Results 1  10
of
40
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 2651 (32 self)
 Add to MetaCart
(Show Context)
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
Principles and methods of Testing Finite State Machines  a survey
 PROCEEDINGS OF IEEE
, 1996
"... With advanced computer technology, systems are getting larger to fulfill more complicated tasks, however, they are also becoming less reliable. Consequently, testing is an indispensable part of system design and implementation; yet it has proved to be a formidable task for complex systems. This moti ..."
Abstract

Cited by 334 (14 self)
 Add to MetaCart
(Show Context)
With advanced computer technology, systems are getting larger to fulfill more complicated tasks, however, they are also becoming less reliable. Consequently, testing is an indispensable part of system design and implementation; yet it has proved to be a formidable task for complex systems. This motivates the study of testing finite state machines to ensure the correct functioning of systems and to discover aspects of their behavior. A finite state machine contains a finite number of states and produces outputs on state transitions after receiving inputs. Finite state machines are widely used to model systems in diverse areas, including sequential circuits, certain types of programs, and, more recently, communication protocols. In a testing problem we have a machine about which we lack some information; we would like to deduce this information by providing a sequence of inputs to the machine and observing the outputs produced. Because of its practical importance and theoretical interest, the problem of testing finite state machines has been studied in different areas and at various times. The earliest published literature on this topic dates back to the 50’s. Activities in the 60’s and early 70’s were motivated mainly by automata theory and sequential circuit testing. The area seemed to have mostly died down until a few years ago when the testing problem was resurrected and is now being studied anew due to its applications to conformance testing of communication protocols. While some old problems which had been open for decades were resolved recently, new concepts and more intriguing problems from new applications emerge. We review the fundamental problems in testing finite state machines and techniques for solving these problems, tracing progress in the area from its inception to the present and the state of the art. In addition, we discuss extensions of finite state machines and some other topics related to testing.
EventClock Automata: A Determinizable Class of Timed Automata
 Theoretical Computer Science
, 1999
"... We introduce eventrecording automata. An eventrecording automaton is a timed automaton that contains, for every event a, a clock that records the time of the last occurrence of a. The class of eventrecording automata is, on one hand, expressive enough to model (finite) timed transition systems an ..."
Abstract

Cited by 121 (2 self)
 Add to MetaCart
(Show Context)
We introduce eventrecording automata. An eventrecording automaton is a timed automaton that contains, for every event a, a clock that records the time of the last occurrence of a. The class of eventrecording automata is, on one hand, expressive enough to model (finite) timed transition systems and, on the other hand, determinizable and closed under all boolean operations. As a result, the language inclusion problem is decidable for eventrecording automata. We present a translation from timed transition systems to eventrecording automata, which leads to an algorithm for checking if two timed transition systems have the same set of timed behaviors. We also consider eventpredicting automata, which contain clocks that predict the time of the next occurrence of an event. The class of eventclock automata, which contain both eventrecording and eventpredicting clocks, is a suitable specification language for realtime properties. We provide an algorithm for checking if a timed automa...
Symbolic Verification with Periodic Sets
, 1994
"... Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other s ..."
Abstract

Cited by 78 (6 self)
 Add to MetaCart
Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other structures than BDD's can be useful for representing sets of values, and that combining implicit and explicit representations can be fruitful. It introduces a representation of complex periodic sets of integer values, shows how this representation can be manipulated, and describes its application to the statespace exploration of protocols. Preliminary experimental results indicate that the method can dramatically reduce the resources required for statespace exploration.
The Observational Power of Clocks
, 1994
"... We develop a theory of equivalences for timed systems. Two systems are equivalent iff external observers cannot observe differences in their behavior. The notion of equivalence depends, therefore, on the distinguishing power of the observers. The power of an observer to measure time results in untim ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
(Show Context)
We develop a theory of equivalences for timed systems. Two systems are equivalent iff external observers cannot observe differences in their behavior. The notion of equivalence depends, therefore, on the distinguishing power of the observers. The power of an observer to measure time results in untimed, clock, and timed equivalences: an untimed observer cannot measure the time difference between events; a clock observer uses a clock to measure time differences with finite precision; a timed observer is able to measure time differences with arbitrary precision. We show that the distinguishing power of clock observers grows with the number of observers, and approaches, in the limit, the distinguishing power of a timed observer. More precisely, given any equivalence for untimed systems, two timed systems are kclock congruent, for a nonnegative integer k, iff their compositions with every environment that uses k clocks are untimed equivalent. Both kclock bisimulation congruence and kcloc...
Analysis of Timed Systems Based on TimeAbstracting Bisimulations
 Formal Methods in System Design
, 1996
"... . We adapt a generic minimal model generation algorithm to compute the coarsest finite model of the underlying infinite transition system of a timed automaton. This model is minimal modulo a timeabstracting bisimulation. Our algorithm uses a refinement method that avoids set complementation, and is ..."
Abstract

Cited by 29 (6 self)
 Add to MetaCart
(Show Context)
. We adapt a generic minimal model generation algorithm to compute the coarsest finite model of the underlying infinite transition system of a timed automaton. This model is minimal modulo a timeabstracting bisimulation. Our algorithm uses a refinement method that avoids set complementation, and is considerably more efficient than previous ones. We use the constructed minimal model for verification purposes by defining abstraction criteria that allow to further reduce the model and to compare it to a specification. 1 Introduction Behavioral equivalences based on bisimulation relations have proven useful for verifying the correctness of concurrent systems. They allow comparing an implementation to a usually more abstract specification both represented as labeled transition systems. This approach also allows reducing the size of the system by identifying equivalent states which is crucial to avoid the explosion of the statespace. Since the introduction of strong bisimulation in [Mil80]...
An efficient state space generation for the analysis of realtime systems
 ACM Softw. Eng. Notes
, 1996
"... This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this mate ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
(Show Context)
This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to
theorems on the determinization and minimization of timed automata, in: Formal Modeling and Analysis of Timed Systems (FORMATS’03
 of LNCS
, 2004
"... Timed automata are known not to be complementable or determinizable. Natural questions are, then, could we check whether a given TA enjoys these properties? These problems are not algorithmically solvable. Minimizing the “resources ” of a TA (number of clocks or size of constants) are also unsolvabl ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
Timed automata are known not to be complementable or determinizable. Natural questions are, then, could we check whether a given TA enjoys these properties? These problems are not algorithmically solvable. Minimizing the “resources ” of a TA (number of clocks or size of constants) are also unsolvable problems. In this paper we provide simple undecidability proofs using a “constructive ” version of the problems where we require not just a yes/no answer, but also a “witness”. Proofs are then simple reductions from the universality problem. Recent work of Finkel shows that the corresponding decision problems are also undecidable [1]. Key words: formal methods, specification languages, timed automata, determinization, decidability 1
Symbolic Generalization for Online Planning
 IN THE PROCEEDINGS OF THE 19TH CONFERENCE ON UNCERTAINTY IN ARTIFICIAL INTELLIGENCE (UAI03
, 2003
"... Symbolic representations have been used successfully in offline planning algorithms for Markov decision processes. We show that they can also improve the performance of online planners. In addition to reducing computation time, symbolic generalization can reduce the amount of costly realworl ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
Symbolic representations have been used successfully in offline planning algorithms for Markov decision processes. We show that they can also improve the performance of online planners. In addition to reducing computation time, symbolic generalization can reduce the amount of costly realworld interactions required for convergence. We introduce Symbolic RealTime Dynamic Programming (or sRTDP), an extension of RTDP. After each step of online interaction with an environment, sRTDP uses symbolic modelchecking techniques to generalizes its experience by updating a group of states rather than a single state. We examine two heuristic approaches to dynamic grouping of states and show that they accelerate the planning process significantly in terms of both CPU time and the number of steps of interaction with the environment.
A SpaceEfficient Onthefly Algorithm for RealTime Model Checking
 In Proceedings of CONCUR'96, Volume 1119 of LNCS
"... . In temporallogic model checking, we verify the correctness of a program with respect to a desired behavior by checking whether a structure that models the program satisfies a temporallogic formula that specifies the behavior. The main practical limitation of model checking is caused by the size ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
. In temporallogic model checking, we verify the correctness of a program with respect to a desired behavior by checking whether a structure that models the program satisfies a temporallogic formula that specifies the behavior. The main practical limitation of model checking is caused by the size of the state space of the program, which grows exponentially with the number of concurrent components. This problem, known as the stateexplosion problem, becomes more difficult when we consider realtime model checking, where the program and the specification involve quantitative references to time. In particular, when use timed automata to describe realtime programs and we specify timed behaviors in the logic TCTL, a realtime extension of the temporal logic CTL with clock variables, then the state space under consideration grows exponentially not only with the number of concurrent components, but also with the number of clocks and the length of the clock constraints used in the program a...