## Verification of timed systems using POSETS (1998)

### Cached

### Download Links

- [www.async.ece.utah.edu]
- [www.async.elen.utah.edu]
- [shang.elen.utah.edu]
- [www.async.elen.utah.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | In International Conference on Computer Aided Verification |

Citations: | 35 - 11 self |

### BibTeX

@INPROCEEDINGS{Belluomini98verificationof,

author = {Wendy Belluomini and Chris J. Myers},

title = {Verification of timed systems using POSETS},

booktitle = {In International Conference on Computer Aided Verification},

year = {1998},

pages = {403--415},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. This paper presents a new algorithm for efficiently verifying timed systems. The new algorithm represents timing information using geometric regions and explores the timed state space by considering partially ordered sets of events rather than linear sequences. This approach avoids the explosion of timed states typical of highly concurrent systems by dramatically reducing the ratio of timed states to untimed states in a system. A general class of timed systems which include both event and level causality can be specified and verified. This algorithm is applied to several recent timed benchmarks showing orders of magnitude improvement in runtime and memory usage. 1

### Citations

279 | Modelling and verification of time dependent systems using time Petri nets - Berthomieu, Diaz - 1991 |

275 |
A stubborn attack on state explosion
- Valmari
- 1991
(Show Context)
Citation Context ...ucial to applications such as asynchronous circuits and real-time systems. A number of techniques have been proposed to deal with state explosion. Approaches have been proposed that use stubborn sets =-=[1]-=-, partial orders [2], or unfolding [3]. These techniques reduces the number of states explored by considering only a subset of the possible interleavings between events. These approaches have been suc... |

236 |
Timing assumptions and verification of finite-state concurrent systems
- Dill
- 1989
(Show Context)
Citation Context ...t � only needs to contain information on the timing of the rules that are currently in ����� , not on the whole set of rules. This particular way of representing timed regions was first introduced in =-=[7]-=-. This constraint matrix represents a convex � � ��� � dimensional region. Each dimension corresponds to a rule and the firing times of the rule can be anywhere within the space. 3 Timed state space e... |

164 |
Using Unfoldings to avoid the state explosion pro blem in the verification of asynchronous circuits
- McMillan
- 1992
(Show Context)
Citation Context ...nous circuits and real-time systems. A number of techniques have been proposed to deal with state explosion. Approaches have been proposed that use stubborn sets [1], partial orders [2], or unfolding =-=[3]-=-. These techniques reduces the number of states explored by considering only a subset of the possible interleavings between events. These approaches have been successful, but they only deal with untim... |

149 |
Using partial orders to improve automatic verification methods, in
- Godefroid
- 1990
(Show Context)
Citation Context ...s such as asynchronous circuits and real-time systems. A number of techniques have been proposed to deal with state explosion. Approaches have been proposed that use stubborn sets [1], partial orders =-=[2]-=-, or unfolding [3]. These techniques reduces the number of states explored by considering only a subset of the possible interleavings between events. These approaches have been successful, but they on... |

92 | Techniques for Automatic Verification of Real-Time Systems - Alur - 1991 |

92 |
A Study of the Recoverability of Communication Protocols
- Merlin
(Show Context)
Citation Context ...ing both event and level causality. Through a straightforward construction (omitted due to space constraints), it can be shown that TEL structures are at least as expressive as 1-safe time Petri nets =-=[19]-=-. TEL structures can also represent some behavior more concisely due to their ability to specify levels which are not directly supported in time Petri nets. While they are not as expressive as timed a... |

50 | Some progress in the symbolic verification of timed automata
- Bozga, Maler, et al.
- 1997
(Show Context)
Citation Context ...ues that are multiples of a discretization constant. Discrete time has the advantage that the timing analysis technique is simpler and implicit techniques can be easily applied to improve performance =-=[4, 5]-=-. However, the state space explodes if the delay ranges are large and the discretization constant is set small enough to ensure exact exploration of the state space. ¥ This research is supported by a ... |

48 | Computer-Aided Synthesis and Verification of Gate-Level Timed Circuits
- Myers
- 1995
(Show Context)
Citation Context ...s the single behavioral place (or rule) restriction). This restriction can be worked around with graph transformations, but the graph transformations add ¦ rules for each event with ¦ behavioral rules=-=[15, 16]-=-. In [17], we presented an approximate algorithm for exploring the entire state space with POSETs on a general class of specifications, lifting the single behavioral rule restriction. However, it may ... |

46 | Efficient verification of parallel real-time systems
- Yoneda, Shibayama, et al.
- 1993
(Show Context)
Citation Context ...ithms reduce verification time by exploring only part of the timed state space, but this may limit the timing properties that can be verified. While reducing the number of interleavings is useful, in =-=[10, 11]-=- one region is still required for every firing sequence explored to reach a state. If most interleavings need to be explored, these techniques could still result in state explosion. The algorithm pres... |

43 | Timing analysis in COSPAN
- Alur, Kurshan
- 1996
(Show Context)
Citation Context ...en two nice proofs of STARI’s correctness [21, 23], but they have been on abstract models. In [22], the authors state thatCOSPAN which uses the unit-cube (or region) technique for timing verification =-=[24]-=- ran out of memory attempting to verify a 3 stage gate-level version of STARI on a machine with 1 GB of memory. This paper goes on to describe an abstract model of STARI for which they could verify 8 ... |

27 | STARI: A technique for high-bandwidth communication
- Greenstreet
- 1993
(Show Context)
Citation Context ...ds ¦ 3-bit counter most of the events had 4 behavioral rules, causing a huge combinatorial explosion in the number of regions. The last example is a STARI communication circuit described in detail in =-=[20, 21]-=-. The STARI circuit is used to communicate between two synchronous systems that are operating at the same clock frequency, � , but are out-of-phase due to clock skew which can vary from 0 to skew. The... |

25 | HR: Finite-state analysis of asynchronous circuits with bounded temporal uncertainty - Lewis |

24 |
Representing and Modeling Circuits
- Rokicki
- 1993
(Show Context)
Citation Context ...on is still required for every firing sequence explored to reach a state. If most interleavings need to be explored, these techniques could still result in state explosion. The algorithm presented in =-=[13, 14]-=- significantly reduces the number of regions per untimed state by using partially ordered sets (or POSETs) of events rather than linear sequences to construct the geometric regions. Using this techniq... |

21 | Automatic Synthesis of GateLevel Timed Circuits with Choice - Myers, Rokicki, et al. - 1995 |

18 |
Automatic verificaton of timed circuits
- Rokicki, Myers
- 1994
(Show Context)
Citation Context ...ed by multiple behavioral rules. In [15], graph transformations are described that can create a new specification which satisfies the single behavioral rule restriction allowing verification byOrbits =-=[13, 14]-=-. Using these graph transformations,Orbits could only analyze a 3-bit counter because it required 10,222 geometric regions to find the 64 untimed states. With our new POSET timing algorithm, it only r... |

17 |
Verification of Asynchronous Circuits using Time Petri Net Unfolding
- Semenov, Yakovlev
- 1996
(Show Context)
Citation Context ...ithms reduce verification time by exploring only part of the timed state space, but this may limit the timing properties that can be verified. While reducing the number of interleavings is useful, in =-=[10, 11]-=- one region is still required for every firing sequence explored to reach a state. If most interleavings need to be explored, these techniques could still result in state explosion. The algorithm pres... |

17 | Efficient timing analysis algorithms for timed state space exploration
- Belluomini, Myers
- 1997
(Show Context)
Citation Context ...behavioral place (or rule) restriction). This restriction can be worked around with graph transformations, but the graph transformations add ¦ rules for each event with ¦ behavioral rules[15, 16]. In =-=[17]-=-, we presented an approximate algorithm for exploring the entire state space with POSETs on a general class of specifications, lifting the single behavioral rule restriction. However, it may generate ... |

14 |
Modeling timing assumptions with trace theory,” ICCD
- Burch
- 1989
(Show Context)
Citation Context ...ues that are multiples of a discretization constant. Discrete time has the advantage that the timing analysis technique is simpler and implicit techniques can be easily applied to improve performance =-=[4, 5]-=-. However, the state space explodes if the delay ranges are large and the discretization constant is set small enough to ensure exact exploration of the state space. ¥ This research is supported by a ... |

9 | Timed event/level structures
- Belluomini, Myers
(Show Context)
Citation Context ...presents a new algorithm for timed state space exploration based on geometric regions and POSETs. This algorithm operates on a very general class of specifications, timed event/level (TEL) structures =-=[18]-=-, which are capable of directly expressing both event and level causality. Through a straightforward construction (omitted due to space constraints), it can be shown that TEL structures are at least ... |

5 |
Stari: Skew tolerant communication. unpublished manuscript
- Greenstreet
- 1997
(Show Context)
Citation Context ...ds ¦ 3-bit counter most of the events had 4 behavioral rules, causing a huge combinatorial explosion in the number of regions. The last example is a STARI communication circuit described in detail in =-=[20, 21]-=-. The STARI circuit is used to communicate between two synchronous systems that are operating at the same clock frequency, � , but are out-of-phase due to clock skew which can vary from 0 to skew. The... |

5 |
Stari: A case study in compositional and heirarchical timing verification
- Tasiran, Brayton
- 1997
(Show Context)
Citation Context ...s ��������� ��� and ��������� ��� ) and (2) a new data value must be output by the FIFO before each acknowledgment from the receiver (i.e., ����¦���� ��� or ����¦�������� precedes � ��� ��¦�������� ) =-=[22]-=-. To guarantee the second property, it is necessary to initialize the FIFO to be approximately half-full [21]. In addition to these two properties, we also § new rules for each event that has ¦ behavi... |

3 | Implicit methods for timed circuit synthesis
- Thacker
- 1998
(Show Context)
Citation Context ...currently represents the state space explicitly, and we are working on applying implicit techniques. Our preliminary results show that this can lead to a significant improvement in memory performance =-=[25]-=-. Acknowledgments We would like to thank Mark Greenstreet of the University of British Columbia, Brandon Bachman, Eric Mercer, and Robert Thacker of the University of Utah and Tom Rokicki of Hewlett P... |

2 |
Practical applications of an efficient time seperation of events algorithm
- Hulgaard, Burns, et al.
- 1993
(Show Context)
Citation Context ...has ¦ behavioral rules. In thesverified that every gate is hazard-free (i.e., once a gate is enabled, it cannot be disabled until it has fired). There have been two nice proofs of STARI’s correctness =-=[21, 23]-=-, but they have been on abstract models. In [22], the authors state thatCOSPAN which uses the unit-cube (or region) technique for timing verification [24] ran out of memory attempting to verify a 3 st... |

1 | Efficient parial enumeration for timing analysis of asynchronous systems - Verlind, Jong, et al. - 1996 |