Results 1  10
of
62
Synchronous Observers and the Verification of Reactive Systems
 Third Int. Conf. on Algebraic Methodology and Software Technology, AMAST'93, Twente
, 1993
"... This paper is a survey of our specification and verification techniques, in a very general, language independent, framework. Section 1 introduces a simple model of synchronous input/output machines, which will be used throughout the paper. In section 2, we show how such a machine can be designed to ..."
Abstract

Cited by 101 (10 self)
 Add to MetaCart
This paper is a survey of our specification and verification techniques, in a very general, language independent, framework. Section 1 introduces a simple model of synchronous input/output machines, which will be used throughout the paper. In section 2, we show how such a machine can be designed to check the satisfaction of a safety property, and we discuss the use of such an observer in program verification. In section 3, we use an observer to restrict the behavior of a machine. This is the basic way for representing assumptions about the environment. Applications to modular and inductive verification are considered. In modular verification, one has to find, by intuition, a property of a subprogram that is strong enough to allow the verification of the whole program without fully considering the subprogram. In section 4, we consider the automatic synthesis of such a property, and in section 5, we investigate the possibility of deducing the subprogram from such a synthesized specification.
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form ..."
Abstract

Cited by 99 (25 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...
The synchronous languages twelve years later
 Proceedings of the IEEE
, 2003
"... Abstract — Twelve years ago, Proceedings of the IEEE devoted a special section to the synchronous languages. This article discusses the improvements, difficulties, and successes that have occured with the synchronous languages since then. Today, synchronous languages have been established as a techn ..."
Abstract

Cited by 92 (6 self)
 Add to MetaCart
Abstract — Twelve years ago, Proceedings of the IEEE devoted a special section to the synchronous languages. This article discusses the improvements, difficulties, and successes that have occured with the synchronous languages since then. Today, synchronous languages have been established as a technology of choice for modeling, specifying, validating, and implementing realtime embedded applications. The paradigm of synchrony has emerged as an engineerfriendly design method based on mathematicallysound tools.
A tutorial on Stålmarck's proof procedure for propositional logic
 Formal Methods in System Design
, 1998
"... We explain Stalmarck's proof procedure for classical propositional logic. The method is implemented in a commercial tool that has been used successfully in real industrial verification projects. Here, we present the proof system underlying the method, and motivate the various design decisions th ..."
Abstract

Cited by 64 (1 self)
 Add to MetaCart
We explain Stalmarck's proof procedure for classical propositional logic. The method is implemented in a commercial tool that has been used successfully in real industrial verification projects. Here, we present the proof system underlying the method, and motivate the various design decisions that have resulted in a system that copes well with the large formulas encountered in industrialscale verification. 1
Automatic Testing of Reactive Systems
, 1998
"... This paper addresses the problem of automatizing the production of test sequences for reactive systems. We particularly focus on two points: (1) generating relevant inputs, with respect to some knowledge about the environment in which the system is intended to run; (2) checking the correctness of ..."
Abstract

Cited by 46 (9 self)
 Add to MetaCart
This paper addresses the problem of automatizing the production of test sequences for reactive systems. We particularly focus on two points: (1) generating relevant inputs, with respect to some knowledge about the environment in which the system is intended to run; (2) checking the correctness of the test results, according to the expected behavior of the system. We propose to use synchronous observers to express both the relevance and the correctness of the test sequences. In particular, the relevance observer is used to randomly choose inputs satisfying temporal assumptions about the environment. These assumptions may involve both Boolean and linear numerical constraints. A prototype tool, called Lurette, has been developed and experimented, which works on observers written in the Lustre programming language. 1 Introduction The term reactive system was introduced by David Harel and Amir Pnueli [12], and is now commonly accepted to designate systems that permanently interac...
From synchrony to asynchrony
 CONCUR'99, CONCURRENCY THEORY, 10TH INTERNATIONAL CONFERENCE, VOLUME 1664 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1999
"... ..."
Specification of Realtime Systems Using ASTRAL
 IEEE Transactions on Software Engineering
, 1997
"... Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime sy ..."
Abstract

Cited by 39 (19 self)
 Add to MetaCart
Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL’s design. ASTRAL’s specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications. Index Terms—Formal methods, formal specification and verification, assertions, temporal logic, realtime systems, timing
Safety Property Verification of ESTEREL Programs and Applications to Telecommunications Software
 In Proceedings of the 7th International Conference on Computer Aided Verification, Volume 939 of the Lecture Notes in Computer Science
, 1996
"... . We present a technique for automatically verifying lineartime temporal logic safety properties of programs written in ESTEREL, a formallydefined language for programming reactive systems. In our approach, lineartime temporal logic safety properties are first translated into ESTEREL programs ..."
Abstract

Cited by 25 (4 self)
 Add to MetaCart
. We present a technique for automatically verifying lineartime temporal logic safety properties of programs written in ESTEREL, a formallydefined language for programming reactive systems. In our approach, lineartime temporal logic safety properties are first translated into ESTEREL programs that model these properties. Using the ESTEREL compiler, the translations are compiled in parallel with the ESTEREL program to be verified. A trivial reachability analysis of the output of the compiler then indicates whether or not the safety property is satisfied by the program. We describe two realworld software problems  ESTEREL versions of two features of the AT&T 5ESS R fl switching system  and one wellknown benchmark problem  the generalized railroad crossing problem  that we have verified using our technique and associated tool set. 1 Introduction The ESTEREL programming language [5] is a formallydefined, highlevel language designed specifically for progra...
Formal design of distributed control systems with lustre
 in Proc. Safecomp’99
, 1999
"... Abstract. During the last decade, the synchronous approach has proved to meet industrial needs concerning the development of Distributed Control Systems (DCS): as an example, Schneider Electric has adopted the synchronous language Lustre and the associated tool Scade for developing monitoring system ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
Abstract. During the last decade, the synchronous approach has proved to meet industrial needs concerning the development of Distributed Control Systems (DCS): as an example, Schneider Electric has adopted the synchronous language Lustre and the associated tool Scade for developing monitoring systems for nuclear power plants. But so far, engineers make use of LustreScade for designing separately single components of a DCS. This paper focuses on the use of LustreScade for designing DCS as a whole. Two valuable consequences of this approach are that (1) the same framework can be used for both programming, simulating, testing and proving properties of a distributed system, and (2) the proposed approach is fully consistent with the usual engineering abstractions concerning smooth signals. 1
Polyhedral analysis for synchronous languages
 Static Analysis: Proceedings of the 6th International Symposium, volume 1694 of Lecture Notes in Computer Science
, 1999
"... Abstract. We define an operational semantics for the Signal language and design an analysis which allows to verify properties pertaining to the relation between values of the numeric and boolean variables of a reactive system. A distinguished feature of the analysis is that it is expressed and prove ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
Abstract. We define an operational semantics for the Signal language and design an analysis which allows to verify properties pertaining to the relation between values of the numeric and boolean variables of a reactive system. A distinguished feature of the analysis is that it is expressed and proved correct with respect to the source program rather than on an intermediate representation of the program. The analysis calculates a safe approximation to the set of reachable states by a symbolic fixed point computation in the domain of convex polyhedra using a novel widening operator based on the convex hull representation of polyhedra. 1