Results 1  10
of
38
Liveness in Timed and Untimed Systems
, 1994
"... When proving the correctness of algorithms in distributed systems, one generally considers safety conditions and liveness conditions. The Input/Output (I/O) automaton model and its timed version have been used successfully, but have focused on safety conditions and on a restricted form of liveness c ..."
Abstract

Cited by 87 (17 self)
 Add to MetaCart
(Show Context)
When proving the correctness of algorithms in distributed systems, one generally considers safety conditions and liveness conditions. The Input/Output (I/O) automaton model and its timed version have been used successfully, but have focused on safety conditions and on a restricted form of liveness called fairness. In this paper we develop a new I/O automaton model, and a new timed I/O automaton model, that permit the verification of general liveness properties on the basis of existing verification techniques. Our models include a notion of environmentfreedom which generalizes the idea of receptiveness of other existing formalisms, and enables the use of compositional verification techniques.
Forward and Backward Simulations  Part II: TimingBased Systems
 Information and Computation
, 1995
"... A general automaton model for timingbased systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. These techniques include (1) refinements, (2) forward and backward simulations, (3) hybrid forwardbackward and backwardforward sim ..."
Abstract

Cited by 83 (23 self)
 Add to MetaCart
A general automaton model for timingbased systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. These techniques include (1) refinements, (2) forward and backward simulations, (3) hybrid forwardbackward and backwardforward simulations, and (4) history and prophecy relations. Relationships between the different types of simulations, as well as soundness and completeness results, are stated and proved. These results are (with one exception) analogous to the results for untimed systems in Part I of this paper. In fact, many of the results for the timed case are obtained as consequences of the analogous results for the untimed case.
A Process Algebra of Communicating Shared Resources with Dense Time and Priorities
 THEORETICAL COMPUTER SCIENCE
, 1997
"... ..."
(Show Context)
The Theory of Timed I/O Automata
, 2003
"... This paper presents the Timed Input/Output Automaton (TIOA) modeling framework, a basic mathematical framework to support description and analysis of timed systems. An important feature of this model is its support for decomposing timed system descriptions. In particular, the framework includes a no ..."
Abstract

Cited by 60 (18 self)
 Add to MetaCart
(Show Context)
This paper presents the Timed Input/Output Automaton (TIOA) modeling framework, a basic mathematical framework to support description and analysis of timed systems. An important feature of this model is its support for decomposing timed system descriptions. In particular, the framework includes a notion of external behavior for a timed I/O automaton, which captures its discrete interactions with its environment. The framework also denes what it means for one TIOA to implement another, based on an inclusion relationship between their external behavior sets, and de nes notions of simulations, which provide sucient conditions for demonstrating implementation relationships. The framework includes a composition operation for TIOAs, which respects external behavior, and a notion of receptiveness, which implies that a TIOA does not block the passage of time. The TIOA framework supports the statement and verication of safety and liveness properties for timed systems. It denes what it means for a property to be a safety or a liveness property, includes basic results about safetyliveness classication, and
Verification of an Audio Control Protocol
 FORMAL TECHNIQUES IN REALTIME AND FAULTTOLERANT SYSTEMS
, 1994
"... We analyze a simple version of a protocol developed by Philips for the physical layer of an interface bus that connects the various devices of some stereo equipment (tuner, CD player,...). The protocol, which uses Manchester encoding, has to deal with a significant uncertainty in the timing of event ..."
Abstract

Cited by 55 (7 self)
 Add to MetaCart
(Show Context)
We analyze a simple version of a protocol developed by Philips for the physical layer of an interface bus that connects the various devices of some stereo equipment (tuner, CD player,...). The protocol, which uses Manchester encoding, has to deal with a significant uncertainty in the timing of events, due to both hardware and software constraints. We present a formal specification of the protocol, and a proof of correctness for the case where the tolerance of the clocks used within the system is less than 1/17 . A counterexample shows that the protocol fails for tolerances greater than or equal to this value. The verification is carried out using a model of linear hybrid systems, which is similar to the phase transition system model of Manna and Pnueli, and the model of linear hybrid automata of Alur, Henzinger and Ho. The semantics of linear hybrid systems is defined via a translation to the timed I/O automata model of Lynch and Vaandrager.
Revisiting the Paxos Algorithm
, 1997
"... The paxos algorithm is an efficient and highly faulttolerant algorithm, devised by Lamport, for reaching consensus in a distributed system. Although it appears to be practical, it seems to be not widely known or understood. This thesis contains a new algorithm, based on a formal decomposition into ..."
Abstract

Cited by 53 (4 self)
 Add to MetaCart
The paxos algorithm is an efficient and highly faulttolerant algorithm, devised by Lamport, for reaching consensus in a distributed system. Although it appears to be practical, it seems to be not widely known or understood. This thesis contains a new algorithm, based on a formal decomposition into several interacting components. It also contains a correctness proof and a time performance and faulttolerance analysis.
Automatic Verification of Realtime Communicating Systems by Constraint Solving
 IN PROC. PF 5TH INT CONF. ON CAV, LNCS 697
, 1993
"... In this paper, an algebra of timed processes with realvalued clocks is presented, which may serve as a description language for networks of timed automata. We show that requirements such as "a process will never reach an undesired state" can be verified by solving a simple class of constr ..."
Abstract

Cited by 49 (15 self)
 Add to MetaCart
In this paper, an algebra of timed processes with realvalued clocks is presented, which may serve as a description language for networks of timed automata. We show that requirements such as "a process will never reach an undesired state" can be verified by solving a simple class of constraints on the clockvariables. A symbolic onthefly reachability algorithm for the language has been developed and implemented as a software tool based on constraintsolving techniques. To our knowledge, this is the first onthefly verification algorithm for timed automata. In fact, the tool is the very first implementation of the Uppaal tool. As examples, we model and verify safety properties of a realtime mutual exclusion protocol and a railway crossing controller.
The Observational Power of Clocks
, 1994
"... We develop a theory of equivalences for timed systems. Two systems are equivalent iff external observers cannot observe differences in their behavior. The notion of equivalence depends, therefore, on the distinguishing power of the observers. The power of an observer to measure time results in untim ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
(Show Context)
We develop a theory of equivalences for timed systems. Two systems are equivalent iff external observers cannot observe differences in their behavior. The notion of equivalence depends, therefore, on the distinguishing power of the observers. The power of an observer to measure time results in untimed, clock, and timed equivalences: an untimed observer cannot measure the time difference between events; a clock observer uses a clock to measure time differences with finite precision; a timed observer is able to measure time differences with arbitrary precision. We show that the distinguishing power of clock observers grows with the number of observers, and approaches, in the limit, the distinguishing power of a timed observer. More precisely, given any equivalence for untimed systems, two timed systems are kclock congruent, for a nonnegative integer k, iff their compositions with every environment that uses k clocks are untimed equivalent. Both kclock bisimulation congruence and kcloc...
Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing RealTime Systems
 In RTSS 2003: The 24th IEEE International RealTime Systems Symposium, Cancun,Mexico
, 2003
"... We describe the Timed Input/Output Automata (TIOA) framework, a general mathematical framework for modeling and analyzing realtime systems. It is based on timed I/O automata, which engage in both discrete transitions and continuous trajectories. The framework includes a notion of external behavior, ..."
Abstract

Cited by 39 (8 self)
 Add to MetaCart
(Show Context)
We describe the Timed Input/Output Automata (TIOA) framework, a general mathematical framework for modeling and analyzing realtime systems. It is based on timed I/O automata, which engage in both discrete transitions and continuous trajectories. The framework includes a notion of external behavior, and notions of composition and abstraction. We define safety and liveness properties for timed I/O automata, and a notion of receptiveness, and prove basic results about all of these notions. The TIOA framework is defined as a special case of the new Hybrid I/O Automata (HIOA) modeling framework for hybrid systems. Specifically, a TIOA is an HIOA with no external variables; thus, TIOAs communicate via shared discrete actions only, and do not interact continuously. This restriction is consistent with previous realtime system models, and gives rise to some simplifications in the theory (compared to HIOA). The resulting model is expressive enough to describe complex timing behavior, and to express the important ideas of previous timed automata frameworks.