Results 1 
8 of
8
UPPAAL in a Nutshell
, 1997
"... . This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, ..."
Abstract

Cited by 638 (48 self)
 Add to MetaCart
(Show Context)
. This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, to specify and verify its safety and bounded liveness properties in terms of its model. In addition, the paper also provides a short review on casestudies where Uppaal is applied, as well as references to its theoretical foundation. 1 Introduction Uppaal is a tool box for modeling, simulation and verification of realtime systems, based on constraintsolving and onthefly techniques, developed jointly by Uppsala University and Aalborg University. It is appropriate for systems that can be modeled as a collection of nondeterministic processes with finite control structure and realvalued clocks, communicating through channels and (or) shared variables [34, 26]. Typical application areas in...
The Bounded Retransmission Protocol must be on time!
 THIRD INT. WORKSHOP ON TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS'97), LNCS 1217
, 1997
"... This paper concerns the transfer of files via a lossy communication channel. It formally specifies this file transfer service in a propertyoriented way and investigates  using two different techniques  whether a given bounded retransmission protocol conforms to this service. This protocol is ba ..."
Abstract

Cited by 49 (11 self)
 Add to MetaCart
(Show Context)
This paper concerns the transfer of files via a lossy communication channel. It formally specifies this file transfer service in a propertyoriented way and investigates  using two different techniques  whether a given bounded retransmission protocol conforms to this service. This protocol is based on the wellknown alternating bit protocol but allows for a bounded number of retransmissions of a chunk, i.e., part of a file, only. So, eventual delivery is not guaranteed and the protocol may abort the file transfer. We investigate to what extent realtime aspects are important to guarantee the protocol's correctness and use Spin and
Diagnostic ModelChecking for RealTime Systems
, 1996
"... Uppaal is a new tool suit for automatic verification of networks of timed automata. In this paper we describe the diagnostic modelchecking feature of Uppaal and illustrates its usefulness through the debugging of (a version of) the Philips AudioControl Protocol. Together with a graphical interf ..."
Abstract

Cited by 20 (9 self)
 Add to MetaCart
(Show Context)
Uppaal is a new tool suit for automatic verification of networks of timed automata. In this paper we describe the diagnostic modelchecking feature of Uppaal and illustrates its usefulness through the debugging of (a version of) the Philips AudioControl Protocol. Together with a graphical interface of Uppaal this diagnostic feature allows for a number of errors to be more easily detected and corrected.
Analysing Bang & Olufsen's BeoLink Audio/Video System Using Coloured Petri Nets
 Proceedings of the 18th International Conference on Application and Theory of Petri Nets
, 1997
"... . Bang & Olufsen A/S (B&O) is a renowned manufacturer of audio and video products. Their BeoLinkÒ (BeoLink) system distributes sound and vision throughout a home via a network. In this way, e.g., while doing the cooking in the kitchen, a person can remotely select and listen to a track from ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
(Show Context)
. Bang & Olufsen A/S (B&O) is a renowned manufacturer of audio and video products. Their BeoLinkÒ (BeoLink) system distributes sound and vision throughout a home via a network. In this way, e.g., while doing the cooking in the kitchen, a person can remotely select and listen to a track from a CD loaded in the CD player situated in the living room. To resolve conflicts, synchronisation between various actions is needed, and is indeed taken care of by appropriate communication protocols. The purpose of the project described in this paper was to test Coloured Petri Nets (CPnets or CPN) as a way to improve B&O's methods for specification, validation, and verification of protocols. In the main experiment, an engineer from B&O used the Design/CPN tool to build a CPN model of vital parts of BeoLink, to validate its behaviour using simulations with a familiar graphical feedback, and to formally verify crucial properties using occurrence graphs (also known as state spaces and reachability grap...
Using UPPAAL for the specification and verification of a lipsync protocol
 CNR  Istituto CNUCE
, 1998
"... We present the formal specification and verification of a lip synchronization algorithm using the realtime model checker UPPAAL. A number of specifications of this algorithm can be found in the literature, but this is the rst automatic verification. We take a published specification of the algorith ..."
Abstract
 Add to MetaCart
We present the formal specification and verification of a lip synchronization algorithm using the realtime model checker UPPAAL. A number of specifications of this algorithm can be found in the literature, but this is the rst automatic verification. We take a published specification of the algorithm, code it up in the UPPAAL timed automata notation and then verify whether the algorithm satisfies the key properties of jitter and skew. The verification reveals some aws in the algorithm. In particular, it shows that for certain sound and video streams the algorithm can timelock before reaching a prescribed error state. We also discuss our experience with UPPAAL, with particular reference to modeling timeouts and to deadlock analysis.
Timed and Hybrid Automata
, 2000
"... . The past decade has witnessed a rapid development in the field of formal methods for the specification, analysis and verification of realtime systems. Particularly striking is the progress in continuous time modeling, which, despite its unquestioned expressiveness, turned out to be surprisingly t ..."
Abstract
 Add to MetaCart
. The past decade has witnessed a rapid development in the field of formal methods for the specification, analysis and verification of realtime systems. Particularly striking is the progress in continuous time modeling, which, despite its unquestioned expressiveness, turned out to be surprisingly tractable: practically relevant classes of continuous time systems can be analyzed and verified fully automatically. This has led to the development of a number of corresponding analysis and verification tools of di#erent application profiles. In this paper we concentrate on the two key concepts underlying these tools, known as timed automata and hybrid systems . Their role can be best appreciated in the context of formal methods in general, and specifically of specification of realtime systems in terms of tailored process calculi and realtime logics. All these concepts will be presented in an intuitive fashion, avoiding as much formalism as possible. Key words: Continuous time modeling  ...
L'analyse Formelle Des Systemes Temporises En Pratique
, 1998
"... In this thesis we propose a complete formal framework for the analysis of timed systems, with the emphasis given on the practicality of the approach. We describe timed systems in the formal model of timed automata, finitediscretestate automata equipped with clocks in a densetime domain. Propertie ..."
Abstract
 Add to MetaCart
In this thesis we propose a complete formal framework for the analysis of timed systems, with the emphasis given on the practicality of the approach. We describe timed systems in the formal model of timed automata, finitediscretestate automata equipped with clocks in a densetime domain. Properties of such systems are expressed in the lineartime formalism of timed Büchi automata (timed automata with acceptance conditions), or in one of the branchingtime logics CTL, TCTL or etctl. These formalisms cover a large spectrum of properties on the order of events and the timing constraints on the delays between events. We also examine other interesting properties such as deadlock and timelock freedom or reachability. We consider two types of analysis. Verification : given a system and a property, check whether the system satisfies the property. Controller synthesis : given a system and a property, find a restriction of the system which satisfies the property. These problems have been proven decidable in previous works, however, with a high (exponential) complexity, basically due to the fact that the state space is extremely large (state explosion) and has to be entirely generated and explored. To respond to the challenge of making the approach tractable, we propose methods which are efficient in practice, despite of the high worstcase theoretical complexity. Our approach is based on two key elements. First, on abstractions which reduce the concrete state space to a much smaller abstract state space, while preserving all properties of interest. Second, on efficient techniques to compute and explore the abstract state space. We define two sets of abstractions and study the properties they preserve. Timeabstracting bisimulations are equivalences which hide the quantitative aspect of time : we know that some time passes, but not how much. The stronger of these bisimulations preserves all properties of interest. Timeabstracting simulations are abstractions derived by a forward reachability analysis on the system. These abstractions preserve only linear properties. The analysis methods differ depending on the underlying abstraction(s) used. In the case of bisimulations, the approach consists in two steps : first, generate the timeabstracting quotient of the state space, then apply classical (untimed) analysis techniques to the quotient to prove properties of the concrete system. In the case of simulations, the generation of the abstract state space and the analysis are performed at the same time. This technique is called onthefly and can often provide fast answers without having to generate the entire (abstract) state space. We develop onthefly verification techniques for TBA and ETCTL.