Results 1  10
of
52
Probabilistic Model Checking of Deadline Properties in the IEEE1394 FireWire Root Contention Protocol
 in the IEEE 1394 FireWire root contention protocol. Special Issue of Formal Aspects of Computing
"... The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automati ..."
Abstract

Cited by 35 (23 self)
 Add to MetaCart
The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automatic verification techniques such as model checking have been adapted to this class of probabilistic, timed systems [1, 9, 3, 14]. This abstract considers an application of such techniques to the IEEE1394 (FireWire) root contention protocol, in which the interplay between timed and probabilistic aspects is used to break the symmetry which may arise during the leader election process. Here, the properties of interest concern the election of a leader within a certain deadline, with a certain probability or greater. Our specification formalism is that of probabilistic timed automata [14], a variant of timed automa...
Verification of UML Statechart with Realtime Extensions
 Fundamental Approaches to Software Engineering (FASE’2002), volume 2306 of LNCS
, 2003
"... We develop a formal model for hierarchical timed systems. The statechartlike hierarchy features parallelism on any level and connects superstate and substate via explicit entries and exits. Time is represented by clocks, invariants, and guards. For this formalism we give an operational semantics th ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
We develop a formal model for hierarchical timed systems. The statechartlike hierarchy features parallelism on any level and connects superstate and substate via explicit entries and exits. Time is represented by clocks, invariants, and guards. For this formalism we give an operational semantics that is appropriate for the veri cation of universal timed computation tree logic (TCTL) properties.
Verification and Improvement of the Sliding Window Protocol
, 2003
"... The wellknown Sliding Window protocol caters for the reliable and efficient transmission of data over unreliable channels that can lose, reorder and duplicate messages. Despite the practical importance of the protocol and its high potential for errors, it has never been formally verified for the ge ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
The wellknown Sliding Window protocol caters for the reliable and efficient transmission of data over unreliable channels that can lose, reorder and duplicate messages. Despite the practical importance of the protocol and its high potential for errors, it has never been formally verified for the general setting. We try to fill this gap by giving a fully formal specification and verification of an improved version of the protocol. The protocol is specified by a timed state machine in the language of the verification system PVS. This allows a mechanical check of the proof by the interactive proof checker of PVS. Our modelling is very general and includes such important features of the protocol as sending and receiving windows of arbitrary size, bounded sequence numbers and channels that may lose, reorder and duplicate messages.
Robustness and Implementability of Timed Automata
 In Proc. Joint Conf. Formal Modelling and Analysis of Timed Systems and Formal Techniques in RealTime and Fault Tolerant System (FORMATS+FTRTFT’04), volume 3253 of LNCS
, 2004
"... In a former paper, we de ned a new semantics for timed automata, the Almost ASAP semantics, which is parameterized by to cope with the reaction delay of the controller. We showed that this semantics is implementable provided there exists a strictly positive value for the parameter for which t ..."
Abstract

Cited by 20 (10 self)
 Add to MetaCart
In a former paper, we de ned a new semantics for timed automata, the Almost ASAP semantics, which is parameterized by to cope with the reaction delay of the controller. We showed that this semantics is implementable provided there exists a strictly positive value for the parameter for which the strategy is correct. In this paper, we de ne the implementability problem to be the question of existence of such a . We show that this question is closely related to a notion of robustness for timed automata de ned in [Pur98] and prove that the implementability problem is decidable.
Do We Need Dependent Types?
 JOURNAL OF FUNCTIONAL PROGRAMMING
, 2001
"... Inspired by [1], we describe a technique for defining, within the HindleyMilner type system, some functions which seem to require a language with dependent types. We illustrate this by giving a general definition of zipWith for which the Haskell library provides a family of functions, each memb ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Inspired by [1], we describe a technique for defining, within the HindleyMilner type system, some functions which seem to require a language with dependent types. We illustrate this by giving a general definition of zipWith for which the Haskell library provides a family of functions, each member of the family having a different type and arity. Our technique consists in introducing ad hoc codings for natural numbers which resemble numerals in #calculus.
Analysis of a Biphase Mark Protocol with Uppaal and PVS
"... The biphase mark protocol is a convention for representing both a string of bits and clock edges in a square wave. The protocol is frequently used for communication at the physical level of the ISO/OSI hierarchy, and is implemented on microcontrollers such as the Intel 82530 Serial Communications ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
The biphase mark protocol is a convention for representing both a string of bits and clock edges in a square wave. The protocol is frequently used for communication at the physical level of the ISO/OSI hierarchy, and is implemented on microcontrollers such as the Intel 82530 Serial Communications Controller. An important property of the protocol is that bit strings of arbitrary length can be transmitted reliably, despite differences in the clock rates of sender and receiver (drift), variations of the clock rates (jitter), and distortion of the signal after generation of an edge. In this article, we show how the protocol can be modelled naturally in terms of timed automata. We use the model checker Uppaal to derive the maximal tolerances on the clock rates, for different instances of the protocol, and to support the general parametric verification that we formalized using the proof assistant PVS. Based on the derived parameter constraints we propose instances of BMP that are correct (at least in our model) but have a faster bit rate than the instances that are commonly implemented in hardware.
Parameterized Reachability Analysis of the IEEE 1394 Root Contention Protocol using TReX
 PROCEEDINGS OF THE WORKSHOP ON REALTIME TOOLS (RTTOOLS'2001)
, 2001
"... We report about the reachability analysis of fully parametrized models of the IEEE 1394 root contention protocol. This protocol uses timing constraints in order to elect a leader. The interesting point is that the timing constraints involve some parameters (transmission delay, bounds of waiting i ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We report about the reachability analysis of fully parametrized models of the IEEE 1394 root contention protocol. This protocol uses timing constraints in order to elect a leader. The interesting point is that the timing constraints involve some parameters (transmission delay, bounds of waiting intervals), and the behavior of the protocol strongly depends on the relation between these parameters. In order to synthesize the relation ensuring the correct behavior of the protocol, we apply the symbolic reachability techniques implemented in the TReX tool. We take the unparameterized model of Root Contention protocol proposed in [24] and study different parametrized versions of this model. We are able to synthesize automatically all the relations already found by proof or experiments on the unparameterized versions. We compare our results with those reported or obtained using other tools for parametrized systems.
Robust Safety of Timed Automata
 FORMAL METHODS IN SYSTEM DESIGN
"... Timed automata are governed by an idealized semantics that assumes a perfectly precise behavior of the clocks. The traditional semantics is not robust because the slightest perturbation in the timing of actions may lead to completely different behaviors of the automaton. Following several recent wo ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
Timed automata are governed by an idealized semantics that assumes a perfectly precise behavior of the clocks. The traditional semantics is not robust because the slightest perturbation in the timing of actions may lead to completely different behaviors of the automaton. Following several recent works, we consider a relaxation of this semantics, in which guards on transitions are widened by ∆> 0 and clocks can drift by ε> 0. The relaxed semantics encompasses the imprecisions that are inevitably present in an implementation of a timed automaton, due to the finite precision of digital clocks. We solve the safety verification problem for this robust semantics: given a timed automaton and a set of bad states, our algorithm decides if there exist positive values for the parameters ∆ and ε such that the timed automaton never enters the bad states under the relaxed semantics.