Results 1  10
of
216
Statecharts: A Visual Formalism For Complex Systems
, 1987
"... We present a broad extension of the conventional formalism of state machines and state diagrams, that is relevant to the specification and design of complex discreteevent systems, such as multicomputer realtime systems, communication protocols and digital control units. Our diagrams, which we cal ..."
Abstract

Cited by 2120 (49 self)
 Add to MetaCart
We present a broad extension of the conventional formalism of state machines and state diagrams, that is relevant to the specification and design of complex discreteevent systems, such as multicomputer realtime systems, communication protocols and digital control units. Our diagrams, which we call statecharts, extend conventional statetransition diagrams with essentially three olements, dealing, respectively, with the notions of hierarchy, concurrency and communication. These transform the language of state diagrams into a highly structured' and economical description language. Statecharts are thus compact and expressivesmall diagrams can express complex behavioras well as compositional and modular. When coupled with the capabilities of computerized graphics, statecharts enable viewing the description at different levels of detail, and make even very large specifications manageable and comprehensible. In fact, we intend to demonstrate here that statecharts counter many of the objections raised against conventional state diagrams, and thus appear to render specification by diagrams an attractive and plausible approach. Statecharts can be used either as a standalone behavioral description or as part of a more general design methodology that deals also with the system's other aspects, such as functional decomposition and dataflow specification. We also discuss some practical experience that was gained over the last three years in applying the statechart formalism to the specification of a particularly complex system.
The Esterel Synchronous Programming Language: Design, Semantics, Implementation
, 1992
"... this paper, we shall mostly be concerned by reactive kernels that constitute the central and most difficult part of reactive systems. In fact, ESTEREL is not a fullfledged programming language, but rather a program generator used to program reactive kernels in the same way as YACC [32] is used to p ..."
Abstract

Cited by 671 (10 self)
 Add to MetaCart
this paper, we shall mostly be concerned by reactive kernels that constitute the central and most difficult part of reactive systems. In fact, ESTEREL is not a fullfledged programming language, but rather a program generator used to program reactive kernels in the same way as YACC [32] is used to program parsers from grammars. The interface and data handling must be specified in some host language. 1.2. Deterministic reactive programs Determinism is an important characteristic of reactive programs. A deterministic reactive program produces identical output sequences when fed with identical input sequences. All examples above are deterministic if physical time is considered as an input among others. The importance of determinism cannot be overestimated: deterministic systems are one order of magnitude simpler to specify, debug, and analyze than nondeterministic ones
A formal basis for architectural connection
 ACM TRANSACTIONS ON SOJIWARE ENGINEERING AND METHODOLOGY
, 1997
"... ..."
Reachability Analysis of Pushdown Automata: Application to ModelChecking
, 1997
"... We apply the symbolic analysis principle to pushdown systems. We represent (possibly infinite) sets of configurations of such systems by means of finitestate automata. In order to reason in a uniform way about analysis problems involving both existential and universal path quantification (like mode ..."
Abstract

Cited by 292 (36 self)
 Add to MetaCart
We apply the symbolic analysis principle to pushdown systems. We represent (possibly infinite) sets of configurations of such systems by means of finitestate automata. In order to reason in a uniform way about analysis problems involving both existential and universal path quantification (like modelchecking for branchingtime logics), we consider the more general class of alternating pushdown systems and use alternating finitestate automata as a representation structure for their sets of configurations. We give a simple and natural procedure to compute sets of predecessors for this representation structure. We apply this procedure and the automatatheoretic approach to modelchecking to define new modelchecking algorithms for pushdown systems and both linear and branchingtime properties. From these results we derive upper bounds for several modelchecking problems, and we also provide matching lower bounds, using reductions based on some techniques introduced by Walukiewicz.
Automated Consistency Checking of Requirements Specifications
, 1996
"... This paper describes a formal analysis technique, called consistency checking, for automatic detection of errors, such as type errors, nondeterminism, missing cases, and circular definitions, in requirements specifications. The technique is designed to analyze requirements specifications expressed i ..."
Abstract

Cited by 210 (30 self)
 Add to MetaCart
This paper describes a formal analysis technique, called consistency checking, for automatic detection of errors, such as type errors, nondeterminism, missing cases, and circular definitions, in requirements specifications. The technique is designed to analyze requirements specifications expressed in the SCR (Software Cost Reduction) tabular notation. As background, the SCR approach to specifying requirements is reviewed. To provide a formal semantics for the SCR notation and a foundation for consistency checking, a formal requirements model is introduced; the model represents a software system as a finite state automaton, which produces externally visible outputs in response to changes in monitored environmental quantities. Results are presented of two experiments which evaluated the utility and sealability of our technique for consistency checking in a realworld avionics application. The role of consistency checking during the requirements phase of software development is discussed.
Model Checking of Probabilistic and Nondeterministic Systems
, 1995
"... . The temporal logics pCTL and pCTL* have been proposed as tools for the formal specification and verification of probabilistic systems: as they can express quantitative bounds on the probability of system evolutions, they can be used to specify system properties such as reliability and performance. ..."
Abstract

Cited by 200 (13 self)
 Add to MetaCart
. The temporal logics pCTL and pCTL* have been proposed as tools for the formal specification and verification of probabilistic systems: as they can express quantitative bounds on the probability of system evolutions, they can be used to specify system properties such as reliability and performance. In this paper, we present modelchecking algorithms for extensions of pCTL and pCTL* to systems in which the probabilistic behavior coexists with nondeterminism, and show that these algorithms have polynomialtime complexity in the size of the system. This provides a practical tool for reasoning on the reliability and performance of parallel systems. 1 Introduction Temporal logic has been successfully used to specify the behavior of concurrent and reactive systems. These systems are usually modeled as nondeterministic processes: at any moment in time, more than one future evolution may be possible, but a probabilistic characterization of their likelihood is normally not attempted. While ma...
Symmetry and Model Checking
, 1994
"... We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model ch ..."
Abstract

Cited by 166 (15 self)
 Add to MetaCart
We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model checking. 1 Introduction In this paper, we show how to exploit symmetry in model checking. We focus on systems composed of many identical (isomorphic) processes. The global state transition graph M of such a system exhibits a great deal of symmetry, characterized by the group of graph automorphisms of M. The basic idea underlying our method is to reduce model checking over the original structure M, to model checking over a smaller quotient structure M, where symmetric states are identified. In the following paragraphs, we give a more detailed but still informal account of a "grouptheoretic" approach to exploiting symmetry. More precisely, the symmetry of M is reflected in the group, Aut M...
Stochastic Dynamic Programming with Factored Representations
, 1997
"... Markov decision processes(MDPs) have proven to be popular models for decisiontheoretic planning, but standard dynamic programming algorithms for solving MDPs rely on explicit, statebased specifications and computations. To alleviate the combinatorial problems associated with such methods, we propo ..."
Abstract

Cited by 145 (10 self)
 Add to MetaCart
Markov decision processes(MDPs) have proven to be popular models for decisiontheoretic planning, but standard dynamic programming algorithms for solving MDPs rely on explicit, statebased specifications and computations. To alleviate the combinatorial problems associated with such methods, we propose new representational and computational techniques for MDPs that exploit certain types of problem structure. We use dynamic Bayesian networks (with decision trees representing the local families of conditional probability distributions) to represent stochastic actions in an MDP, together with a decisiontree representation of rewards. Based on this representation, we develop versions of standard dynamic programming algorithms that directly manipulate decisiontree representations of policies and value functions. This generally obviates the need for statebystate computation, aggregating states at the leaves of these trees and requiring computations only for each aggregate state. The key to these algorithms is a decisiontheoretic generalization of classic regression analysis, in which we determine the features relevant to predicting expected value. We demonstrate the method empirically on several planning problems,
Property preserving abstractions for the verification of concurrent systems
 FORMAL METHODS IN SYSTEM DESIGN, VOL 6, ISS
, 1995
"... We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a ..."
Abstract

Cited by 136 (4 self)
 Add to MetaCart
We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We give results on the preservation of properties expressed in sublanguages of the branching timecalculus when two systems S and S' are related via h � isimulations. They can be used to verify a property for a system by verifying the same property on a simpler system which is an abstraction of it. We show also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed verification method. This is a revised version of the papers [2] and [16] � the results are fully developed in [27].