Results 1  10
of
52
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 1975 (31 self)
 Add to MetaCart
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
The algorithmic analysis of hybrid systems
 THEORETICAL COMPUTER SCIENCE
, 1995
"... We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamica ..."
Abstract

Cited by 596 (69 self)
 Add to MetaCart
We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewiselinear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard programanalysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic modelchecking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.
The Theory of Hybrid Automata
, 1996
"... A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on pur ..."
Abstract

Cited by 483 (9 self)
 Add to MetaCart
A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on purely discrete state spaces only. In particular, various classes of hybrid automata induce finitary trace equivalence (or similarity, or bisimilarity) relations on an uncountable state space, thus permitting the application of various modelchecking techniques that were originally developed for finitestate systems.
Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems
, 1992
"... We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examp ..."
Abstract

Cited by 360 (20 self)
 Add to MetaCart
We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examples considered in the workshop can be defined by hybrid automata. While the reachability problem is undecidable even for very restricted classes of hybrid automata, we present two semidecision procedures for verifying safety properties of piecewiselinear hybrid automata, in which all variables change at constant rates. The two procedures are based, respectively, on minimizing and computing fixpoints on generally infinite state spaces. We show that if the procedures terminate, then they give correct answers. We then demonstrate that for many of the typical workshop examples, the procedures do terminate and thus provide an automatic way for verifying their properties. 1 Introduction More and...
General Decidability Theorems for InfiniteState Systems
, 1996
"... ) Parosh Aziz Abdulla Uppsala University K¯arlis Cer¯ans University of Latvia Bengt Jonsson Uppsala University YihKuen Tsay National Taiwan University Abstract Over the last few years there has been an increasing research effort directed towards the automatic verification of infinite state sys ..."
Abstract

Cited by 107 (13 self)
 Add to MetaCart
) Parosh Aziz Abdulla Uppsala University K¯arlis Cer¯ans University of Latvia Bengt Jonsson Uppsala University YihKuen Tsay National Taiwan University Abstract Over the last few years there has been an increasing research effort directed towards the automatic verification of infinite state systems. For different classes of such systems (e.g., hybrid automata, dataindependent systems, relational automata, Petri nets, and lossy channel systems) this research has resulted in numerous highly nontrivial algorithms. As the interest in this area increases, it will be important to extract common principles that underly these and related results. This paper is concerned with identifying general mathematical structures which could serve as sufficient conditions for achieving decidability. We present decidability results for systems which consist of a finite control part operating on an infinite data domain. The data domain is equipped with a wellordered and wellfounded preorder such tha...
An Implementation of Three Algorithms for Timing Verification Based on Automata Emptiness
, 1992
"... This papers describes modifications to and the implementation of algorithms previously described in [1, 11]. We first describe three generic (untimed) algorithms for constructing graphs of the reachable states of a system, and how these graphs can be used for verification. They all have as input an ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
This papers describes modifications to and the implementation of algorithms previously described in [1, 11]. We first describe three generic (untimed) algorithms for constructing graphs of the reachable states of a system, and how these graphs can be used for verification. They all have as input an implicit description of a transition system. We then apply these algorithms to realtime systems. The first algorithm performs a straightforward reachability analysis on sets of states of the system, rather than on individual states. This corresponds to stepping symbolically through the system many states at a time. In the case of a realtime system this procedure constructs a graph where each node is the union of some regions of the regions graph. There is therefore no need for an a priori partitioning of the state space into individual regions; however, this approach potentially leads to exponentially worse complexity since its potential state space is the power set of regions [1]. The other two algorithms we consider are minimization algorithms [12, 13, 11]. These simultaneously perform reachability analysis and minimization from an implicit system description. These can lead to great savings when the minimized graph is much smaller than the explicit reachable graph. Our paradigm for verification is to test for the emptiness of the set of all timed system executions that violate a requirements specification. One way to specify and verify nonterminating processes is to model them as languages of !sequences of events [14, 15, 16, 1, 17, 18]. Modular processes can be constructed via composition operations involving language intersection. Specifications are also given as languages: they contain all acceptable event sequences. Program correctness is then just language contain...
Undecidable Verification Problems for Programs with Unreliable Channels
 Information and Computation
, 1994
"... We consider the verification of a particular class of infinitestate systems, namely systems consisting of finitestate processes that communicate via unbounded lossy FIFO channels. This class is able to model e.g. link protocols such as the Alternating Bit Protocol and HDLC. In an earlier paper, we ..."
Abstract

Cited by 58 (11 self)
 Add to MetaCart
We consider the verification of a particular class of infinitestate systems, namely systems consisting of finitestate processes that communicate via unbounded lossy FIFO channels. This class is able to model e.g. link protocols such as the Alternating Bit Protocol and HDLC. In an earlier paper, we showed that the problems of checking reachability, safety properties, and eventuality properties are decidable for this class of systems. In this paper, we show that the following problems are undecidable, namely ffl The model checking problem in propositional temporal logics such as Propositional Linear Time Temporal Logic (PTL) and Computation Tree Logic (CTL). ffl The problem of deciding eventuality properties with fair channels: do all computations eventually reach a given set of states if the unreliable channels satisfy fairness assumptions. The results are obtained through a reduction from a variant of Post's Correspondence Problem. This research report is a revised and extended ...
From Timed Automata to Logic  and Back
 MFCS’95, LNCS 969
, 1995
"... One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient modelchecking algorithms, and in the last few years these algorithms have been made applicable to the verification of realtime automata usi ..."
Abstract

Cited by 52 (7 self)
 Add to MetaCart
One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient modelchecking algorithms, and in the last few years these algorithms have been made applicable to the verification of realtime automata using the regiontechniques of Alur and Dill. In this
The Observational Power of Clocks
, 1994
"... We develop a theory of equivalences for timed systems. Two systems are equivalent iff external observers cannot observe differences in their behavior. The notion of equivalence depends, therefore, on the distinguishing power of the observers. The power of an observer to measure time results in untim ..."
Abstract

Cited by 40 (4 self)
 Add to MetaCart
We develop a theory of equivalences for timed systems. Two systems are equivalent iff external observers cannot observe differences in their behavior. The notion of equivalence depends, therefore, on the distinguishing power of the observers. The power of an observer to measure time results in untimed, clock, and timed equivalences: an untimed observer cannot measure the time difference between events; a clock observer uses a clock to measure time differences with finite precision; a timed observer is able to measure time differences with arbitrary precision. We show that the distinguishing power of clock observers grows with the number of observers, and approaches, in the limit, the distinguishing power of a timed observer. More precisely, given any equivalence for untimed systems, two timed systems are kclock congruent, for a nonnegative integer k, iff their compositions with every environment that uses k clocks are untimed equivalent. Both kclock bisimulation congruence and kcloc...