Results 1  10
of
86
Kronos: A modelchecking tool for realtime systems,” in Computer Aided Verification, ser.
 Lecture Notes in Computer Science, A. Hu
, 1998
"... ..."
Automatic verification of realtime systems with discrete probability distributions
 Theoretical Computer Science
, 1999
"... Abstract. We consider the timed automata model of [3], which allows the analysis of realtime systems expressed in terms of quantitative timing constraints. Traditional approaches to realtime system description express the model purely in terms of nondeterminism; however, we may wish to express the ..."
Abstract

Cited by 118 (33 self)
 Add to MetaCart
Abstract. We consider the timed automata model of [3], which allows the analysis of realtime systems expressed in terms of quantitative timing constraints. Traditional approaches to realtime system description express the model purely in terms of nondeterminism; however, we may wish to express the likelihood of the system making certain transitions. In this paper, we present a model for realtime systems augmented with discrete probability distributions. Furthermore, using the algorithm of [5] with fairness, we develop a model checking method for such models against temporal logic properties which can refer both to timing properties and probabilities, such as, “with probability 0.6 or greater, the clock x remains below 5 until clock y exceeds 2”. 1
Blackbox conformance testing for realtime systems
 In 11th International SPIN Workshop on Model Checking of Software (SPIN’04), volume 2989 of LNCS
, 2004
"... We propose a new framework for blackbox conformance testing of realtime systems. The framework is based on the model of partiallyobservable, nondeterministic timed automata. We argue that partial observability and nondeterminism are essential features for ease of modeling, expressiveness and im ..."
Abstract

Cited by 76 (11 self)
 Add to MetaCart
(Show Context)
We propose a new framework for blackbox conformance testing of realtime systems. The framework is based on the model of partiallyobservable, nondeterministic timed automata. We argue that partial observability and nondeterminism are essential features for ease of modeling, expressiveness and implementability. The framework allows the user to define, through appropriate modeling, assumptions on the environment of the system under test (SUT) as well as on the interface between the tester and the SUT. We consider two types of tests: analogclock tests and digitalclock tests. Our algorithm to generate analogclock tests is based on an onthefly determinization of the specification automaton during the execution of the test, which in turn relies on reachability computations. The latter can sometimes be costly, thus problematic, since the tester must quickly react to the actions of the system under test. Therefore, we provide techniques which allow analogclock testers to be represented as deterministic timed automata, thus minimizing the reaction time to a simple state jump. We provide algorithms for static or onthefly generation of digitalclock tests. These tests measure time only with finiteprecision, digital clocks, another essential condition for implementability. We also propose a technique for location, edge and state coverage of the specification, by reducing the problem to covering a symbolic reachability graph. This avoids having to generate too many tests. We report on a prototype tool TTG and two case studies: a lighting device and the Bounded Retransmission Protocol. Experimental results obtained by applying TTG on the Bounded Retransmission Protocol show that only a few tests suffice to cover thousands of reachable symbolic states in the specification.
Guided Synthesis of Control Programs Using UPPAAL
, 2000
"... In this paper we address the problem of scheduling and synthesizing distributed control programs for a batch production plant. We use a timed automata model of the batch plant and the verification tool UPPAAL to solve the scheduling problem. The plant model aims at faithfully reflecting the level of ..."
Abstract

Cited by 58 (27 self)
 Add to MetaCart
(Show Context)
In this paper we address the problem of scheduling and synthesizing distributed control programs for a batch production plant. We use a timed automata model of the batch plant and the verification tool UPPAAL to solve the scheduling problem. The plant model aims at faithfully reflecting the level of abstraction required for synthesizing control programs from generated timed traces. Therefore it quickly becomes too detailed and complicated for automatic synthesis. To solve this problem we present a general way of adding guidance to a model by augmenting it with additional guidance variables and decorating the transitions with extra guards. Applying this technique have made synthesis of control programs feasible for a plant producing as many as 60 batches. In comparison, we could only handle plants producing two batches without using guides. The synthesized control programs have been executed in a physical plant. This proved useful in validating the correctness of the plant model and in ...
Automatic Verification of Realtime Communicating Systems by Constraint Solving
 IN PROC. PF 5TH INT CONF. ON CAV, LNCS 697
, 1993
"... In this paper, an algebra of timed processes with realvalued clocks is presented, which may serve as a description language for networks of timed automata. We show that requirements such as "a process will never reach an undesired state" can be verified by solving a simple class of constr ..."
Abstract

Cited by 49 (15 self)
 Add to MetaCart
In this paper, an algebra of timed processes with realvalued clocks is presented, which may serve as a description language for networks of timed automata. We show that requirements such as "a process will never reach an undesired state" can be verified by solving a simple class of constraints on the clockvariables. A symbolic onthefly reachability algorithm for the language has been developed and implemented as a software tool based on constraintsolving techniques. To our knowledge, this is the first onthefly verification algorithm for timed automata. In fact, the tool is the very first implementation of the Uppaal tool. As examples, we model and verify safety properties of a realtime mutual exclusion protocol and a railway crossing controller.
UPPAAL Implementation Secrets
, 2002
"... In this paper we present the continuous and ongoing development of datastructures and algorithms underlying the veri cation engine of the tool Uppaal. In particular, we review the datastructures of Dierence Bounded Matrices, Minimal Constraint Representation and Clock Dierence Diagrams used in ..."
Abstract

Cited by 44 (14 self)
 Add to MetaCart
In this paper we present the continuous and ongoing development of datastructures and algorithms underlying the veri cation engine of the tool Uppaal. In particular, we review the datastructures of Dierence Bounded Matrices, Minimal Constraint Representation and Clock Dierence Diagrams used in symbolic statespace representation andanalysis for realtime systems.
Probabilistic Model Checking of Deadline Properties in the IEEE1394 FireWire Root Contention Protocol
 in the IEEE 1394 FireWire root contention protocol. Special Issue of Formal Aspects of Computing
"... The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automati ..."
Abstract

Cited by 41 (24 self)
 Add to MetaCart
The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automatic verification techniques such as model checking have been adapted to this class of probabilistic, timed systems [1, 9, 3, 14]. This abstract considers an application of such techniques to the IEEE1394 (FireWire) root contention protocol, in which the interplay between timed and probabilistic aspects is used to break the symmetry which may arise during the leader election process. Here, the properties of interest concern the election of a leader within a certain deadline, with a certain probability or greater. Our specification formalism is that of probabilistic timed automata [14], a variant of timed automa...
Efficient Verification of Timed Automata using Dense and Discrete Time Semantics
"... In this paper we argue that the semantic issues of discrete vs. dense time should be separated as much as possible from the pragmatics of statespace representation. Contrary to some misconceptions, the discrete semantics is not inherently bound to use stateexplosive techniques any more than the de ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
In this paper we argue that the semantic issues of discrete vs. dense time should be separated as much as possible from the pragmatics of statespace representation. Contrary to some misconceptions, the discrete semantics is not inherently bound to use stateexplosive techniques any more than the dense one. In fact, discrete timed automata can be analyzed using any representation scheme (such as DBM) used for dense time, and in addition can benefit from enumerative andsymbolic techniques (such as BDDs) which are not naturally applicable to dense time. DBMs, on the other hand, can still be used more efficiently by taking into account the activity of clocks, to eliminate redundancy. To support these claims we report experimental results obtained using an extension of Kronos with BDDs and variabledimension DBMs where we veri ed the asynchronous chip STARI, a FIFO bu er which provides for skewtolerant communication between two synchronous systems. Using discrete time and BDDs we were able to prove correctness of a STARI implementation with 18 stages (55 clocks), better than what has been achieved using other techniques. The verification results carry over to the dense semantics. Using variabledimension DBMs we havemanaged to verify STARI for up to 8 stages (27 clocks). In fact, our analysis shows that at most one third of the clocks are active at any reachable state, and about one fourth of the clocks are active in 90 % of the reachable states.
Automatic Verification of the IEEE1394 Root Contention Protocol with KRONOS and PRISM
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
"... We report on the automatic verification of timed probabilistic properties of the IEEE 1394 root contention protocol combining two existing tools: the realtime modelchecker Kronos and the probabilistic modelchecker Prism. The system is modelled as a probabilistic timed automaton. We first use Kro ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
We report on the automatic verification of timed probabilistic properties of the IEEE 1394 root contention protocol combining two existing tools: the realtime modelchecker Kronos and the probabilistic modelchecker Prism. The system is modelled as a probabilistic timed automaton. We first use Kronos to perform a symbolic forward reachability analysis to generate the set of states that are reachable with nonzero probability from the initial state, and before the deadline expires. We then encode this information as a Markov decision process to be analyzed with Prism. We apply this technique to compute the minimal probability of a leader being elected before a deadline, for different deadlines, and study how this minimal probability is influenced by using a biased coin and considering different wire lengths.
Static guard analysis in timed automata verification
 IN TACAS
, 2003
"... By definition Timed Automata have an infinite statespace, thus for verification purposes, an exact finite abstraction is required. We propose a locationbased finite zone abstraction, which computes an abstraction based on the relevant guards for a particular state of the model (as opposed to all ..."
Abstract

Cited by 26 (8 self)
 Add to MetaCart
By definition Timed Automata have an infinite statespace, thus for verification purposes, an exact finite abstraction is required. We propose a locationbased finite zone abstraction, which computes an abstraction based on the relevant guards for a particular state of the model (as opposed to all guards). We show that the locationbased zone abstraction is sound and complete with respect to location reachability; that it generalises activeclock reduction, in the sense that an inactive clock has no relevant guards at all; that it enlarges the class of timed automata, that can be verified. We generalise the new abstraction to the case of networks of timed automata, and experimentally demonstrate a potentially exponential speedup compared to the usual abstraction.