Results 1  10
of
176
The synchronous dataflow programming language LUSTRE
 Proceedings of the IEEE
, 1991
"... This paper describes the language Lustre, which is a dataflow synchronous language, designed for programming reactive systems  such as automatic control and monitoring systems  as well as for describing hardware. The dataflow aspect of Lustre makes it very close to usual description tools in t ..."
Abstract

Cited by 488 (42 self)
 Add to MetaCart
This paper describes the language Lustre, which is a dataflow synchronous language, designed for programming reactive systems  such as automatic control and monitoring systems  as well as for describing hardware. The dataflow aspect of Lustre makes it very close to usual description tools in these domains (blockdiagrams, networks of operators, dynamical samplessystems, etc: : : ), and its synchronous interpretation makes it well suited for handling time in programs. Moreover, this synchronous interpretation allows it to be compiled into an efficient sequential program. Finally, the Lustre formalism is very similar to temporal logics. This allows the language to be used for both writing programs and expressing program properties, which results in an original program verification methodology. 1 Introduction Reactive systems Reactive systems have been defined as computing systems which continuously interact with a given physical environment, when this environment is unable to sy...
A Logic for Reasoning about Time and Reliability
 Formal Aspects of Computing
, 1994
"... We present a logic for stating properties such as, "after a request for service there is at least a 98% probability that the service will be carried out within 2 seconds". The logic extends the temporal logic CTL by Emerson, Clarke and Sistla with time and probabilities. Formulas are interpreted ove ..."
Abstract

Cited by 245 (1 self)
 Add to MetaCart
We present a logic for stating properties such as, "after a request for service there is at least a 98% probability that the service will be carried out within 2 seconds". The logic extends the temporal logic CTL by Emerson, Clarke and Sistla with time and probabilities. Formulas are interpreted over discrete time Markov chains. We give algorithms for checking that a given Markov chain satisfies a formula in the logic. The algorithms require a polynomial number of arithmetic operations, in size of both the formula and This research report is a revised and extended version of a paper that has appeared under the title "A Framework for Reasoning about Time and Reliability" in the Proceeding of the 10 th IEEE Realtime Systems Symposium, Santa Monica CA, December 1989. This work was partially supported by the Swedish Board for Technical Development (STU) as part of Esprit BRA Project SPEC, and by the Swedish Telecommunication Administration. the Markov chain. A simple example is inc...
A Really Temporal Logic
 Journal of the ACM
, 1989
"... . We introduce a temporal logic for the specification of realtime systems. Our logic, TPTL, employs a novel quantifier construct for referencing time: the freeze quantifier binds a variable to the time of the local temporal context. TPTL is both a natural language for specification and a suitable f ..."
Abstract

Cited by 238 (26 self)
 Add to MetaCart
. We introduce a temporal logic for the specification of realtime systems. Our logic, TPTL, employs a novel quantifier construct for referencing time: the freeze quantifier binds a variable to the time of the local temporal context. TPTL is both a natural language for specification and a suitable formalism for verification. We present a tableaubased decision procedure and a model checking algorithm for TPTL. Several generalizations of TPTL are shown to be highly undecidable. 1 Introduction Linear temporal logic is a widely accepted language for specifying properties of reactive systems and their behavior over time [Pnu77, OL82, MP92]. The tableaubased satisfiability algorithm for its propositional version, PTL, forms the basis for the automatic verification and synthesis of finitestate systems [LP84, MW84]. PTL is interpreted over models that abstract away from the actual times at which events occur, retaining only temporal ordering information about the states of a system. The a...
The Benefits of Relaxing Punctuality
, 1996
"... The most natural, compositional, way of modeling realtime systems uses a dense domain for time. The satis ability of timing constraints that are capable of expressing punctuality in this model, however, is known to be undecidable. We introduce a temporal language that can constrain the time differe ..."
Abstract

Cited by 202 (18 self)
 Add to MetaCart
The most natural, compositional, way of modeling realtime systems uses a dense domain for time. The satis ability of timing constraints that are capable of expressing punctuality in this model, however, is known to be undecidable. We introduce a temporal language that can constrain the time difference between events only with finite, yet arbitrary, precision and show the resulting logic to be EXPSPACEcomplete. This result allows us to develop an algorithm for the verification of timing properties of realtime systems with a dense semantics.
Realtime logics: complexity and expressiveness
 INFORMATION AND COMPUTATION
, 1993
"... The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about realtime systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via ..."
Abstract

Cited by 201 (16 self)
 Add to MetaCart
The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about realtime systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via a monotonic function that maps every state to its time. The resulting theory of timed state sequences is shown to be decidable, albeit nonelementary, and its expressive power is characterized by! regular sets. Several more expressive variants are proved to be highly undecidable. This framework allows us to classify a wide variety of realtime logics according to their complexity and expressiveness. Indeed, it follows that most formalisms proposed in the literature cannot be decided. We are, however, able to identify two elementary realtime temporal logics as expressively complete fragments of the theory of timed state sequences, and we present tableaubased decision procedures for checking validity. Consequently, these two formalisms are wellsuited for the speci cation and veri cation of realtime systems.
StateBased Model Checking of EventDriven System Requirements
 IEEE Transactions on Software Engineering
, 1993
"... AbstractIn this paper, we demonstrate how model checking can be used to verify safety properties for eventdriven systems. SCR tabular requirements describe required system behavior in a format that is intuitive, easy to read, and scalable to large systems (e.g., the software requhements for the A7 ..."
Abstract

Cited by 131 (7 self)
 Add to MetaCart
AbstractIn this paper, we demonstrate how model checking can be used to verify safety properties for eventdriven systems. SCR tabular requirements describe required system behavior in a format that is intuitive, easy to read, and scalable to large systems (e.g., the software requhements for the A7 aircraft). Model checking of temporal logics has been established as a sound technique for verifying properties of hardware systems. We have developed an automated technique for formalizing the semiformal SCR requirements and for transforming the resultant formal specification onto a finite structure that a model checker can analyze. This technique was effective in uncovering violations of system invariants in both an automobile cruise control system and a waterlevel monitoring system. Index TermsFormal specification, formal verification, model checking, requirements analysis, sonware requirements, temporal logic.
Algorithms for the Satisfiability (SAT) Problem: A Survey
 DIMACS Series in Discrete Mathematics and Theoretical Computer Science
, 1996
"... . The satisfiability (SAT) problem is a core problem in mathematical logic and computing theory. In practice, SAT is fundamental in solving many problems in automated reasoning, computeraided design, computeraided manufacturing, machine vision, database, robotics, integrated circuit design, compute ..."
Abstract

Cited by 125 (3 self)
 Add to MetaCart
. The satisfiability (SAT) problem is a core problem in mathematical logic and computing theory. In practice, SAT is fundamental in solving many problems in automated reasoning, computeraided design, computeraided manufacturing, machine vision, database, robotics, integrated circuit design, computer architecture design, and computer network design. Traditional methods treat SAT as a discrete, constrained decision problem. In recent years, many optimization methods, parallel algorithms, and practical techniques have been developed for solving SAT. In this survey, we present a general framework (an algorithm space) that integrates existing SAT algorithms into a unified perspective. We describe sequential and parallel SAT algorithms including variable splitting, resolution, local search, global optimization, mathematical programming, and practical SAT algorithms. We give performance evaluation of some existing SAT algorithms. Finally, we provide a set of practical applications of the sat...
What Good Are Digital Clocks?
, 1992
"... . Realtime systems operate in "real," continuous time and state changes may occur at any realnumbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a realtime system has been shown "correct" ..."
Abstract

Cited by 109 (14 self)
 Add to MetaCart
. Realtime systems operate in "real," continuous time and state changes may occur at any realnumbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a realtime system has been shown "correct" for integral observations? Integer time verification techniques suffice if the problem of whether all realnumbered behaviors of a system satisfy a property can be reduced to the question of whether the integral observations satisfy a (possibly modified) property. We show that this reduction is possible for a large and important class of systems and properties: the class of systems includes all systems that can be modeled as timed transition systems; the class of properties includes timebounded invariance and timebounded response. 1 Introduction Over the past few years, we have seen a proliferation of formal methodologies for software and hardware design that emphasize the treatm...
The Generalized Railroad Crossing: A Case Study in Formal Verification of RealTime Systems
 IN PROC., REALTIME SYSTEMS SYMP
, 1994
"... A new solution to the Generalized Railroad Crossing problem, based on timed automata, invariants and simulation mappings, is presented and evaluated. The solution shows formally the correspondence between four system descriptions: an axiomatic specification, an operational specification, a discrete ..."
Abstract

Cited by 94 (19 self)
 Add to MetaCart
A new solution to the Generalized Railroad Crossing problem, based on timed automata, invariants and simulation mappings, is presented and evaluated. The solution shows formally the correspondence between four system descriptions: an axiomatic specification, an operational specification, a discrete system implementation, and a system implementation that works with a continuous gate model.