T. A. Henzinger. The Temporal Specification and Verification of Real-Time Systems. Phd thesis, Stanford University, Department of Computer Science, August 1991. Also published as Report No. STAN-CS-91-1380.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of [cr 0: I] T w.r.t. M follows from M I: a 0: I] T. 6. Progldle) Obviously, consistency of T w.r.t. M follows from consistency of T w.r.t.M. As mentioned in the previous chapter, the intention of the semantics given here is different from the one in release time, deadline semantics (e.g. [20, 18]) since timing constraints in that case specify the minimum and the maximum amount of time an enabled transition should wait before being taken. However, in our case, the presented estimations are only important when the rule is scheduled for execution. In other words, the timing estimation in ....

....(i) i 1) and r(i 1) t. Definition 4. 9 (Timed Behavior) The set of all timed runs of a schedule s with initial state M is called the timed behavior of the schedule and is denoted by I [ s, M) The behavior of a schedule is closed under shifting the time origin and scaling the time unit [18]. It means that if (c, r) is in I [ s, M) then (c, a r c) is in I [ a s, M) where, a r c is a new function mapping each state c(i) to a r(i) c and a s is a new specification with all r.I being replaced by a (r.I) In other words, the given semantics (and, in general, Timed Computations) ....

Thomas A. Henzinger. The Temporal Specification and Verification of Real- Time Systems. PhD thesis, Department of Computer Science, Stanford University, Stanford, California, 1991.

....and completeness. Is the metric temporal logic equipped with a sound and complete axiomatization Decidability. Which properties of the specified real time system can be automatically verified Most temporal logics for real time systems proposed in the literature cannot be decided (cf. Henzinger [8]) Some of them recover decidability sacrificing completeness. Executability. How can we prove the consistency and adequacy of specifications In principle, decidability proof methods (e.g. via Buchi automata) outline an effective procedure to prove the satisfiability and or validity of a formula. ....

T.H. Henzinger. The Temporal Specification and Verification of Real-Time Systems. PhD thesis, Department of Computer Science, Stanford University, 1991.

....0 , and we write oe j= PTL OE. We say that a system satisfies a formula OE iff all its execution sequences satisfy OE. 3.2. Metric Temporal Logic Real Time extended temporal logic has been suggested in various places as a suitable tool for the specification of real time systems (see for example [Hen91], AL92] Koy89] and [Ost89] We apply a variant of these logics called metrical temporal logic (MTL) to the specification of QoS requirements . The language of Propositional Temporal Logic (PTL) is a proper syntactic subset of MTL. Timed Observation Sequences. The models over which we ....

T. A. Henzinger. The Temporal Specification and Verification of Real-Time Systems. Report no. STAN-CS-911380, Stanford University, Department of Computer Science, Aug 1991.

....ffl Explicit clock [76, 38] In this approach no new temporal operators are introduced but one state variable T representing the current time is used. With this understanding, the requirement of bounded response is expressed as A2( p x = T oe A3[q T x 3] ffl Freeze quantification [7, 40, 2, 41] A quantifier x: is used that binds variable x to the time of the temporal context, namely a formula x:OE(x) holds at time t iff OE(t) does. The bounded response property is expressed as A2x: p oe A3y: q y x 3) The expressive power and the decidability of real time logics depend on the ....

T.A. Henzinger. The Temporal Specification and Verification of Real-time Systems. PhD thesis, University of Stanford, 1991.

....and completeness. Is the metric temporal logic provided with a sound and complete axiomatization Decidability. Which properties of the specified real time system can be automatically verified Most temporal logics for real time systems proposed in the literature cannot be decided (see Henzinger [9]) Some of them recover decidability sacrificing completeness. Executability. How can we prove the consistency and adequacy of specifications In principle, decidability proof methods (e.g. via Buchi automata) outline an effective procedure to prove the satisfiability and or validity of a formula. ....

T.H. Henzinger. The Temporal Specification and Verification of Real-Time Systems. PhD thesis, Department of Computer Science, Stanford University, 1991.

.... in concurrent and distributed systems, since two independent concurrent events can occur arbitrarily close in time (since asynchronous components have unsynchronized clocks) One way of dealing with the problem of compositionality is to take what has been called the fictitious clock approach [42]. In this approach, the underlying computation is dense, but observation of the time of events is a discrete approximation to physical realtime. Thus, a might precede b, yet the observed real time of both events might be the same, because the fictitious clock has not ticked between their ....

Henzinger T, Temporal Specification and Verification of Real-Time Systems, PhD Disseration, Dept of Computer Science, Stanford University, 1991.

....real time logics. These logics are exponentially more succinct but not strictly more expressive than their untimed counterparts. An interesting area for further research is reasoning about symmetry on explicitly timed structures which model dense or discrete time as discussed in [AC90] Al91] and [He91]. We have also identified an interesting open problem in the realm of model checking symmetric structures, that is to fully characterize the relationship between formulae of the form i Eh i and E( i h i ) over symmetric structures. ....

Henzinger, T., The Temporal Specification and Verification of Real-Time Systems, Ph.D. Thesis, Stanford University, 1991, report number STAN-CS-911380.

....properties inexpressible in SDL. A crucial point is the selection of a suitable temporal logic language. We will use a temporal logic similar to the logic described in [58] called Propositional Temporal Logic (PTL) and a real time extension based on PTL, called Metric Temporal Logic (MTL) [34] [43] However, other temporal logics like TLA [49] or CTL [24] may be linked to SDL specifications in very much the same way as we present it here for MTL. A State Proposition Language. We assume that the state propositions we use in complementary temporal logic formulas all refer to observable ....

T. A. Henzinger. The Temporal Specification and Verification of Real-Time Systems. Phd thesis, Stanford University, Department of Computer Science, August 1991. Also published as Report No. STAN-CS-91-1380.

....automata constraints in TATL allow to express finer conditions combining constraints on the order of occurrence of state properties with timing constraints between these occurrences. Clearly, the verification problem of TATL is undecidable since it is already undecidable for dense time TPTL [5, 9]. Then, we define a syntactical fragment of TATL, called TATL , and show that its verification problem is decidable. This fragment covers a wide class of interesting real time properties like bounded invariance and bounded response properties. We prove that it is strictly more expressive than ....

T. Henzinger. Temporal Specification and Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

....its think time is from 2 to 10 units of time. Each use of resource s takes from 8 to 10 units of time, and each use of resource f takes from 1 to 3 units of time. While this is presented as an orbital net, it is easily modeled by Alur s timed automata [11] Henzinger s timed transition systems [12], or most other operational models of timed systems. af 1,8 b 2,10 b 8,10 b 1,3 b bf asbs af bf as bs P af P as P bf P bs P a P b P fi P si P f P s Fig. 6. Orbital net for two consumers (a and b) and two resources (s and f) Alur s unit cube technique has the best known ....

T. A. Henzinger, The Temporal Specification and Verification of Real-Time Systems, Ph.D. thesis, Stanford University, 1991.

....reactive planning we are employing a modified version of timed propositional temporal logic (TPTL) developed by Alur and Henzinger [AH89] This logic allows to express goals with deadlines as well ordinary prevention and maintenance goals. We turn now to a presentation of this logic, adopted from [Hen91]. Syntactically, we start with a finite set of propositional symbols P and a set of temporal variables V . The terms and formulas OE of TPTL are generated by the inductive rules: x j x c j c: OE : p j 1 2 j :OE 1 j OE 1 OE 2 j fl OE 1 j OE 1 U OE 2 j x:OE 1 where x 2 V , p 2 P ....

T. Henzinger. The Temporal Specification and Verification of Real-Time Systems. PhD thesis, Department of Computer Science, Stanford University, 1991. available as technical report STAN-CS-91-1380.

.... most notably by Moller and Tofts [57, 58] Wang [85] and Cer ans [80] ACP [11] has been extended to ATP [59] by Nicollin and Sifakis as well as to ACPae [10] by Baeten and Bergstra; CSP has become Reed and Roscoe s Timed CSP [67] Labeled transition systems have been extended by Henzinger [37] and modal transition systems by Larsen [47] becoming Timed Modal Specifications [81] Timed Automata [5] have emerged from automata as a result of the work by Alur and Dill. The I O automaton model [52] has also acquired real time versions [53, 76] A large body of work exists in the field of ....

....timing constraints are used to restrict the moments in time when an event can occur. When we decide to employ the latter approach, we have yet another decision to make concerning the meaning of references to time instances in constraints. One CHAPTER 1. INTRODUCTION 7 approach, used, e.g. in [37], is to interpret constraints on a transition with respect to the moment when the system entered the source state of the transition. Thus lower bounds on a constraint naturally correspond to delays and upper bounds represent timeouts. This approach makes specifications simpler; however we have to ....

T. A. Henzinger. The Temporal Specification and Verification of RealTime Systems. PhD thesis, Stanford University, 1991. BIBLIOGRAPHY 126

....via a variable T which would need to be encoded; and time might advance only in increments that involve a given fundamental increment Delta. Other temporal logics use multiple (auxiliary) clocks; and then further, some clocks may advance at different rates. For such temporal logics, see [11]. Our implementation uses the basic scheme of [13] to represent states: states include formulas, but no clocks; and transitions coincide with next operators fl and J , not any special tick . An assumed time increment is handled by the user interpreting the standard interval between each pair ....

T. Henzinger. The Temporal Specification and Verification of Real-Time Systems. Technical Report No. STAN-CS-911380 (Ph.D. dissertation), Dept. of Computer Science, Stanford University, Stanford, California, 1991.

....to have many interesting algebraic (complete, co complete, cartesian closed, monoidal closed) and computer scientific properties (the timing laws are given naturally by the categorical combinators) A discussion of important matters such as fairness and Zeno is also provided. 1 Introduction In [11], real time models were considered good enough if they were refinable, digitizable, and operational. This means in particular that we should be able to look at a real time system at different levels of precision (this rules out formalisms depending on a base of time) and that its description ....

T.A. Henzinger. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

....The theory has been embedded in the HOL system providing a tool for automatic verification which has been tested on a number of examples. 1 Introduction One way to manage large verification problems is to automate the proof method employed with tool support from a decision procedure program [4, 9, 14]. Another is to use deductive proof rules at a high level of abstraction with tool support from a general purpose theorem prover [2, 8, 11, 12] An increasingly popular approach, which is also adopted in this paper, is to combine the two methods with the aim of gaining the advantages of both ....

....step of p which takes Delta time and leaves program p 0 still to execute we have that p 0 achieves q within the time bound n Gamma Delta. The reader may recognize this style of argument as a model checking procedure for bounded response requirements in metric temporal logics (MTLs) [9, 14, 16]. But in this paper we propose a different formalisation of the argument using a deductive proof theory. In order to do this we have defined, ffl a real time programming language for specification and a metric temporal logic for requirements, ffl a semantics for the specification language in ....

[Article contains additional citation context not shown here]

Henzinger, T. A.: The temporal specification and verification of real-time systems, PhD Thesis, Department of Computer Science, Stanford University (1991)

....clock variable T or contain age expressions of the form Gamma( where is an assertion, is called a timed assertion. 3.4 Verification of mtl Formulas There are several proof rules that have been proposed for proving properties specified by mtl formulas. We refer the reader to [HMP91] and [Hen91] for a deductive system for such proofs. Here we will illustrate only a set of rules which is adequate for proving bounded response properties. There is a strong resemblance between the rules for bounded response and the rules for response, presented in subsection 2.7. The basic response rule resp ....

T.A. Henzinger. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

....to have many interesting algebraic (complete, co complete, cartesian closed, monoidal closed) and computer scientific properties (the timing laws are given naturally by the categorical combinators) A discussion of important matters such as fairness and Zeno is also provided. 1 Introduction In [11], real time models were considered good enough if they were refinable, digitizable, and operational. This means in particular that we should be able to look at a real time system at different levels of precision (this rules out formalisms depending on a base of time) and that its description ....

T.A. Henzinger. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

.... [1, 3, 4] In comparison, containment of integraltime properties can be tested for transition system based, automata based, and temporal logic based languages [3, 4, 5, 12] This is why many researchers have sacrificed the density of time and given their languages digital clock interpretations [11, 14, 17, 24, 25, 27]. We follow the same path, but rather than being content with solving the simpler integral time verification problem, we would like to employ integer time techniques to solve the original dense time verification problem (or some approximation thereof) Our aim is to interpret real time systems ....

....under a suitable notion of timed stuttering, which allows the refinement of timed transition systems by increasing the visible portion of the state space. Closure under timed stuttering, its applications, and its interaction with closure under digitization and inverse digitization is discussed in [14]. 11 semantics of MTL; for a more detailed introduction to metric temporal logic and its applications consult [4, 19] Syntax and semantics Let P be a set of atomic propositions. The formulas OE of MTL are built from atomic propositions by boolean connectives and time constrained versions of ....

[Article contains additional citation context not shown here]

Henzinger, T. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

....i j short for the boolean condition that indicates the completion of the transition from i to j ; also assume ffi = 4) Second, we proved the relative completeness of bounded operator reasoning only in the case that the lower bounds and the upper bounds do not interfere with each other. In [Hen91] it has been shown that some history information, say, in form of time constrained past temporal operators is necessary to achieve relative completeness in the general case. Note that some information about the past of a state in a computation is available in explicit clock reasoning, namely, in ....

T.A. Henzinger. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

....of a fictitious clock. In previous papers, we investigated the following combinations of semantical options: ffl an observation oriented point based weakly monotonic integer time semantics [AH89, AH90, Hen90, HMP91] ffl an observation oriented point based weakly monotonic real time semantics [Hen91b]; ffl an observation oriented point based strictly monotonic real time semantics [AD90] ffl an observation oriented interval based strictly monotonic real time semantics [AFH91, AH91] ffl a state oriented point based strictly monotonic real time semantics [ACD90] ffl a state oriented ....

....strictly monotonic real time semantics for our sample boundedoperator logic. It is not difficult to interpret the same set of formulas over alternative semantics. For instance, we may adopt an interleaving semantics and interpret bounded operator formulas over weakly timed observation sequences [Hen91b]. B Freeze quantification The bounded operator notation can relate only adjacent temporal contexts. Consider, for instance, the property that every stimulus p is followed by a response q and, then, by another response r such that r is within 5 time units of the stimulus p. There is no direct ....

[Article contains additional citation context not shown here]

T.A. Henzinger. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

.... [1, 3, 4] In comparison, containment of integral time properties can be tested for transition system based, automata based, and temporal logic based languages [3, 4, 5, 12] This is why many researchers have sacrificed the density of time and given their languages digital clock interpretations [11, 14, 17, 24, 25, 27]. 2 The possibility of several contemporaneous, yet ordered, snapshots allows us to model, if desired, simultaneous parallel transitions of a system by nondeterministic interleaving [5] 3 A third, extremely imprecise, type of fictitious clock results in untimed models. If time is immaterial, ....

....under a suitable notion of timed stuttering, which allows the refinement of timed transition systems by increasing the visible portion of the state space. Closure under timed stuttering, its applications, and its interaction with closure under digitization and inverse digitization is discussed in [14]. violates a lower bound requirement for the positions i j, then so does ae; and whenever ae satisfies an upper bound requirement for position i at position j i, then so does every ffl digitization [ae] ffl . 2) Similarly, to see that the set of computations of a timed transition system is ....

[Article contains additional citation context not shown here]

Henzinger, T. The Temporal Specification and Verification of Real-time Systems. PhD thesis, Stanford University, 1991.

No context found.

T. A. Henzinger. The Temporal Specification and Verification of Real-Time Systems. Phd thesis, Stanford University, Department of Computer Science, August 1991. Also published as Report No. STAN-CS-91-1380.

No context found.

T. Henzinger. Temporal Specification and Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

No context found.

Thomas A. Henzinger. The Temporal Specification and Verification of Real-Time Systems. PhD thesis, Stanford University, 1991.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC