Results 1  10
of
92
W (2002) Formal verification of UML statecharts with realtime extensions
 In: Proc. 5th International Conference on Fundamental Approaches to Software Engineering (FASE 2002), Lecture Notes in Computer Science
"... Abstract. We present a framework for formal verification of a realtime extension of UML statecharts. For clarity, we restrict ourselves to a reasonable subset of the rich UML statechart model and extend this with realtime constructs (clocks, timed guards, and invariants). We equip the obtained for ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a framework for formal verification of a realtime extension of UML statecharts. For clarity, we restrict ourselves to a reasonable subset of the rich UML statechart model and extend this with realtime constructs (clocks, timed guards, and invariants). We equip the obtained formalism, called hierarchical timed automata (HTA), with an operational semantics. We outline a translation of one HTA to a network of flat timed automata, that can serve as input to the realtime model checking tool Uppaal. This translation can be used to faithfully verify deadlockfreedom, safety, and unbounded response properties of the HTA model. We report on an XMLbased implementation of this translation, use the wellknown pacemaker example to illustrate our technique, and report runtime data for the formal verification part. 1
Probabilistic Model Checking of Deadline Properties in the IEEE1394 FireWire Root Contention Protocol
 in the IEEE 1394 FireWire root contention protocol. Special Issue of Formal Aspects of Computing
"... The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automati ..."
Abstract

Cited by 41 (24 self)
 Add to MetaCart
The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automatic verification techniques such as model checking have been adapted to this class of probabilistic, timed systems [1, 9, 3, 14]. This abstract considers an application of such techniques to the IEEE1394 (FireWire) root contention protocol, in which the interplay between timed and probabilistic aspects is used to break the symmetry which may arise during the leader election process. Here, the properties of interest concern the election of a leader within a certain deadline, with a certain probability or greater. Our specification formalism is that of probabilistic timed automata [14], a variant of timed automa...
Verification and Improvement of the Sliding Window Protocol
, 2003
"... The wellknown Sliding Window protocol caters for the reliable and efficient transmission of data over unreliable channels that can lose, reorder and duplicate messages. Despite the practical importance of the protocol and its high potential for errors, it has never been formally verified for the ge ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
(Show Context)
The wellknown Sliding Window protocol caters for the reliable and efficient transmission of data over unreliable channels that can lose, reorder and duplicate messages. Despite the practical importance of the protocol and its high potential for errors, it has never been formally verified for the general setting. We try to fill this gap by giving a fully formal specification and verification of an improved version of the protocol. The protocol is specified by a timed state machine in the language of the verification system PVS. This allows a mechanical check of the proof by the interactive proof checker of PVS. Our modelling is very general and includes such important features of the protocol as sending and receiving windows of arbitrary size, bounded sequence numbers and channels that may lose, reorder and duplicate messages.
Robustness and Implementability of Timed Automata
 In Proc. Joint Conf. Formal Modelling and Analysis of Timed Systems and Formal Techniques in RealTime and Fault Tolerant System (FORMATS+FTRTFT’04), volume 3253 of LNCS
, 2004
"... In a former paper, we de ned a new semantics for timed automata, the Almost ASAP semantics, which is parameterized by to cope with the reaction delay of the controller. We showed that this semantics is implementable provided there exists a strictly positive value for the parameter for which t ..."
Abstract

Cited by 25 (13 self)
 Add to MetaCart
In a former paper, we de ned a new semantics for timed automata, the Almost ASAP semantics, which is parameterized by to cope with the reaction delay of the controller. We showed that this semantics is implementable provided there exists a strictly positive value for the parameter for which the strategy is correct. In this paper, we de ne the implementability problem to be the question of existence of such a . We show that this question is closely related to a notion of robustness for timed automata de ned in [Pur98] and prove that the implementability problem is decidable.
Analysis of a Biphase Mark Protocol with Uppaal and PVS
"... The biphase mark protocol is a convention for representing both a string of bits and clock edges in a square wave. The protocol is frequently used for communication at the physical level of the ISO/OSI hierarchy, and is implemented on microcontrollers such as the Intel 82530 Serial Communications ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
The biphase mark protocol is a convention for representing both a string of bits and clock edges in a square wave. The protocol is frequently used for communication at the physical level of the ISO/OSI hierarchy, and is implemented on microcontrollers such as the Intel 82530 Serial Communications Controller. An important property of the protocol is that bit strings of arbitrary length can be transmitted reliably, despite differences in the clock rates of sender and receiver (drift), variations of the clock rates (jitter), and distortion of the signal after generation of an edge. In this article, we show how the protocol can be modelled naturally in terms of timed automata. We use the model checker Uppaal to derive the maximal tolerances on the clock rates, for different instances of the protocol, and to support the general parametric verification that we formalized using the proof assistant PVS. Based on the derived parameter constraints we propose instances of BMP that are correct (at least in our model) but have a faster bit rate than the instances that are commonly implemented in hardware.
Do We Need Dependent Types?
 JOURNAL OF FUNCTIONAL PROGRAMMING
, 2001
"... Inspired by [1], we describe a technique for defining, within the HindleyMilner type system, some functions which seem to require a language with dependent types. We illustrate this by giving a general definition of zipWith for which the Haskell library provides a family of functions, each memb ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Inspired by [1], we describe a technique for defining, within the HindleyMilner type system, some functions which seem to require a language with dependent types. We illustrate this by giving a general definition of zipWith for which the Haskell library provides a family of functions, each member of the family having a different type and arity. Our technique consists in introducing ad hoc codings for natural numbers which resemble numerals in #calculus.
Integer Parameter Synthesis for Timed Automata ⋆ LUNAM Université.
"... Abstract. We provide a subclass of parametric timed automata (PTA) that we can actually and efficiently analyze, and we argue that it retains most of the practical usefulness of PTA. The currently most useful known subclass of PTA, L/U automata, has a strong syntactical restriction for practical pur ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We provide a subclass of parametric timed automata (PTA) that we can actually and efficiently analyze, and we argue that it retains most of the practical usefulness of PTA. The currently most useful known subclass of PTA, L/U automata, has a strong syntactical restriction for practical purposes, and we show that the associated theoretical results are mixed. We therefore advocate for a different restriction scheme: since in classical timed automata, realvalued clocks are always compared to integers for all practical purposes, we also search for parameter values as bounded integers. We show that the problem of the existence of parameter values such that some TCTL property is satisfied is PSPACEcomplete. In such a setting, we can also of course synthesize all the values of parameters and we give symbolic algorithms, for reachability and unavoidability properties, to do it efficiently, i.e., without an explicit enumeration. This also has the practical advantage of giving the result as symbolic constraints between the parameters. We finally report on a few experimental results to illustrate the practical usefulness of the approach. 1
Approximate parameter synthesis for probabilistic timebounded reachability.
 In RTSS,
, 2008
"... Abstract This paper proposes ..."
(Show Context)