Results 1  10
of
60
The algorithmic analysis of hybrid systems
 THEORETICAL COMPUTER SCIENCE
, 1995
"... We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamica ..."
Abstract

Cited by 596 (69 self)
 Add to MetaCart
We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewiselinear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard programanalysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic modelchecking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.
An Approach to the Description and Analysis of Hybrid Systems
"... Introduction The paper presents a model for hybrid systems, that is, systems that combine discrete and continuous components. Such systems are usually reactive realtime systems used to control an environment evolving over time. A main assumption is that a run of a hybrid system is a sequence of two ..."
Abstract

Cited by 77 (3 self)
 Add to MetaCart
Introduction The paper presents a model for hybrid systems, that is, systems that combine discrete and continuous components. Such systems are usually reactive realtime systems used to control an environment evolving over time. A main assumption is that a run of a hybrid system is a sequence of twophase steps. The first phase of a step corresponds to a continuous state transformation usually described in terms of some parameter representing the time elapsed during this phase. In the second phase the state is submitted to a discrete change taking zero time. To illustrate this assumption, consider a temperature regulator commanding a heater so as to maintain the temperature ` of a room between two given bounds ` min and ` max . A run of such a system is a sequence of steps determined by the alternating state changes of the heater from ON to OFF<F26.
Verifying ETLOTOS programs with KRONOS
 In Proc. FORTE'94
, 1994
"... This paper shows that realtime systems described in a reasonable subset of ETLOTOS can be verified with Kronos by compiling them into timed automata. We illustrate the practical interest of our approach with a case study: the TickTock protocol ..."
Abstract

Cited by 48 (9 self)
 Add to MetaCart
This paper shows that realtime systems described in a reasonable subset of ETLOTOS can be verified with Kronos by compiling them into timed automata. We illustrate the practical interest of our approach with a case study: the TickTock protocol
An Algorithm for Exact Bounds on the Time Separation of Events in Concurrent Systems
 IEEE Transactions on Computers
, 1993
"... Determining the time separation of events is a fundamental problem in the analysis, synthesis, and optimization of concurrent systems. Applications range from logic optimization of asynchronous digital circuits to evaluation of execution times of programs for realtime systems. We present an efficie ..."
Abstract

Cited by 47 (7 self)
 Add to MetaCart
Determining the time separation of events is a fundamental problem in the analysis, synthesis, and optimization of concurrent systems. Applications range from logic optimization of asynchronous digital circuits to evaluation of execution times of programs for realtime systems. We present an efficient algorithm to find exact (tight) bounds on the separation time of events in an arbitrary process graph without conditional behavior. This result is more general than the methods presented in several previously published papers as it handles cyclic graphs and yields the tightest possible bounds on event separations. The algorithm is based on a functional decomposition technique that permits the implicit evaluation of an infinitely unfolded process graph. Examples are presented that demonstrate the utility and efficiency of the solution. The algorithm will form a basis for exploration of timingconstrained synthesis techniques. Index terms: Abstract algebra, asynchronous systems, concurrent ...
Timing Analysis of Ada Tasking Programs
 IEEE transactions on Software Engineering
, 1996
"... Concurrent realtime software is increasingly used in safetycritical embedded systems. Assuring the quality of such software requires the rigor of formal methods. In order to analyze a program formally, we must first construct a mathematical model of its behavior. In this paper, we consider the pro ..."
Abstract

Cited by 36 (4 self)
 Add to MetaCart
Concurrent realtime software is increasingly used in safetycritical embedded systems. Assuring the quality of such software requires the rigor of formal methods. In order to analyze a program formally, we must first construct a mathematical model of its behavior. In this paper, we consider the problem of constructing such models for concurrent realtime software. In particular, we provide a method for building mathematical models of realtime Ada tasking programs that are accurate enough to verify interesting timing properties, and yet abstract enough to yield a tractable analysis on nontrivial programs. Our approach differs from schedulability analysis in that we do not assume that the software has a highly restricted structure (e.g., a set of periodic tasks). Also, unlike most abstract models of realtime systems, we account for essential properties of real implementations, such as resource constraints and runtime overhead. Keywords timing analysis, realtime systems, program ...
Timed Modal Specification  Theory and Tools
 IN PROC. OF THE 5TH INT. CONF. ON COMPUTER AIDED VERIFICATION, VOLUME 697 OF LECTURE NOTES IN COMPUTER SCIENCE (LNCS
, 1997
"... ..."
Efficient Data Structure for Fully Symbolic Verification of RealTime Software Systems
 Proceedings of the 6th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2000), LNCS 1785
"... A new datastructure called DDD (DataDecision Diagram) for the fully symbolic modelchecking of realtime software systems is proposed. DDD is a BDDlike datastructure for the encoding of regions [2]. Unlike DBM which records differences between pairs of clock readings, DDD only uses one auxiliar ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
A new datastructure called DDD (DataDecision Diagram) for the fully symbolic modelchecking of realtime software systems is proposed. DDD is a BDDlike datastructure for the encoding of regions [2]. Unlike DBM which records differences between pairs of clock readings, DDD only uses one auxiliary binary variable for each clock. Thus the number of variables used in DDD is always linear to the number of clocks declared in the input system description. Experiment has been carried out to compare DDD with previous technologies. 1 Introduction Fully symbolic verification of realtime systems is desirable with the promise of efficient datasharing. We propose Data Decision Diagram (DDD) as the new datastructure for such a purpose. DDD is a BDDlike datastructure [5, 8] for the encoding of regions [2]. The ordering among fractional parts of clock readings is explicitly encoded in the variable ordering of DDD. To record sets of clock readings with the same fractional parts, we add one...
An efficient state space generation for the analysis of realtime systems
 ACM Softw. Eng. Notes
, 1996
"... This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this mate ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to
Operational and Logical Semantics for Polling RealTime Systems
, 1998
"... PLCAutomata are a class of realtime automata suitable to describe the behaviour of polling realtime systems. PLCAutomata can be compiled to source code for PLCs, a hardware widely used in industry to control processes. Also, PLCAutomata have been equipped with a logical and operational sema ..."
Abstract

Cited by 19 (12 self)
 Add to MetaCart
PLCAutomata are a class of realtime automata suitable to describe the behaviour of polling realtime systems. PLCAutomata can be compiled to source code for PLCs, a hardware widely used in industry to control processes. Also, PLCAutomata have been equipped with a logical and operational semantics, using Duration Calculus (DC) and Timed Automata (TA), respectively. The three main results of this paper are: (1) A simplified operational semantics. (2) A minor extension of the logical semantics, and a proof that this semantics is complete relative to our operational semantics. This means that if an observable satisfies all formulas of the DC semantics, then it can also be generated by the TA semantics. (3) A proof that the logical semantics is sound relative to our operational semantics. This means that each observable that is accepted by the TA semantics constitutes a model for all formulas of the DC semantics.