Results 1  10
of
47
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 3252 (70 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
A tutorial on uppaal
, 2004
"... This is a tutorial paper on the tool Uppaal. Its goal is to be a short introduction on the flavor of timed automata implemented in the tool, to present its interface, and to explain how to use the tool. The contribution of the paper is to provide reference examples and modeling patterns. ..."
Abstract

Cited by 311 (19 self)
 Add to MetaCart
(Show Context)
This is a tutorial paper on the tool Uppaal. Its goal is to be a short introduction on the flavor of timed automata implemented in the tool, to present its interface, and to explain how to use the tool. The contribution of the paper is to provide reference examples and modeling patterns.
Timed automata: Semantics, algorithms and tools
 Lectures on Concurrency and Petri Nets: Advances in Petri Nets, number 3098 in LNCS
, 2004
"... Abstract. This chapter is to provide a tutorial and pointers to results and related work on timed automata with a focus on semantical and algorithmic aspects of verification tools. We present the concrete and abstract semantics of timed automata (based on transition rules, regions and zones), decisi ..."
Abstract

Cited by 171 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This chapter is to provide a tutorial and pointers to results and related work on timed automata with a focus on semantical and algorithmic aspects of verification tools. We present the concrete and abstract semantics of timed automata (based on transition rules, regions and zones), decision problems, and algorithms for verification. A detailed description on DBM (Difference Bound Matrices) is included, which is the central data structure behind several verification tools for timed systems. As an example, we give a brief introduction to the tool UPPAAL. 1
Efficient Verification of RealTime Systems: Compact Data Structure and StateSpace Reduction
 In Proc. of the 18th IEEE RealTime Systems Symposium
, 1997
"... During the past few years, a number of verification tools have been developed for realtime systems in the framework of timed automata (e.g. Kronos and Uppaal). One of the major problems in applying these tools to industrialsize systems is the huge memoryusage for the exploration of the statespac ..."
Abstract

Cited by 64 (10 self)
 Add to MetaCart
During the past few years, a number of verification tools have been developed for realtime systems in the framework of timed automata (e.g. Kronos and Uppaal). One of the major problems in applying these tools to industrialsize systems is the huge memoryusage for the exploration of the statespace of a network (or product) of timed automata, as the modelcheckers must keep information on not only the control structure of the automata but also the clock values specified by clock constraints. In this paper, we present a compact data structure for representing clock constraints. The data structure is based on an O(n 3 ) algorithm which, given a constraint system over realvalued variables consisting of bounds on differences, constructs an equivalent system with a minimal number of constraints. In addition, we have developed an onthefly reduction technique to minimize the spaceusage. Based on static analysis of the control structure of a network of timed automata, we are able to comp...
UPPAAL Implementation Secrets
, 2002
"... In this paper we present the continuous and ongoing development of datastructures and algorithms underlying the veri cation engine of the tool Uppaal. In particular, we review the datastructures of Dierence Bounded Matrices, Minimal Constraint Representation and Clock Dierence Diagrams used in ..."
Abstract

Cited by 44 (14 self)
 Add to MetaCart
In this paper we present the continuous and ongoing development of datastructures and algorithms underlying the veri cation engine of the tool Uppaal. In particular, we review the datastructures of Dierence Bounded Matrices, Minimal Constraint Representation and Clock Dierence Diagrams used in symbolic statespace representation andanalysis for realtime systems.
The Power of Reachability Testing for Timed Automata
 THEORETICAL COMPUTER SCIENCE
, 2001
"... The computational engine of the verification tool UPPAAL consists of a collection of efficient algorithms for the analysis of reachability properties of systems. Modelchecking of properties other than plain reachability ones may currently be carried out in such a tool as follows. Given a property t ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
(Show Context)
The computational engine of the verification tool UPPAAL consists of a collection of efficient algorithms for the analysis of reachability properties of systems. Modelchecking of properties other than plain reachability ones may currently be carried out in such a tool as follows. Given a property to modelcheck, the user must provide a test automaton T for it. This test automaton must be such that the original system S has the property expressed by precisely when none of the distinguished reject states of T can be reached in the parallel composition of S with T . This raises the question of which properties may be analyzed by UPPAAL in such a way. This paper gives an answer to this question by providing a complete characterization of the class of properties for which modelchecking can be reduced to reachability testing in the sense outlined above. This result is obtained as a corollary of a stronger statement pertaining to the compositionality of the property language considered in this study. In particular, it is shown that our language is the least expressive compositional language that can express a simple safety property stating that no reject state can ever be reached. Finally, the property language characterizing the power of reachability testing is used to provide a definition of characteristic properties with respect to a timed version of the ready simulation preorder, for nodes of free, deterministic timed automata.
Scaling up UPPAAL: automatic verification of realtime systems using compositionality and abstraction
 Proc. FTRTFT 2000. 84 ALTISEN ET AL
, 2000
"... To combat the stateexplosion problem in automatic verification, we present a method for scaling up the realtime verification tool Uppaal by complementing it with methods for abstraction and compositionality. We identify a notion of timed ready simulation which we show is a sound condition for pres ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
To combat the stateexplosion problem in automatic verification, we present a method for scaling up the realtime verification tool Uppaal by complementing it with methods for abstraction and compositionality. We identify a notion of timed ready simulation which we show is a sound condition for preservation of safety properties between realtime systems, and in addition is a precongruence with respect to parallel composition. Thus, it supports both abstraction and compositionality. We furthermore present a method for automatically testing for the existence of a timed ready simulation between realtime systems using the Uppaal tool.
Is your Model Checker on Time?  On the Complexity of Model Checking for Timed Modal Logics
, 2001
"... This paper studies the structural complexity of model checking for several timed modal logics presented in the literature. More precisely, we consider (variations on) the specification formalisms used in the tools CMC and Uppaal, and fragments of a timed calculus. For each of the logics, we charact ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
This paper studies the structural complexity of model checking for several timed modal logics presented in the literature. More precisely, we consider (variations on) the specification formalisms used in the tools CMC and Uppaal, and fragments of a timed calculus. For each of the logics, we characterize the computational complexity of model checking, as well as its specification and program complexity, using (parallel compositions of) timed automata as our system model. In particular, we show that the complexity of model checking for a timed calculus interpreted over (networks of) timed automata is EXPTIMEcomplete, no matter whether the complexity is measured with respect to the size of the specification, of the model or of both. All the flavours of model checking for timed versions of HennessyMilner logic, and the restricted fragments of the timed µcalculus studied in the literature on CMC and Uppaal, are shown to be PSPACEcomplete or EXPTIMEcomplete. Amongst the complexity results o ered in the paper is a theorem to the effect that the model checking problem for the sublanguage L s of the timed calculus, proposed by Larsen, Pettersson and Yi, is PSPACEcomplete. This result is accompanied by an array of statements showing that any extension of L s has an EXPTIMEcomplete model checking problem. We also argue that the model checking problem for the timed propositional µcalculus T is EXPTIMEcomplete, thus improving upon results by Henzinger, Nicollin, Sifakis and Yovine.
Stursberg: Verification of PLC Programs given as Sequential Function Charts
 In: Integration of Software Specification Techniques for Applications in Eng., Springer, LNCS
"... Abstract. Programmable Logic Controllers (PLC) are widespread in the manufacturing and processing industries to realize sequential procedures and to avoid safetycritical states. For the specification and the implementation of PLC programs, the graphical and hierarchical language Sequential Function ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Programmable Logic Controllers (PLC) are widespread in the manufacturing and processing industries to realize sequential procedures and to avoid safetycritical states. For the specification and the implementation of PLC programs, the graphical and hierarchical language Sequential Function Charts (SFC) is increasingly used in industry. To investigate the correctness of SFC programs with respect to a given set of requirements, this contribution advocates the use of formal verification. We present two different approaches to convert SFC programs algorithmically into automata models that are amenable to model checking. While the first approach translates untimed SFC into the input language of the tool Cadence SMV, the second converts timed SFC into timed automata which can be analyzed by the tool Uppaal. Fordifferent processing system examples, we illustrate the complete verification procedure consisting of controller specification, model transformation, integration of dynamic plant models, and identifying errors in the control program by model checking.
Formal verification of a power controller using the realtime model checker uppaal
 In 5th International AMAST Workshop on RealTime and Probabilistic Systems, volume Lecture Notes in Computer Science
, 1999
"... Abstract. A realtime system for powerdown control in audio/video components is modeled and verified using the realtime model checker UPPAAL. The system is supposed to reside in an audio/video component and control (read from and write to) links to neighbor audio/video components such as TV, VCR a ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
(Show Context)
Abstract. A realtime system for powerdown control in audio/video components is modeled and verified using the realtime model checker UPPAAL. The system is supposed to reside in an audio/video component and control (read from and write to) links to neighbor audio/video components such as TV, VCR and remote–control. In particular, the system is responsible for the powering up and down of the component in between the arrival of data, and in order to do so in a safe way without loss of data, it is essential that no link interrupts are lost. Hence, a component system is a multitasking system with hard realtime requirements, and we present techniques for modeling time consumption in such a multitasked, prioritized system. The work has been carried out in a collaboration between Aalborg University and the audio/video company B&O. By modeling the system, 3 design errors were identified and corrected, and the following verification confirmed the validity of the design but also revealed the necessity for an upper limit of the interrupt frequency. The resulting design has been implemented and it is going to be incorporated as part of a new product line. 1