Hooman, J., "Specification and Compositional Verification of Real-Time Systems," Number 558 in LNCS, Springer-Verlag, 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....properties is possible even over a dense time domain [3, 2, 45] However, in this case it is necessary to consider constraints over time that do not contain addition of variables. Proof rules for checking bounded response and bounded invariance properties for linear time logics are presented in [43, 46]. The Language In this chapter we propose a compositional labelled transition system semantics for statecharts by giving a translation into a process language called SP . The main novelty of the language is an operator of process refinement for representing the statecharts hierarchical ....

J. Hooman. Specification and Compositional Verification of Real-time Systems. PhD thesis, Technische Universiteit Eindhoven, 1991.

....compositionality. We have surveyed several rules which have been developed in different settings and argue that they are based on the same principle. There has been much related work. Being a topic of extensive research, compositionality has been studied by many researchers, e.g. by Hooman [11], Zwiers [32] and Jonsson [14] In a closer context, recent work using assumption commitment paradigm includes those by Jones [13] in object orientation, by Collette [8] on UNITY, by Jonsson and Tsay [15] on linear time temporal logic. By now, the principle of composing assumption commitment ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems, LNCS 558. Springer--Verlag, 1991.

....logic of discrete total well founded orderings is decidable. Moreover it should be observed here that we have only a qualitive notion of time which is introduced in order to model interleaving of parallel processes and as such it should be distinguished from the notion of real time as studied in [10]. Formally we define the (typed) assertion language for describing and reasoning about time diagrams as follows. We assume given the standard types of the integers, denoted by int, and the type of booleans, denoted by bool. Furthermore we assume given the type of points in time, denoted by time. ....

J. Hooman. Specification and compositional verification of real-time systems. Lecture

....of parameterized components, compositional performance analysis issues for software built from reusable components, achieving precision in estimates in the presence of data abstractions that hide implementation details, or space analysis issues. In the real time computing literature (e.g. [5]) where tight bounds are a more serious concern, typically software composed from only built in small objects such as integers are considered; dynamic storage usage is specifically avoided. Hehner is one of the first to consider formalization of space (including dynamic allocation) in a real time ....

Hooman, J., Specification and Compositional Verification of Real-Time Systems, LNCS 558, Springer-Verlag, New York, 1991.

....computations will be briefly mentioned in Subsection 2.4.1. Temporal logic has been made measurable in some formalisms. A prominent one is Metrical Temporal Logic [Koy90] It has been used as a requirements language in a proof system relating the requirements with the program level in [Hoo91] In [AL92] Abadi and Lamport introduce a real time version of the Temporal Logic of Actions (TLA) whose general form is thoroughly presented in [Lam94] The idea there is to introduce time as an ordinary variable. TLA is a very simple logic for specifying and reasoning about concurrent ....

....formalism are presented in [BS94] On the syntactical level elegant refinement calculi can be formulated. ffl Proof Theoretical Methods Every formalism with a complete proof system can regarded as belonging to this category. For example Generalised Hoare triples have also been introduced in [Hoo91] They encompass a fourth component which gives information on timing behaviour and termination. In [Hoo91] for these quadruples, as well 12 as for Metrical Temporal Logic, has been given a complete proof system with respect to a simple programming language. ffl State Machine Models Close to ....

[Article contains additional citation context not shown here]

J.J.M. Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558 (Springer-Verlag), 1991.

.... variety of approaches (see for example the conference proceedings [Jos88, Vyt92, GNRR93, LRV94] The proposed specification formalisms range form various logics [Koy90, ZHR91, AL92, MP93] over process algebras [BB91, NSY91] and automata based approaches [AD94] to real time programming notations [Hoo91, SZH94] This work was partially funded by the Commission of the European Communities (CEC) under the ESPRIT Basic Research Action No. 7071: ProCoS II: Provably Correct Systems and by the Leibniz Programme of the German Research Council (DFG) under grant Ol 98 1 1. y E mail: fschenke, ....

J.J.M. Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558 (Springer-Verlag, 1991).

....and (more important) in a different way of handling recursion (by an operational semantics and bisimulation) Furthermore no upper bounds are considered, what within ProCoS is desirable. Closer to the present results are, however, the ideas around metric temporal logic as in [KVR83] KdR85] or [Hoo91]. This is an extension of traditional linear time temporal logic, in which the scope of temporal operators is restricted by extending them with time bounds. In [Hoo91] a proof system is given to decide a satisfaction relation between an OCCAM like language and an assertion language based on metric ....

....ProCoS is desirable. Closer to the present results are, however, the ideas around metric temporal logic as in [KVR83] KdR85] or [Hoo91] This is an extension of traditional linear time temporal logic, in which the scope of temporal operators is restricted by extending them with time bounds. In [Hoo91] a proof system is given to decide a satisfaction relation between an OCCAM like language and an assertion language based on metric temporal logic. The proof system is complete relative to the logic, and it is compositional. So it can also be used for the construction of correct programs, although ....

[Article contains additional citation context not shown here]

J.J.M.Hooman. Specification and Compositional Verification of Real-Time Systems. Technical University Eindhoven (Diss.).

.... concurrency 1 Introduction For systems with time restrictions a variety of specification formalisms have been developed, among them process algebraic approaches [BB90, NSY91] the duration calculus [CHR92] the temporal agent model [SZH94] generalised Hoare triples and metrical temporal logic [Hoo91] However, it remains a difficult task to design correct programs from such specifications by connecting different levels of abstraction. The present paper bridges the gap between two well established formalisms of computer science: the duration calculus (DC) and occam which are two of such ....

J.J.M.Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558 (SpringerVerlag, 1991).

....which is used, for example, in Timed CSP, 10] is not (directly) suitable because, in most implementations of DORIS designs, it will not be the case that each activity will be mapped to a di#erent processor. Similarly, the scheduling progress assumption, which is used in Hooman s work, [22], is inappropriate because neither the mapping of activities to processors, nor all the activities which will be competing for the processors, are identified until after the EN is designed. This leaves the any progress, providing a worse case deadline 8 is met progress assumption, and it is ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems. Number 558 in Lecture Notes in Computer Science. Springer-Verlag, 1991.

....progress assumption, as used in the Temporal Agent Model [ScZ92] is the most appropriate for the ADL: it states that an activity may make any degree of progress providing it finishes within its deadlines. The scheduling progress assumption, which explicitly models the scheduling algorithm [Hoo91], is inappropriate because neither the mapping of activities to processors, nor the extra activities needed to support the distribution, are identified until after the execution network is designed. The maximum progress assumption, which requires an activity to advance when it is not waiting to ....

Hooman, J.: `Specification and Compositional Verification of RealTime Systems', LNCS 558, Springer-Verlag, 1991.

....gas burner. 1 Introduction For systems with real time restrictions a variety of specification formalisms have been developed, among them process algebraic approaches [BB91, NSY91] the temporal agent model [SZH94] duration calculus [ZHR91] generalised Hoare triples and metrical temporal logic [Hoo91] However, the design of realistic systems typically requires a suitable combination of several of such specification techniques each of which is best suited for a certain level of abstraction. This raises the risk of introducing errors when crossing the interfaces between different levels of ....

J.J.M. Hooman. Specification and Compositional Verification of RealTime Systems. LNCS 558 (Springer-Verlag, 1991).

.... Systems Michael Schenke June 10, 1993 1 Introduction For systems with time restrictions a variety of specification formalisms have been developed, among them process algebraic approaches [BB90] NSY91] the duration calculus [CHR92] generalised Hoare triples or metrical temporal logic [Hoo91] However, it remains a difficult task to design correct implementations from such specifications. In the following we describe a simple specification language SL time , which is particularly appropriate for the development of occam like programs in a target occam dialect, called PL time ....

J.J.M.Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558 (1991).

....explicitly and with motivation. If possible, we prove formally that the deviation is correct. Formal verification is not limited to algebraic verification of protocols. In principle, it can be used for any formalism [Cou93] for example I O automata [LMWF94, HSV94] and temporal logic [MP82, OL82, Hoo91] Earlier attempts to automatic verification of propositions of process theory are from Cleaveland and Panangaden [CP88] who gave an implementation of Milner s Calculus of Communicating Systems [Mil80] in the NuPrl system [CAB 86] and from Engberg, Grnning and Lamport, who developed the ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems, LNCS 558. PhD thesis, Eindhoven University of Technology, 1991.

....in proving that the conjunction of the specifications of the protocol and the basic primitives lead to desired FT RT services. It is important to point out that due to subtle dependencies between building blocks of fault tolerant systems, simple parallel composition rules as the one presented in [14] may not be sufficient to capture all nuance of these building blocks interactions. We are investigating existing approaches for modular verification [1, 12, 22] to tackle cases involving inter block dependencies. 2.5 Protocol Validation For completeness, we briefly discuss protocol validation ....

J. Hooman, Specification and Compositional Verification of Real-Time Systems. LNCS 558, Springer Verlag 1991.

....in [19, 18] and other researchers. Several denotational semantic models have been provided for the language in [25, 38, 62] These semantics models define the meaning of time extended CSP programs to be a set of possible behaviors and timings at which the behaviors are performed and refused. In [20, 37] time extended CSP with asynchronous communication mechanisms is formulated based on a metric temporal logic. Synchronous CCS and its Extensions SCCS by Milner [50] is a process calculus for synchronously computing processes based on the idea that all parallel processes proceed in lock step. ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems. PhD thesis, Computer Science Department, Eindhoven University of Technology, 1991.

....re usable) component classes chosen in final refinement step. C C e C 1 C 2 C n C 11 C 1k C n1 C nl C e C 1 . C n C C 11 . C 1k C 1 C n1 . C nl C n Fig. 1. Refinement tree (C e is the commitment of the environment) 3. Specification of components For compositional specifications [5] we need input output description of components. To distinguish different modes in component dynamics we consider it as an hybrid system and model by Concrete Phase Transition Systems (CPTS) A CPTS S = X, Q, Q 0 , T) consists of four elements[4] 1. A finite set X of state variables. 2. A finite ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems. Lecture Notes in Computer Science 558, Springer-Verlag, 1991.

....The circularity can be broken by noting that that a z output for P is even as long as the preceding x and y inputs are odd, and the x and y outputs for Q are odd as long as the preceding z input is even. The assume guarantee paradigm is the best studied approach to compositional verification [AL93,AL95,AP93,CMP94,Col93,Hoo91,Jon83,MC81,PJ91, Pnu84, Sta85, XCC94,XdRH97, Zwi89]. In this approach, a property of a component is stated as a pair (A; C) consisting of a guarantee property C that the component will satisfy provided the environment to the component satisfies the assumption property A. The interpretation of (A; C) has to be carefully defined to be non circular. ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems, volume 558 of Lecture Notes in Computer Science. Springer Verlag, 1991.

.... July, 1994 1 Introduction For systems with time restrictions a variety of specification formalisms have been developed, among them process algebraic approaches [BB90, NSY91] the duration calculus [CHR92] the temporal agent model [SZH94] generalised Hoare triples and metrical temporal logic [Hoo91] However, it remains a difficult task to design correct programs from such specifications by connecting different levels of abstraction. In this part of the tutorial we bridge the gap between Duration Calculus (DC) and occam. DC is well known as a powerful means for describing requirements of a ....

J.J.M.Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558 (Springer-Verlag, 1991).

....Our aim is to define a verification method to prove that a Splice program satisfies such a specification. To be able to deal with large programs, we aim at a compositional framework which allows reasoning by means of the interface specifications of components, without knowing their implementation [6]. As a starting point for such a verification method, a formal definition of the Splice interaction primitives is needed. There is already some work on the semantics of Splice, e.g. a comparison of semantic choices using an operational semantics [3; 4] and a process algebra framework [5] We aim ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558, Springer-Verlag, 1991.

....formalism can be found in [Hoo94b] In this section we give a brief overview over its essential parts. Since the whole design process was accomplished using the PVS system, we only give names and notations of the formalism in their PVS versions. The original names and notations can be found in [Hoo91]. In general, a PVS specification consists of a number of theories. A theory can import other theories. The entire mixed formalism builds a chain of seven theories. In Section 2.1 we formulate the basic theory defining values, time constructs, and programs. Specifications and program refinement ....

....of processes is given as an axiom rather than a rule. Also, for simplicity, the syntactic constraints which require that the assertions of one process do not refer to observables of the other process are omitted. Additionally, assume that now and term do not occur in the commitments. We refer to [Hoo91] for more details and a soundness proof of the parallel composition rule. Here we concentrate on the use of this rule during top down program design of distributed systems. C1, C2: VAR pred[State] rulepar: AXIOM par(spec(A1,C1) spec(A2,C2) spec(A1 AND A2, C1 AND C2) 3 Example Steam Boiler ....

[Article contains additional citation context not shown here]

Jozef Hooman. Specification and Compositional Verification of Real-Time Systems, volume 558 of LNCS. Springer-Verlag, 1991.

....for a particular class of applications by giving an axiomatization of asynchronous communication. 1 Introduction Based on Hoare triples (precondition, program, postcondition) a formal framework for the specification and verification of distributed real time systems has been developed [Hoo91]. This framework has been applied to a number of case studies, such as a water level monitoring system [Hoo93] and a distributed realtime arbitration protocol [Hoo94a] Although these examples have been verified manually, it became clear that for more complex applications some form of mechanical ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558, Springer-Verlag, 1991.

....dynamic reconfiguration while the system is operating. We specify and verify a safety property and a real time progress property of this industrial example. 1 Introduction In previous work we have addressed the formal specification and verification of distributed real time systems (see, e.g. [Hoo91]) A framework based on Hoare triples has been applied to several examples such as a water level monitoring system [Hoo93] and a chemical batch processing system [Hoo94c] In the current paper we only consider the basic ideas behind this formalism and concentrate on the application of such a ....

....components are used. Compositionality makes it possible to verify design steps during the process of top down system development. A large number of compositional proof systems have been developed, for instance, for sequential systems [Hoa69] untimed systems [Zwi89, PJ91] and real time systems [Hoo91]. The only programming construct used in this paper is parallel composition. Under certain conditions we have the following compositional rule. Rule1 (Parallel Composition) P 1 sat spec 1 , P 2 sat spec 2 P 1 kP 2 sat spec 1 spec 2 The main restriction on the application of this rule is ....

[Article contains additional citation context not shown here]

J. Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558, Springer-Verlag, 1991.

....of the RPC Memory Specification Problem, following the arrangement of the original description. Concluding remarks can be found in section 5. 0. 1 Formal Background Starting point of our approach is a formal method for the specification and verification of distributed real time systems [Hoo91]. The method has been inspired by Hoare triples (precondition, program, postcondition) which have been extended to deal with the timing of events [Hoo94b] To distinguish the resulting framework from classical Hoare logic, we use assumption and commitment instead of precondition and ....

....are left out in this paper and the only programming construct considered here is parallel composition. For simplicity, also the syntactic constraints of the parallel composition rule, which require that the assertions of a component only refer to its static interface, are omitted. We refer to [Hoo91] for more details and a soundness proof of the parallel composition rule. Here the proof rules are simply postulated as axioms. Further, it should be mentioned that the assumption commitment framework has been used here mainly because it was available in PVS from earlier examples [Hoo94a] In the ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems. LNCS 558, Springer-Verlag, 1991.

....is given as an axiom rather than a theorem. Also, for simplicity, syntactic constraints which require that the assertions of one process do not refer to observables of the other process are omitted. Additionally, it is assumed that neither now nor term occur in the commitments. We refer to [Hoo91] for more details and a soundness proof of the parallel composition rule. Here we concentrate on the use of this rule during top down program design of distributed systems. rulepar: AXIOM par(spec(A1,C1) spec(A2,C2) spec(A1 AND A2, C1 AND C2) 2.2 Example Steam Boiler Control System ....

J. Hooman. Specification and Compositional Verification of Real-Time Systems, volume 558 of LNCS. Springer-Verlag, 1991.

No context found.

Hooman, J., "Specification and Compositional Verification of Real-Time Systems," Number 558 in LNCS, Springer-Verlag, 1991.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC