1,151 research outputs found
Bounded Determinization of Timed Automata with Silent Transitions
Deterministic timed automata are strictly less expressive than their
non-deterministic counterparts, which are again less expressive than those with
silent transitions. As a consequence, timed automata are in general
non-determinizable. This is unfortunate since deterministic automata play a
major role in model-based testing, observability and implementability. However,
by bounding the length of the traces in the automaton, effective
determinization becomes possible. We propose a novel procedure for bounded
determinization of timed automata. The procedure unfolds the automata to
bounded trees, removes all silent transitions and determinizes via disjunction
of guards. The proposed algorithms are optimized to the bounded setting and
thus are more efficient and can handle a larger class of timed automata than
the general algorithms. The approach is implemented in a prototype tool and
evaluated on several examples. To our best knowledge, this is the first
implementation of this type of procedure for timed automata.Comment: 25 page
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
Formal Analysis for Embedded Real-Time Systems
International audienceTimed systems are notoriously hard to de-bug and to verify because the continuous nature of time allows vast numbers of different behaviors; embedded systems must often deal with faults, and these introduce another dimension of complexity. Simulation and testing provide little assurance in these domains because they can visit only a small fraction of the possible behaviors. Formal methods of analysis have some promise, but until recently they could deal only with one dimension at a time: classical model checking could cope with faults but could not model continuous time; model checkers for timed automata could deal with continuous time but not the "case ex-plosion" due to faults. Recently, a new class of "infinite bounded" model checkers has been developed; these show promise that they can cope simultaneously with both continuous time and discrete faults
Towards Realizability Checking of Contracts using Theories
Virtual integration techniques focus on building architectural models of
systems that can be analyzed early in the design cycle to try to lower cost,
reduce risk, and improve quality of complex embedded systems. Given appropriate
architectural descriptions and compositional reasoning rules, these techniques
can be used to prove important safety properties about the architecture prior
to system construction. Such proofs build from "leaf-level" assume/guarantee
component contracts through architectural layers towards top-level safety
properties. The proofs are built upon the premise that each leaf-level
component contract is realizable; i.e., it is possible to construct a component
such that for any input allowed by the contract assumptions, there is some
output value that the component can produce that satisfies the contract
guarantees. Without engineering support it is all too easy to write leaf-level
components that can't be realized. Realizability checking for propositional
contracts has been well-studied for many years, both for component synthesis
and checking correctness of temporal logic requirements. However, checking
realizability for contracts involving infinite theories is still an open
problem. In this paper, we describe a new approach for checking realizability
of contracts involving theories and demonstrate its usefulness on several
examples.Comment: 15 pages, to appear in NASA Formal Methods (NFM) 201
PKind: A parallel k-induction based model checker
PKind is a novel parallel k-induction-based model checker of invariant
properties for finite- or infinite-state Lustre programs. Its architecture,
which is strictly message-based, is designed to minimize synchronization delays
and easily accommodate the incorporation of incremental invariant generators to
enhance basic k-induction. We describe PKind's functionality and main features,
and present experimental evidence that PKind significantly speeds up the
verification of safety properties and, due to incremental invariant generation,
also considerably increases the number of provable ones.Comment: In Proceedings PDMC 2011, arXiv:1111.006
Compositional Verification for Timed Systems Based on Automatic Invariant Generation
We propose a method for compositional verification to address the state space
explosion problem inherent to model-checking timed systems with a large number
of components. The main challenge is to obtain pertinent global timing
constraints from the timings in the components alone. To this end, we make use
of auxiliary clocks to automatically generate new invariants which capture the
constraints induced by the synchronisations between components. The method has
been implemented in the RTD-Finder tool and successfully experimented on
several benchmarks
Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis
The safety of infinite state systems can be checked by a backward
reachability procedure. For certain classes of systems, it is possible to prove
the termination of the procedure and hence conclude the decidability of the
safety problem. Although backward reachability is property-directed, it can
unnecessarily explore (large) portions of the state space of a system which are
not required to verify the safety property under consideration. To avoid this,
invariants can be used to dramatically prune the search space. Indeed, the
problem is to guess such appropriate invariants. In this paper, we present a
fully declarative and symbolic approach to the mechanization of backward
reachability of infinite state systems manipulating arrays by Satisfiability
Modulo Theories solving. Theories are used to specify the topology and the data
manipulated by the system. We identify sufficient conditions on the theories to
ensure the termination of backward reachability and we show the completeness of
a method for invariant synthesis (obtained as the dual of backward
reachability), again, under suitable hypotheses on the theories. We also
present a pragmatic approach to interleave invariant synthesis and backward
reachability so that a fix-point for the set of backward reachable states is
more easily obtained. Finally, we discuss heuristics that allow us to derive an
implementation of the techniques in the model checker MCMT, showing remarkable
speed-ups on a significant set of safety problems extracted from a variety of
sources.Comment: Accepted for publication in Logical Methods in Computer Scienc
- …