Results 1  10
of
18
Distributing Timed Model Checking  How the Search Order Matters
, 2000
"... In this paper we address the problem of distributing model checking of timed automata. We demonstrate through four real life examples that the combined processing and memory resources of multiprocessor computers can be effectively utilized. The approach assumes a distributed memory model and is appl ..."
Abstract

Cited by 54 (7 self)
 Add to MetaCart
In this paper we address the problem of distributing model checking of timed automata. We demonstrate through four real life examples that the combined processing and memory resources of multiprocessor computers can be effectively utilized. The approach assumes a distributed memory model and is applied to both a network of workstations and a symmetric multiprocessor machine. However, certain unexpected phenomena have to be taken into account. We show how in the timed case the search order of the state space is crucial for the effectiveness and scalability of the exploration. An effective heuristic to counter the effect of the search order is provided. Some of the results open up for improvements in the single processor case.
CounterExample Guided Predicate Abstraction of Hybrid Systems
, 2003
"... Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate systems, and has been recently shown to enhance the effectiveness of the reachability computation techniques for hybrid systems. Given a hybrid system with linear dynamics and a set of ..."
Abstract

Cited by 44 (8 self)
 Add to MetaCart
(Show Context)
Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate systems, and has been recently shown to enhance the effectiveness of the reachability computation techniques for hybrid systems. Given a hybrid system with linear dynamics and a set of linear predicates, the verifier performs an onthefly search of the finite discrete quotient whose states correspond to the truth assignments to the input predicates. The success of this approach crucially depends on the choice of the predicates used for abstraction. In this paper, we focus on identifying these predicates automatically by analyzing spurious counterexamples generated by the search in the abstract statespace. We present the basic techniques for discovering new predicates that will rule out closely related spurious counterexamples, optimizations of these techniques, implementation of these in the verification tool, and case studies demonstrating the promise of the approach.
UPPAAL: Status Developments
 In Proceedings of CAV'97
, 1997
"... Introduction Uppaal 3 is a tool box for validation (via graphical simulation) and verification (via automatic modelchecking) of realtime systems, based on constraint solving and onthe fly techniques. It consists of three main parts: a description language, a simulator and a modelchecker. It i ..."
Abstract

Cited by 37 (1 self)
 Add to MetaCart
(Show Context)
Introduction Uppaal 3 is a tool box for validation (via graphical simulation) and verification (via automatic modelchecking) of realtime systems, based on constraint solving and onthe fly techniques. It consists of three main parts: a description language, a simulator and a modelchecker. It is appropriate for systems that can be modelled as networks of timed automata [3, 2], i.e. a collection of nondeterministic processes with finite control structure and realvalued clocks, communicating through channels and shared variables. The description language of Uppaal is a nondeterministic guarded command language with data types (currently, only integer and clock, with restricted forms of operations implemented). The semantics of the language is given in terms of labelled transition systems in the tradition of timed process algebras. The simulator enables examination of possible dynamic executions in early
CMC: A Tool For Compositional ModelChecking Of RealTime Systems
 In Proc. IFIP Joint Int. Conf. Formal Description Techniques & Protocol Specification, Testing, and Verification (FORTEPSTV'98
, 1988
"... : In this paper we present a tool (CMC) for compositional modelchecking of realtime systems. CMC is based on a completely different method compared to existing realtime verification tools (HYTECH, KRONOS, UPPAAL) . After a description of the method, we illustrate its efficiency by considering two ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
: In this paper we present a tool (CMC) for compositional modelchecking of realtime systems. CMC is based on a completely different method compared to existing realtime verification tools (HYTECH, KRONOS, UPPAAL) . After a description of the method, we illustrate its efficiency by considering two examples : the Fischer's mutual exclusion protocol and a railroad crossing system. INTRODUCTION Within the last decade, modelchecking has turned out to be a useful and successful technique for the verification of temporal properties in finite state systems. More recently, serious attempts have been made to extend the success of modelchecking to the setting of realtime systems, with timed automata [2] as models. The major obstacle for the modelchecking approach is the wellknown state explosion problem due to parallel composition (as in the untimed case) and also to time encoding. Several heuristics have been proposed to overcome this problem : symbolic modelchecking [10], onthefly tec...
Clock Difference Diagrams
 Nordic Journal of Computing
, 1999
"... We sketch a BDDlike structure for representing unions of simple convex polyhedra, describing the legal values of a set of clocks given bounds on the values of clocks and clock differences. 1 Introduction The basic problem we are trying to tackle is the combination BDD's and DBM's (differ ..."
Abstract

Cited by 26 (8 self)
 Add to MetaCart
(Show Context)
We sketch a BDDlike structure for representing unions of simple convex polyhedra, describing the legal values of a set of clocks given bounds on the values of clocks and clock differences. 1 Introduction The basic problem we are trying to tackle is the combination BDD's and DBM's (difference bound matrices) in order to allow a completely BDDbased approach to the verification of continuous realtime systems. Early approaches in this direction include [WTD95] and [Bal96]. Another inspiration for this work comes from [ST98]. Some of the ideas come from the implementation of a decision algorithm for timed bisimulation ([WL97]). 2 Definition of CDD's We assume a finite set of realvalued clocks C = fX 1 ; : : : ; X k g. We are interested in a data structure to represent and manipulate sets of possible values of these clocks. In particular, we shall confine ourselves to sets being the finite unions of simple convex polyhedra. The simple convex polyhedra are described by bounds on the ind...
Robustness in realtime systems
 In SIES’11
"... We review several aspects of robustness of realtime systems, and present recent results on the robust verification of timed automata. 1 ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
(Show Context)
We review several aspects of robustness of realtime systems, and present recent results on the robust verification of timed automata. 1
Multiclock timed networks
 In Proc.LICS' 04
, 2004
"... Abstract. We consider verification of safety properties for parameterized systems of timed processes, so called timed networks. A timed network consists of a finite state process, called a controller, and an arbitrary set of identical timed processes. In a previous work, we showed that checking safe ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Abstract. We consider verification of safety properties for parameterized systems of timed processes, so called timed networks. A timed network consists of a finite state process, called a controller, and an arbitrary set of identical timed processes. In a previous work, we showed that checking safety properties is decidable in the case where each timed process is equipped with a single realvalued clock. It was left open whether the result could be extended to multiclock timed networks. We show that the problem becomes undecidable when each timed process has two clocks. On the other hand, we show that the problem is decidable when clocks range over a discrete time domain. This decidability result holds when processes have any finite number of clocks. 1
Modeling and analysis of hybrid systems
, 2003
"... First, and foremost, I want to thank my advisor Professor Rajeev Alur. His knowledge and constant guidance have helped me a long way towards completing this thesis. I would also like to thank Professor Insup Lee for chairing my thesis committee, and Professors Vijay Kumar, George Pappas, and Bruce ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
First, and foremost, I want to thank my advisor Professor Rajeev Alur. His knowledge and constant guidance have helped me a long way towards completing this thesis. I would also like to thank Professor Insup Lee for chairing my thesis committee, and Professors Vijay Kumar, George Pappas, and Bruce Krogh from the CarnegieMellon University for accepting to be members on my thesis committee. Many thanks go out to Professor Oleg Sokolsky as well. In addition, I would like to thank the whole CIS department for making Penn such a fruitful experience to me. Special thanks go out to Mike Felker who was always helpful. During my time at Penn, I have collaborated with many researchers from the CIS department, as well as other departments of Penn, but also with members of other research organizations. Most importantly, I would like to thank Thao Dang, without whom most of this work would not have been implementable, and who also became a very close friend of mine in the process. Additionally, I would like to thank Eric Aaron, Calin Belta, Ansgar Fehnker, and Jesung Kim for various contributions to my research that is presented in this thesis. I also want to thank Maria Adamou, Dimos
AbstractionBased Verification of Distributed Systems
"... This thesis presents abstractionbased proof methods and practical abstraction strategies tosupporttheintegrationoftheoremprovingandmodel two parts. In therstpartwepresentabstractionframeworksforuntimed checkingmethodsinvericationofdistributedsystems. Thethesisisin automatonmodel wepresentpreservati ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
This thesis presents abstractionbased proof methods and practical abstraction strategies tosupporttheintegrationoftheoremprovingandmodel two parts. In therstpartwepresentabstractionframeworksforuntimed checkingmethodsinvericationofdistributedsystems. Thethesisisin automatonmodel wepresentpreservation conditionsforsafetyand live timedautomata. Theframeworksprovidegeneralconditionsforpreser systemsdescribedasI/Oautomataandforrealtimesystemsdescribedas vationofpropertiesfromconcretesystemstoabstractones.FortheI/O malizedusingtheLarchtheoremproverandaschemefortranslatingI/O automataintotheSPINmodelcheckerisexamined.Forthetimedau conditionsarebasedonsimulationrelations.Theabstractiontheoryisfornesspropertiesstatedoveractionsaswellasoverstates.Thepreservation timedreadysimulationrelation.Ourpreservationconditionsarebasedon tomatonmodelweprovidepreservationconditionsbasedonrequirements anactionparameterizedvariantofthissimulationrelation.Thetimedab statedasautomatonspecicationswithasatisfactionrelationintheforma stractionframeworkisstatedintheinputlanguageoftheUPPAALmodel checkerforrealtimesystemsprovidingacloselinktoautomaticverica forthreenontrivialdistributedalgorithmsallparameterizedinthenumber tion.Inthesecondpartofthisthesisweprovideabstractionbasedproofs ofprocesses:Burns'MutualExclusionalgorithm,TheBoundedConcurrent theLarchProverandtheSPINmodelchecker.TheproofoftheBCTSS strategybasedonskolemizationandtheproofiscarriedoutbysupportfrom TimestampSystem(BCTSS)algorithm,andFischer'sRealTimeMutual algorithmisthemostadvancedinthisthesis.TheBCTSSalgorithmisone Exclusionalgorithm.TheproofofBurns'algorithmutilizesanabstraction ofthemostcomplicatedalgorithmsinthedistributedsystemsliteratureand exploitsacombinationofinductionandabstractionstrategiestodelegate majorprooftaskstoautomaticvericationintheSPINmodelchecker.The existingproofsarealllongandhardtounderstand.Ourabstractionproof checkerisusedtoverifytheconstructedabstraction. abstractionstrategiesbasedonnetworkinvariants.TheUPPAALmodel proofofFischer'salgorithmutilizesacombinationofcompositionalityand iii ivDanskSammenfatning
Predicate Diagrams for the Verification of RealTime Systems
"... This article discusses a new format of predicate diagrams for the verification of realtime systems. We consider systems that are defined as extended timed graphs, a format that combines timed automata and constructs for modelling data, possibly over infinite domains. Predicate diagrams are succinc ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
This article discusses a new format of predicate diagrams for the verification of realtime systems. We consider systems that are defined as extended timed graphs, a format that combines timed automata and constructs for modelling data, possibly over infinite domains. Predicate diagrams are succinct and intuitive representations of Boolean abstractions. They also represent an interface between deductive tools used to establish the correctness of an abstraction, and model checking tools that can verify behavioral properties of finitestate models. The contribution of this article is to extend the format of predicate diagrams to timed systems. We establish a set of verification conditions that are sufficient to prove that a given predicate diagram is a correct abstraction of an extended timed graph; these verification conditions can often be discharged with SMT solvers such as CVClite. Additionally, we describe how this approach extends naturally to the verification of parameterized systems. The formalism is supported by a toolkit, and we demonstrate its use at the hand of Fischer’s realtime mutualexclusion protocol.