1,927 research outputs found
Interrupt Timed Automata: verification and expressiveness
We introduce the class of Interrupt Timed Automata (ITA), a subclass of
hybrid automata well suited to the description of timed multi-task systems with
interruptions in a single processor environment. While the reachability problem
is undecidable for hybrid automata we show that it is decidable for ITA. More
precisely we prove that the untimed language of an ITA is regular, by building
a finite automaton as a generalized class graph. We then establish that the
reachability problem for ITA is in NEXPTIME and in PTIME when the number of
clocks is fixed. To prove the first result, we define a subclass ITA- of ITA,
and show that (1) any ITA can be reduced to a language-equivalent automaton in
ITA- and (2) the reachability problem in this subclass is in NEXPTIME (without
any class graph). In the next step, we investigate the verification of real
time properties over ITA. We prove that model checking SCL, a fragment of a
timed linear time logic, is undecidable. On the other hand, we give model
checking procedures for two fragments of timed branching time logic. We also
compare the expressive power of classical timed automata and ITA and prove that
the corresponding families of accepted languages are incomparable. The result
also holds for languages accepted by controlled real-time automata (CRTA), that
extend timed automata. We finally combine ITA with CRTA, in a model which
encompasses both classes and show that the reachability problem is still
decidable. Additionally we show that the languages of ITA are neither closed
under complementation nor under intersection
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Even with impressive advances in automated formal methods, certain problems
in system verification and synthesis remain challenging. Examples include the
verification of quantitative properties of software involving constraints on
timing and energy consumption, and the automatic synthesis of systems from
specifications. The major challenges include environment modeling,
incompleteness in specifications, and the complexity of underlying decision
problems.
This position paper proposes sciduction, an approach to tackle these
challenges by integrating inductive inference, deductive reasoning, and
structure hypotheses. Deductive reasoning, which leads from general rules or
concepts to conclusions about specific problem instances, includes techniques
such as logical inference and constraint solving. Inductive inference, which
generalizes from specific instances to yield a concept, includes algorithmic
learning from examples. Structure hypotheses are used to define the class of
artifacts, such as invariants or program fragments, generated during
verification or synthesis. Sciduction constrains inductive and deductive
reasoning using structure hypotheses, and actively combines inductive and
deductive reasoning: for instance, deductive techniques generate examples for
learning, and inductive reasoning is used to guide the deductive engines.
We illustrate this approach with three applications: (i) timing analysis of
software; (ii) synthesis of loop-free programs, and (iii) controller synthesis
for hybrid systems. Some future applications are also discussed
Logic-based schedulability analysis for compositional hard real-time embedded systems
This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in SIGBED Review, VOL.12, ISS.1, http://doi.acm.org/10.1145/2752801.2752808Over the past decades several approaches for schedu- lability analysis have been proposed for both uniprocessor and multi-processor real-time systems. Although different techniques are employed, very little has been put forward in using formal specifications, with the consequent possibility for misinterpretations or ambiguities in the problem statement. Using a logic based approach to schedulability analysis in the design of hard real-time systems eases the synthesis of correct-by- construction procedures for both static and dynamic verification processes. In this paper we propose a novel approach to schedulability analysis based on a timed temporal logic with time durations. Our approach subsumes classical methods for uniprocessor scheduling analysis over compositional resource models by providing the developer with counter-examples, and by ruling out schedules that cause unsafe violations on the system. We also provide an example showing the effectiveness of our proposal.This work was partially supported by National Funds through FCT (Portuguese Foundation for Science and Technology) and by ERDF (European Regional Development Fund) through COMPETE (Operational Programme ’Thematic Fac- tors of Competitiveness’), within projects Ref. FCOMP-01- 0124-FEDER-022701 (CISTER), FCOMP-01-0124-FEDER- 015006 (VIPCORE) and FCOMP-01-0124-FEDER-020486 (AVIACC)
Formal Verification of Real-time Systems with Preemptive Scheduling
International audienceIn this paper, we propose a method for the verification of timed properties for real-time systems featuring a preemptive scheduling policy: the system, modeled as a scheduling time Petri net, is first translated into a linear hybrid automaton to which it is time-bisimilar. Timed properties can then be verified using HyTech. The efficiency of this approach leans on two major points: first, the translation features a minimization of the number of variables (clocks) of the resulting automaton, which is a critical parameter for the efficiency of the ensuing verification. Second, the translation is performed by an over-approximating algorithm, which is based on Difference Bound Matrix and therefore efficient, that nonetheless produces a time-bisimilar automaton despite the over-approximation. The proposed modeling and verification method are generic enough to account for many scheduling policies. In this paper, we specifically show how to deal with Fixed Priority and Earliest Deadline First policies, with the possibility of using Round-Robin for tasks with the same priority. We have implemented the method and give some experimental results illustrating its efficiency
Safety Verification of Phaser Programs
We address the problem of statically checking control state reachability (as
in possibility of assertion violations, race conditions or runtime errors) and
plain reachability (as in deadlock-freedom) of phaser programs. Phasers are a
modern non-trivial synchronization construct that supports dynamic parallelism
with runtime registration and deregistration of spawned tasks. They allow for
collective and point-to-point synchronizations. For instance, phasers can
enforce barriers or producer-consumer synchronization schemes among all or
subsets of the running tasks. Implementations %of these recent and dynamic
synchronization are found in modern languages such as X10 or Habanero Java.
Phasers essentially associate phases to individual tasks and use their runtime
values to restrict possible concurrent executions. Unbounded phases may result
in infinite transition systems even in the case of programs only creating
finite numbers of tasks and phasers. We introduce an exact gap-order based
procedure that always terminates when checking control reachability for
programs generating bounded numbers of coexisting tasks and phasers. We also
show verifying plain reachability is undecidable even for programs generating
few tasks and phasers. We then explain how to turn our procedure into a sound
analysis for checking plain reachability (including deadlock freedom). We
report on preliminary experiments with our open source tool
Practical Distributed Control Synthesis
Classic distributed control problems have an interesting dichotomy: they are
either trivial or undecidable. If we allow the controllers to fully
synchronize, then synthesis is trivial. In this case, controllers can
effectively act as a single controller with complete information, resulting in
a trivial control problem. But when we eliminate communication and restrict the
supervisors to locally available information, the problem becomes undecidable.
In this paper we argue in favor of a middle way. Communication is, in most
applications, expensive, and should hence be minimized. We therefore study a
solution that tries to communicate only scarcely and, while allowing
communication in order to make joint decision, favors local decisions over
joint decisions that require communication.Comment: In Proceedings INFINITY 2011, arXiv:1111.267
A Compositional Approach for Schedulability Analysis of Distributed Avionics Systems
This work presents a compositional approach for schedulability analysis of
Distributed Integrated Modular Avionics (DIMA) systems that consist of
spatially distributed ARINC-653 modules connected by a unified AFDX network. We
model a DIMA system as a set of stopwatch automata in UPPAAL to verify its
schedulability by model checking. However, direct model checking is infeasible
due to the large state space. Therefore, we introduce the compositional
analysis that checks each partition including its communication environment
individually. Based on a notion of message interfaces, a number of message
sender automata are built to model the environment for a partition. We define a
timed selection simulation relation, which supports the construction of
composite message interfaces. By using assume-guarantee reasoning, we ensure
that each task meets the deadline and that communication constraints are also
fulfilled globally. The approach is applied to the analysis of a concrete DIMA
system.Comment: In Proceedings MeTRiD 2018, arXiv:1806.09330. arXiv admin note: text
overlap with arXiv:1803.1105
- …