superclass for all monitor control policy objects. PRIORITYCEILINGEMULATION 87 6.1.1 Constructors public Monitor ontrt () 6.1.2 Methods public static void setMonitor Contr l(MonitorControl8 policy) Control the default monitor behavior for object monitors used by synchronized statements and methods in the system. The type of the policy object determines the type of behavior. Conforming implementations must support priority ceiling emulation and priority inheritance for fixed priority preemptive threads. Parameters: policy - The new monitor control policy. If null nothing happens. public static void setMonitor Contr l(java.lang.Object monitor MonitorControl 8 policy) Has the same effect as setMonitorControl(), except that the policy only affects the indicated object monitor. Parameters: monitor - The monitor for which the new policy will be in use. The policy will take effect on the first attempt to lock the monitor after the completion of this method. If null nothing wi...

We propose a method for the implementation and analysis of real-time systems, based on the compilation of specifications into extended automata. Such a method has been already adopted for the so called "synchronous" real-time programming languages.

Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of hierarchical (nested) systems, i.e. finite state machines whose states themselves can be other machines. This nesting ability is common in various software design methodologies and is available in several commercial modeling tools. The straightforward way to analyze a hierarchical machine is to flatten it (thus, incurring an exponential blow up) and apply a model checking tool on the resulting ordinary FSM. We show that this flattening can be avoided. We develop algorithms for verifying linear time requirements whose complexity is polynomial in the size of the hierarchical machine. We address also the verification of branching time requirements and provide efficient algorithms and matching lower bounds. 1 Introduction Finite state machines (FSMs) are widely used in the modeling of systems in various areas. Descriptions using FSMs are useful...

Abstract not found

This paper presents an efficient model checking algorithm for one--safe time Petri nets and a timed temporal logic. The approach is based on the idea of (1) using only differences of timing variables to be able to construct a finite representation of the set of all reachable states and (2) further reducing the size of this representation by exploiting the concurrency in the net. This reduction of the state space is possible, because the considered linear--time temporal logic is stuttering invariant. The firings of transitions are only partially ordered by causality and a given formula

A new technique for proving trng properties for tm-g-based algorithms is described; it is an extension of the mapping techniques previously used in proofs of safety properties for asynchronous concurrent systems. The key to the method is a way of representing a system with timing constraints as an automaton whose state includes predictive tmg information. .Timing assumptions and tnng requirements for the system are both represented in this way. A multi-valued mapping from the assumptions automaton" to the requirements automaton" is then used to show that th given system satisfies the requirements. One type of mapping is based on a collection of proress functions" providing measures of proress toward timing goals. The technique is illustrated with two examples, a simple resource manager and a two- process race system.

Safety critical computers increasingly a#ect nearly every aspect of our lives. Computers control the planes we #y on, monitor our health in hospitals and do our work in hazardous environments. Computers with software de#ciencies that fail to meet stringent timing constraints have resulted in catastrophic failures. This paper surveys formal methods for specifying, designing and verifying real-time systems, so as to improve their safety and reliability. # To appear in Journal of Systems and Software,Vol. 18, Number 1, pages 33#60, April 1992. Jonathan Ostro# is with the Department of Computer Science, York University 4700 Keele Street, North York, Ontario, Canada, M3J 1P3. This work is supported by the Natural Sciences and Engineering Research Council of Canada. 1 CONTENTS 2 Contents 1 Introduction 3 2 De#ning the terms 6 2.1 Major issues that formal theories must address ::::::: 13 3 Real-Time Programming Languages 14 4 Structured Methods and#or Graphical Languages 15 4.1 Str...

this paper appeared in "Proceedings of the 10th IEEE Real-Time Systems Symposium, Santa Monica, December 1989," pp. 268-284. This work was supported by ONR Contract N00014-85-K~0168, by NSF Contract CCR-8611442, and by DARPA Contracts N00014-83-K-0125 and N00014-89-J-1988

: In many real-time systems, relative timing constraints are imposed on a set of tasks. Generating a correct ordering for the tasks and deriving their proper start-time assignments is a NP-hard problem; it subsumes the Non-preemptive Scheduling Problem. If a total order is imposed on the tasks and the exact execution times of tasks are known a priori, we can statically determine feasible start times using linear-programming techniques. However, if a total order is imposed but we can only obtain upper and lower bounds on execution time, verifying that the constraints can be satisfied requires proving a formula with alternating existential and universal quantifiers. We present the technique of parametric dispatching to enforce such timing constraints. During an offline component, we check if the constraints can be guaranteed. If so, a calendar is produced that allows our online algorithm to generate upper and lower bounds on the start time of each task, based on the start times and exec...

Array data dependence analysis methods currently in use generate false dependences that can prevent useful program transformations. These false dependences arise because the questions asked are conservative approximations to the questions we really should be asking. Unfortunately, the questions we really should be asking go beyond integer programming and require decision procedures for a subclass of Presburger formulas. In this paper, we describe how to extend the Omega test so that it can answer these queries and allow us to eliminate these false data dependences. We have implemented the techniques described here and believe they are suitable for use in production compilers.