Results 1  10
of
166
Task Automata: Schedulability, Decidability and Undecidability
, 2008
"... We present a model, task automata, for real time systems with nonuniformly recurring computation tasks. It is an extended version of timed automata with asynchronous processes that are computation tasks generated (or triggered) by timed events. Compared with classical task models for real time syst ..."
Abstract

Cited by 55 (8 self)
 Add to MetaCart
We present a model, task automata, for real time systems with nonuniformly recurring computation tasks. It is an extended version of timed automata with asynchronous processes that are computation tasks generated (or triggered) by timed events. Compared with classical task models for real time systems, task automata may be used to describe tasks (1) that are generated nondeterministically according to timing constraints in timed automata, (2) that may have interval execution times representing the best case and the worst case execution times, and (3) whose completion times may influence the releases of task instances. We generalize the classical notion of schedulability to task automata. A task automaton is schedulable if there exists a scheduling strategy such that all possible sequences of events generated by the automaton are schedulable in the sense that all associated tasks can be computed within their deadlines. Our first technical result is that the schedulability for a given scheduling strategy can be checked algorithmically for the class of task automata when the best case and the worst case execution times of tasks are equal. The proof is based on a decidable class of suspension automata: timed automata with bounded subtraction in which clocks may be updated by subtractions within a bounded zone. We shall also study the borderline between decidable and undecidable cases. Our second technical result shows that the schedulability checking problem will be undecidable if the following three conditions hold: (1) the execution times of tasks are intervals, (2) the precise finishing time of a task instance may influence new task releases, and (3) a task is allowed to preempt another running task.
Shrinking timed automata
 In FSTTCS’11, LIPIcs 13, p. 375–386. LeibnizZentrum für Informatik
, 2011
"... We define and study a new approach to the implementability of timed automata, where the semantics is perturbed by imprecisions and finite frequency of the hardware. In order to circumvent these effects, we introduce parametric shrinking of clock constraints, which corresponds to tightening these. We ..."
Abstract

Cited by 42 (12 self)
 Add to MetaCart
(Show Context)
We define and study a new approach to the implementability of timed automata, where the semantics is perturbed by imprecisions and finite frequency of the hardware. In order to circumvent these effects, we introduce parametric shrinking of clock constraints, which corresponds to tightening these. We propose symbolic procedures to decide the existence of (and then compute) parameters under which the shrunk version of a given timed automaton is nonblocking and can timeabstract simulate the exact semantics. We then define an implementation semantics for timed automata with a digital clock and positive reaction times, and show that for shrinkable timed automata, nonblockingness and timeabstract simulation are preserved in implementation.
G (2010) Combining Abstract Interpretation with Model Checking for Timing Analysis of Multicore Software
 In: 31st IEEE RealTime Systems Symposium (RTSS
"... Abstract—It is predicted that multicores will be increasingly used in future embedded realtime systems for high performance and low energy consumption. The major obstacle is that we may not predict and provide any guarantee on realtime properties of software on such platforms. The shared memory b ..."
Abstract

Cited by 24 (4 self)
 Add to MetaCart
(Show Context)
Abstract—It is predicted that multicores will be increasingly used in future embedded realtime systems for high performance and low energy consumption. The major obstacle is that we may not predict and provide any guarantee on realtime properties of software on such platforms. The shared memory bus is among the most critical resources, which severely degrade the timing predictability of multicore software due to the access contention between cores. In this paper, we study a multicore architecture where each core has a local L1 cache and all cores use a shared bus to access the offchip memory. We use Abstract Interpretation (AI) to analyze the local cache behavior of a program running on a dedicated core. Based on the cache analysis, we construct a Timed Automaton (TA) to model the precise timing information of the program on when to access the memory bus (i.e. when a cache miss occurs). Then we model the shared bus also using timed automata. The TA models for the bus and programs running on separated cores will be explored using the UPPAAL model checker to find the WECTs for the respective programs. Based on the presented techniques, we have developed a tool for multicore timing analysis, which allows automatic generation of the TA models from binary code and WCET estimation for any given TA model of the shared bus. Extensive experiments have been conducted, showing that the combined approach can significantly tighten the estimations. As examples, we have studied the TDMA and FCFS buses. In both cases, the WCET bounds can be tightened by up to 240 % and 82 % respectively, compared with the worstcase bounds estimated based on cache misses and maximal delays for bus access. Keywordsabstract interpretation, model checking, WCET, multicore, shared bus I.
Model Checking SystemC Designs Using Timed Automata
 in Int. Conf. on HW/SW Codesign and System Synthesis (CODES+ISSS
, 2008
"... SystemC is widely used for modeling and simulation in hardware/software codesign. Due to the lack of a complete formal semantics, it is not possible to verify SystemC designs. In this paper, we present an approach to overcome this problem by defining the semantics of SystemC by a mapping from Sy ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
(Show Context)
SystemC is widely used for modeling and simulation in hardware/software codesign. Due to the lack of a complete formal semantics, it is not possible to verify SystemC designs. In this paper, we present an approach to overcome this problem by defining the semantics of SystemC by a mapping from SystemC designs into the welldefined semantics of Uppaal timed automata. The informally defined behavior and the structure of SystemC designs are completely preserved in the generated Uppaal models. The resulting Uppaal models allow us to use the Uppaal model checker and the Uppaal tool suite, including simulation and visualization tools. The model checker can be used to verify important properties such as liveness, deadlock freedom or compliance with timing constraints. We have implemented the presented transformation, applied it to two examples and verified liveness, safety and timing properties by model checking, thus showing the applicability of our approach in practice.
ModelBased Validation of QoS Properties of Biomedical Sensor Networks
 In Proceedings of the International Conference on Embedded Software (EMSOFT 2008
, 2008
"... A Biomedical Sensor Network (BSN) is a smallsize sensor network for medical applications, that may contain tens of sensor nodes. In this paper, we present a formal model for BSNs using timed automata, where the sensor nodes communicate using the Chipcon CC2420 transceiver (developed by Texas Instru ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
A Biomedical Sensor Network (BSN) is a smallsize sensor network for medical applications, that may contain tens of sensor nodes. In this paper, we present a formal model for BSNs using timed automata, where the sensor nodes communicate using the Chipcon CC2420 transceiver (developed by Texas Instruments) according to the IEEE 802.15.4 standard. Based on the model, we have used UPPAAL to validate and tune the temporal configuration parameters of a BSN in order to meet desired QoS requirements on network connectivity, packet delivery ratio and endtoend delay. The network studied allows dynamic reconfigurations of the network topology due to the temporally switching of sensor nodes to powerdown mode for energysaving or their physical movements. Both the simulator and modelchecker of UPPAAL are used to analyze the averagecase and worstcase behaviours. To enhance the scalability of the tool, we have implemented a (new textbased) version of the UPPAAL simulator optimized for exploring symbolic traces of automata containing large data structures such as matrices. Our experiments show that even though the main feature of the tool is model checking, it is also a promising and competitive tool for efficient simulation and parameter tuning. The simulator scales well; it can easily handle up to 50 nodes in our experiments. The model checker installed on a notebook can also deal with networks with 5 up to 16 nodes within minutes depending on the properties checked; these are BSNs of reasonable size for medical applications. Finally, to study the accuracy of our model and analysis results, we compare simulation results by UPPAAL for two medical scenarios with traditional simulation techniques. The comparison shows that our analysis results coincide closely with simulation results by OMNeT++, a widely used simulation tool for wireless sensor networks. The work is supported by EC IST project CREDO. All models for the experiments of this work can be found at
K.B.: The BRITNeY Suite Animation Tool
 In: Proceedings of 27th International Conference on Application and Theory of Petri Nets and Other Models of Concurrency. Lecture Notes in Computer Science
, 2006
"... Abstract. This paper describes the BRITNeY suite, a tool which enables users to create visualizations of formal models. BRITNeY suite is integrated with CPN Tools, and we give an example of how to extend a simple stopandwait protocol with a visualization in the form of message sequence charts. W ..."
Abstract

Cited by 20 (10 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes the BRITNeY suite, a tool which enables users to create visualizations of formal models. BRITNeY suite is integrated with CPN Tools, and we give an example of how to extend a simple stopandwait protocol with a visualization in the form of message sequence charts. We also show examples of animations created during industrial projects to give an impression of what is possible with the BRITNeY suite. 1
Comparing the Expressiveness of Timed Automata and Timed Extensions of Petri Nets
"... Time dependant models have been intensively studied for many reasons, among others because of their applications in software verification and due to the development of embedded platforms where reliability and safety depend to a large extent on the time features. Many of the time dependant models w ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Time dependant models have been intensively studied for many reasons, among others because of their applications in software verification and due to the development of embedded platforms where reliability and safety depend to a large extent on the time features. Many of the time dependant models were suggested as realtime extensions of several wellknown untimed models. The most studied formalisms include Networks of Timed Automata which extend the model of communicating finitestate machines with a finite number of realvalued clocks, and timed extensions of Petri nets where the added time constructs include e.g. time intervals that are assigned to the transitions (Time Petri Nets) or to the arcs (TimedArc Petri Nets). In this paper, we shall semiformally introduce these models, discuss their strengths and weaknesses, and provide an overview of the known results about the relationships among the models.
A CLP proof method for timed automata
 In 25th RTSS
, 2004
"... Constraint Logic Programming (CLP) has been used to model programs and transition systems for the purpose of verification problems. In particular, it has been used to model Timed Safety Automata (TSA). In this paper, we start with a systematic translation of TSA into CLP. The main contribution is an ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
(Show Context)
Constraint Logic Programming (CLP) has been used to model programs and transition systems for the purpose of verification problems. In particular, it has been used to model Timed Safety Automata (TSA). In this paper, we start with a systematic translation of TSA into CLP. The main contribution is an expressive assertion language and a new CLP inference method for proving assertions. A distinction of the assertion language is that it can specify important properties beyond traditional safety properties. We highlight one important property: that a system of processes is symmetric. The new inference mechanism is based upon the wellknown method of tabling in logic programming. It is distinguished by its ability to use assertions that are not yet proven, using a principle of coinduction. Apart from given assertions, the proof mechanism can also prove implicit assertions such as discovering a lower or upper bound of a variable. Finally, we demonstrate significant improvements over stateoftheart systems using standard TSA benchmark examples. 1
Robustness in realtime systems
 In SIES’11
"... We review several aspects of robustness of realtime systems, and present recent results on the robust verification of timed automata. 1 ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
(Show Context)
We review several aspects of robustness of realtime systems, and present recent results on the robust verification of timed automata. 1
Model Checking the Time to Reach Agreement
 FORMATS
"... The timed automaton framework of Alur and Dill is a natural choice for the specification of partially synchronous distributed systems. The past has shown, however, that verification of these systems by model checking usually is very difficult. Therefore, model checking techniques have thus far not r ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
The timed automaton framework of Alur and Dill is a natural choice for the specification of partially synchronous distributed systems. The past has shown, however, that verification of these systems by model checking usually is very difficult. Therefore, model checking techniques have thus far not really been used for their design, even though these techniques are widely used in other areas, e.g., hardware verification. The present paper demonstrates that the revolutionary development of both the usability and the efficiency of model checking tools may change this. It is shown that a complex partially synchronous distributed algorithm can easily be modeled with the Uppaal model checker, and that it is possible to analyze some interesting and nontrivial instances with reasonable computational resources. Clearly, such analysis results can greatly support the design of these systems: model checking tools may provide valuable early feedback on subtle design errors and hint at system invariants that can subsequently be used in the general correctness proof.