Results 11  20
of
198
What Good Are Digital Clocks?
, 1992
"... . Realtime systems operate in "real," continuous time and state changes may occur at any realnumbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a realtime system has been shown "correct" ..."
Abstract

Cited by 110 (14 self)
 Add to MetaCart
. Realtime systems operate in "real," continuous time and state changes may occur at any realnumbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a realtime system has been shown "correct" for integral observations? Integer time verification techniques suffice if the problem of whether all realnumbered behaviors of a system satisfy a property can be reduced to the question of whether the integral observations satisfy a (possibly modified) property. We show that this reduction is possible for a large and important class of systems and properties: the class of systems includes all systems that can be modeled as timed transition systems; the class of properties includes timebounded invariance and timebounded response. 1 Introduction Over the past few years, we have seen a proliferation of formal methodologies for software and hardware design that emphasize the treatm...
General Decidability Theorems for InfiniteState Systems
, 1996
"... ) Parosh Aziz Abdulla Uppsala University K¯arlis Cer¯ans University of Latvia Bengt Jonsson Uppsala University YihKuen Tsay National Taiwan University Abstract Over the last few years there has been an increasing research effort directed towards the automatic verification of infinite state sys ..."
Abstract

Cited by 107 (13 self)
 Add to MetaCart
) Parosh Aziz Abdulla Uppsala University K¯arlis Cer¯ans University of Latvia Bengt Jonsson Uppsala University YihKuen Tsay National Taiwan University Abstract Over the last few years there has been an increasing research effort directed towards the automatic verification of infinite state systems. For different classes of such systems (e.g., hybrid automata, dataindependent systems, relational automata, Petri nets, and lossy channel systems) this research has resulted in numerous highly nontrivial algorithms. As the interest in this area increases, it will be important to extract common principles that underly these and related results. This paper is concerned with identifying general mathematical structures which could serve as sufficient conditions for achieving decidability. We present decidability results for systems which consist of a finite control part operating on an infinite data domain. The data domain is equipped with a wellordered and wellfounded preorder such tha...
Parametric realtime reasoning
 IN PROCEEDINGS OF THE 25TH ANNUAL SYMPOSIUM ON THEORY OF COMPUTING
, 1993
"... Traditional approaches to the algorithmic verification of realtime systems are limited to checking program correctness with respect to concrete timing properties (e.g., "message delivery within 10 milliseconds"). We address the more realistic and more ambitious problem of deriving symbolic constrai ..."
Abstract

Cited by 97 (6 self)
 Add to MetaCart
Traditional approaches to the algorithmic verification of realtime systems are limited to checking program correctness with respect to concrete timing properties (e.g., "message delivery within 10 milliseconds"). We address the more realistic and more ambitious problem of deriving symbolic constraints on the timing properties required of realtime systems (e.g., "message delivery within the time it takes to execute two assignment statements"). To model this problem, we introduce parametric timed automata  finitestate machines whose transitions are constrained with parametric timing requirements. The emptiness question for parametric timed automata is central to the verification problem. On the negative side, we show that in general this question is undecidable. On the positive side, we provide algorithms for checking the emptiness of restricted classes of parametric timed automata. The practical relevance of these classes is illustrated with several verification examples. There remains a gap between the automata classes for which we know that emptiness is decidable and undecidable, respectively, and this gap is related to various hard and open problems of logic and automata theory.
Timed Transition Systems
, 1992
"... . We incorporate time into an interleaving model of concurrency. In timed transition systems, the qualitative fairness requirements of traditional transition system are replaced (and superseded) by quantitative lowerbound and upperbound timing constraints on transitions. The purpose of this paper i ..."
Abstract

Cited by 77 (6 self)
 Add to MetaCart
. We incorporate time into an interleaving model of concurrency. In timed transition systems, the qualitative fairness requirements of traditional transition system are replaced (and superseded) by quantitative lowerbound and upperbound timing constraints on transitions. The purpose of this paper is to explore the scope of applicability for the abstract model of timed transition systems. We demonstrate that the model can represent a wide variety of phenomena that routinely occur in conjunction with the timed execution of concurrent processes. Our treatment covers both processes that are executed in parallel on separate processors and communicate either through shared variables or by message passing, and processes that timeshare a limited number of processors under a given scheduling policy. Often it is this scheduling policy that determines if a system meets its realtime requirements. Thus we explicitly address such questions as timeouts, interrupts, static and dynamic priorities. ...
Compiling RealTime Specifications into Extended Automata
 IEEE Transactions on Software Engineering
, 1992
"... We propose a method for the implementation and analysis of realtime systems, based on the compilation of specifications into extended automata. Such a method has been already adopted for the so called "synchronous" realtime programming languages. ..."
Abstract

Cited by 75 (8 self)
 Add to MetaCart
We propose a method for the implementation and analysis of realtime systems, based on the compilation of specifications into extended automata. Such a method has been already adopted for the so called "synchronous" realtime programming languages.
An Implementation of Three Algorithms for Timing Verification Based on Automata Emptiness
, 1992
"... This papers describes modifications to and the implementation of algorithms previously described in [1, 11]. We first describe three generic (untimed) algorithms for constructing graphs of the reachable states of a system, and how these graphs can be used for verification. They all have as input an ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
This papers describes modifications to and the implementation of algorithms previously described in [1, 11]. We first describe three generic (untimed) algorithms for constructing graphs of the reachable states of a system, and how these graphs can be used for verification. They all have as input an implicit description of a transition system. We then apply these algorithms to realtime systems. The first algorithm performs a straightforward reachability analysis on sets of states of the system, rather than on individual states. This corresponds to stepping symbolically through the system many states at a time. In the case of a realtime system this procedure constructs a graph where each node is the union of some regions of the regions graph. There is therefore no need for an a priori partitioning of the state space into individual regions; however, this approach potentially leads to exponentially worse complexity since its potential state space is the power set of regions [1]. The other two algorithms we consider are minimization algorithms [12, 13, 11]. These simultaneously perform reachability analysis and minimization from an implicit system description. These can lead to great savings when the minimized graph is much smaller than the explicit reachable graph. Our paradigm for verification is to test for the emptiness of the set of all timed system executions that violate a requirements specification. One way to specify and verify nonterminating processes is to model them as languages of !sequences of events [14, 15, 16, 1, 17, 18]. Modular processes can be constructed via composition operations involving language intersection. Specifications are also given as languages: they contain all acceptable event sequences. Program correctness is then just language contain...
Algorithmic analysis of programs with well quasiordered domains
 Information and Computation
"... Over the past few years increasing research effort has been directed towards the automatic verification of infinitestate systems. This paper is concerned with identifying general mathematical structures which can serve as sufficient conditions for achieving decidability. We present decidability res ..."
Abstract

Cited by 56 (13 self)
 Add to MetaCart
Over the past few years increasing research effort has been directed towards the automatic verification of infinitestate systems. This paper is concerned with identifying general mathematical structures which can serve as sufficient conditions for achieving decidability. We present decidability results for a class of systems (called wellstructured systems) which consist of a finite control part operating on an infinite data domain. The results assume that the data domain is equipped with a preorder which is a well quasiordering, such that the transition relation is ``monotonic' ' (a simulation) with respect to the preorder. We show that the following properties are decidable for wellstructured systems: v Reachability: whether a certain set of control states is reachable. Other safety properties can be reduced to the reachability problem. 1
LTL with the freeze quantifier and register automata
 In LICS’06
, 2006
"... Temporal logics, firstorder logics, and automata over data words have recently attracted considerable attention. A data word is a word over a finite alphabet, together with a datum (an element of an infinite domain) at each position. Examples include timed words and XML documents. To refer to the d ..."
Abstract

Cited by 53 (7 self)
 Add to MetaCart
Temporal logics, firstorder logics, and automata over data words have recently attracted considerable attention. A data word is a word over a finite alphabet, together with a datum (an element of an infinite domain) at each position. Examples include timed words and XML documents. To refer to the data, temporal logics are extended with the freeze quantifier, firstorder logics with predicates over the data domain, and automata with registers or pebbles. We investigate relative expressiveness and complexity of standard decision problems for LTL with the freeze quantifier (LTL ↓), 2variable firstorder logic (FO 2) over data words, and register automata. The only predicate available on data is equality. Previously undiscovered connections among those formalisms, and to counter automata with incrementing errors, enable us to answer several questions left open in recent literature. We show that the futuretime fragment of LTL ↓ which corresponds to FO 2 over finite data words can be extended considerably while preserving decidability, but at the expense of nonprimitive recursive complexity, and that most of further extensions are undecidable. We also prove that surprisingly, over infinite data words, LTL ↓ without the ‘until’ operator, as well as nonemptiness of oneway universal register automata, are undecidable even when there is only 1 register. 1.