V. Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....of composing these automata with others, and of describing what is preserved by implementation relationships. For simplicity, we write these specifications to describe only safety properties, although the same methods can be used to handle liveness properties, formulated as time bounds (see, e.g. [22, 23]) 10 This section contains a specification of the problem of achieving private communication among the members of a finite collection P of clients. The specification expresses three properties: 1) only messages that are sent are delivered, 2) messages are delivered at most once each, and (3) ....

....liveness properties. For the simple case of this paper, with a passive eavesdropper, liveness claims are certainly possible. They can be incorporated easily into the model in the form of time bounds, and proved using the usual assertional methods for timing analysis, such as those appearing in [5, 22]. For more active adversaries, more sophisticated algorithms can guarantee liveness properties, which could also be formulated as time bounds and proved similarly. Another interesting research direction is the modular introduction of probabilistic considerations. A great deal of reasoning about ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

.... of Alur and Dill [16] to one of Lamport [17] and to one of Henzinger, Manna and Pnueli [18] In contrast to those formalisms, the development and use of the timed I O automaton model has focused on compositional properties [19] implementation relations [20] and semi automated proof checking [21] with less emphasis on syntactic forms, temporal logics, and fully automatic analysis. Just as timed I O automata have been extended to hybrid I O automata to treat hybrid systems, so have other real time models. For example, the timed transition system model of [18] is extended to the phase ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master 's thesis, MIT Electrical Engineering and Computer Science, 1995. In progress.

....especially the documentation of the internal structure of PVS sequents, have allowed us to make the TAME strategies more generic. Several researchers have applied mechanical theorem provers to LV timed automata or I O automata. In addition to the application of PVS described in [12] reference [20] describes how the Larch theorem prover LP was used to prove properties of several protocols specified as LV timed automata, and reference [26] describes a verification environment for I O automata based on Isabelle; like [12] both include simulation proofs as well as proofs of invariants. In ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Massachusetts Institute of Technology, June 1995.

....especially the documentation of the internal structure of PVS sequents, have allowed us to make the TAME strategies more generic. Several researchers have applied mechanical theorem provers to LV timed automata or I O automata. In addition to the application of PVS described in [9] reference [16] describes how the Larch theorem prover LP was used to prove properties of several protocols specified as LV timed automata, and reference [19] describes a verification environment for I O automata based on Isabelle; like [9] both include simulation proofs as well as proofs of invariants. In ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master 's thesis, MIT, June 1995.

.... regarding TAME have been reported in [5] 4] and [6] TAME has now been applied with some success to multiple examples of timed and non timed automata, including the boiler controller in [21] see [5, 3] a vehicle control system from [36] a timed version of Fischer s algorithm from [23], the group communication service in [10, 9] and several examples of SCR specifications (see [6] 13 For the boiler controller and vehicle control system, TAME was extended by expanding the template conventions to cover specifying nondeterministic transitions using Hilbert s choice operator ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Massachusetts Institute of Technology, June 1995.

....of composing these automata with others, and of describing what is preserved by implementation relationships. For simplicity, we write these specifications to describe only safety properties, although the same methods can be used to handle liveness properties, formulated as time bounds (see, e.g. [22, 23]) 5.1 Private Communication This section contains a specification of the problem of achieving private communication among the members of a finite collection P of clients. The specification expresses three properties: 1) only messages that are sent are delivered, 2) messages are delivered at ....

....liveness properties. For the simple case of this paper, with a passive eavesdropper, liveness claims are certainly possible. They can be incorporated easily into the model in the form of time bounds, and proved using the usual assertional methods for timing analysis, such as those appearing in [5, 22]. For more active adversaries, more sophisticated algorithms can guarantee liveness properties, which could also be formulated as time bounds and proved similarly. Another interesting research direction is the modular introduction of probabilistic considerations. A great deal of reasoning about ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

....effects. For example, t) may indicate time passage by real time t. These actions are not classified as input, output or internal, but rather form a fourth category of actions. Among the data types to be used with this language are a real number data type, satisfying appropriate axioms (e.g. [47]) which can be used to describe quantities representing times. Time valued variables can be included in an automaton s state. Typical such time valued variables are a now variable represeng the current time, last variables representing deadlines for scheduled events, and first variables ....

....Proofs for such statements follow the same methods as for the untimed versions. Deduction involving inequalities plays a prominent role. Chapter 23 of [50] contains relevant definitions, and examples of usage of some pseudocode on which TIOA is based. Other examples appear, for instance, in [47, 76, 7, 48, 74, 46]. We expect that much of the design of the toolset will also carry over to TIOA. For example, a theorem prover can be used to prove invariant assertions and simulation relations for TIOA, using formalized versions of techniques used in [47, 76, 7, 48, 74, 46] A prover should be able to handle the ....

[Article contains additional citation context not shown here]

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

....of composing these automata with others, and of describing what is preserved by implementation relationships. For simplicity, we write these specifications to describe only safety properties, although the same methods can be used to handle liveness properties, formulated as time bounds (see, e.g. [11, 12]) 5.1. Private Communication This section contains a specification of the problem of achieving private communication among the members of a finite collection P of clients. The specification expresses three properties: 1) only messages that are sent are delivered, 2) messages are delivered at ....

....liveness properties. For the simple case of this paper, with a passive eavesdropper, liveness claims are certainly possible. They can be incorporated easily into the model in the form of time bounds, and proved using the usual assertional methods for timing analysis, such as those appearing in [3, 11]. For more active adversaries, more sophisticated algorithms can also guarantee liveness properties, which could also be formulated as time bounds and proved similarly. Another interesting research direction is the modular introduction of probabilistic considerations. We expect that it is possible ....

V. Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

.... of Alur and Dill [16] to one of Lamport [17] and to one of Henzinger, Manna and Pnueli [18] In contrast to those formalisms, the development and use of the timed I O automaton model has focused on compositional properties [19] implementation relations [20] and semi automated proof checking [21] with less emphasis on syntactic forms, temporal logics, and fully automatic analysis. Just as timed I O automata have been extended to hybrid I O automata to treat hybrid systems, so have other real time models. For example, the timed transition system model of [18] is extended to the phase ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master 's thesis, MIT Electrical Engineering and Computer Science, 1995. In progress.

....the time required to check the specifications and the proofs was not significant. Using Specialized Tools. We have applied the system that we developed for our initial study [2] to two additional problems, the Boiler Controller benchmark and the proof of a timed version of Fischer s algorithm [13]. In each of the later applications, our earlier developed system greatly simplified the specification and proof process. Each new application of the system led to some additions: the automata in Fischer s algorithm were a special class of timed automata that represent MMT automata [17] those in ....

V. Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Massachusetts Institute of Technology, June 1995.

....ARPA contracts N00014 92 J 4033 and F19628 95 C 0118, NSF grant 922124 CCR, ONR AFOSR contract F49620 94 1 0199, and U. S. Department of Transportation contract DTRS95G 0001. temporal logic methods [24] Applications of the model to asynchronous and timing based distributed algorithms appear in [22, 15, 12, 11, 16], applications to communication systems appear in [24, 9, 1] and applications to real time control (trains and gates, steam boiler control) appear in [8, 10] Briefly, a timed automaton is a labelled transition system having real valued as well as discrete state components, and allowing ....

Victor Luchangco. Using simulation techniques to prove timing properties. Master 's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

.... to models of Alur and Dill [2] of Lamport [10] and of Henzinger, Manna and Pnueli [9] In contrast to those formalisms, the development and use of the timed I O automaton model has focused on compositional properties [24] implementation relations [17, 23] and semi automated proof checking [12], with less emphasis on syntactic forms, temporal logics, and fully automatic analysis. Just as timed I O automata have been extended to hybrid I O automata to treat hybrid systems, so have other real time models. For example, the timed transition system model of [9] is extended to the phase ....

V. Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

....Our assumption in developing TAME is that the answer to the first question is positive. TAME, which supports the specification and mechanical verification of Lynch Vaandrager timed automata, has been used to check a number of specifications and proofs developed by Lynch and her collaborators [10, 15, 14, 26]. The proofs checked with TAME apply human style reasoning in the context of concepts specific to timed automata models. We believe that analogous combinations of human style reasoning with model specific concepts will make mechanization of verification natural for other mathematical models as ....

....cases, additional PVS features would have allowed us to more closely follow human style steps. Section 4 describes these additional features. We have applied TAME to several problems: the Generalized Railroad Crossing (GRC) problem [10, 11] a timed version of Fischer s mutual exclusion algorithm [15], the Boiler Controller problem [14] and a Vehicle Control System example [26] Most recently, we have used TAME to check some properties of a Group Communication Service [7] As noted in Section 2.1, the interesting properties of timed automata fall into three classes. Each class has its own ....

[Article contains additional citation context not shown here]

V. Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Massachusetts Institute of Technology, June 1995.

....expert, TAME has proven to be a time saver in entering specifications and checking their properties, and to provide useful feedback when errors are discovered. 3. 4 Experiences With the Use of TAME We have applied TAME to example specifications of real time systems taken successively from [5] [10], 8] and [18] TAME was originally designed to encode and to verify the specifications in [5] The examples in [10] and [8] helped us to identify additional features needed in TAME to facilitate handling timed automata derived from MMT automata [13] and timed automata representing ....

....useful feedback when errors are discovered. 3. 4 Experiences With the Use of TAME We have applied TAME to example specifications of real time systems taken successively from [5] 10] 8] and [18] TAME was originally designed to encode and to verify the specifications in [5] The examples in [10] and [8] helped us to identify additional features needed in TAME to facilitate handling timed automata derived from MMT automata [13] and timed automata representing nondeterministic hybrid systems. The examples in [18] have been instructive exercises in identifying methods to support reasoning ....

[Article contains additional citation context not shown here]

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Massachusetts Institute of Technology, June 1995.

....Verification of an Algorithm for Concurrent Timestamps Tsvetomir P. Petrov, Anna Pogosyants, Stephen J. Garland, Victor Luchangco, and Nancy A. Lynch MIT Laboratory for Computer Science 545 Technology Square, Cambridge, MA 02139 Formal Description Techniques and Protocol Specification, Testing, and Verification, FORTE PSTV 96, Kaiserslauten, Germany, 8 11 October 1996. This paper is dedicated to the memory of one of its ....

Victor Luchangco. (1994) Using simulation techniques to prove timing properties. Master's Thesis, MIT EECS.

No context found.

V. Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

No context found.

Victor Luchangco. Using simulation techniques to prove timing properties. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

No context found.

Victor Luchangco. Using simulation techniques to prove timing properties. Master 's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, June 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC