs). Although forward ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. Two base algorithms are known for reachability verification over timed automata. They are called forward and backwards, and traverse the automata edges using either successors or predecessors. Both usually work with a data structure called Difference Bound Matrices (DBMs). Although forward is better suited for onthefly construction of the model, the one known as backwards provides the basis for the verification of arbitrary formulae of the TCTL logic, and more importantly, for controller synthesis. Zeus is a distributed model checker for timed automata that uses the backwards algorithm. It works assigning each automata location to only one processor. This design choice seems the only reasonable way to deal with some complex operations involving many DBMs in order to avoid huge overheads due to distribution. This article explores the limitations of Zeuslike approaches for the distribution of timed model checkers. Our findings justify why closetolinear speedups are so difficult –and sometimes impossible – to achieve in the general case. Nevertheless, we present mechanisms based on the way model checking is usually applied. Among others, these include modeltopologyaware partitioning and onthefly workload redistribution. Combined, they have a positive impact on the speedups obtained.