Results 1  10
of
343
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2395 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
UPPAAL in a Nutshell
, 1997
"... . This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, ..."
Abstract

Cited by 490 (38 self)
 Add to MetaCart
. This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, to specify and verify its safety and bounded liveness properties in terms of its model. In addition, the paper also provides a short review on casestudies where Uppaal is applied, as well as references to its theoretical foundation. 1 Introduction Uppaal is a tool box for modeling, simulation and verification of realtime systems, based on constraintsolving and onthefly techniques, developed jointly by Uppsala University and Aalborg University. It is appropriate for systems that can be modeled as a collection of nondeterministic processes with finite control structure and realvalued clocks, communicating through channels and (or) shared variables [34, 26]. Typical application areas in...
Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems
, 1992
"... We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examp ..."
Abstract

Cited by 359 (20 self)
 Add to MetaCart
We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examples considered in the workshop can be defined by hybrid automata. While the reachability problem is undecidable even for very restricted classes of hybrid automata, we present two semidecision procedures for verifying safety properties of piecewiselinear hybrid automata, in which all variables change at constant rates. The two procedures are based, respectively, on minimizing and computing fixpoints on generally infinite state spaces. We show that if the procedures terminate, then they give correct answers. We then demonstrate that for many of the typical workshop examples, the procedures do terminate and thus provide an automatic way for verifying their properties. 1 Introduction More and...
Automatic Symbolic Verification of Embedded Systems
, 1996
"... We present a modelchecking procedure and its implementation for the automatic verification of embedded systems. The system components are described as Hybrid Automata  communicating machines with finite control and realvalued variables that represent continuous environment parameters such as tim ..."
Abstract

Cited by 264 (24 self)
 Add to MetaCart
We present a modelchecking procedure and its implementation for the automatic verification of embedded systems. The system components are described as Hybrid Automata  communicating machines with finite control and realvalued variables that represent continuous environment parameters such as time, pressure, and temperature. The system requirements are specified in a temporal logic with stop watches, and verified by symbolic fixpoint computation. The verification procedure  implemented in the Cornell Hybrid Technology Tool, HyTech  applies to hybrid automata whose continuous dynamics is governed by linear constraints on the variables and their derivatives. We illustrate the method and the tool by checking safety, liveness, timebounded, and duration requirements of digital controllers, schedulers, and distributed algorithms.
ModelChecking in Dense Realtime
 INFORMATION AND COMPUTATION
, 1993
"... Modelchecking is a method of verifying concurrent systems in which a statetransition graph model of the system behavior is compared with a temporal logic formula. This paper extends modelchecking for the branchingtime logic CTL to the analysis of realtime systems, whose correctness depends on t ..."
Abstract

Cited by 249 (6 self)
 Add to MetaCart
Modelchecking is a method of verifying concurrent systems in which a statetransition graph model of the system behavior is compared with a temporal logic formula. This paper extends modelchecking for the branchingtime logic CTL to the analysis of realtime systems, whose correctness depends on the magnitudes of the timing delays. For specifications, we extend the syntax of CTL to allow quantitative temporal operators such as 93!5 , meaning "possibly within 5 time units." The formulas of the resulting logic, Timed CTL (TCTL), are interpreted over continuous computation trees, trees in which paths are maps from the set of nonnegative reals to system states. To model finitestate systems we introduce timed graphs  statetransition graphs annotated with timing constraints. As our main result, we develop an algorithm for modelchecking, for determining the truth of a TCTLformula with respect to a timed graph. We argue that choosing a dense domain instead of a discrete domain to mo...
Realtime logics: complexity and expressiveness
 INFORMATION AND COMPUTATION
, 1993
"... The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about realtime systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via ..."
Abstract

Cited by 201 (16 self)
 Add to MetaCart
The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about realtime systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via a monotonic function that maps every state to its time. The resulting theory of timed state sequences is shown to be decidable, albeit nonelementary, and its expressive power is characterized by! regular sets. Several more expressive variants are proved to be highly undecidable. This framework allows us to classify a wide variety of realtime logics according to their complexity and expressiveness. Indeed, it follows that most formalisms proposed in the literature cannot be decided. We are, however, able to identify two elementary realtime temporal logics as expressively complete fragments of the theory of timed state sequences, and we present tableaubased decision procedures for checking validity. Consequently, these two formalisms are wellsuited for the speci cation and veri cation of realtime systems.
Logics and Models of Real Time: A Survey
"... We survey logicbased and automatabased languages and techniques for the specification and verification of realtime systems. In particular, we discuss three syntactic extensions of temporal logic: timebounded operators, freeze quantification, and time variables. We also discuss the extension of ..."
Abstract

Cited by 183 (16 self)
 Add to MetaCart
We survey logicbased and automatabased languages and techniques for the specification and verification of realtime systems. In particular, we discuss three syntactic extensions of temporal logic: timebounded operators, freeze quantification, and time variables. We also discuss the extension of finitestate machines with clocks and the extension of transition systems with time bounds on the transitions. All of the resulting notations can be interpreted over a variety of different models of time and computation, including linear and branching time, interleaving and true concurrency, discrete and continuous time. For each choice of syntax and semantics, we summarize the results that are known about expressive power, algorithmic finitestate verification, and deductive verification.
A tutorial on uppaal
, 2004
"... Abstract. This is a tutorial paper on the tool Uppaal. Its goal is to be a short introduction on the flavor of timed automata implemented in the tool, to present its interface, and to explain how to use the tool. The contribution of the paper is to provide reference examples and modeling patterns. 1 ..."
Abstract

Cited by 173 (9 self)
 Add to MetaCart
Abstract. This is a tutorial paper on the tool Uppaal. Its goal is to be a short introduction on the flavor of timed automata implemented in the tool, to present its interface, and to explain how to use the tool. The contribution of the paper is to provide reference examples and modeling patterns. 1
What Good Are Digital Clocks?
, 1992
"... . Realtime systems operate in "real," continuous time and state changes may occur at any realnumbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a realtime system has been shown "correct" ..."
Abstract

Cited by 109 (14 self)
 Add to MetaCart
. Realtime systems operate in "real," continuous time and state changes may occur at any realnumbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a realtime system has been shown "correct" for integral observations? Integer time verification techniques suffice if the problem of whether all realnumbered behaviors of a system satisfy a property can be reduced to the question of whether the integral observations satisfy a (possibly modified) property. We show that this reduction is possible for a large and important class of systems and properties: the class of systems includes all systems that can be modeled as timed transition systems; the class of properties includes timebounded invariance and timebounded response. 1 Introduction Over the past few years, we have seen a proliferation of formal methodologies for software and hardware design that emphasize the treatm...
Design of Embedded Systems: Formal Models, Validation, and Synthesis
 PROCEEDINGS OF THE IEEE
, 1999
"... This paper addresses the design of reactive realtime embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the ..."
Abstract

Cited by 106 (9 self)
 Add to MetaCart
This paper addresses the design of reactive realtime embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the specification, validation, and synthesis problems. We review the variety of approaches to these problems that have been taken.