Results 11  20
of
325
Specifying Timed State Sequences in Powerful Decidable Logics and Timed Automata (Extended Abstract)
 LNCS 863
, 1994
"... ) Thomas Wilke ChristianAlbrechtsUniversitat zu Kiel, Institut fur Informatik und Praktische Mathematik, D24098 Kiel, Germany ? Abstract. A monadic secondorder language, denoted by Ld, is introduced for the specification of sets of timed state sequences. A fragment of Ld, denoted by L $ d, is ..."
Abstract

Cited by 56 (0 self)
 Add to MetaCart
(Show Context)
) Thomas Wilke ChristianAlbrechtsUniversitat zu Kiel, Institut fur Informatik und Praktische Mathematik, D24098 Kiel, Germany ? Abstract. A monadic secondorder language, denoted by Ld, is introduced for the specification of sets of timed state sequences. A fragment of Ld, denoted by L $ d, is proved to be expressively complete for timed automata (Alur and Dill), i. e., every timed regular language is definable by a L $ dformula and every L $ dformula defines a timed regular language. As a consequence the satisfiability problem for L $ d is decidable. Timed temporal logics are shown to be effectively embeddable into L $ d and hence turn out to have a decidable theory. This applies to TL \Gamma (Manna and Pnueli) and EMITLp , which is obtained by extending the logic MITLp (Alur and Henzinger) by automata operators (Sistla, Vardi, and Wolper). For every positive natural number k the full monadic secondorder logic Ld and L $ d are equally expressive modulo the set of timed...
Discovering properties about arrays in simple programs
 PLDI’2008
, 2008
"... Array bound checking and array dependency analysis (for parallelization) have been widely studied. However, there are much less results about analyzing properties of array contents. In this paper, we propose a way of using abstract interpretation for discovering properties about array contents in so ..."
Abstract

Cited by 49 (2 self)
 Add to MetaCart
(Show Context)
Array bound checking and array dependency analysis (for parallelization) have been widely studied. However, there are much less results about analyzing properties of array contents. In this paper, we propose a way of using abstract interpretation for discovering properties about array contents in some restricted cases: onedimensional arrays, traversed by simple “for ” loops. The basic idea, borrowed from [15], consists in partitioning arrays into symbolic intervals (e.g., [1, i−1], [i, i], [i + 1, n]), and in associating with each such interval I and each array A an abstract variable AI; the new idea is to consider relational abstract properties ψ(AI, BI,...) about these abstract variables, and to interpret such a property pointwise on the interval I: ∀ℓ ∈ I, ψ(A[ℓ], B[ℓ],...). The abstract semantics properties has been defined and implemented in a prototype tool. The method is able, for instance, to discover that the result of an insertion sort is a sorted array, or that, in an array traversal guarded by a “sentinel”, the index stays within the bounds.
Timing Analysis in COSPAN
 In Hybrid Systems III
, 1996
"... . We describe how to model and verify realtime systems using the formal verification tool Cospan. The verifier supports automatatheoretic verification of coordinating processes with timing constraints. We discuss different heuristics, and our experiences with the tool for certain benchmark problems ..."
Abstract

Cited by 46 (7 self)
 Add to MetaCart
. We describe how to model and verify realtime systems using the formal verification tool Cospan. The verifier supports automatatheoretic verification of coordinating processes with timing constraints. We discuss different heuristics, and our experiences with the tool for certain benchmark problems appearing in the verification literature. 1 Introduction Model checking is a method of automatically verifying concurrent systems in which a finitestate model of a system is compared with a correctness requirement. This method has been shown to be very effective in detecting errors in highlevel designs, and has been implemented in various tools. We consider the tool Cospan that is based on the theory of !automata (!automata are finite automata accepting infinite sequences, see [Tho90] for a survey, and [VW86, Kur94] for applications to verification). The system to be verified is modeled as a collection of coordinating processes described in the language S/R [Kur94]. The semantics of su...
Verifying quantitative properties of continuous probabilistic timed automata
, 2000
"... Abstract. We consider the problem of automatically verifying realtime systems with continuously distributed random delays. We generalise probabilistic timed automata introduced in [19], an extension of the timed automata model of [4], with clock resets made according to continuous probability distri ..."
Abstract

Cited by 46 (10 self)
 Add to MetaCart
Abstract. We consider the problem of automatically verifying realtime systems with continuously distributed random delays. We generalise probabilistic timed automata introduced in [19], an extension of the timed automata model of [4], with clock resets made according to continuous probability distributions. Thus, our model exhibits nondeterministic and probabilistic choice, the latter being made according to both discrete and continuous probability distributions. To facilitate algorithmic verification, we modify the standard region graph construction by subdividing the unit intervals in order to approximate the probability to within an interval. We then develop a model checking method for continuous probabilistic timed automata, taking as our specification language Probabilistic Timed Computation Tree Logic (PTCTL). Our method improves on the previously known techniques in that it allows the verification of quantitative probability bounds, as opposed to qualitative properties which can only refer to bounds of probability 0 or 1. 1
Timing Verification by Successive Approximation
 INFORMATION AND COMPUTATION
, 1995
"... We present an algorithm for verifying that a model M with timing constraints satisfies a given temporal property T . The model M is given as a parallel composition of !automata P i , where each automaton P i is constrained by bounds on delays. The property T is given as an !automaton as well, and ..."
Abstract

Cited by 45 (11 self)
 Add to MetaCart
We present an algorithm for verifying that a model M with timing constraints satisfies a given temporal property T . The model M is given as a parallel composition of !automata P i , where each automaton P i is constrained by bounds on delays. The property T is given as an !automaton as well, and the verification problem is posed as a language inclusion question L(M ) ` L(T ). In constructing the composition M of the constrained automata P i , one needs to rule out the behaviors that are inconsistent with the delay bounds, and this step is (provably) computationally expensive. We propose an iterative solution which involves generating successive approximations M j to M , with containment L(M ) ` L(M j ) and monotone convergence L(M j ) ! L(M ) within a bounded number of steps. As the succession progresses, the approximations M j become more complex. At any step of the iteration one may get a proof or a counterexample to the original language inclusion question. The described algori...
Performance Evaluation of (max,+) Automata
 IEEE Trans. on Automatic Control
, 1993
"... Automata with multiplicities over the (max,+) semiring can be used to represent the behavior of timed discrete event systems. This formalism which extends both conventional automata and (max,+) linear representations covers a class of systems with synchronization phenomena and variable schedules. Pe ..."
Abstract

Cited by 39 (9 self)
 Add to MetaCart
(Show Context)
Automata with multiplicities over the (max,+) semiring can be used to represent the behavior of timed discrete event systems. This formalism which extends both conventional automata and (max,+) linear representations covers a class of systems with synchronization phenomena and variable schedules. Performance evaluation is considered in the worst, mean, and optimal cases. A simple algebraic reduction is provided for the worst case. The last two cases are solved for the subclass of deterministic series (recognized by deterministic automata). Deterministic series frequently arise due to the finiteness properties of (max,+) linear projective semigroups. The mean performance is given by the Kolmogorov equation of a Markov chain. The optimal performance is given by a HamiltonJacobiBellman equation. KeywordsDiscrete Event Systems, (max,+) algebra, Automata, Rational Series, Performance Evaluation I. INTRODUCTION A UTOMATA with multiplicities [10] over the (max,+) or the dual (min,+) s...
The Power of Reachability Testing for Timed Automata
 THEORETICAL COMPUTER SCIENCE
, 2001
"... The computational engine of the verification tool UPPAAL consists of a collection of efficient algorithms for the analysis of reachability properties of systems. Modelchecking of properties other than plain reachability ones may currently be carried out in such a tool as follows. Given a property t ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
The computational engine of the verification tool UPPAAL consists of a collection of efficient algorithms for the analysis of reachability properties of systems. Modelchecking of properties other than plain reachability ones may currently be carried out in such a tool as follows. Given a property to modelcheck, the user must provide a test automaton T for it. This test automaton must be such that the original system S has the property expressed by precisely when none of the distinguished reject states of T can be reached in the parallel composition of S with T . This raises the question of which properties may be analyzed by UPPAAL in such a way. This paper gives an answer to this question by providing a complete characterization of the class of properties for which modelchecking can be reduced to reachability testing in the sense outlined above. This result is obtained as a corollary of a stronger statement pertaining to the compositionality of the property language considered in this study. In particular, it is shown that our language is the least expressive compositional language that can express a simple safety property stating that no reject state can ever be reached. Finally, the property language characterizing the power of reachability testing is used to provide a definition of characteristic properties with respect to a timed version of the ready simulation preorder, for nodes of free, deterministic timed automata.
Model checking C programs using FSoft
 IN PCI 2.1, PCI SIG POSTING
, 2005
"... With the success of formal verification techniques like equivalence checking and model checking for hardware designs, there has been growing interest in applying such techniques for formal analysis and automatic verification of software programs. This paper provides a brief tutorial on model checkin ..."
Abstract

Cited by 38 (15 self)
 Add to MetaCart
(Show Context)
With the success of formal verification techniques like equivalence checking and model checking for hardware designs, there has been growing interest in applying such techniques for formal analysis and automatic verification of software programs. This paper provides a brief tutorial on model checking of C programs. The essential approach is to model the semantics of C programs in the form of finite state systems by using suitable abstractions. The use of abstractions is key, both for modeling programs as finite state systems and for reducing the model sizes in order to manage verification complexity. We provide illustrative details of a verification platform called FSOFT, which provides a range of abstractions for modeling software, and uses customized SATbased and BDDbased model checking techniques targeted for software.
Complete proof systems for first order interval temporal logic
 In LICS
, 1995
"... ..."
(Show Context)
Efficient Online Monitoring of Webservice SLAs
 In SIGSOFT ’08/FSE16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
, 2008
"... If an organization depends on the service quality provided by another organization it often enters into a bilateral service level agreement (SLA), which mitigates outsourcing risks by associating penalty payments with poor service quality. Once these agreements are entered into, it becomes necessary ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
(Show Context)
If an organization depends on the service quality provided by another organization it often enters into a bilateral service level agreement (SLA), which mitigates outsourcing risks by associating penalty payments with poor service quality. Once these agreements are entered into, it becomes necessary to monitor their conditions, which will commonly relate to timeliness, reliability and request throughput, at runtime. We show how these conditions can be translated into timed automata. Acceptance of a timed word by a timed automaton can be decided in quadratic time and because the timed automata can operate while messages are exchanged at runtime there is effectively only a linear runtime overhead. We present an implementation to derive online monitors for web services automatically from SLAs using an Eclipse plugin. We evaluate the efficiency and scalability of this approach using a largescale case study in a serviceoriented computational grid.