Proving safety properties of an aircraft landing protocol using I/O Automata and the PVS theorem prover: A case study
 In: Formal Methods, 14th International Symposium on Formal Methods. Volume 4085 of Lecture Notes in Computer Science
, 2006
"... Abstract. This paper presents an assertionalstyle verification of the aircraft landing protocol of NASA’s SATS (Small Aircraft Transportation System) concept [1] using the I/O automata framework and the PVS theorem prover. We reconstructed the mathematical model of the landing protocol presented in ..."
Cited by 13 (3 self)
Abstract. This paper presents an assertionalstyle verification of the aircraft landing protocol of NASA’s SATS (Small Aircraft Transportation System) concept [1] using the I/O automata framework and the PVS theorem prover. We reconstructed the mathematical model of the landing protocol presented
LIBRARIES Translating Timed I/O Automata Specifications for Theorem Proving in PVS
"... The timed input/output automaton modeling framework is a mathematical framework for specification and analysis of systems that involve discrete and continuous evolution. In order to employ an interactive theorem prover in deducing properties of a timed input/output automaton, its statetransition bas ..."
based description has to be translated to the language of the theorem prover. This thesis describes a tool for translating from TIOA, the formal language for describing timed input/output automata, to the language of the Prototype Verification System (PVS)a specification system with an integrated
Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems
, 1992
"... We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examp ..."
Cited by 460 (20 self)
of the examples considered in the workshop can be defined by hybrid automata. While the reachability problem is undecidable even for very restricted classes of hybrid automata, we present two semidecision procedures for verifying safety properties of piecewiselinear hybrid automata, in which all variables change
UPPAAL in a Nutshell
, 1997
"... . This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, ..."
Cited by 663 (49 self)
, to specify and verify its safety and bounded liveness properties in terms of its model. In addition, the paper also provides a short review on casestudies where Uppaal is applied, as well as references to its theoretical foundation. 1 Introduction Uppaal is a tool box for modeling, simulation
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
"... We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic. ..."
Cited by 1300 (17 self)
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
Reusable PVS Proof Strategies for Proving Abstraction Properties of I/O Automata
"... Abstract Recent modifications to PVS support a new technique for defining abstraction properties relating automata in a clean and uniform way. This definition technique employs specification templates that can support development of generic high level PVS strategies that set up the standard subgoals ..."
strategies in the TAME (Timed Automata Modeling Environment) interface to PVS; thus, our new templates and strategies provide an extension to TAME for proofs of abstraction. We illustrate how the extended set of TAME templates and strategies can be used to prove example I/O automata abstraction properties
Proving Invariants of I/O Automata with TAME
, 2002
"... This paper describes a specialized interface to PVS called TAME (Timed Automata Modeling Environment) which provides automated support for proving properties of I/O automata. A major goal of TAME is to allow a software developer to use PVS to specify and prove properties of an I/O automaton efficie ..."
Cited by 20 (12 self)
This paper describes a specialized interface to PVS called TAME (Timed Automata Modeling Environment) which provides automated support for proving properties of I/O automata. A major goal of TAME is to allow a software developer to use PVS to specify and prove properties of an I/O automaton
Abstract PVS Strategies for Proving Abstraction Properties of Automata
"... Abstractions are important in specifying and proving properties of complex systems. To prove that a given automaton implements an abstract specification automaton, one must first find the correct abstraction relation between the states of the automata, and then show that this relation is preserved b ..."
the “natural ” proof steps needed to complete the proofs of any of the standard subgoals remaining to be proved, the abstraction proof strategies can form part of a set of mechanized proof steps that can be used interactively to translate high level proof sketches into PVS proofs. Using timed I/O automata
Planning Algorithms
, 2004
"... This book presents a unified treatment of many different kinds of planning algorithms. The subject lies at the crossroads between robotics, control theory, artificial intelligence, algorithms, and computer graphics. The particular subjects covered include motion planning, discrete planning, planning ..."
Cited by 1108 (51 self)
This book presents a unified treatment of many different kinds of planning algorithms. The subject lies at the crossroads between robotics, control theory, artificial intelligence, algorithms, and computer graphics. The particular subjects covered include motion planning, discrete planning
