Results 1  10
of
31
Shrinking timed automata
 In FSTTCS’11, LIPIcs 13, p. 375–386. LeibnizZentrum für Informatik
, 2011
"... We define and study a new approach to the implementability of timed automata, where the semantics is perturbed by imprecisions and finite frequency of the hardware. In order to circumvent these effects, we introduce parametric shrinking of clock constraints, which corresponds to tightening these. We ..."
Abstract

Cited by 42 (12 self)
 Add to MetaCart
(Show Context)
We define and study a new approach to the implementability of timed automata, where the semantics is perturbed by imprecisions and finite frequency of the hardware. In order to circumvent these effects, we introduce parametric shrinking of clock constraints, which corresponds to tightening these. We propose symbolic procedures to decide the existence of (and then compute) parameters under which the shrunk version of a given timed automaton is nonblocking and can timeabstract simulate the exact semantics. We then define an implementation semantics for timed automata with a digital clock and positive reaction times, and show that for shrinkable timed automata, nonblockingness and timeabstract simulation are preserved in implementation.
Robustness and Implementability of Timed Automata
 In Proc. Joint Conf. Formal Modelling and Analysis of Timed Systems and Formal Techniques in RealTime and Fault Tolerant System (FORMATS+FTRTFT’04), volume 3253 of LNCS
, 2004
"... In a former paper, we de ned a new semantics for timed automata, the Almost ASAP semantics, which is parameterized by to cope with the reaction delay of the controller. We showed that this semantics is implementable provided there exists a strictly positive value for the parameter for which t ..."
Abstract

Cited by 26 (14 self)
 Add to MetaCart
(Show Context)
In a former paper, we de ned a new semantics for timed automata, the Almost ASAP semantics, which is parameterized by to cope with the reaction delay of the controller. We showed that this semantics is implementable provided there exists a strictly positive value for the parameter for which the strategy is correct. In this paper, we de ne the implementability problem to be the question of existence of such a . We show that this question is closely related to a notion of robustness for timed automata de ned in [Pur98] and prove that the implementability problem is decidable.
Robust Safety of Timed Automata
 FORMAL METHODS IN SYSTEM DESIGN
"... Timed automata are governed by an idealized semantics that assumes a perfectly precise behavior of the clocks. The traditional semantics is not robust because the slightest perturbation in the timing of actions may lead to completely different behaviors of the automaton. Following several recent wo ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
Timed automata are governed by an idealized semantics that assumes a perfectly precise behavior of the clocks. The traditional semantics is not robust because the slightest perturbation in the timing of actions may lead to completely different behaviors of the automaton. Following several recent works, we consider a relaxation of this semantics, in which guards on transitions are widened by ∆> 0 and clocks can drift by ε> 0. The relaxed semantics encompasses the imprecisions that are inevitably present in an implementation of a timed automaton, due to the finite precision of digital clocks. We solve the safety verification problem for this robust semantics: given a timed automaton and a set of bad states, our algorithm decides if there exist positive values for the parameters ∆ and ε such that the timed automaton never enters the bad states under the relaxed semantics.
Robust modelchecking of lineartime properties in timed automata
 PROCEEDINGS OF THE 7TH LATIN AMERICAN SYMPOSIUM ON THEORETICAL INFORMATICS (LATIN’06), VOLUME 3887 OF LECTURE
"... Formal verification of timed systems is well understood, but their implementation is still challenging. Raskin et al. have recently brought out a model of parameterized timed automata in which the transitions might be slightly delayed or expedited. This model is used to prove that a timed system is ..."
Abstract

Cited by 16 (7 self)
 Add to MetaCart
(Show Context)
Formal verification of timed systems is well understood, but their implementation is still challenging. Raskin et al. have recently brought out a model of parameterized timed automata in which the transitions might be slightly delayed or expedited. This model is used to prove that a timed system is implementable with respect to a safety property, by proving that the parameterized model robustly satisfies the safety property. We extend here the notion of implementability to the broader class of lineartime properties, and provide PSPACE algorithms for the robust modelchecking of Büchilike and LTL properties. We also show how those algorithms can be adapted in order to verify boundedresponsetime properties.
Robust analysis of timed automata via channel machines
, 2007
"... Whereas formal verification of timed systems has become a very active field of research, the idealised mathematical semantics of timed automata cannot be faithfully implemented. Several works have thus focused on a modified semantics of timed automata which ensures implementability, and robust mod ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
(Show Context)
Whereas formal verification of timed systems has become a very active field of research, the idealised mathematical semantics of timed automata cannot be faithfully implemented. Several works have thus focused on a modified semantics of timed automata which ensures implementability, and robust modelchecking algorithms for safety, and later LTL properties have been designed. Recently, a new approach has been proposed, which reduces (standard) modelchecking of timed automata to other verification problems on channel machines. Thanks to a new encoding of the modified semantics as a network of timed systems, we propose an original combination of both approaches, and prove that robust modelchecking for coFlatMTL, a large fragment of MTL, is EXPSPACEComplete.
ModelBased Implementation of RealTime Applications
"... Correct and efficient implementation of general realtime applications remains by far an open problem. A key issue is meeting timing constraints whose satisfaction depends on features of the execution platform, in particular its speed. Existing rigorous implementation techniques are applicable to sp ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
Correct and efficient implementation of general realtime applications remains by far an open problem. A key issue is meeting timing constraints whose satisfaction depends on features of the execution platform, in particular its speed. Existing rigorous implementation techniques are applicable to specific classes of systems e.g. with periodic tasks, time deterministic systems. We present a general modelbased implementation method for realtime systems based on the use of two models. • An abstract model representing the behavior of realtime software as a timed automaton. The latter describes userdefined platformindependent timing constraints. Its transitions are timeless and correspond to the execution of statements of the realtime software.
Robustness in realtime systems
 In SIES’11
"... We review several aspects of robustness of realtime systems, and present recent results on the robust verification of timed automata. 1 ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
(Show Context)
We review several aspects of robustness of realtime systems, and present recent results on the robust verification of timed automata. 1
2012a. From Verification to Implementation: A Model Translation Tool and a Pacemaker Case Study
 In 18th IEEE RealTime and Embedded Technology and Applications Symposium (RTAS
"... ModelDriven Design (MDD) of cyberphysical systems advocates for design procedures that start with formal modeling of the realtime system, followed by the model’s verification at an early stage. The verified model must then be translated to a more detailed model for simulationbased testing and fi ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
ModelDriven Design (MDD) of cyberphysical systems advocates for design procedures that start with formal modeling of the realtime system, followed by the model’s verification at an early stage. The verified model must then be translated to a more detailed model for simulationbased testing and finally translated into executable code in a physical implementation. As later stages build on the same core model, it is essential that models used earlier in the pipeline are valid approximations of the more detailed models developed downstream. The focus of this effort is on the design and development of a model translation tool, UPP2SF, and how it integrates system modeling, verification, modelbased WCET analysis, simulation, code generation and testing into an MDD based framework. UPP2SF facilitates automatic conversion of verified timed automatabased models (in UPPAAL) to models that may be simulated and tested (in Simulink/Stateflow). We describe the design rules to ensure the conversion is correct, efficient and applicable to a large class of models. We show how the tool enables MDD of an implantable cardiac pacemaker. We demonstrate that UPP2SF preserves behaviors of the pacemaker model from UPPAAL to Stateflow. The resultant Stateflow
A SafetyAssured Development Approach for RealTime Software
, 2010
"... Guaranteeing timing properties is an important issue as we develop safetycritical realtime systems such as cardiac pacemakers. We present a safety assured development approach of realtime software using a pacemaker as our case study. Following the modeldriven development techniques, measurement ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
Guaranteeing timing properties is an important issue as we develop safetycritical realtime systems such as cardiac pacemakers. We present a safety assured development approach of realtime software using a pacemaker as our case study. Following the modeldriven development techniques, measurementbased timing analysis is used to guarantee timing properties in implementation as well as in the formal model. Formal specification with timed automata is checked with respect to timing properties by model checking technique and is transformed into implementation systematically. When timing properties may be violated in the implementation due to timing delay, it is suggested to measure the time deviation and reflect it to the code explicitly by modifying guards. The model is altered according to the modifications in the code. These changes of the code and the model are considered safe if all the properties
Symbolic robustness analysis of timed automata
 In Proc. 4th Intl Conf. Formal Modeling and Analysis of Timed Systems (FORMATS’06), LNCS 4202
, 2006
"... Abstract. We propose a symbolic algorithm for the analysis of the robustness of timed automata, that is the correctness of the model in presence of small drifts on the clocks or imprecision in testing guards. This problem is known to be decidable with an algorithm based on detecting strongly connect ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a symbolic algorithm for the analysis of the robustness of timed automata, that is the correctness of the model in presence of small drifts on the clocks or imprecision in testing guards. This problem is known to be decidable with an algorithm based on detecting strongly connected components on the region graph, which, for complexity reasons, is not effective in practice. Our symbolic algorithm is based on the standard algorithm for symbolic reachability analysis using zones to represent symbolic states and can then be easily integrated within tools for the verification of timed automata models. It relies on the computation of the stable zone of each cycle in a timed automaton. The stable zone is the largest set of states that can reach and be reached from itself through the cycle. To compute the robust reachable set, each stable zone that intersects the set of explored states has to be added to the set of states to be explored. 1