Results 1  10
of
37
New Generation of UPPAAL
, 1998
"... . Uppaal is a toolset for the design and analysis of realtime systems. In [6] a relatively complete description of Uppaal before 1997 has been given. This paper is focused on the most recent developments and also to complement the paper of [6]. 1 UPPAAL's Past: the History The first prototyp ..."
Abstract

Cited by 55 (6 self)
 Add to MetaCart
. Uppaal is a toolset for the design and analysis of realtime systems. In [6] a relatively complete description of Uppaal before 1997 has been given. This paper is focused on the most recent developments and also to complement the paper of [6]. 1 UPPAAL's Past: the History The first prototype of Uppaal, named Tab at the time, was developed at Uppsala University in 1993 by Wang Yi et al. Its theoretical foundation was presented in FORTE94 [11] and the initial design was to check safety properties that can be formalized as simple reachability properties for networks of timed automata. The restriction to this simple class of properties was in sharp contrast to other realtime verification tools at that time, which where developed to check timed bisimularities or formulae of timed modal ¯calculi. However, the ambition of catering for more complicated formulae lead to extremely severe restrictions in the size of systems that could be verified by those tools. The essential ideas behind T...
An automatatheoretic approach to reasoning about infinitestate systems
 LNCS
, 2000
"... Abstract. We develop an automatatheoretic framework for reasoning about infinitestate sequential systems. Our framework is based on the observation that states of such systems, which carry a finite but unbounded amount of information, can be viewed as nodes in an infinite tree, and transitions betw ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
Abstract. We develop an automatatheoretic framework for reasoning about infinitestate sequential systems. Our framework is based on the observation that states of such systems, which carry a finite but unbounded amount of information, can be viewed as nodes in an infinite tree, and transitions between states can be simulated by finitestate automata. Checking that the system satisfies a temporal property can then be done by an alternating twoway tree automaton that navigates through the tree. As has been the case with finitestate systems, the automatatheoretic framework is quite versatile. We demonstrate it by solving several versions of the modelchecking problem for §calculus specifications and prefixrecognizable systems, and by solving the realizability and synthesis problems for §calculus specifications with respect to prefixrecognizable environments. 1
Modeling and Verification of a FaultTolerant Realtime Startup Protocol using Calendar Automata
, 2004
"... We discuss the modeling and verification of realtime systems using the SAL model checker. A new modeling framework based on event calendars enables dense timed systems to be described without relying on continuously varying clocks. We present verification techniques that rely on induction and ab ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
We discuss the modeling and verification of realtime systems using the SAL model checker. A new modeling framework based on event calendars enables dense timed systems to be described without relying on continuously varying clocks. We present verification techniques that rely on induction and abstraction, and show how these techniques are e#ciently supported by the SAL symbolic modelchecking tools. The modeling and verification method is applied to the faulttolerant realtime startup protocol used in the Timed Triggered Architecture.
An event spacing experiment
 Proceedings of the Eighth International Symposium on Asynchronous Circuits and Systems, ASYNC’02
, 2002
"... Events in selftimed rings can propagate evenly spaced or as bursts. By studying these phenomena, we obtain a better understanding of the underlying dynamics of selftimed pipelines, which is a necessary precursor to utilizing these dynamics to obtain higher performance (see, e.g., [18]). We show t ..."
Abstract

Cited by 26 (5 self)
 Add to MetaCart
(Show Context)
Events in selftimed rings can propagate evenly spaced or as bursts. By studying these phenomena, we obtain a better understanding of the underlying dynamics of selftimed pipelines, which is a necessary precursor to utilizing these dynamics to obtain higher performance (see, e.g., [18]). We show that standard bounded delay models are inadequate to discriminate between bursting and evenly spaced behaviours and show that an extension of the Charlie Diagrams of [5] provides a framework for understanding these phenomena. This paper describes our novel analytical approaches and the design and fabrication of a chip to test our theoretical models.
IF: A Validation Environment for Timed Asynchronous Systems
, 2000
"... Introduction Formal validation of distributed systems relies on several specification formalisms (such as the international standards lotos [?] or sdl [?]), and it requires different kinds of tools to cover the whole development process. Presently, a wide range of tools are available, either commer ..."
Abstract

Cited by 26 (5 self)
 Add to MetaCart
Introduction Formal validation of distributed systems relies on several specification formalisms (such as the international standards lotos [?] or sdl [?]), and it requires different kinds of tools to cover the whole development process. Presently, a wide range of tools are available, either commercial or academic ones, but none of them fulfills in itself all the practical needs. Commercial tools (like Objectgeode [?], sdt [?], statemate [?],etc.) provide several development facilities, like editing, code generation and testing. However, they are usually restricted to basic verification techniques (exhaustive simulation, deadlock detection, etc) and are "closed" in the sense that there are only limited possibilities to interface them with others. On the other hand, there exist many ac
On Proving Safety Properties by Integrating Static Analysis, Theorem Proving and Abstraction
 TACAS '99
, 1999
"... We present a new approach for proving safety properties of reactive systems, based on tight interaction between static analysis, theorem proving and abstraction techniques. The method incrementally constructs a proof or finds a counterexample. Every step consists of applying one of the techniques an ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
We present a new approach for proving safety properties of reactive systems, based on tight interaction between static analysis, theorem proving and abstraction techniques. The method incrementally constructs a proof or finds a counterexample. Every step consists of applying one of the techniques and makes constructive use of information obtained from failures in previous steps. The amount of user intervention is limited and is highly guided by the system at each step. We demonstrate the method on three simple examples, and show that by using it one can prove more properties than by using each component as a standalone.
Automated validation of distributed software using the IF environment
 In 2001 IEEE International Symposium on Network Computing and Applications (NCA 2001). IEEE
, 2001
"... This paper summarizes our experience with IF, an open validation environment for distributed software systems. Indeed, face to the increasing complexity of such systems, none of the existing tools can cover by itself the whole validation process. The IF environment was built upon an expressive inter ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
(Show Context)
This paper summarizes our experience with IF, an open validation environment for distributed software systems. Indeed, face to the increasing complexity of such systems, none of the existing tools can cover by itself the whole validation process. The IF environment was built upon an expressive intermediate language and allows to connect several validation tools, providing most of the advanced techniques currently available. The results obtained on several large casestudies, including telecommunication protocols and embedded software systems, confirm the practical interest of this approach.
IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems
, 1999
"... . Formal Description Techniques (fdt), such as lotos or sdl are at the base of a technology for the specification and the validation of telecommunication systems. Due to the availability of commercial tools, these formalisms are now being widely used in the industrial community. Alternatively, a ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
. Formal Description Techniques (fdt), such as lotos or sdl are at the base of a technology for the specification and the validation of telecommunication systems. Due to the availability of commercial tools, these formalisms are now being widely used in the industrial community. Alternatively, a number of quite efficient verification tools have been developed by the research community. But, most of these tools are based on simple adhoc formalisms and the gap between them and real fdt restricts their use at industrial scale. This context motivated the development of an intermediate representation called if which is presented in the paper. if has a simple syntactic structure, but allows to express in a convenient way most useful concepts needed for the specification of timed asynchronous systems. The benefits of using if are multiples. First, it is general enough to handle significant subsets of most fdt, and in particular a translation from sdl to if is already implemented. ...
Distributed and structured analysis approaches to study large and complex systems
 Lectures on Formal Methods and Performance Analysis, LNCS 2090
, 2001
"... Abstract. Both the logic and the stochastic analysis of discretestate systems are hindered by the combinatorial growth of the state space underlying a highlevel model. In this work, we consider two orthogonal approaches to cope with this “statespace explosion”. Distributed algorithms that make us ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Both the logic and the stochastic analysis of discretestate systems are hindered by the combinatorial growth of the state space underlying a highlevel model. In this work, we consider two orthogonal approaches to cope with this “statespace explosion”. Distributed algorithms that make use of the processors and memory overall available on a network of N workstations can manage models with state spaces approximately N times larger than what is possible on a single workstation. A second approach, constituting a fundamental paradigm shift, is instead based on decision diagrams and related implicit data structures that efficiently encode the state space or the transition rate matrix of a model, provided that it has some structure to guide its decomposition; with these implicit methods, enormous sets can be managed efficiently, but the numerical solution of the stochastic model, if desired, is still a bottleneck, as it requires vectors of the size of the state space. 1
A realtime profile for UML and how to adapt it to SDL
 In Proceedings of SDL Forum 2003 (to appear), LNCS
, 2003
"... Abstract. This paper presents work of the IST project OMEGA, where we have defined a UML profile for realtime that is compatible with the Profile for Performance, Scheduling and Realtime recently accepted at OMG. In contrast to this OMG profile, we put emphasis on semantics and on its use in the c ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
Abstract. This paper presents work of the IST project OMEGA, where we have defined a UML profile for realtime that is compatible with the Profile for Performance, Scheduling and Realtime recently accepted at OMG. In contrast to this OMG profile, we put emphasis on semantics and on its use in the context of timed analysis of realtime embedded systems. The defined profile is compatible with the time concepts existing in SDL, and we show how we can also adapt these notations to SDL and MSC, which do not yet have a notation for this purpose. 1