Results 1  10
of
25
Blackbox conformance testing for realtime systems
 In 11th International SPIN Workshop on Model Checking of Software (SPIN’04), volume 2989 of LNCS
, 2004
"... We propose a new framework for blackbox conformance testing of realtime systems. The framework is based on the model of partiallyobservable, nondeterministic timed automata. We argue that partial observability and nondeterminism are essential features for ease of modeling, expressiveness and im ..."
Abstract

Cited by 74 (12 self)
 Add to MetaCart
(Show Context)
We propose a new framework for blackbox conformance testing of realtime systems. The framework is based on the model of partiallyobservable, nondeterministic timed automata. We argue that partial observability and nondeterminism are essential features for ease of modeling, expressiveness and implementability. The framework allows the user to define, through appropriate modeling, assumptions on the environment of the system under test (SUT) as well as on the interface between the tester and the SUT. We consider two types of tests: analogclock tests and digitalclock tests. Our algorithm to generate analogclock tests is based on an onthefly determinization of the specification automaton during the execution of the test, which in turn relies on reachability computations. The latter can sometimes be costly, thus problematic, since the tester must quickly react to the actions of the system under test. Therefore, we provide techniques which allow analogclock testers to be represented as deterministic timed automata, thus minimizing the reaction time to a simple state jump. We provide algorithms for static or onthefly generation of digitalclock tests. These tests measure time only with finiteprecision, digital clocks, another essential condition for implementability. We also propose a technique for location, edge and state coverage of the specification, by reducing the problem to covering a symbolic reachability graph. This avoids having to generate too many tests. We report on a prototype tool TTG and two case studies: a lighting device and the Bounded Retransmission Protocol. Experimental results obtained by applying TTG on the Bounded Retransmission Protocol show that only a few tests suffice to cover thousands of reachable symbolic states in the specification.
A Brief Account of Runtime Verification
, 2008
"... In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to wellknown verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishi ..."
Abstract

Cited by 70 (0 self)
 Add to MetaCart
(Show Context)
In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to wellknown verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishing features are pointed out. Moreover, extensions of runtime verification such as monitororiented programming, and monitorbased runtime reflection are sketched and their similarities and differences are discussed. Finally, the use of runtime verification for contract enforcement is briefly pointed out.
Runtime verification for LTL and TLTL
, 2007
"... This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued ..."
Abstract

Cited by 63 (12 self)
 Add to MetaCart
(Show Context)
This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued semantics (with truth values true, false, inconclusive) as an adequate interpretation as to whether a partial observation of a running system meets an LTL or TLTL property. For LTL, a conceptually simple monitor generation procedure is given, which is optimal in two respects: First, the size of the generated deterministic monitor is minimal, and, second, the monitor identifies a continuously monitored trace as either satisfying or falsifying a property as early as possible. The feasibility of the developed methodology is demontrated using a collection of realworld temporal logic specifications. Moreover, the presented approach is related to the properties monitorable in general and is compared to existing concepts in the literature. It is shown that the set of monitorable properties does not only encompass the safety and cosafety properties but is strictly larger. For TLTL, the same road map is followed by first defining a threevalued semantics. The corresponding construction of a timed monitor is more involved, yet, as shown, possible.
Monitoring of realtime properties
 In Proceedings of the 26th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), volume 4337 of LNCS
, 2006
"... Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for unti ..."
Abstract

Cited by 55 (15 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for untimed and timed formulae, in that standard models of linear temporal logic are infinite traces, whereas in runtime verification only finite system behaviours are at hand. Therefore, a 3valued semantics (true, false, inconclusive) for LTL and TLTL on finite traces is defined that resembles the infinite trace semantics in a suitable and intuitive manner. Then, the paper describes how to construct, given a (T)LTL formula, a deterministic monitor with three output symbols that reads a finite trace and yields its according 3valued (T)LTL semantics. Notably, the monitor rejects a trace as early as possible, in that any minimal bad prefix results in false as a return value. 1
Diagnosers and diagnosability of succinct transition systems
 Proceedings of the 20th International Joint Conference on Artificial Intelligence
, 2007
"... Reasoning about the knowledge of an agent is an important problem in many areas of AI. For example in diagnosis a basic question about a system is whether it is possible to diagnose it, that is, whether it is always possible to know whether a faulty behavior has occurred. In this paper we investigat ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Reasoning about the knowledge of an agent is an important problem in many areas of AI. For example in diagnosis a basic question about a system is whether it is possible to diagnose it, that is, whether it is always possible to know whether a faulty behavior has occurred. In this paper we investigate the complexity of this diagnosability problem and the size of automata that perform diagnosis. There are algorithms for testing diagnosability in polynomial time in the number of states in the system. For succinct system representations, which may be exponentially smaller than the state space of the system, the diagnosability problem is consequently in EXPTIME. We show that this upper bound is not tight and that the decision problem is in fact PSPACEcomplete. Online diagnosis can be carried out by diagnosers which are automata that recognize faulty behavior. We show that diagnosers in the worst case have a size that is exponential in the number of states, both for explicit and succinct system representations. This is a consequence of the diagnoser having to maintain beliefs about the state of the system. 1
A Game Approach to Determinize Timed Automata
, 2011
"... Timed automata are frequently used to model realtime systems. Their determinization is a key issue for several validation problems. However, not all timed automata can be determinized, and determinizability itself is undecidable. In this paper, we propose a gamebased algorithm which, given a time ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Timed automata are frequently used to model realtime systems. Their determinization is a key issue for several validation problems. However, not all timed automata can be determinized, and determinizability itself is undecidable. In this paper, we propose a gamebased algorithm which, given a timed automaton with εtransitions and invariants, tries to produce a languageequivalent deterministic timed automaton, otherwise a deterministic overapproximation. Our method subsumes two recent contributions: it is at once more general than the determinization procedure of [4] and more precise than the approximation algorithm of [11].
The Complexity of Codiagnosability for Discrete Event and Timed Systems
"... Abstract. In this paper we study the fault codiagnosis problem for discrete event systems given by finite automata (FA) and timed systems given by timed automata (TA). We provide a uniform characterization of codiagnosability for FA and TA which extends the necessary and sufficient condition that ch ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we study the fault codiagnosis problem for discrete event systems given by finite automata (FA) and timed systems given by timed automata (TA). We provide a uniform characterization of codiagnosability for FA and TA which extends the necessary and sufficient condition that characterizes diagnosability. We also settle the complexity of the codiagnosability problems both for FA and TA and show that codiagnosability is PSPACEcomplete in both cases. For FA this improves on the previously known bound (EXPTIME) and for TA it is a new result. Finally we address the codiagnosis problem for TA under bounded resources and show it is 2EXPTIMEcomplete. 1
Fault Prognosis in RealTime Discrete Event Systems ⋆
"... Abstract: This paper deals with fault prognosis, whose objective is to observe a plant and predict any behavior which does not conform to a specification. We study the prognosis of realtime discrete event systems (RTDES), where the plant and the specification are modeled by timed automata (TA). We d ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract: This paper deals with fault prognosis, whose objective is to observe a plant and predict any behavior which does not conform to a specification. We study the prognosis of realtime discrete event systems (RTDES), where the plant and the specification are modeled by timed automata (TA). We develop a fault prognosis method inspired from a recent fault diagnosis method for RTDES. Our prognosis method is based on reformulating the realtime prognosis problem into a nonrealtime form, using a transformation of TA into finite state automata where the timing constraints are captured by two types of events: Set and Exp events that correspond to activation and expiring of clocks, respectively. We develop a prognosis procedure that checks prognosability and synthesizes a prognoser. Compared to other prognosis methods, our procedure reduces the state space explosion problem and a practical prognosis architecture is proposed. 1.
A Note on Fault Diagnosis Algorithms
 48TH IEEE CONFERENCE ON DECISION AND CONTROL AND 28TH CHINESE CONTROL CONFERENCE (2009)
, 2009
"... ..."
(Show Context)