F. Laroussinie, K. G. Larsen, and C. Weise, From timed automata to logic - and back, in Proceedings of the 20 Symposium on Mathematical Foundations of Computer Science, vol. 969 of Lecture Notes in Computer Science, Springer-Verlag, 1995, pp. 529--540.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....algorithm o#ered in [9] is still considered to be one of the most e#cient for checking behavioural preorders. In the setting of modelling and verification for real time systems, a characteristic formula construction for timed bisimulation equivalence over timed automata [2] has been o#ered in [19]. In op. cit. Laroussinie, Larsen and Weise have proposed the logic L # a real time version of Hennessy Milner Logic [14] with greatest fixed points , and have shown that its associated model checking problem is decidable, and that this logic is su#ciently expressive for representing any ....

....model checking problem is decidable, and that this logic is su#ciently expressive for representing any timed automaton as a single characteristic L # formula. Such a formula uniquely characterizes the timed automaton up to timed bisimilarity. The characteristic formula construction presented in [19], together with a model checking algorithm for the logic L # , yields an algorithm for checking whether two timed automata are timed bisimilar, which may be seen as the implementation of the approach advocated in [9] in a real time setting. Unfortunately, however, the characteristic formula ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise, From timed automata to logic - and back, in Proceedings of the 20 Symposium on Mathematical Foundations of Computer Science, vol. 969 of Lecture Notes in Computer Science, Springer-Verlag, 1995, pp. 529--540.

....constant, e.g. x y 8, where x and y are clocks. A fundamental result in the theory of timed automata shows that region reachability for timed automata is decidable [3] This result has been very useful in defining various real time logics, appropriate model checking algorithms, and tools [2, 4, 15, 16, 23, 24, 28] for verifying real time systems (see [1] for a survey) However, not every real time system can be modeled as a timed automaton. A complex (not necessarily large) real time system might contain non region clock constraints, such as x 1 x 2 x 3 x 4 c, where x 1 ; x 2 ; x 3 ; x 4 are clocks, ....

F. Laroussinie, K. G. Larsen and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....both theoretically and practically, in formulating various A short version [19] of this paper appears in the Proceedings of the 13th International Conference on Computer aided Verification (CAV 01) Lecture Notes in Computer Science 2102, pp. 506 517, Springer. timed temporal logics [2, 4 6, 27, 32, 34, 35] and developing verification tools [11, 26, 30] Region reachability is useful but has intrinsic limitations. In many real world applications [14] we might also want to know whether a timed automaton satisfies a non region property; e.g. for two given states s and s x 1 2x 2 x 3 x ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....of timed automata is that region reachability is decidable. This has been proved by using the region technique [3] This result is very useful since in principle it allows some forms of automatic veri cation of timed automata. In particular, it helps in developing a number of temporal logics [2,4 6,17,21,22,24], in investigating the modelchecking problem and in building model checking tools [16,25,20] see [1,26] for surveys) In real world applications [8] clock constraints represented as clock regions are useful but often not powerful enough. For instance, we might want to argue whether a non region ....

F. Laroussinie, K. G. Larsen, and C. Weise, \From timed automata to logic - and back," in: MFCS'95, Lecture Notes in Computer Science, Vol. 969 (Springer, Berlin, 1995), 529-539.

....where x and y are clocks. The most important result in the theory of timed automata is that region reachability for timed automata is decidable [2] This result has Corresponding author (zdang eecs.wsu.edu) been used in de ning various real time logics, model checking algorithms and tools [1, 3, 16, 17, 21, 22, 23, 25] for verifying real time systems. However, region reachability is not strong enough to verify many complex timing requirements not in the form of clock regions (e.g. x 1 x 2 2(x 3 x 4 ) is always true ) for timed automata. Recently, decidable binary reachability (i.e. the set of all pairs of ....

F. Laroussinie, K. G. Larsen and C. Weise, \From timed automata to logic - and back," in MFCS'95, Proc. 20th Intl. Symp. on Mathematical Foundations of Computer Science eds. J. Wiedermann and P. Hajek (Springer, Berlin, 1995) pp. 529{ 539.

....proof. 2 As we shall now show, SHML is compositional with respect to tests and k, and thus expressive complete with respect to tests. We begin by de ning a quotient construction for formulae of SHML, in the spirit of those given for di erent property languages and over di erent models in, e.g. [12, 3, 11]. De nition 3.14 (Quotient Construction) Let T be a test, and let t be one of its states. For every formula SHML, we de ne the formula =t (read quotiented by t ) as shown in Table 2. ff=t = ff tt=t = tt ( 1 2) t = 1=t 2=t ( t = t) j t ( t ) ....

F. Laroussinie, K. G. Larsen, and C. Weise, From timed automata to logic - and back, in Mathematical Foundations of Computer Science

....V (l) Finally, for two timed automata A and B and a synchronization function f , the parallel composition A j f B denotes the timed transition system SA j f SB . 2. 2 Specifications To specify safety and bounded liveness properties of timed systems, we use the timed modal logic L s , studied in [14, 15, 16]. Let K be a finite set of clocks, called formula clocks, and Id a set of identifiers. The set of formulas of L s over K, Id, Act, and P is generated by the following syntax with and ranging over L s : cp j cp j j 88 j [a] j z in j Z where cp may be an atomic clock constraint ....

....in a prototype tool called CMC (CompositionalModelChecking) CMC enables us to compute the quotient of an L s formula with respect to a timed automaton and then to simplify the quotient using our simplification. In fact, CMC enables quotienting with respect to formulas of the richer logic L [14] which allows general disjunction and existential modalities (99, hai) All simplification techniques of L s can be applied (and have been implemented in CMC) to L with the exception that no constraint propagation has been given for general disjunction and the existential modalities. A few new ....

F. Laroussinie, K.G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. In Proc. of MFCS'95, Lecture Notes in Computer Sciencie,

....the theory of untimed systems has been lifted successfully to these models of real time behavior of systems. As examples, many results from automata theory apply also to timed automata, AD90, AD94, ACM97] and a number of timed versions of classical speci cation logics have been studied, AH91, LLW95] In this paper we focus on the classical notion of bisimulation [Mil89] which has already been introduced and studied for real time models by many researchers, e.g. in [Wan90, AKLN95, NSY93, AM94] A large part of the elegant theory of bisimulation for transition systems and reactive languages ....

....the elegant theory of bisimulation for transition systems and reactive languages has been lifted to the real time setting. As an example, bisimulation was shown decidable for nite timed transition systems by Cer ans [ Cer92] and ecient algorithms checking for bisimilarity have been discovered [LLW95, WL97] and implemented in tools for automatic veri cation [KN94] Our aim here is to apply the general categorical framework of open maps [JNW96] to timed transition systems. The open map approach provides a general concept of bisimulation for any categorical model of computation, i.e. models ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From timed automata to logic { and back. Proc. of MFCS'95, LNCS 969:pages 529-539, 1995.

....of representing the state space. Due to the regular and intuitive structure of regions they have proven very useful as a basis for a number of fundamental results concerning timed automata. In particular a number of decidability results have been proven based on (algorithms using) regions, e.g. [12, 13, 49, 103, 68, 84, 40, 28, 101]. Many of these prove decidability by explicitly stating an algorithm using the operations defined on regions, and have since been extended to more e#cient ways of representing sets of states. 2.2 Timed Automata Extended with Linear Cost Timed verification tools like Uppaal [109] and Kronos [41] ....

.... The notion of bisimulation equivalence was introduced for CCS in [130, 121] and has since been studied for a range of other modeling languages, especially process algebras [67, 104, 122] The notion of timed bisimulation was introduced in [145] and has since been studied in a number of papers e.g. [19, 125, 49, 103, 143]. The decidability of timed bisimulation was first shown in [49] by giving an algorithm based on regions. Since the introduction of the bisimulation equivalence for CCS a large number of other equivalences for CCS and other languages have been introduced. In [95] a general framework for defining ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. In Proc. of MFCS'95, Lecture Notes in Computer Sciencie, 1995. Also BRICS report series RS--95--2.

....timed modal logic to specify safety properties. In fact, the logic can also be used to specify bounded liveness properties such as whenever p becomes true, q will be true within a given time bound . The logic may be seen as a fragment of the timed calculus presented in [9] and also studied in [15]. Definition 4 Let K be a finite set of clocks. We shall call K formula clocks. Let Id be a set of identifiers. The set L s of formulas over K, Id, Act, and P is generated by the abstract syntax with and ranging over L s : cp j cp j j 88 j [a] j z in j Z where cp may be ....

....Act (an action) z 2 K and Z 2 Id (an identifier) 2 As before, we shall use tt to stand for a formula like x 0 which is always true, and ff for a formula x 0 which is always false for a formula clock x 2 K. Note that the logic is essentially the fragment of the timed modal logic presented in [15] by eliminating existential quantification over delay transitions, general disjunction over formulas, and existential quantification over a transitions. We do allow a simple form of disjunction, in that a clock constraint or an atomic proposition may be disjuncted with an arbitrary formula. We ....

F. Laroussinie and K.G. Larsen. From Timed Automata to Logic --- and Back. Lecture Notes in Computer Sciencie, 1995. Proc. of MFCS'95.

.... investigation of the application of Andersen s compositional model checking technique for real time systems (timed automata) In particular, ffl We give an effective construction of the quotient formula = S satisfying the requirement of (1) for a formula of the timed logic L introduced in [LLW95] and S a real time system given in terms of a timed automaton; ffl Based on a prototype implemented in CAML we make an experimental investigation of the above quotient construction combined with (some of) the minimization heuristics of Andersen. In the examples we consider the minimized quotient ....

....c. Then the automaton C d;e in Figure 1 is isomorphic to the part of B d Omega f A e which is reachable from (ae 0 ; j 0 ) 3 Timed Logic We consider a dense time logic L with clocks and recursion. This logic may be seen as a certain fragment of the calculus T presented in [HNSY92] In [LLW95] it has been shown that this logic is sufficiently expressive that for any timed automaton one may construct a single characteristic formula uniquely characterizing the automaton up to timed bisimilarity. Also, decidability of a satisfiability problem is demonstrated. allowing only maximal ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. Technical Report RS--95--2, BRICS,

.... for recent surveys) In particular, by using the standard region technique, it has been shown that region reachability for timed automata is decidable [3] This fundamental result and the technique help researchers, both theoretically and practically, in formulating various timed temporal logics [2, 4 6, 27, 32 34] and developing verification tools [11, 26, 30] Region reachability is useful but has intrinsic limitations. In many real world applications [14] we might also want to know whether a timed automaton satisfies a A short version [18] of this paper appears in the Proceedings of the 13th ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....are interpreted over a discrete time domain. The logics we develop in this thesis are interpreted over a real time domain and we are able to express quantitative time properties as the ones presented in both [ACD90] and [Han91] Furthermore, using an approach similar to the one described in [LLW95] we introduce a notion of formula clocks which enables a generalized interval time logic. The model checking approach used in the thesis is a proof systematic approach using the region technique of Alur and Dill [ACD90] to obtain a finite representation of the real time domain. The method used for ....

....These logics are called Real Time Probabilistic Logic (RTPL) RTPLweak and RTPL until , respectively. The logic RTPL is an extension of traditional HML [HM85] extended with time and probability operators. The timing extensions are based on the operators defined by Larsen, Laroussinie and Weise in [LLW95] where formulas can contain multiple formula clocks. In the logic RTPLweak we replace the strong action and delay modalities of RTPL with weak versions. That is we allow abstraction. Finally in the logic RTPL until we define operators similar to the until operators defined in CTL [CES83] but ....

[Article contains additional citation context not shown here]

Francois Laroussinie, Kim G. Larsen, and Carsten Weise. From timed automata to logic - and back. Brics Report Series, RS-95-2, 1995.

....temporal logic. This logic, which we call qu mu calculus, is similar to the mu calculus [19] in particular to a variant of it [4] in which the modal operators are rede ned to include the de nition of time constraints. Many logics have been de ned to deal with time aspects, see, for example [1 3, 14, 15, 20]. A fundamental feature of qu mucalculus is that its formulae can be used to drive the abstraction: in particular, given the actions and the time constraints occurring in the modal operators of a formula of the qu mu calculus, we use them in de ning an abstract (reduced) transition system on ....

F. Laroussinie, K.G. Larsen, C. Weise. From Timed Automata to Logic - and Back. In Proceedings of MFCS'95, Lecture Notes in Computer Science 969, 1995. 529-538.

....is presented and formulas are here interpreted over a discrete time domain. Our logic is interpreted over a dense time domain and we are able to express quantitative time properties as the ones presented in both [ACD90] and [Han91] Furthermore, using an approach similar to the one described in [LLW95] we introduce a notion of formula clocks which enables a generalized interval time logic. Finally, we present a model checking algorithm for RTPL based on a proof systematic approach using the region technique of Alur and Dill [ACD90] to obtain a finite representation of the dense time domain. A ....

....a; hm; fl 0 i) p we will often write hn; fli a;p Gamma hm; fl 0 i. 3 Real Timed Probabilistic Logic We consider a dense time probabilistic logic RTPL with formula clocks and probabilistic quantification. This logic can be seen as a probabilistic extension of the logic L presented in [LLW95]. With the difference though that we do not have recursion. Definition 3.1 Let K be a finite set of clocks and k an integer. Furthermore let p 2 Q0 be a probability parameter. Then RTPL is the set of formulas over K and k, given by the abstract syntax : F : tt j :F j F 1 F 2 j hffi p F j hffi ....

Francois Laroussinie, Kim G. Larsen, and Carsten Weise. From timed automata to logic - and back. Brics Report Series, RS-95-2, 1995.

....[4] in which the modal operators are redefined to include the definition of time constraints. Many logics have been defined to deal with time aspects, see, for example [2, 14] Although all of them handle quantitative time aspects, they can be used either in conjunction with a dense time domain [1, 3, 20] or with a discrete time domain [15, 14] A fundamental feature of qu mucalculus is that its formulae can be used to drive the abstraction: in particular, given the actions and the time constraints occurring in the modal operators of a formula OE of the qu mu calculus, we use them in defining an ....

F. Laroussinie, K.G. Larsen, C. Weise. From Timed Automata to Logic - and Back. In Proceedings of MFCS'95, Lecture Notes in Computer Science 969, 1995. 529--538.

....number of clocks. Enabling conditions in a timed automaton are in the form of (clock) regions: a clock or the difference of two clocks is tested against an integer constant, e.g. x y 8. The region technique [2] has been used to analyze region reachability, to develop a number of temporal logics [1, 3 5, 20, 24, 26, 29] and for model checking tools [19, 23, 30] The region technique is useful, but obviously not enough. For instance, it is not possible, using the region technique, to verify whether clock values satisfying a non region property x 1 x 2 x 3 x 4 are reachable for a timed automaton. The ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....generalise our result to TLPN. In the meantime, 2] introduces time on Automatas which led to a lot of results. Now, hybrid systems generalize this view (see [1] for an overview) Research on timed logic, after good work on qualitative time, now seems closely related to Timed Automata (like in [10]) and produces results on verification of Timed Automatas [9, 5] 3 Definitions This chapter give some definitions about Petri Nets (3.1) Merlin s Time Petri Nets (3.2) Time Stream Petri Nets (3.3) and temporal bisimulation (3.4) It introduces some new and useful concepts: first the formal ....

....the flows by an OR rule, the resource static interval of the ressource has to be ( 1; 0) which is not possible. That is why we introduce [ Delta] 3. 4 Equivalence It is known that bisimulation ( 13] is a good tool for comparing models, leading for timed systems, to a timed bisimulation [16, 10]. 16] use bisimulation for Timed CCS, and (like many others) splits events in actions (a or ) and delay (ffl(t) In TPNs and TSPNs, each action occurs at a time (but delay and action time are equivalent, has said in [1, p3] Definition 3.14 (Labeled Timed Transition System) A Labeled Timed ....

F. Laroussinie, K. G. Larsen, and W. Carsten. From timed automata to logic - and back. In Proc. 20th Int. Symp. Math. Found. Comp. Sci. (MFCS'95), volume 969 of LNCS, pages 529--539, Prague, Czech Republic, Aug.-Sep. 1995. Springer-Verlag.

....of timed automata is that region reachability is decidable. This has been proved by using the region technique [3] This result is very useful since in principle it allows some forms of automatic veri cation of timed automata. In particular, it helps in developing a number of temporal logics [2, 4 6, 15, 18 20], in investigating the modelchecking problem and in building model checking tools [14, 21, 17] see [1, 22] for surveys) In real world applications [7] clock constraints represented as clock regions are useful but often not powerful enough. For instance, we might want to argue whether a ....

F. Laroussinie, K. G. Larsen, and C. Weise, \From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....a number of clocks. Enabling conditions in a timed automaton are in the form of (clock) regions: a clock or the difference of two clocks is tested against an integer constant, e.g. x y 8. The region technique [3] has been used to analyze region reachability, develop a number of temporal logics [2, 4 6, 25, 30, 32, 35] and model checking tools [24, 29, 36] see [1, 37] for surveys) Region reachability is useful, but obviously not enough. For instance, we may want to know whether clock values satisfying a non region property x 1 x 2 x 3 x 4 are reachable for a timed automaton. Recently, Comon and Jurski [12] ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....constant, e.g. x y 8, where x and y are clocks. A fundamental result in the theory of timed automata shows that region reachability for timed automata is decidable [3] This result has been very useful in defining various real time logics, appropriate model checking algorithms and tools [2, 4, 6, 20, 22, 30, 31, 34] for verifying real time systems (see [1, 35] for surveys) However, not every real time system can be modeled as a timed automaton. A complex (not necessarily large) real time system might contain non region clock constraints, such as x 1 x 2 x 3 x 4 c, where x 1 ; x 2 ; x 3 ; x 4 are ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....of timed automata is that region reachability is decidable. This has been proved by using the region technique [3] This result is very useful since in principle it allows some forms of automatic verification of timed automata. In particular, it helps in developing a number of temporal logics [2, 6, 13, 15, 4, 16], in investigating the model checking problem and in building model checking tools [12, 17, 14] see [1, 18] for surveys) In real world applications [7] clock constraints represented as clock regions are useful but often not powerful enough. For instance, we might want to argue whether a ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

.... for recent surveys) In particular, by using the standard region technique, it has been shown that region reachability for timed automata is decidable [3] This fundamental result and the technique help researchers, both theoretically and practically, in formulating various timed temporal logics [2, 4 6, 20, 23 25] and developing verification tools [19, 26, 22] Region reachability is useful but has intrinsic limitations. In many real world applications [11] we might also want to know whether a timed automaton satisfies a nonregion property, e.g. x 1 2x 2 x 0 3 x 0 1 4x 0 2 3x 3 holds whenever ....

F. Laroussinie, K. G. Larsen, and C. Weise, "From timed automata to logic - and back," MFCS'95, LNCS 969, pp. 529-539

....Each transition comes together with some clock resets and an enabling condition, whose satisfaction depends on the current clock values. Temporal properties of real time systems have been expressed and studied through temporal logics such as TPTL [7] TCTL [2, 14, 20] MITL [6] timed calculi [14, 15]. These logics are in general undecidable, with the notable exception of MITL. On the other hand, the model checking is decidable for the (real time) branching time logics, though hard in general. Timed models are harder than untimed ones since they can be seen as infinite state systems in which ....

F. Laroussinie, K. Larsen, and C. Weise. From timed automata to logic -- and back. In Proc. 20th Conf. on Foundations of Computer Science, volume 969 of Lecture Notes in Computer Science, Prag, 1995. Springer-Verlag.

....checking problem is reduced to the emptyness problem if the given temporal logic is transformed to CTSMX (or timed automata) Then, a system M satisfies a formula p if M jjM:p is empty. There exist some results for the transformation from timed linear time temporal logics to timed automata [Alu91, LLW95, Wil95] 4.4 Comparison We note that the definition of CTSMX is same as the one of timed automata. There exist several approaches for generating reachable states for timed automata [NSY92, 43 ACH 95, DY95, YPD94] In this section, we will compare our approach with these approaches, ....

F. Laroussinie, K. G. Larsen, and C. Weise. From Timed Automata to Logic - and Back. In Proceedings of Symposium on Mathematical Foundations of Computer Science, 1995.

....Each transition comes together with some clock resets and an enabling condition, whose satisfaction depends on the current clock values. Temporal properties of real time systems have been expressed and studied through temporal logics such as TPTL [7] MITL [6] TCTL [2, 15, 19] timed calculi [15, 16]. These logics are in general undecidable, with the notable exception of MITL. On the other hand, the model checking is decidable for the (real time) branching time logics, though hard in general. Timed models are harder than untimed ones since they can be seen as infinite state systems in which ....

F. Laroussinie, K. Larsen, and C. Weise. From timed automata to logic -- and back. In Proc. 20th Conf. on Foundations of Computer Science, volume 969 of Lecture Notes in Computer Science, Prag, 1995. Springer-Verlag.

....to contract the whole reachable state space of systems. We consider a timed modal logic to specify safety and bounded liveness properties (sometimes called bounded response time properties) The logic may be seen as a fragment of the timed calculus presented in [HNSY92] and also studied in [LL95b] 2 . Diagnostic Model Checking. Given a network of timed automata A and a formula in the logic specifying a property, the so called model checking problem is to check if a formula is satisfied by the system. In this paper we take an opposite point of view and check A 6 j= instead of A j= ....

F. Laroussinie and K.G. Larsen. From Timed Automata to Logic --- and Back. In Proc. of MFCS'95, Lecture Notes in Computer Sciencie, 1995. Also BRICS report series RS--95--2.

....PTL [63] include MTL [8] RTTL [61] TPTL [6] and XCTL [36] The commonly used branching time logic CTL [18] has been turned into RTCTL [30] and TCTL [3] The modal mu calculus has also been adapted for real time specifications. T of Henzinger et al. 38] is one such extension. Larsen et al. in [46] independently from us came up with a real time mu calculus that is very close to the one we will be using. A very different version of real time mu calculus that uses discrete time (see below) has been put forward by Emerson [27] We now outline the main design decisions in constructing a ....

F. Laroussinie, K. G. Larsen, and C. Weise. From timed automata to logic - and back. In Proceedings of MFCS'95, 1995.

....e.g. we obtain for every location of the automaton the minimal dimension of the clock space of that location, in terms of the number of relevant clocks and the size of their domains. We expect that from this information also an estimation of the minimal number of clocks can be derived (see [7] for an algorithm to minimize the number of clocks) To the best of our knowledge, this is the first paper in which minimization of timed systems is treated at the level of transition systems. The work on minimization of timed systems done in [1, 11] concentrated on minimization of the region ....

K.G. Larsen, F. Laroussinie, and C. Weise. From timed automata to logic --- and back. In Proceedings 20th International Symposium on Mathematical Foundations of Computer Science (MFCS'95), Prague, Czech Republic, volume 969 of Lecture Notes in Computer Science. Springer-Verlag, 1995.

....systems has been lifted successfully to the setting of formalisms modelling real time behaviour of systems. As examples, many results from automata theory apply also to timed automata, AD90,AD94,ACM97] and a number of timed versions of classical specification logics have been studied, AH91,LLW95] In this paper we study the notion of bisimulation [Mil89] for timed transition systems. The notion of bisimulation for timed models has already been introduced and studied by many researchers, e.g. in [Wan90,AKLN95,NSY93] Timed bisimulation was shown decidable for finite timed transition ....

.... The notion of bisimulation for timed models has already been introduced and studied by many researchers, e.g. in [Wan90,AKLN95,NSY93] Timed bisimulation was shown decidable for finite timed transition systems by Cer ans in [ Cer92] and since then more efficient algorithms have been discovered [LLW95,WL97] and implemented in tools for automatic verification[KN94] These results like most other results concerning verification of real time systems build on the region construction [AD90,AD94] which makes it possible to express the uncountable behaviour of a real time system in a finite way. One ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From timed automata to logic -- and back. Proc. of MFCS'95, LNCS 969:pages 529--539, 1995.

....The extension of model checking to the speci cation and veri cation of realtime systems has been thoroughly studied in the last few years. This has led to the development of speci cation logics that extend standard untimed formalisms with the quantitative analysis of timing constraints (see, e.g. [6,8,11,23,40,42,54,65]) and to important theoretical results investigating the limits of decidability for model checking. This theory is now embodied in veri cation tools like HyTech [70] Kronos [76] and Uppaal [58] which have been successfully used in the veri cation of non trivial systems (see, e.g. ....

.... we address the same kind of problem for the timed case: what happens if time is inserted either only in the model or only in the formula And what happens if we use less expressive logics with restricted operators We consider several timed modal property languages: L has been introduced in [54], and is the speci cation language used in the tool CMC [53] L s is a fragment of L which has been proposed in [57] in order to improve the e ciency of model checking in practice; SBLL [2] for Safety and Bounded Liveness Logic) and L 8S [1] have been introduced for their properties with ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise, From timed automata to logic - and back, in Proc. of the 20th. International Symposium on Mathematical Foundations of Computer Science, MFCS'95, J. Wiedermann and P. Hjek, eds., vol. 969 of Lecture Notes in Computer Science, Prague, Czech Republic, August 28 - September 1 1995, Springer-Verlag, pp. 529539.

....that (s; u) j= 4 Safety Modal Property Language In the sequel, we will consider a dense time property language with clocks, suitable for the specification of safety and bounded liveness properties of TLTSs. This property language is a fragment of the L property language presented in [LLW95] taking into account the current distinction between urgent and non urgent actions. For the sake of clarity, we begin by presenting a first natural candidate for our property language, called SBLL, and show that it is testable (Sections 4.1 and 4.2) We then show that the formalism of test ....

....that is not under the scope of some max operator is said free. We use SBLL to stand for the collection of closed recursive formulae in SBLL that do not contain occurrences of the basic propositions haitt. We use clocks( to denote the collection of clocks occurring in the formula . Following [LLW95] closed recursive formulae in SBLL are interpreted over extended states of TLTSs, i.e. over pairs of the form (s; v) where s is a state of a TLTS and v is a valuation for the clocks in K. But, because of Proposition 3.5, the interpretation of SBLL defined as in [LLW95] is not suitable in our ....

[Article contains additional citation context not shown here]

LAROUSSINIE, F., LARSEN, K. G., and WEISE, C. From Timed Automata to Logic -- and Back. In Proc. 20th Int. Symp. Mathematical Foundations of Computer Science (MFCS'95), vol. 969 of Lecture Notes in Computer Science, pp. 27--41. Springer-Verlag,

....that (s; u) j= 4 Safety Modal Property Language In the sequel, we will consider a dense time property language with clocks, suitable for the specification of safety and bounded liveness properties of TLTSs. This property language is a fragment of the L property language presented in [LLW95] taking into account the current distinction between urgent and non urgent actions. For the sake of clarity, we begin by presenting a first natural candidate for our property language, called SBLL, and show that it is testable (Sections 4.1 and 4.2) We then show that the formalism of test ....

....that is not under the scope of some max operator is said free. We use SBLL to stand for the collection of closed recursive formulae in SBLL that do not contain occurrences of the basic propositions haitt. We use clocks( to denote the collection of clocks occurring in the formula . Following [LLW95] closed recursive formulae in SBLL are interpreted over extended states of TLTSs, i.e. over pairs of the form (s; v) where s is a state of a TLTS and v is a valuation for the clocks in K. But, because of Proposition 3.5, the interpretation of SBLL defined as in [LLW95] is not suitable in our ....

[Article contains additional citation context not shown here]

LAROUSSINIE, F., LARSEN, K. G., and WEISE, C. From Timed Automata to Logic -- and Back. In Proc. 20th Int. Symp. Mathematical Foundations of Computer Science (MFCS'95), vol. 969 of Lecture Notes in Computer Science, pp. 27--41. Springer-Verlag,

.... following grammar: ff j 1 2 j g j 88 j [a] j haitt (a 2 U) j x in j X j max(X; g : x p j x y p where a 2 Act[ffailg, x; y 2 K, p 2 N, 2 f ; g, X is a formula variable and max(X; stands for the maximal solution of the recursion equation X = 7 Following [7], the formulae in SBLL were interpreted in [2] over extended states of TLTSs, i.e. over pairs of the form hs; vi, where s is a state of a TLTS and v is a valuation for the clocks in K. For the sake of clarity in the presentation, we recall that the satisfaction relation for SBLL is the largest ....

....complete 8 with respect to the collection of reachability properties expressible by means of test automata, in the sense of Defn. 3.2. The property language we study here is an extension of the one considered in [2] cf. Defn. 4. 1) and is closely related to the modal logic L presented in [7], and further investigated in [6] De nition 4.2. The property language L 8S consists of the formulae over K generated by the grammar obtained from the one in Defn. 4.1 by replacing constructs of the form 88 with 88 S , where S is a collection of urgent actions. We use L 8S to stand for the ....

F. Laroussinie, K. G. Larsen, and C. Weise, From timed automata to logic - and back, in Proc. of the 20th. International Symposium on Mathematical Foundations of Computer Science, MFCS'95, J. Wiedermann and P. Hjek, eds., vol. 969 of Lecture Notes in Computer Science, Prague, Czech Republic, August 28 - September 1 1995, Springer-Verlag, pp. 529539.

.... following grammar: ff j 1 2 j g j 88 j [a] j haitt (a 2 U) j x in j X j max(X; g : x p j x Gamma y p where a 2 Act [ ffailg, x; y 2 K, p 2 N, 2 f ; g, X is a formula variable and max(X; stands for the maximal solution of the recursion equation X = Following [7], the formulae in SBLL were interpreted in [2] over extended states of TLTSs, i.e. over pairs of the form hs; vi, where s is a state of a TLTS and v is a valuation for the clocks in K. For the sake of clarity in the presentation, we recall that the satisfaction relation for SBLL is the largest ....

....the sense of Defn. 3.2. m1 a k : 0 m2 m3 k = 0 mT m0 k : 0 b Figure 3: A test automaton that cannot be expressed in SBLL (a 2 U) The property language we study here is an extension of the one considered in [2] cf. Defn. 4. 1) and is closely related to the modal logic L presented in [7], and further investigated in [6] Denition 4.2. The property language L 8S consists of the formulae over K generated by the grammar obtained from the one in Defn. 4.1 by replacing constructs of the form 88 with 88 S , where S is a collection of urgent actions. We use L Gamma 8S to stand for ....

F. Laroussinie, K. G. Larsen, and C. Weise, From timed automata to logic - and back, in Proc. of the 20th. International Symposium on Mathematical Foundations of Computer Science, MFCS'95, J. Wiedermann and P. H#jek, eds., vol. 969 of Lecture Notes in Computer Science, Prague, Czech Republic, August 28 - September 1 1995, Springer-Verlag, pp. 529539.

.... investigation of the application of Andersen s compositional model checking technique for real time systems (timed automata) In particular, We give an effective construction of the quotient formula = S satisfying the requirement of (1) for a formula of the timed logic L introduced in [16] and S a real time system given in terms of a timed automaton; Based on a prototype implemented in CAML we make an experimental investigation of the above quotient construction combined with (some of) the minimization heuristics of Andersen. In the examples we consider the minimized quotient ....

....= c. Then the automaton C d;e in Figure 1 is isomorphic to the part of Bd Omega f Ae which is reachable from (ae 0 ; j0 ) 2 3 Timed Logic We consider a dense time logic L with clocks and recursion. This logic may be seen as a certain fragment 8 of the calculus T presented in [13] In [16] it has 8 allowing only maximal recursion and using a slightly different notion of model been shown that this logic is sufficiently expressive that for any timed automaton one may construct a single characteristic formula uniquely characterizing the automaton up to timed bisimilarity. Also, ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. 1995. To appear in Proceedings of MFCS'95.

....avoids to construct the whole reachable state space of systems. We consider a timed modal logic to specify safety and bounded liveness properties (sometimes called bounded response time properties) The logic may be seen as a fragment of the timed calculus presented in [5] and also studied in [9] 8 . Definition 3. Syntax) Assume K is a finite set of clocks. Then formulas over K is defined by the following abstract syntax: a j 1 2 j a j Inv( j Until r a where r K and a : c j p where c is an atomic clock constraint over K and p 2 P ut Intuitively, for Inv( to be ....

.... and in this case, oe is called a diagnostic trace of A w.r.t. ut 6 r(u) is the assignment s.t. r(u) x) 0 if x 2 r and r(u) x) u(x) otherwise. 7 (u d) is the assignment s.t. u d) x) u(x) d. 8 The connectives of our logic are expressible as derived operators w.r.t. those of [9]. oe j=v c iff c(v) oe j=v p iff p 2 V (oe) oe j=v 1 2 iff oe j=v 1 and oe j=v 2 oe j=v a iff oe j=v a or oe j=v oe j=v Inv( iff 8 : oe( j= v Delta(oe; oe j=v Untilr a iff 8 : 8 : oe( j= r(v) Delta(oe; or 9 : i oe( j= r(v) Delta(oe; a 8 ....

F. Laroussinie and K.G. Larsen. From Timed Automata to Logic --- and Back. In Proc. of MFCS'95, Lecture Notes in Computer Sciencie, 1995. Also BRICS report series RS--95--2.

....on a small collection of efficiently implementable strategies. In our setting, Andersen s collection is extended to include strategies for propagating and simplifying timing constraints. We report on a new symbolic and compositional verification technique developed for the real time logics L [17] and a fragment L s designed specifically for expressing safety and bounded liveness properties. Comparatively less expressive than TCTL and T , the fragment L s is still sufficiently expressive for practical purposes allowing a number of operators of other logics to be derived. Most importantly, ....

....function defined by f(a; 0) a, f(b; b) b and f(0; c) c. Then the automaton C m;n in Figure 1 is timed bisimilar to the part of Am Omega f Bn which is reachable from (h 0 ; k 0 ) ut 3 Timed Logics We first introduce the syntax and semantics of the dense time logic L presented in [17]. For the practical goal of verification of real time systems, we find that it suffices to consider a certain fragment L s especially designed to express safety and bounded liveness properties. Most importantly, as we shall show in subsequent sections, the rectriction to L s allows for extremely ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. Lecture Notes in Computer Science, 1995. To occur in Proceedings of MFCS. Also BRICS report series RS--95--2.

....Finally, for two timed automata A and B and a synchronization function f , the parallel composition A j f B denotes the timed transition system SA j f SB . 2. 2 Specifications To specify safety and bounded liveness properties of timed systems, we use the timed modal logic L s , studied in [14, 15, 16]. Let K be a finite set of clocks, called formula clocks, and Id a set of identifiers. The set of formulas of L s over K, Id, Act, and P is generated by the following syntax with and ranging over L s : cp j cp j j 88 j [a] j z in j Z where cp may be an atomic clock ....

....a prototype tool called CMC (Compositional Model Checking) 11 . CMC enables us to compute the quotient of an L s formula with respect to a timed automaton and then to simplify the quotient using our simplification. In fact, CMC enables quotienting with respect to formulas of the richer logic L [14] which allows general disjunction and existential modalities (99, hai) All simplification techniques of L s can be applied (and have been implemented in CMC) to L with the exception that no constraint propagation has been given for general disjunction and the existential modalities. A few new ....

F. Laroussinie, K.G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. In Proc. of MFCS'95, Lecture Notes in Computer Sciencie, 1995. Also BRICS report series RS--95--2.

....modal logic to specify safety properties. In fact, the logic can also be used to specify bounded liveness properties such as whenever p becomes true, q will be true within a given time bound . The logic may be seen as a fragment of the timed calculus presented in [9] and also studied in [15]. Definition 4 Let K be a finite set of clocks. We shall call K formula clocks. Let Id be a set of identifiers. The set L s of formulas over K, Id, Act, and P is generated by the abstract syntax with and ranging over L s : cp j cp j j 88 j [a] j z in j Z where cp may be ....

....(an action) z 2 K and Z 2 Id (an identifier) 2 As before, we shall use tt to stand for a formula like x 0 which is always true, and ff for a formula x 0 which is always false for a formula clock x 2 K. Note that the logic is essentially the fragment of the timed modal logic presented in [15] by eliminating existential quantification over delay transitions, general disjunction over formulas, and existential quantification over a transitions. We do allow a simple form of disjunction, in that a clock constraint or an atomic proposition may be disjuncted with an arbitrary formula. We ....

F. Laroussinie and K.G. Larsen. From Timed Automata to Logic --- and Back. Lecture Notes in Computer Sciencie, 1995. Proc. of MFCS'95.

....greater than M (provided any such exits) Combining the characteristic formula construction with the bounded model construction algorithm enables us to decide whether an automaton can be simplified in terms of number of clocks and constants used for comparison. A full version can be found in [18]. 2 Timed Automata Let A be a fixed set of actions ranged over by a; b; c; We denote by N the set of natural numbers and by R the set of non negative real numbers. D denotes the set of delay actions fffl(d) j d 2 Rg, and L denotes the union A[D. If C is a set of clocks, B(C) denotes the ....

.... 0 0] u] C 0 0]u] Moreover given a region fl, we can define the successor region of fl (denoted by succ(fl) Informally the change from fl to succ(fl) correspond to the minimal elapse of time which can modify the enabled actions of the current state( a formal definition is given in [18]) We denote by fl l the l th successor region of fl (i.e. fl l = succ l (fl) From each region fl, it is possible to reach a region fl 0 s.t. succ(fl 0 ) fl 0 , and we denote by l fl the required number of step s.t. fl l fl = succ(fl l fl ) Example 3. The Figure 2 gives an ....

[Article contains additional citation context not shown here]

F. Laroussinie, K. G. Larsen, and C. Weise. From Timed Automata to Logic --- and Back. Technical Report RS--95--2, BRICS, 1995. Accessible through WWW: http://www.brics.aau.dk/BRICS.

No context found.

F. Laroussinie. From Timed Automata to Logic and Back. Technical Report RS-95-2, Basic Research in Computer Science, January 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC