R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford Univ., August 1991. Available as Tech. Report STAN-CS-911378.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....time model by deriving time separations from execution traces in the circuit. Each explored trace can potentially generate a unique set of time separations at each untimed state of the trace. A set of time separations at a given untimed state can be grouped into equivalence classes called regions [14, 15]. A timed state is created for each unique region generated at an untimed state during the trace evolution. A region naturally address the continuous nature of the timed state space but is too small to significantly reduce the number timed states. Zones extend regions by representing larger ....

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, August 1991.

....time model by deriving time separations from execution traces in the circuit. Each explored trace can potentially generate a unique set of time separations at each untimed state of the trace. A set of time separations at a given untimed state can be grouped into equivalence classes called regions [52, 62]. A timed state is created for each unique region generated at an untimed state during the trace evolution. A region naturally addresses the continuous nature of the timed state space but is too small to significantly reduce the number timed states. Zones extend regions by representing larger ....

R. Alur, Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, August 1991.

....constructions are based on a normal form for temporal formulas in which the constraints on the current state are separated from the constraints on the future states. In the real time domain, tableau constructions have been developed for various logics and their complexities have been studied [2, 10]. For dense time linear temporal logic the algorithms of [2, 4] and [8] are (to the best of the author s knowledge) the only existing tableau constructions to date. 2, 4] being aimed at establishing a theoretical connection between temporal logic and timed automata and [8] a first attempt at a ....

....in which the constraints on the current state are separated from the constraints on the future states. In the real time domain, tableau constructions have been developed for various logics and their complexities have been studied [2, 10] For dense time linear temporal logic the algorithms of [2, 4] and [8] are (to the best of the author s knowledge) the only existing tableau constructions to date. 2, 4] being aimed at establishing a theoretical connection between temporal logic and timed automata and [8] a first attempt at a practical algorithm suitable for model checking. 1] describes ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

.... steps is not directly observable, since clocks are always compared to integer values (in guards, invariants, and formulas) The possibility of real valued delays basically allows for any order of the fractional part of clocks, which is not possible if the granularity of time is fixed in advance [Alu91] A trace is a sequence of configurations, starting with the initial configuration. For every two consecutive configurations c i and c i 1 in a trace, there has to exist an action or delay step that transforms c i into c i 1 . For safety properties, it su#ces it su#ces to consider only finite ....

....a system s behavior by means of model checking. Throughout we use a dense model of time, i.e. between any two time instances there is an intermediate one. It has been noted that modeling time in a discrete fashion can miss reachable states, if the granularity of time has to be fixed a priori [Alu91] Dense real time models are decidable (for certain syntactic restrictions) and model checking algorithms can be formulated [ACD93] In the recent years a number of tools have been developed on this background. To name a few of them: Epsilon [CGL93] Polka [HRP94] Rt Cospan [AK95] Rt Spin ....

Rajeev Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991. 44, 76

....and logics of [2, 5, 7, 8, 9, 11, 14, 17, 20, 25, 26, 27, 48, 50, 52, 54, 61, 62] all the results that we obtain for timed automata carry over directly to those settings. For convenience, we use R as our domain of times in this paper. The need for densetime models has been well discussed in [4]. However, for the purpose of generality we could have parameterized our timed automata by an arbitrary (possibly discrete) time domain in the sense of [27, 53, 28] We do not assume a general lower bound on the time between events, or an upper bound on the number of instantaneous actions; this ....

R. Alur. Techniques for Automatic Verification of Real-time Systems. PhD thesis, Dept. of Computer Science, Stanford University, 1991.

....ffl Explicit clock [76, 38] In this approach no new temporal operators are introduced but one state variable T representing the current time is used. With this understanding, the requirement of bounded response is expressed as A2( p x = T oe A3[q T x 3] ffl Freeze quantification [7, 40, 2, 41] A quantifier x: is used that binds variable x to the time of the temporal context, namely a formula x:OE(x) holds at time t iff OE(t) does. The bounded response property is expressed as A2x: p oe A3y: q y x 3) The expressive power and the decidability of real time logics depend on the ....

.... of linear time logics the model checking is decidable over discrete time and also over dense time, if the logic cannot express punctuality properties [7, 8, 6] On the other hand, for branching time temporal logics model checking of punctuality properties is possible even over a dense time domain [3, 2, 45]. However, in this case it is necessary to consider constraints over time that do not contain addition of variables. Proof rules for checking bounded response and bounded invariance properties for linear time logics are presented in [43, 46] The Language In this chapter we propose a ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for Automatic Verification of Real-time Systems. PhD thesis, University of Stanford, 1991.

....formalisms is limited to clocked systems, where the delay between two events is given by the number of ticks between them. Modeling asynchronous systems requires dense time domains allowing events to happen arbitrarily close to each other. The need of a dense time model has been well discussed in [Alu91]. It comes out that when analyzing asynchronous systems the results obtained in the dense time model differ from those in discrete time [Alu91, NSY91] Our aim is to show that the approach adopted for synchronous languages, i.e. compiling specifications into automata, for then generating ....

....systems requires dense time domains allowing events to happen arbitrarily close to each other. The need of a dense time model has been well discussed in [Alu91] It comes out that when analyzing asynchronous systems the results obtained in the dense time model differ from those in discrete time [Alu91, NSY91]. Our aim is to show that the approach adopted for synchronous languages, i.e. compiling specifications into automata, for then generating executable code and applying verification techniques, can be extended to an arbitrary time domain, either discrete or dense. First, we propose a language ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for automatic verification of real-time systems. PhD thesis, Department of Computer Science, Stanford University, August 1991.

....work includes the integration of the observers into our simulation tools. Furthermore we will look into the possibilities of extending the expressive power of the logic to quantitative timing constraints as well as qualitative constraints by using some form of real time temporal logic such as MITL [2]. The use of more intuitive and graphical techniques to specify temporal logic properties is also an interesting topic. ....

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

....example demonstrating that the monitored property does not hold. Future work includes investigation of the possibilities to extend the expressive power of the logic to quantitative timing constraints as well as qualitative constraints by using some form of real time temporal logic such as MITL (Alur, 1991). The use of more intuitive and graphical techniques to specify temporal logic properties is also an interesting topic. ....

Alur, R. (1991). Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University.

....systems. First researchers focused on discrete time (the integers) for which the untimed model checking methods can be readily extended [EMSS90, AH92b, Eme92] New complexities arise if we insist that for the compositional modeling of asynchronous systems, time should not be discretized [Alu91] We consider dense time (the reals) A standard dense time approach models a real time system as a transition relation together with a finite set of real valued clocks that proceed at a uniform rate and constrain the times at which transitions may occur [AD90, Lew90, AFH91, AH92a, NSY93] Only ....

....standard real time extensions of branching time logics and find their expressive powers to be incomparable: the basic operator 83 of branching time logics cannot be characterized by fixpoints in T. However, as hinted above, we are able to give a translation from CTL with clock variables (TCTL of [Alu91] to T that agrees on a class of well behaved 2 divergence safe models. This translation forms the basis of a symbolic model checking procedure. We apply this theory to a concrete real time programming language. Real time systems are defined in a guarded command language with clocks, which is ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for Automatic Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

....finite representation of infinitely many states by clever encoding of timing information. Many of them assume discrete domain for time [31, 26, 18] However, the reachability analysis based on the discrete time model may not detect some reachable states in the real world where time is dense [1]. That is, the results (or behaviors) obtained Proposal Draft 3 State Space Generation CTSM TRG System Spec. Process Algebra Program in Ada Graphical Lang. CTSM Requirement Spec. Decision Procedure TRG: Timed Reachability Graph Timed State Machines CTSM: Communicating Figure 1.1: ....

R. Alur. Techniques for Automatic Verification of Real-Time Systems. Ph.d. dissertation, Department of Computer Science, Stanford Univ., August 1991.

....with each event [7, 8, 9, 10] This way of representing real time behavior seems most natural to the authors, as it imposes a minimal set of restrictions on the modeling framework. Events may occur arbitrarily close to one another and their timing information is modeled exactly. We reiterate from [11] Alur s four strong reasons why a dense model of time is appropriate. A dense model of time is needed for correctness. Alur gives an example of an asynchronous circuit subject to bounded inertial delays, where fixing in advance the time quantum for the discrete time and fictitious clock models ....

....t ) 6= 6 O: Proof: This follows directly from Theorems 4.1 and 4.2. 2 5 Timed Automata 5.1 Timed Regular Automata We use timed regular automata (TRA) to represent the timed behaviors of the DES and its specification. These automata are a slight modification of Alur and Dill s timed automata [7, 8, 11] in that they accept 8 finite timed traces. The automata are finite state and enforce real time constraints on the delays between events. A timed regular automaton is a tuple A = h Sigma; Q; q 0 ; X; ffi; F i. It has a finite alphabet Sigma and a finite set of states Q, of which q 0 is the ....

[Article contains additional citation context not shown here]

R. Alur, Techniques for automatic verification of real-time systems, Technical Report No. STANCS -91-1378, Department of Computer Science, Stanford University, CA, August 1991, Ph.D. Thesis.

....of infinitely many states by clever encoding of timing information. Many of these approaches assume a discrete time domain [Sha92, Ost92, JS88] However, the reachability analysis based on a discrete time model may not detect 2 some reachable states in the real world where time is dense [Alu91] In other words, the results (or behaviors) obtained in the dense time model can differ from those obtained in a discrete time model. Alur et al. ACD90] have dealt with a dense time domain by introducing timed automata to model a real time system. A timed automaton has a finite set of ....

....for real time systems, is to verify simple safety properties such as deadlock freeness and mutual exclusion [Hal93] Using reachability analysis, we show that the systems never enter unsafe states. We also verify language containment, and then model check linear time temporal logics like MITL[Alu91] using emptyness of the language of a CTSM process. 4.3.1 Safety Properties For a given system, the timed reachability graph generated from the algorithm in Figure 4.5 contains all reachable states. Thus, we easily prove that system never reaches undesirable states such as deadlocked states. ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for Automatic Verification of Real-Time Systems. Ph.d. dissertation, Department of Computer Science, Stanford Univ., August 1991.

....and 3 (for some future state) provide the capability of specifying invariance and eventuality and generally reason about time in a qualitative fashion. A quantitative notion of time can be introduced by allowing the specification of time bounds with the eventuality and invariance quantifiers [36, 35, 34, 3]. Another approach is to introduce a mechanism to access the value of a real time clock; in [37, 1] it is read from a state variable; in [31, 32, 21] it is denoted by a predicates; and in [5, 6] it is bound by a new quantifier called freeze. Finite state automata have been used extensively in ....

....representation of finite state machines. State transitions are the consequences of event occurrences and timing constraints. The semantics of modecharts can be expressed as a set of events with their time of occurrence (timed traces) or as a Real Time Logics formula [30] In Timed Automata [4, 3] a set of clocks is associated to a traditional (untimed) automaton; these clocks can be tested and reset with each transition. The semantics of such automaton is the language it accepts, which is a set of timed traces. Hierarchical Multi State Machines, or HMS [24, 22] is an March 22, 1995 32 ....

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

....of non negative integers) or dense time model (e.g. the set of non negative real numbers) Many of them assume discrete domain for time. However, the reachability analysis based on the discrete time model has the case of not detecting some reachable states in the real world where time is dense [1]. That is, the results (behaviors) obtained in the dense time model can differ from those in discrete time model. For real time systems with dense time, there exist few researches on timed reachability analysis. This paper describes our approach to construct a timed reachability graph on a dense ....

R. Alur. Techniques for Automatic Verification of Real-Time Systems. Ph.d. dissertation, Department of Computer Science, Stanford Univ., August 1991.

....sequence of time values, otherwise the logic may become undecidable. RTPLTL can express some of TPTL properties, e.g. the above property is expressed in RTPLTL as G(F B true ) F B F D10C true) However, RTPLTL is not restricted to models involving a single time sequence. TCTL [ACD90] [Al91] is the branching time analog of TPTL with a continuous time semantics. Lewis, in [Le90] describes an extension to CTL which incorporates time bounds on the basic modalities. E(PU Q) specifies that there is a computation along which P holds until Q holds and moreover Q holds within the bounds ....

Alur, R., Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

....equivalence classes. All timing assignments within an equivalence class lead to the same behavior and do not need to be explored separately. In order to reduce the size of the state space, the size of the equivalence classes should be as large as possible. In the unit cube (or region) approach [6], timed states with the same integral clock values and a particular linear ordering of the fractional values of the clocks are considered equivalent. Although this approach eliminates the need to discretize time, the number of timed states is dependent on the size of the delay ranges and the ....

....A marking is a subset of the places. For a place p 2 P , the preset of p (denoted fflp) is the set of transitions connected to p (i.e. fflp = ft 2 T j (t; p) 2 Fg) and the postset of p (denoted pffl) is the set of transitions to which p is con p1 p3 C p2 A B D E p4 [3,7] 2,5] 1,2] [6,10] [2,5] p6 Fig. 1. A timed Petri net. nected (i.e. pffl = ft 2 T j (p; t) 2 Fg) For a transition t 2 T the presets and postsets are similarly defined (i.e, fflt = fp 2 P j (p; t) 2 Fg and tffl = fp 2 P j (t; p) 2 Fg) Timing is associated with a place p as a timing bound consisting of a lower ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, August 1991.

.... satisface la f ormula (CTL) o si todos los caminos que empiezan con este estado son modelos de la f ormula (LTL) Partiendo de los primeros algoritmos para la l ogica lineal ( LP94] y la CTL ( CES83] se han propuesto varios algoritmos por un lado m as eficientes, y por otro mas poderosos ([AH93, Alu91, BES93, BCDM86, Bro86, Fis92, DKJ88, Lew90, y otros]) Explicaremos los m etodos principales de chequear modelos. Despu es presentaremos los algoritmos de [Fis92] y [CES83] como ejemplos para la LTL y la CTL. Al final indicaremos que mejoras y ampliaciones de los algoritmos son posibles. Principalmente podemos distinguir dos conceptos. En uno ....

....estado sumando las fichas de diferencia temporal de los estados anteriores. La figura 6.2 muestra un modelo de la f ormula F j ( aU 2 b) fl 2 fl =1 c) t t t b c 0 2 3 Figura 6.2 Modelo lineal de la f ormula F j ( aU 2 b) fl 2 fl =1 c) 6.1. 2 L ogica temporal m etrica de intervalos (MITL) En [Alu91] Alur presenta una l ogica m etrica orientada a intervalos (MITL) en la que los operadores temporales est an limitados temporalmente como en la MTL. Pero en las interpretaciones de la MITL se marcan los estados con intervalos temporales. Intervalos Se definen intervalos como subconjuntos ....

Rajeev Alur. Techniques for Automatic Verification of Real-Time Systems. Ph.D. thesis, Stanford University, August 1991.

....At any instant the value of a clock is equal to the time elapsed since the last time it was reset. A transition is enabled only if the timing constraint associated with it is satisfied by the current values of the clocks. Many slightly different definitions of timed graphs exist, see for instance [ACD90, Alu91, NSY91, NSY92]. KRONOS adopts the definitions given in [HNSY92, NSY92] Timed graphs can be generated automatically from specifications written in the real time process algebra ATP [NSY91, NSY92] The ATP compiler is distributed with this package. TCTL is a real time temporal logic. TCTL is an extension of ....

....written in the real time process algebra ATP [NSY91, NSY92] The ATP compiler is distributed with this package. TCTL is a real time temporal logic. TCTL is an extension of CTL that permits quantitative temporal reasoning. Various definitions of TCTL have been given, see for instance [ACD90, Alu91, HNSY92]. KRONOS adopts the definition given in [ACD90] where temporal operators have subscripts that limit their scope in time. KRONOS is based upon a symbolic model checking algorithm [HNSY92] developed by T. Henzinger, from Cornell University, and X. Nicollin, J. Sifakis and S. Yovine, from IMAG. ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for automatic verification of real-time systems. PhD thesis, Department of Computer Science, Stanford University, August 1991.

....8i 0 Delta r(I i ) l(I i 1 ) and I i T I i 1 = 2. S i I i = R . The second point of the definition ensures that the time has no bound. It excludes executions where the system executes an infinite number of changes in a finite amount of time. This is called non Zenoness property [1]. Definition 2. A dense time model m is an infinite timed sequence of states m = s m 0 ; I m 0 ) s m 1 ; I m 1 ) s m n ; I m n ) where s m i is a subset of the propositions (P) i.e. s m i P , that are true in the i th state of the model m and I m i the ....

.... the following syntactical rule: F ormulaDT : p j f 1 f 2 j :f jf 1 Uf 2 j f 1 Uc f 2 Where 2 f ; g, p 2 P , f; f 1 ; f 2 are well formed formulae of MTLDT and c 2 Q To define the semantics of the MTLDT logic elegantly, we define the notion of f F ine model, adapted from [1]. In the following definitions, we note m j= DT f to express that m is a model of the SC formula f , m; i) j= DT f to express that f is verified in all points of interval I m i , m; i; t) j= DT f to express that f is verified at time t 2 I m i of m. Definition 4 f Fine models. For a MTLDT ....

[Article contains additional citation context not shown here]

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

No context found.

R. Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford Univ., August 1991. Available as Tech. Report STAN-CS-911378.

No context found.

R. Alur. Techniques of Automatic Verification of Real-Time Systems. PhD thesis, Stanford Univ., 1991.

No context found.

Rajeev Alur. Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

No context found.

R. Alur, Techniques for Automatic Verification of Real-Time Systems. PhD thesis, Stanford University, Palo Alto, California, August 1991.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC