Alur, R., Itai, A., Kurshan, R., Yannakakis, M.: Timing verification by successive approximation. Information and Computation 118(1) (1995) 142--157  Home/Search   Document Details and Download   Summary   Related Articles   Check

....the reachability graph and we believe the situation can be improved significantly if we modify the algorithm to take advantage of the acyclic nature of the automata. 6 Discussion There have been numerous publications on abstraction in general and abstraction of timed systems in particular, e.g. AIKY95,WD94,B96,PCKP00] some based on relaxing the timing constraints and refining them successively if the abstract system cannot be verified. In [TAKB96] an assume guarantee framework is defined for timed automata, which is used later to verify a multi stage asynchronous circuit [TB97] by using small ....

R. Alur, A. Itai, R.P. Kurshan and M. Yanakakis, Timing Verification by Successive Approximation, Information and Computation 118, 142-157, 1995.

....compact for automatic analysis. This brings us to the second area of human intervention, namely, the definition of a suitable abstraction. Recently, a class of techniques have been developed which construct program abstractions fully automatically by counterexampleguided abstraction refinement [3, 11, 49]. These methods extract progressively finer finite state models from programs. The program abstractions are sound: if the desired property holds on an abstract program, then it holds also on the concrete program. If, however, the property fails on the abstract program, then the model checker ....

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142--157, 1995.

....of the states hampers an efficient representation of large state spaces with BDDs. Even the discretization of time [8] poses serious problems when the number of clocks or the constants of the timing constraints are large. An interesting approach to face this complexity problem was proposed in [2], where the clocks used during verification and their accuracy are determined dynamically upon demand. In this way, only that timing information relevant to the properties being verified emerges during the calculation of the reachable states. This paper tackles the verification of complex timed ....

....[10] on a set of event structures that covers the traces containing violations of property . System model. The system under analysis is modeled by means of a timed transition system (TTS) 7] composed of a non empty ( 2. 5,3] ordering Wrong d c b a (a) b) d) c) [1,2] [1,2] 0.5,0.5] b b d y g d b b g g g c c c c x b c a a a d d c x a b b g g b c y c g g g d c a a y c c c x a b g d c y a b g g b c y d c c c c (s0, C0) s0, C0, X0) s2 s3 s6 s5 s8 s7 s10 s13 s11 s14 s0 s1 s4 s9 ....

[Article contains additional citation context not shown here]

R. Alur, A. Itai, R. Kurshan, and M. Yannakakis. Timing verification by successive approximations. Information and Computation, 118(1):142--157, 1995.

....in that standard benchmark examples for timed systems such as the train gate controller and a version of the Fischer mutual exclusion protocol can generally be proved using only a few abstraction predicates. Such an observation has already been made by Alur, Itai, Kurshan, and Yannakakis [AIKY95] in a similar context. However, more experimentation is needed to corroborate the conjecture that many real life timed systems can already be verified with rather coarse grain abstractions. Related Work Our introduction of a non convergence assumption can be seen as a syntactic way of enforcing ....

Rajeev Alur, Alon Itai, Robert P. Kurshan, and Mihalis Yannakakis. Timing Verification by Successive Approximation. Information and Computation, 118(1):142--157, April 1995. 144

....in that standard benchmark examples for timed systems such as the train gate controller and a version of the Fischer mutual exclusion protocol can generally be proved using only a few abstraction predicates. Such an observation has already been made by Alur, Itai, Kurshan, and Yannakakis [AIKY95] in a similar context. However, more experimentation is needed to corroborate the thesis that many real life timed systems can already be verified with rather coarse grain abstractions. The algorithm as described in this paper is restricted to deal with realtime systems with finite control only. ....

Rajeev Alur, Alon Itai, Robert P. Kurshan, and Mihalis Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142--157, April 1995.

....function (see Bryant [83] The timing verification problem for sequential systems, on the other hand, still needs to be formulated in a way that permits the solution of practical problems in a reasonable amount of space and time. One possibility, proposed almost simultaneously by [84] and [85], is to incrementally add timing constraints to an initially untimed model, rather than immediately building the full blown timed automaton. This addition should be done iteratively, to gradually eliminate all false violations of the desired properties due to the fact that some timing properties ....

R. Alur, A. Itai, R. Kurshan, and M. Yannakakis, "Timing verification by successive approximation," in Proc. of the Computer Aided Verification Workshop, 1993, pp. 137--150.

....of the states hampers an efficient representation of large state spaces with BDDs. Even the discretization of time [8] poses serious problems when the number of clocks or the constants of the timing constraints are large. An interesting approach to face this complexity problem was proposed in [2], where the clocks used during verification and their accuracy are determined dynamically upon demand. In this way, only that timing information relevant to the properties being verified emerges during the calculation of the reachable states. This paper tackles the verification of complex timed ....

....of event structures that covers the traces containing violations of property P . System model. The system under analysis Y is modeled by means of a timed transition system (TTS) 7] composed of a non empty ( 2. 5,3] ordering Wrong d d d d g c b a (a) b) d) c) [1,2] [1,2] 0.5,0.5] g b b d y g d b b g g g c c c c x b c a a a d d c x a b b g g b c y c g g g d c a a y c c c x a b g d c y a b g g b c y d c c c c c (s0, C0) s0, C0, X0) s2 s3 s6 s5 s8 s7 s10 s13 s11 s14 s0 s1 s4 ....

[Article contains additional citation context not shown here]

R. Alur, A. Itai, R. Kurshan, and M. Yannakakis. Timing verification by successive approximations. Information and Computation, 118(1):142--157, 1995.

....case is [ACD90] The idea there is to define a finite partition of the complete infinite state space, including time, into regions, such that the elements of each region behave equivalently. Because of the finiteness of the partition then model checking techniques apply. In another method, in [AIKY93] timing issues are initially ignored altogether. Then approximations are made, until a result is achieved. ffl Process Algebras Process algebras have been extended by time, like the proposals in [BB91] for ACP and in [NSY92] for the process algebra ATP. The CSP based process algebra LOTOS, ....

R. Alur, A.Itai, R.Kurshan, M.Yannakakis. Timing verification by successive approximation. In: Proceedings of the Fourth International Conference on Computer-Aided Verification (Springer-Verlag), 1993.

....the system ##,insuchawaythatatleastthe wrong trace is removed and no timing consistent trace is removed. a a a c b c c c g g g c b b x g g b d b d y s6 s5 s8 s3 s13 s11 s7 s14 s10 s2 s0 s1 s4 s9 (a) ba g d x c y (b) a g d b c x y (c) 2. 5,3] [1,2] [0.4,0.4] 1,2] a d c b d d d g (d) a a c b c c c c g g x g b b a g g b d b d y s6 s5 s8 s3 s13 s11 s7 s14 s10 s0 s1 s4 s9 s2 (e) Figure 1. Example 1. a) Timed transition system with delay intervals specified in (d) b,c) ....

....wrong trace is removed and no timing consistent trace is removed. a a a c b c c c g g g c b b x g g b d b d y s6 s5 s8 s3 s13 s11 s7 s14 s10 s2 s0 s1 s4 s9 (a) ba g d x c y (b) a g d b c x y (c) 2.5,3] 1,2] 0.4,0. 4] [1,2] a d c b d d d g (d) a a c b c c c c g g x g b b a g g b d b d y s6 s5 s8 s3 s13 s11 s7 s14 s10 s0 s1 s4 s9 s2 (e) Figure 1. Example 1. a) Timed transition system with delay intervals specified in (d) b,c) Event structures covering the ....

[Article contains additional citation context not shown here]

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing Verification by Successive Approximation. Information and Computation, 118(1):142--157, 1995.

....We briefly describe a case study involving timing properties of the Ethernet protocol, as formally specified by Weinberg and Zuck [22] Previous attempts at verifying this protocol either abstracted away from timing information, or used drastically simpler models. Related work Alur et al. [3] and Balarin et al. 4, 5] describe approximation algorithms which use a different methodology from ours. Their approach assumes that not many timing constraints in the system are necessary for its correct operation. They initially attempt to verify the system based only on logical constraints. ....

R. Alur, A. Itai, R. Kurshan, and M. Yannakakis. Timing verification by successive approximation. In Proc. of 4th CAV, LNCS 663, Springer-Verlag, 1993.

....formalism for representing timed systems and properties. In most cases, verification with timed automata is complex. Iterative methods have been used to alleviate this complexity in cases where only a part of the timing information from the system is necessary to prove the property desired ([AIKY92], LB93] Bal95] A timed automaton is said to have the simple path property (SPP) if any given sequence of states is traversable if and only if it is traversable by a simple path [LB93] where traversable means that there is a timing consistent path that visits each state in the sequence in ....

....a final state if undesired behavior occurs. The verification problem is then posed as the language emptiness of the product of the system and the monitor, i.e. one tries to prove that the final states are not reachable from the initial states. We will use the train gate controller of [Wu94] and [AIKY92], depicted in Figure 1 as an illustrative example in the rest of the paper. This example consists of three modules: a train, a gate and a controller. When the train approaches, the controller lowers the gate, and raises it after the train has exited. All modules are modelled by timed automata, as ....

R. Alur, A. Itai, R. P. Kurshan, and M. Yannakakis. Timing Verification by Successive Approximation. In Proc. of International Conference on Computer Aided Verification, 1992.

....function (see Bryant [BC95] The timing verification problem for sequential systems, on the other hand, still needs to be formulated in a way that permits the solution of practical problems in a reasonable amount of space and time. One possibility, proposed almost simultaneously by [BSV92] and [AIKY93] is to incrementally add timing constraints to an initially untimed model, rather than immediately building the full blown timed automaton. This addition should be done iteratively, to gradually eliminate all false violations of the desired properties due to the fact that some timing ....

R. Alur, A. Itai, R. Kurshan, and M. Yannakakis. Timing verification by successive approximation. In Proceedings of the Computer Aided Verification Workshop, pages 137--150, 1993.

No context found.

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142-- 157, 1995.

....The label [1; 2] on the edge from s 1 to r 1 specifies the lower and upper bounds on the delay of message delivery. The label [5; 6] on the vertical line from r 1 to s 2 specifies bounds on the delay between r 1 to s 2 , and models an assumption about the speed of process p 2 . The event set timer [1,2] [1,2] 4 [1,2] 5,6] set timer expire 1 p 2 p 1 FIGURE 5. An MSC with timing constraints corresponds to setting a timer which expires after 4 time units. The timing information, in this case, is consistent with the visual order of the two receive events expire and r 2 . In fact, we ....

....[1; 2] on the edge from s 1 to r 1 specifies the lower and upper bounds on the delay of message delivery. The label [5; 6] on the vertical line from r 1 to s 2 specifies bounds on the delay between r 1 to s 2 , and models an assumption about the speed of process p 2 . The event set timer [1,2] [1,2] 4 [1,2] 5,6] set timer expire 1 p 2 p 1 FIGURE 5. An MSC with timing constraints corresponds to setting a timer which expires after 4 time units. The timing information, in this case, is consistent with the visual order of the two receive events expire and r 2 . In fact, we can ....

[Article contains additional citation context not shown here]

R. Alur, A. Itai, R.P. Kurshan, M. Yannakakis. Timing verification by successive approximation. Information and Computation 118(1), pp. 142--157, 1995.

....automatically by analyzing spurious counter examples generated by the search in the abstract state space. Counter example guided refinement of abstractions has been used in multiple contexts before, for instance, to identify the relevant timing constraints in verification of timed automata [9], to identify the relevant boolean predicates in verification of C programs [11] and to identify the relevant variables in symbolic model checking [21] In sections 5 and 6 we present the basic techniques for analyzing counter examples and techniques for discovering new predicates that will rule ....

....and the clock exceeds three time units. The control can switch to the Cool location, which models that the thermostat is switched o#, when the guard T 9 is enabled. This means, the switch from Heat to Cool can happen non deterministically at any time when the temperature T is in the interval [9, 10]. The control remains in the Cool location, until the temperature is in the interval [5, 6] when it switches back to the Heat location. This transition has a reset, which resets the clock t : 0. The third location, Check, models a self checking mode of the thermostat controller. The invariant in ....

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142--157, 1995.

No context found.

Alur, R., Itai, A., Kurshan, R., Yannakakis, M.: Timing verification by successive approximation. Information and Computation 118(1) (1995) 142--157

No context found.

R. Alur, A. Itai, R.P. Kurshan, M. Yannakakis. Timing verification by successive approximation. Information and Computation, 118:142--157, 1995.

No context found.

R. Alur, A. Itai, R. Kurshan, and M. Yannakakis. Timing verification by successive approximations. Information and Computation, 118(1):142--157, 1995.

No context found.

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing verification by successive approximation. Information and Computation 118(1), pages 142--157, 1995.

No context found.

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142--157, 1995.

No context found.

R. Alur, A. Itai, R.P. Kurshan, and M. Yannakakis. Timing verification by successive approximation. Information and Computation, 118:142--157, 1995.

No context found.

Rajeev Alur, Alon Itai, Robert P. Kurshan, and Mihalis Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142-- 157, 1995.

No context found.

Rajeev Alur, Alon Itai, Robert P. Kurshan, and Mihalis Yannakakis. Timing verification by successive approximation. Information and Computation, 118(1):142--157, April 1995.

No context found.

R. Alur, A. Itai, R.P. Kurshan and M. Yanakakis, Timing Verification by Successive Approximation, Information and Computation 118, 142-157, 1995.

No context found.

R.Alur, A.Itai, R.Kurshan and M.Yannakakis, Timing Verification by Successive Approximation, Proc. Jth Workshop Computer-Aided Verification, Lecture Notes in Computer Science 663, Springer-Verlag, 1992.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC