Archer M. and Heitmeyer C. [1996], Mechanical veri cation of timed automata: A case study, in `IEEE Real{Time Technology and Applications Symp. (RTAS'96)', IEEE Computer Society Press, Boston MA.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....namely, the Generalized Railroad Crossing Problem (abbreviated to GRCP below) introduced in [HL94] We take the version of [GH96] that is practically equivalent to the original one. The GRCP was studied in many papers, e.g. see [HM96] A PVS veri cation of GRCP has been done in 70page report [AH98] This report is very hard to read because it uses not suciently ecient formalism that demands a complicated modeling. We use richer, simpler and more general languages for the speci cations, in particular, First Order Timed Logic (FOTL) for requirements and timed Gurevich Abstract State Machines ....

....are described on 1 page easy to read formulas, the controller is speci ed by, in fact, 4 line algorithm as a Gurevich ASM (that we take with some minor modi cations and recti cations from [GH96] and our PVS proof is 3 page long. Succinctness and clarity of our solution distinguish it from [AH98] The eciency of our proof is based, in particular, on general, automatically generated properties of timed Gurevich ASM that, in particular, pre process some inductions to use. New results of this paper are the following ones: an ecient embedding of runs of timed block Gurevich ASM in First ....

M. Archer and C. Heitmeyer. Mechanical verication of timed automata: A case study. Technical Report 5546-98-8180, University Paris-12, Department of Informatics, Naval Reserach Laboratory, Washington, 1998. NRL Memorandum Report.

.... both activities of correctness proofs and test generation on various kinds on transition systems (including B uchi, timed and hybrid automata, The closest work to ours is the one done by M uller and Nipkow in the particular case of input output automata[18, 19] Archer and Heitmeyer[17] have also developed a framework in PVS for proving properties of timed automata using a proof checker. Techniques for inspecting automata were also inspired by the work of Courant and Filli atre[9, 12] on nite automata, and Bertot[6] on proving properties on non structured code. In his ....

Myla M.Archer and Constance L. Heitmeyer. Mechanical verication of timed automata : A case study. Technical Report NRL/MR/5546-98-8180, Naval Research Laboratory, 1998.

....a formal veri cation of Safety of the Generalized RailRoad Crossing Problem is rather short (about three pages, not taking in account the initial speci cation that takes about 2 pages) and is relatively easy to understand. Its simplicity and readability are incomparable with 73 pages paper [AH98] treating the case of one track. Moreover, the formalization of [AH98] deviates from the original formulation of the problem, without proving that this modi cation is correct. Recently we have checked this proof with PVS. For this purpose, we have expressed in PVS the semantics of block GASM ....

....Problem is rather short (about three pages, not taking in account the initial speci cation that takes about 2 pages) and is relatively easy to understand. Its simplicity and readability are incomparable with 73 pages paper [AH98] treating the case of one track. Moreover, the formalization of [AH98] deviates from the original formulation of the problem, without proving that this modi cation is correct. Recently we have checked this proof with PVS. For this purpose, we have expressed in PVS the semantics of block GASM starting from the FOTL formula describing runs that is given in [BS99b] ....

M. Archer and C. Heitmeyer. Mechanical verication of timed automata: A case study. Technical Report 5546-98-8180, Naval Research Laboratory, Washington, 1998. NRL Memorandum Report.

....A Case Study in Reasoning with Timed I O Automata Building upon the meta theory introduced above, substantial parts of a solution to the so called Generalized Railroad Crossing (GRC) as presented by Heitmeyer and Lynch [38] was formalized within Isabelle HOLCF. A formalization undertaken in PVS [2] did not treat meta theoretical questions and formalized only invariance proofs a simulation proof which is central to the solution has not been covered. Carrying out the correctness proof of the GRC, we found ourselves constantly performing invariance proofs (see section 2.4.2) Indeed, ....

Myla M. Archer and Constance L. Heitmeyer. Mechanical verication of timed automata: A case study. Technical Report NRL/MR/5546-98-8180, Naval Research Laboratory, 1998.

....been explored at Michigan State [20] and Bremen [6] universities. 8 Real Time and Hybrid Systems Formal treatments of real time systems often employ special temporal or Hoare logics. Some of these have been supported by semantic embedding in PVS, as described above; others include timed automata [4], the language Trio [2] and the compositional method of Hooman [22] Applications include several standard test pieces, such as the Fisher s mutual exclusion algorithm, the Generalized Railroad Crossing, and the Steam Boiler, as well as some realistic protocols. A real time kernel for supporting ....

Myla Archer and Constance Heitmeyer. Mechanical verication of timed automata: A case study. In IEEE Real-Time Technology and Applications Symposium (RTAS'96), pages 192-203, Brookline, MA, June 1996. IEEE Computer Society. 5

....for instance [Cho95, Hes97a, Hes97b, Vos00] Many of these veri cations also involve the formalisation of an arbitrary network topology and reason about graph theoretic properties. Our mechanical veri cation e ort builds on earlier work dealing with the formalization of the theory of I O automata [HSV94, NS95, AH96, DGM97, MN97, Mue98]. We would like stress that the emphasis in our paper is on the analysis of a speci c leader election algorithm, rather than on the use of theorem provers in veri cation. We just used PVS as an advanced calculator to increase our con dence in the correctness proofs. After we had extracted and ....

....to I 14 and I 16 and I 17 are proved, and in one root invariant I 15 is proved. In automaton one can nd de nitions of the notions of an I O automaton and re nement. In the last module, weak refinement, the automata TIP and SPEC are de ned and the re nement is proved. In our experience, see also [AH96], it is much faster to check invariants with the PVS system then to prove them by hand. The PVS system takes care of the bookkeeping, and trivial steps in the proof are often done automatically. During the construction of a proof, the backward style of reasoning of the PVS system leads to a clear ....

M. Archer and C. Heitmeyer. Mechanical verication of timed automata: A case study. In Proceedings IEEE Real-Time Technology and Applications Symposium (RTAS'96). IEEE Computer Society Press, 1996.

....timed systems. The guiding principle in choosing the parts of the theory of timed I O automata to formalize has been to provide all the theory necessary for formalizing the GRC as presented in [9] In contrast to our GRC solution, Archer and Heitmeyer, who carried out an alternative formalization [2] in PVS [18] do not treat the meta theory at all and so far only deal with invariants without taking the step to simulations. In the following we are going to describe both the formalization of the theory of timed I O automata in Isabelle HOLCF and the subsequent formalization of the GRC. After ....

....inclusion with a simulation proof used in the GRC, can only be added to the system with further postulates. Extending the system with proof principles in a formal way is impossible. Furthermore only the invariance proofs of the GRC have been carried out within the TAME framework so far (see [2]) The simulation proof, which is a crucial part of the correctness proof, has not been covered. Building upon a formalization of the theory of timed I O automata, the experiences gathered from carrying out a case study may now be used to develop additional support for other veri cations using ....

Myla M. Archer and Constance L. Heitmeyer. Mechanical verication of timed automata: A case study. Technical Report NRL/MR/5546-98-8180, Naval Research Laboratory, 1998.

....e ects evaluated. In a sense the presented work is living proof for the last claim: one of its main strengths is the simplicity of extending the existing framework from untimed to timed systems. In contrast to our GRC solution, Archer and Heitmeyer, who carried out an alternative formalization [1] in PVS [14] do not treat meta theory at all and so far only deal with invariants without taking the step to simulations. The guiding principle in choosing the parts of the theory of timed I O automata to formalize has been to provide all the theory necessary for formalizing the GRC as presented ....

....uses PVS for establishing a framework for speci cation and veri cation with timed I O automata focuses on a standardized way to specify timed I O automata and specialized tactics for reasoning about them. Of the GRC only the invariance proofs have been carried out within that framework so far (see [1]) Meta theoretical questions have not been treated. Building upon a formalization of the theory of timed I O automata, the experiences gathered from carrying out a case study may now be used to develop additional support for other veri cations using timed I O automata within Isabelle HOLCF. Apart ....

Myla M. Archer and Constance L. Heitmeyer. Mechanical verication of timed automata: A case study. Technical Report NRL/MR/5546-98-8180, Naval Research Laboratory, 1998.

No context found.

Archer M. and Heitmeyer C. [1996], Mechanical veri cation of timed automata: A case study, in `IEEE Real{Time Technology and Applications Symp. (RTAS'96)', IEEE Computer Society Press, Boston MA.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC