Results 1  10
of
507
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 3252 (70 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
UPPAAL in a Nutshell
, 1997
"... . This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, ..."
Abstract

Cited by 662 (51 self)
 Add to MetaCart
(Show Context)
. This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, to specify and verify its safety and bounded liveness properties in terms of its model. In addition, the paper also provides a short review on casestudies where Uppaal is applied, as well as references to its theoretical foundation. 1 Introduction Uppaal is a tool box for modeling, simulation and verification of realtime systems, based on constraintsolving and onthefly techniques, developed jointly by Uppsala University and Aalborg University. It is appropriate for systems that can be modeled as a collection of nondeterministic processes with finite control structure and realvalued clocks, communicating through channels and (or) shared variables [34, 26]. Typical application areas in...
Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems
, 1992
"... We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examp ..."
Abstract

Cited by 460 (20 self)
 Add to MetaCart
(Show Context)
We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examples considered in the workshop can be defined by hybrid automata. While the reachability problem is undecidable even for very restricted classes of hybrid automata, we present two semidecision procedures for verifying safety properties of piecewiselinear hybrid automata, in which all variables change at constant rates. The two procedures are based, respectively, on minimizing and computing fixpoints on generally infinite state spaces. We show that if the procedures terminate, then they give correct answers. We then demonstrate that for many of the typical workshop examples, the procedures do terminate and thus provide an automatic way for verifying their properties. 1 Introduction More and...
Automatic Symbolic Verification of Embedded Systems
, 1996
"... We present a modelchecking procedure and its implementation for the automatic verification of embedded systems. The system components are described as Hybrid Automata  communicating machines with finite control and realvalued variables that represent continuous environment parameters such as tim ..."
Abstract

Cited by 330 (24 self)
 Add to MetaCart
We present a modelchecking procedure and its implementation for the automatic verification of embedded systems. The system components are described as Hybrid Automata  communicating machines with finite control and realvalued variables that represent continuous environment parameters such as time, pressure, and temperature. The system requirements are specified in a temporal logic with stop watches, and verified by symbolic fixpoint computation. The verification procedure  implemented in the Cornell Hybrid Technology Tool, HyTech  applies to hybrid automata whose continuous dynamics is governed by linear constraints on the variables and their derivatives. We illustrate the method and the tool by checking safety, liveness, timebounded, and duration requirements of digital controllers, schedulers, and distributed algorithms.
ModelChecking in Dense Realtime
 INFORMATION AND COMPUTATION
, 1993
"... Modelchecking is a method of verifying concurrent systems in which a statetransition graph model of the system behavior is compared with a temporal logic formula. This paper extends modelchecking for the branchingtime logic CTL to the analysis of realtime systems, whose correctness depends on t ..."
Abstract

Cited by 327 (7 self)
 Add to MetaCart
(Show Context)
Modelchecking is a method of verifying concurrent systems in which a statetransition graph model of the system behavior is compared with a temporal logic formula. This paper extends modelchecking for the branchingtime logic CTL to the analysis of realtime systems, whose correctness depends on the magnitudes of the timing delays. For specifications, we extend the syntax of CTL to allow quantitative temporal operators such as 93!5 , meaning "possibly within 5 time units." The formulas of the resulting logic, Timed CTL (TCTL), are interpreted over continuous computation trees, trees in which paths are maps from the set of nonnegative reals to system states. To model finitestate systems we introduce timed graphs  statetransition graphs annotated with timing constraints. As our main result, we develop an algorithm for modelchecking, for determining the truth of a TCTLformula with respect to a timed graph. We argue that choosing a dense domain instead of a discrete domain to mo...
A tutorial on uppaal
, 2004
"... This is a tutorial paper on the tool Uppaal. Its goal is to be a short introduction on the flavor of timed automata implemented in the tool, to present its interface, and to explain how to use the tool. The contribution of the paper is to provide reference examples and modeling patterns. ..."
Abstract

Cited by 311 (19 self)
 Add to MetaCart
(Show Context)
This is a tutorial paper on the tool Uppaal. Its goal is to be a short introduction on the flavor of timed automata implemented in the tool, to present its interface, and to explain how to use the tool. The contribution of the paper is to provide reference examples and modeling patterns.
Realtime logics: complexity and expressiveness
 INFORMATION AND COMPUTATION
, 1993
"... The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about realtime systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via ..."
Abstract

Cited by 252 (16 self)
 Add to MetaCart
The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about realtime systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via a monotonic function that maps every state to its time. The resulting theory of timed state sequences is shown to be decidable, albeit nonelementary, and its expressive power is characterized by! regular sets. Several more expressive variants are proved to be highly undecidable. This framework allows us to classify a wide variety of realtime logics according to their complexity and expressiveness. Indeed, it follows that most formalisms proposed in the literature cannot be decided. We are, however, able to identify two elementary realtime temporal logics as expressively complete fragments of the theory of timed state sequences, and we present tableaubased decision procedures for checking validity. Consequently, these two formalisms are wellsuited for the speci cation and veri cation of realtime systems.
Logics and Models of Real Time: A Survey
"... We survey logicbased and automatabased languages and techniques for the specification and verification of realtime systems. In particular, we discuss three syntactic extensions of temporal logic: timebounded operators, freeze quantification, and time variables. We also discuss the extension of ..."
Abstract

Cited by 221 (15 self)
 Add to MetaCart
We survey logicbased and automatabased languages and techniques for the specification and verification of realtime systems. In particular, we discuss three syntactic extensions of temporal logic: timebounded operators, freeze quantification, and time variables. We also discuss the extension of finitestate machines with clocks and the extension of transition systems with time bounds on the transitions. All of the resulting notations can be interpreted over a variety of different models of time and computation, including linear and branching time, interleaving and true concurrency, discrete and continuous time. For each choice of syntax and semantics, we summarize the results that are known about expressive power, algorithmic finitestate verification, and deductive verification.
Timed automata: Semantics, algorithms and tools
 Lectures on Concurrency and Petri Nets: Advances in Petri Nets, number 3098 in LNCS
, 2004
"... Abstract. This chapter is to provide a tutorial and pointers to results and related work on timed automata with a focus on semantical and algorithmic aspects of verification tools. We present the concrete and abstract semantics of timed automata (based on transition rules, regions and zones), decisi ..."
Abstract

Cited by 171 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This chapter is to provide a tutorial and pointers to results and related work on timed automata with a focus on semantical and algorithmic aspects of verification tools. We present the concrete and abstract semantics of timed automata (based on transition rules, regions and zones), decision problems, and algorithms for verification. A detailed description on DBM (Difference Bound Matrices) is included, which is the central data structure behind several verification tools for timed systems. As an example, we give a brief introduction to the tool UPPAAL. 1
Parametric realtime reasoning
 IN PROCEEDINGS OF THE 25TH ANNUAL SYMPOSIUM ON THEORY OF COMPUTING
, 1993
"... Traditional approaches to the algorithmic verification of realtime systems are limited to checking program correctness with respect to concrete timing properties (e.g., "message delivery within 10 milliseconds"). We address the more realistic and more ambitious problem of deriving symboli ..."
Abstract

Cited by 146 (6 self)
 Add to MetaCart
Traditional approaches to the algorithmic verification of realtime systems are limited to checking program correctness with respect to concrete timing properties (e.g., "message delivery within 10 milliseconds"). We address the more realistic and more ambitious problem of deriving symbolic constraints on the timing properties required of realtime systems (e.g., "message delivery within the time it takes to execute two assignment statements"). To model this problem, we introduce parametric timed automata  finitestate machines whose transitions are constrained with parametric timing requirements. The emptiness question for parametric timed automata is central to the verification problem. On the negative side, we show that in general this question is undecidable. On the positive side, we provide algorithms for checking the emptiness of restricted classes of parametric timed automata. The practical relevance of these classes is illustrated with several verification examples. There remains a gap between the automata classes for which we know that emptiness is decidable and undecidable, respectively, and this gap is related to various hard and open problems of logic and automata theory.