1,834 research outputs found
Interrupt Timed Automata: verification and expressiveness
We introduce the class of Interrupt Timed Automata (ITA), a subclass of
hybrid automata well suited to the description of timed multi-task systems with
interruptions in a single processor environment. While the reachability problem
is undecidable for hybrid automata we show that it is decidable for ITA. More
precisely we prove that the untimed language of an ITA is regular, by building
a finite automaton as a generalized class graph. We then establish that the
reachability problem for ITA is in NEXPTIME and in PTIME when the number of
clocks is fixed. To prove the first result, we define a subclass ITA- of ITA,
and show that (1) any ITA can be reduced to a language-equivalent automaton in
ITA- and (2) the reachability problem in this subclass is in NEXPTIME (without
any class graph). In the next step, we investigate the verification of real
time properties over ITA. We prove that model checking SCL, a fragment of a
timed linear time logic, is undecidable. On the other hand, we give model
checking procedures for two fragments of timed branching time logic. We also
compare the expressive power of classical timed automata and ITA and prove that
the corresponding families of accepted languages are incomparable. The result
also holds for languages accepted by controlled real-time automata (CRTA), that
extend timed automata. We finally combine ITA with CRTA, in a model which
encompasses both classes and show that the reachability problem is still
decidable. Additionally we show that the languages of ITA are neither closed
under complementation nor under intersection
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Even with impressive advances in automated formal methods, certain problems
in system verification and synthesis remain challenging. Examples include the
verification of quantitative properties of software involving constraints on
timing and energy consumption, and the automatic synthesis of systems from
specifications. The major challenges include environment modeling,
incompleteness in specifications, and the complexity of underlying decision
problems.
This position paper proposes sciduction, an approach to tackle these
challenges by integrating inductive inference, deductive reasoning, and
structure hypotheses. Deductive reasoning, which leads from general rules or
concepts to conclusions about specific problem instances, includes techniques
such as logical inference and constraint solving. Inductive inference, which
generalizes from specific instances to yield a concept, includes algorithmic
learning from examples. Structure hypotheses are used to define the class of
artifacts, such as invariants or program fragments, generated during
verification or synthesis. Sciduction constrains inductive and deductive
reasoning using structure hypotheses, and actively combines inductive and
deductive reasoning: for instance, deductive techniques generate examples for
learning, and inductive reasoning is used to guide the deductive engines.
We illustrate this approach with three applications: (i) timing analysis of
software; (ii) synthesis of loop-free programs, and (iii) controller synthesis
for hybrid systems. Some future applications are also discussed
Safety Verification of Phaser Programs
We address the problem of statically checking control state reachability (as
in possibility of assertion violations, race conditions or runtime errors) and
plain reachability (as in deadlock-freedom) of phaser programs. Phasers are a
modern non-trivial synchronization construct that supports dynamic parallelism
with runtime registration and deregistration of spawned tasks. They allow for
collective and point-to-point synchronizations. For instance, phasers can
enforce barriers or producer-consumer synchronization schemes among all or
subsets of the running tasks. Implementations %of these recent and dynamic
synchronization are found in modern languages such as X10 or Habanero Java.
Phasers essentially associate phases to individual tasks and use their runtime
values to restrict possible concurrent executions. Unbounded phases may result
in infinite transition systems even in the case of programs only creating
finite numbers of tasks and phasers. We introduce an exact gap-order based
procedure that always terminates when checking control reachability for
programs generating bounded numbers of coexisting tasks and phasers. We also
show verifying plain reachability is undecidable even for programs generating
few tasks and phasers. We then explain how to turn our procedure into a sound
analysis for checking plain reachability (including deadlock freedom). We
report on preliminary experiments with our open source tool
Formal Verification of Real-time Systems with Preemptive Scheduling
International audienceIn this paper, we propose a method for the verification of timed properties for real-time systems featuring a preemptive scheduling policy: the system, modeled as a scheduling time Petri net, is first translated into a linear hybrid automaton to which it is time-bisimilar. Timed properties can then be verified using HyTech. The efficiency of this approach leans on two major points: first, the translation features a minimization of the number of variables (clocks) of the resulting automaton, which is a critical parameter for the efficiency of the ensuing verification. Second, the translation is performed by an over-approximating algorithm, which is based on Difference Bound Matrix and therefore efficient, that nonetheless produces a time-bisimilar automaton despite the over-approximation. The proposed modeling and verification method are generic enough to account for many scheduling policies. In this paper, we specifically show how to deal with Fixed Priority and Earliest Deadline First policies, with the possibility of using Round-Robin for tasks with the same priority. We have implemented the method and give some experimental results illustrating its efficiency
A Compositional Approach for Schedulability Analysis of Distributed Avionics Systems
This work presents a compositional approach for schedulability analysis of
Distributed Integrated Modular Avionics (DIMA) systems that consist of
spatially distributed ARINC-653 modules connected by a unified AFDX network. We
model a DIMA system as a set of stopwatch automata in UPPAAL to verify its
schedulability by model checking. However, direct model checking is infeasible
due to the large state space. Therefore, we introduce the compositional
analysis that checks each partition including its communication environment
individually. Based on a notion of message interfaces, a number of message
sender automata are built to model the environment for a partition. We define a
timed selection simulation relation, which supports the construction of
composite message interfaces. By using assume-guarantee reasoning, we ensure
that each task meets the deadline and that communication constraints are also
fulfilled globally. The approach is applied to the analysis of a concrete DIMA
system.Comment: In Proceedings MeTRiD 2018, arXiv:1806.09330. arXiv admin note: text
overlap with arXiv:1803.1105
Relating L-Resilience and Wait-Freedom via Hitting Sets
The condition of t-resilience stipulates that an n-process program is only
obliged to make progress when at least n-t processes are correct. Put another
way, the live sets, the collection of process sets such that progress is
required if all the processes in one of these sets are correct, are all sets
with at least n-t processes.
We show that the ability of arbitrary collection of live sets L to solve
distributed tasks is tightly related to the minimum hitting set of L, a minimum
cardinality subset of processes that has a non-empty intersection with every
live set. Thus, finding the computing power of L is NP-complete.
For the special case of colorless tasks that allow participating processes to
adopt input or output values of each other, we use a simple simulation to show
that a task can be solved L-resiliently if and only if it can be solved
(h-1)-resiliently, where h is the size of the minimum hitting set of L.
For general tasks, we characterize L-resilient solvability of tasks with
respect to a limited notion of weak solvability: in every execution where all
processes in some set in L are correct, outputs must be produced for every
process in some (possibly different) participating set in L. Given a task T, we
construct another task T_L such that T is solvable weakly L-resiliently if and
only if T_L is solvable weakly wait-free
On the possible Computational Power of the Human Mind
The aim of this paper is to address the question: Can an artificial neural
network (ANN) model be used as a possible characterization of the power of the
human mind? We will discuss what might be the relationship between such a model
and its natural counterpart. A possible characterization of the different power
capabilities of the mind is suggested in terms of the information contained (in
its computational complexity) or achievable by it. Such characterization takes
advantage of recent results based on natural neural networks (NNN) and the
computational power of arbitrary artificial neural networks (ANN). The possible
acceptance of neural networks as the model of the human mind's operation makes
the aforementioned quite relevant.Comment: Complexity, Science and Society Conference, 2005, University of
Liverpool, UK. 23 page
- …