Results 1  10
of
39
Causality Analysis of Synchronous Programs with Delayed Actions
, 2004
"... Synchronous programs are wellsuited for the implementation of realtime embedded systems. However, their compilation is difficult due to the paradigm that microsteps are executed in zero time. This can yield cyclic dependencies that must be resolved to generate singlethreaded code. State of the ar ..."
Abstract

Cited by 18 (15 self)
 Add to MetaCart
Synchronous programs are wellsuited for the implementation of realtime embedded systems. However, their compilation is difficult due to the paradigm that microsteps are executed in zero time. This can yield cyclic dependencies that must be resolved to generate singlethreaded code. State of the art techniques are based on a fixpoint computation at compile time that `simulates' the microstep execution. However, existing procedures do not consider delayed actions that have been recently introduced in synchronous languages. In this paper, we show that the analysis of programs with delayed actions can be performed by two fixpoint computations, one for the initialization and one for the transitions of the system. Moreover, we discuss an implementation using BDDs that is based on dual rail encoding.
Maximal causality analysis
 in: Conference on Application of Concurrency to System Design (ACSD
, 2005
"... Perfectly synchronous systems immediately react to the inputs of their environment, which may lead to socalled causality cycles between actions and their trigger conditions. Algorithms to analyze the consistency of such cycles usually extend data types by an additional value to explicitly indicate ..."
Abstract

Cited by 17 (17 self)
 Add to MetaCart
(Show Context)
Perfectly synchronous systems immediately react to the inputs of their environment, which may lead to socalled causality cycles between actions and their trigger conditions. Algorithms to analyze the consistency of such cycles usually extend data types by an additional value to explicitly indicate unknown values. In particular, Boolean functions are thereby extended to ternary functions. However, a Boolean function usually has several ternary extensions, and the result of the causality analysis depends on the chosen ternary extension. In this paper, we show that there always is a maximal ternary extension that allows one to solve as many causality problems as possible. Moreover, we elaborate the relationship to hazard elimination in hardware circuits, and finally show how the maximal ternary extension of a Boolean function can be efficiently computed by means of binary decision diagrams.
From ModelBased Design to Formal Verification of Adaptive Embedded Systems
 In Proc. of ICFEM 2007
, 2007
"... Abstract. Adaptation is important in dependable embedded systems to cope with changing environmental conditions. However, adaptation significantly complicates system design and poses new challenges to system correctness. We propose an integrated modelbased development approach facilitating intuitiv ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Adaptation is important in dependable embedded systems to cope with changing environmental conditions. However, adaptation significantly complicates system design and poses new challenges to system correctness. We propose an integrated modelbased development approach facilitating intuitive modelling as well as formal verification of dynamic adaptation behaviour. Our modelling concepts ease the specification of adaptation behaviour and improve the design of adaptive embedded systems by hiding the increased complexity from the developer. Based on a formal framework for representing adaptation behaviour, our approach allows to employ theorem proving, model checking as well as specialised verification techniques to prove properties characteristic for adaptive systems such as stability. 1
Averest: Specification, verification, and implementation of reactive systems
 In Conference on Application of Concurrency to System Design (ACSD
, 2005
"... The Averest framework 1 provides a set of tools for the specification, verification, and implementation of reactive systems. Currently, it consists of a compiler for our Esterellike synchronous programming language Quartz, a symbolic ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
The Averest framework 1 provides a set of tools for the specification, verification, and implementation of reactive systems. Currently, it consists of a compiler for our Esterellike synchronous programming language Quartz, a symbolic
Global vs. local model checking: A comparison of verification techniques for infinite state systems
 In International Conference on Software Engineering and Formal Methods (SEFM
, 2004
"... Global and local model checking procedures follow radically different paradigms: while global approaches are based on fixpoint computation, local approaches are related to deduction and induction. For the verification of finite state systems, this may result in different runtimes. For the verific ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Global and local model checking procedures follow radically different paradigms: while global approaches are based on fixpoint computation, local approaches are related to deduction and induction. For the verification of finite state systems, this may result in different runtimes. For the verification of infinite state systems, however, the differences are far more important. Since most problems are undecidable for such systems, it may be the case that one of the procedures does not terminate. In this paper, we compare global and local procedures for model checking µcalculus properties of infinite state systems. In particular, we show how they can benefit from each other and present appropriate extensions. 1.
From LTL to Symbolically Represented Deterministic Automata
"... Abstract. Temporal logics like LTL are frequently used for the specification and verification of reactive systems. For verification, LTL formulas are typically translated to generalized nondeterministic Büchi automata so that the verification problem is reduced to checking the emptiness of automata. ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Temporal logics like LTL are frequently used for the specification and verification of reactive systems. For verification, LTL formulas are typically translated to generalized nondeterministic Büchi automata so that the verification problem is reduced to checking the emptiness of automata. While this can be done symbolically for nondeterministic automata, other applications require deterministic automata, so that a subsequent determinization step is required. Unfortunately, currently known determinization procedures for Büchi automata like Safra’s procedure are not amenable to a symbolic implementation. It is wellknown that ωautomata that stem from LTL formulas have special properties. In this paper, we exploit such a property in a new determinization procedure for these automata. Our procedure avoids the use of complicated tree structures as used in Safra’s procedure and it generates symbolic descriptions of equivalent deterministic parity automata which was so far not possible for full LTL. 1
Threevalued logic in bounded model checking
 In Formal Methods and Models for Codesign (MEMOCODE
, 2005
"... In principle, bounded model checking (BMC) leads to semidecision procedures that can be used to verify liveness properties and to falsify safety properties. If the procedures fail, there is usually no information about the validity of the considered specification. In this paper, we present a new ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
(Show Context)
In principle, bounded model checking (BMC) leads to semidecision procedures that can be used to verify liveness properties and to falsify safety properties. If the procedures fail, there is usually no information about the validity of the considered specification. In this paper, we present a new approach to BMC based on threevalued logic that allows us in many cases to falsify liveness properties and to verify safety properties. Moreover, we employ both global and local model checking to take advantage of the different types of specifications that can be handled by these techniques. 1.
Modelling of Complex Software Systems: a Reasoned Overview
"... This paper is devoted to the presentation of the key concepts on which a mathematical theory of complex (industrial) systems can be based. We especially show how this formal framework can capture the realness of modern information technologies. We also present some new modelling problems that are na ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
This paper is devoted to the presentation of the key concepts on which a mathematical theory of complex (industrial) systems can be based. We especially show how this formal framework can capture the realness of modern information technologies. We also present some new modelling problems that are naturally emerging in the specific context of complex software systems.
Towards a functional formalism for modelling complex industrial systems
 ComPlexUs, special Issue : Complex Systems  European Conference 2005
, 2006
"... This paper is dedicated to the memory of Imre Lakatos ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
This paper is dedicated to the memory of Imre Lakatos
Formal Verification of Safety Behaviours of the Outdoor Robot RAVON
 Fourth International Conference on Informatics in Control, Automation and Robotics (ICINCO
, 2007
"... Behaviourbased control, formal verification, outdoor robotics. This paper presents an approach to the formal verification of safety properties of the behaviourbased control network of the mobile outdoor robot RAVON. In particular, we consider behaviours that are used for the computation of the pro ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Behaviourbased control, formal verification, outdoor robotics. This paper presents an approach to the formal verification of safety properties of the behaviourbased control network of the mobile outdoor robot RAVON. In particular, we consider behaviours that are used for the computation of the projected vehicle’s velocity from obstacle proximity sensor data and inclination information. We describe how this group of behaviours is implemented in the synchronous language Quartz in order to be formally verified using model checking techniques of the Averest verification framework. Moreover, by integrating the automatically generated and verified code into the behaviour network, it can be guaranteed that the robot slows down and stops as required by the given safety specifications. 1