Results 1  10
of
156
The algorithmic analysis of hybrid systems
 THEORETICAL COMPUTER SCIENCE
, 1995
"... We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamica ..."
Abstract

Cited by 598 (70 self)
 Add to MetaCart
We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewiselinear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard programanalysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic modelchecking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.
Algorithms for Scalable Synchronization on SharedMemory Multiprocessors
 ACM Transactions on Computer Systems
, 1991
"... Busywait techniques are heavily used for mutual exclusion and barrier synchronization in sharedmemory parallel programs. Unfortunately, typical implementations of busywaiting tend to produce large amounts of memory and interconnect contention, introducing performance bottlenecks that become marke ..."
Abstract

Cited by 487 (31 self)
 Add to MetaCart
Busywait techniques are heavily used for mutual exclusion and barrier synchronization in sharedmemory parallel programs. Unfortunately, typical implementations of busywaiting tend to produce large amounts of memory and interconnect contention, introducing performance bottlenecks that become markedly more pronounced as applications scale. We argue that this problem is not fundamental, and that one can in fact construct busywait synchronization algorithms that induce no memory or interconnect contention. The key to these algorithms is for every processor to spin on separate locallyaccessible ag variables, and for some other processor to terminate the spin with a single remote write operation at an appropriate time. Flag variables may be locallyaccessible as a result of coherent caching, or by virtue of allocation in the local portion of physically distributed shared memory. We present a new scalable algorithm for spin locks that generates O(1) remote references per lock acquisition, independent of the number of processors attempting to acquire the lock. Our algorithm provides reasonable latency in the absence of contention, requires only a constant amount of space per lock, and requires no hardware support other than
Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems
, 1992
"... We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examp ..."
Abstract

Cited by 361 (20 self)
 Add to MetaCart
We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examples considered in the workshop can be defined by hybrid automata. While the reachability problem is undecidable even for very restricted classes of hybrid automata, we present two semidecision procedures for verifying safety properties of piecewiselinear hybrid automata, in which all variables change at constant rates. The two procedures are based, respectively, on minimizing and computing fixpoints on generally infinite state spaces. We show that if the procedures terminate, then they give correct answers. We then demonstrate that for many of the typical workshop examples, the procedures do terminate and thus provide an automatic way for verifying their properties. 1 Introduction More and...
An OldFashioned Recipe for Real Time
, 1993
"... this paper appeared in ACM Transactions on Programming Languages and Systems 16, 5 (September 1994) 1543 1571. The appendix was published electronically by the ACM. Contents ..."
Abstract

Cited by 205 (13 self)
 Add to MetaCart
this paper appeared in ACM Transactions on Programming Languages and Systems 16, 5 (September 1994) 1543 1571. The appendix was published electronically by the ACM. Contents
Thin Locks: Featherweight Synchronization for Java
, 1998
"... Languagesupported synchronization is a source of serious performance problems in many Java programs. Even singlethreaded applications may spend up to half their time performing useless synchronization due to the threadsafe nature of the Java libraries. We solve this performance problem with a new ..."
Abstract

Cited by 116 (5 self)
 Add to MetaCart
Languagesupported synchronization is a source of serious performance problems in many Java programs. Even singlethreaded applications may spend up to half their time performing useless synchronization due to the threadsafe nature of the Java libraries. We solve this performance problem with a new algorithm that allows lock and unlock operations to be performed with only a few machine instructions in the most common cases. Our locks only require a partial word per object, and were implemented without increasing object size. We present measurements from our implementation in the JDK 1.1.2 for AIX, demonstrating speedups of up to a factor of 5 in microbenchmarks and up to a factor of 1.7 in real programs. 1 Introduction Monitors [5] are a languagelevel construct for providing mutually exclusive access to shared data structures in a multithreaded environment. However, the overhead required by the necessary locking has generally restricted their use to relatively "heavyweight" object...
Verification of RealTime Systems using Linear Relation Analysis
 FORMAL METHODS IN SYSTEM DESIGN
, 1997
"... Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous ..."
Abstract

Cited by 110 (5 self)
 Add to MetaCart
Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous programs and linear hybrid systems.
Empirical Studies of Competitive Spinning for a SharedMemory Multiprocessor
 IN PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON OPERATING SYSTEMS PRINCIPLES
, 1991
"... A common operation in multiprocessor programs is acquiring a lock to protect access to shared data. Typically, the requesting thread is blocked if the lock it needs is held by another thread. The cost of blocking one thread and activating another can be a substantial part of program execution time. ..."
Abstract

Cited by 100 (1 self)
 Add to MetaCart
A common operation in multiprocessor programs is acquiring a lock to protect access to shared data. Typically, the requesting thread is blocked if the lock it needs is held by another thread. The cost of blocking one thread and activating another can be a substantial part of program execution time. Alternatively, the thread could spin until the lock is free, or spin for a while and then block. This may avoid contextswitch overhead, but processor cycles may be wasted in unproductive spinning. This paper studies seven strategies for determining whether and how long to spin before blocking. Of particular interest are competitive strategies, for which the performance can be shown to be no worse than some constant factor times an optimal offline strategy. The performance of five competitive strategies is compared with that of always blocking, always spinning, or using the optimal offline algorithm. Measurements of lockwaiting time distributions for five parallel programs were used to co...
Parametric realtime reasoning
 IN PROCEEDINGS OF THE 25TH ANNUAL SYMPOSIUM ON THEORY OF COMPUTING
, 1993
"... Traditional approaches to the algorithmic verification of realtime systems are limited to checking program correctness with respect to concrete timing properties (e.g., "message delivery within 10 milliseconds"). We address the more realistic and more ambitious problem of deriving symbolic constrai ..."
Abstract

Cited by 96 (6 self)
 Add to MetaCart
Traditional approaches to the algorithmic verification of realtime systems are limited to checking program correctness with respect to concrete timing properties (e.g., "message delivery within 10 milliseconds"). We address the more realistic and more ambitious problem of deriving symbolic constraints on the timing properties required of realtime systems (e.g., "message delivery within the time it takes to execute two assignment statements"). To model this problem, we introduce parametric timed automata  finitestate machines whose transitions are constrained with parametric timing requirements. The emptiness question for parametric timed automata is central to the verification problem. On the negative side, we show that in general this question is undecidable. On the positive side, we provide algorithms for checking the emptiness of restricted classes of parametric timed automata. The practical relevance of these classes is illustrated with several verification examples. There remains a gap between the automata classes for which we know that emptiness is decidable and undecidable, respectively, and this gap is related to various hard and open problems of logic and automata theory.
Verification of Linear Hybrid Systems By Means of Convex Approximations
, 1994
"... We present a new application of the abstract interpretation by means of convex polyhedra, to a class of hybrid systems, i.e., systems involving both discrete and continuous variables. The result is an efficient automatic tool for approximate, but conservative, verification of reachability propert ..."
Abstract

Cited by 79 (2 self)
 Add to MetaCart
We present a new application of the abstract interpretation by means of convex polyhedra, to a class of hybrid systems, i.e., systems involving both discrete and continuous variables. The result is an efficient automatic tool for approximate, but conservative, verification of reachability properties of these systems. 1 Introduction Timed automata [AD90] have been recently introduced to model realtime systems. A timed automaton is a finite automaton associated with a finite set of clocks, each clock counting the continuous elapsing of time. Each transition of the automaton can be guarded by a simple linear condition on the clock values, and can result in resetting some clocks to zero. A nice feature of this model is that it can be abstracted into a finite state system, and that all the standard verification problems (reachability, TCTL modelchecking [ACD90, HNSY92]) are decidable. However, many interesting extensions of this model have been shown to lose this decidability propert...
A Concurrent Object Calculus: Reduction and Typing
 HLCL'98 TO APPEAR
, 1998
"... We obtain a new formalism for concurrent objectoriented languages by extending Abadi and Cardelli's imperative object calculus with operators for concurrency from thecalculus and with operators for synchronisation based on mutexes. Our syntax of terms is extremely expressive; in a precise sense it ..."
Abstract

Cited by 79 (4 self)
 Add to MetaCart
We obtain a new formalism for concurrent objectoriented languages by extending Abadi and Cardelli's imperative object calculus with operators for concurrency from thecalculus and with operators for synchronisation based on mutexes. Our syntax of terms is extremely expressive; in a precise sense it unifies notions of expression, process, store, thread, and configuration. We present a chemicalstyle reduction semantics, and prove it equivalent to a structural operational semantics. We identify a deterministic fragment that is closed under reduction and show that it includes the imperative object calculus. A collection of type systems for objectoriented constructs is at the heart of Abadi and Cardelli's work. We recast one of Abadi and Cardelli's firstorder type systems with object types and subtyping in the setting of our calculus and prove subject reduction. Since our syntax of terms includes both stores and running expressions, we avoid the need to separate store typing from typing of expressions. We translate asynchronous communication channels and the choicefree asynchronouscalculus into our calculus to illustrate its expressiveness; the types of readonly and writeonly channels are supertypes of readwrite channels.