Network Invariants for Real-Time Systems
O. Grinchtein2004, Electronic Notes in Theoretical Computer Science
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
We extend the approach of model checking parameterized networks of processes by means of network invariants to the setting of real-time systems. We introduce timed transition structures (which are similar in spirit to timed automata) and define a notion of abstraction which is safe with respect to linear temporal properties. We strengthen the notion of abstraction to allow a finite system, then called network invariant, to be an abstraction of networks of real-time systems. In general the problem of checking abstraction of real-time systems is undecidable. Hence, we provide sufficient criteria, which can be checked automatically, to conclude that one system is an abstraction of a concrete one. Our method is based on timed superposition and discretization of timed systems. We exemplify our approach by proving mutual exclusion of a simple protocol inspired by Fischer's protocol, using Weizmann's model checker TLV.
Related papers
Parameterized Model-Checking for Timed Systems with Conjunctive Guards
In this work we extend the Emerson and Kahlon's cutoff theorems for process skeletons with conjunctive guards to Parameterized Networks of Timed Automata, i.e. systems obtained by an apriori unknown number of Timed Automata instantiated from a finite set U1, . . . , Un of Timed Automata templates. In this way we aim at giving a tool to universally verify software systems where an unknown number of software components (i.e. processes) interact with continuous time temporal constraints. It is often the case, indeed, that distributed algorithms show an heterogeneous nature, combining dynamic aspects with real-time aspects. In the paper we will also show how to model check a protocol that uses special variables storing identifiers of the participating processes (i.e. PIDs) in Timed Automata with conjunctive guards. This is non-trivial, since solutions to the parameterized verification problem often relies on the processes to be symmetric, i.e. indistinguishable. On the other side, many popular distributed algorithms make use of PIDs and thus cannot directly apply those solutions.
Parameterized Model-Checking for Timed-Systems with Conjunctive Guards (Extended Version)
ArXiv, 2014
In this work we extend the Emerson and Kahlon's cutoff theorems for process skeletons with conjunctive guards to Parameterized Networks of Timed Automata, i.e. systems obtained by an \emph{apriori} unknown number of Timed Automata instantiated from a finite set $U_1, \dots, U_n$ of Timed Automata templates. In this way we aim at giving a tool to universally verify software systems where an unknown number of software components (i.e. processes) interact with continuous time temporal constraints. It is often the case, indeed, that distributed algorithms show an heterogeneous nature, combining dynamic aspects with real-time aspects. In the paper we will also show how to model check a protocol that uses special variables storing identifiers of the participating processes (i.e. PIDs) in Timed Automata with conjunctive guards. This is non-trivial, since solutions to the parameterized verification problem often relies on the processes to be symmetric, i.e. indistinguishable. On the other side, many popular distributed algorithms make use of PIDs and thus cannot directly apply those solutions.
Model Checking Parameterized Timed Systems
2005
In recent years, there has been much advancement in the area of verification of infinite-state systems. A system can have an infinite state-space due to unbounded data structures such as counters, clocks, stacks, queues, etc. It may also be infinitestate due to parameterization, i.e., the possibility of having an arbitrary number of components in the system. For parameterized systems, we are interested in checking correctness of all the instances in one verification step. In this thesis, we consider systems which contain both sources of infiniteness, namely: (a) real-valued clocks and (b) parameterization. More precisely, we consider two models : (a) the timed Petri net (TPN) model which is an extension of the classical Petri net model; and (b) the timed network (TN) model in which an arbitrary number of timed automata run in parallel. We consider verification of safety properties for timed Petri nets using forward analysis. Since forward analysis is necessarily incomplete, we provide a semi-algorithm augmented with an acceleration technique in order to make it terminate more often on practical examples. Then we consider a number of problems which are generalisations of the corresponding ones for timed automata and Petri nets. For instance, we consider zenoness where we check the existence of an infinite computation with a finite duration. We also consider two variants of the boundedness problem: syntactic boundedness in which both live and dead tokens are considered; semantic boundedness where only live tokens are considered. We show that the former problem is decidable, while the latter is not. Finally, we show undecidability of LTL model checking both for dense and discrete timed Petri nets. Next we consider timed networks. We show undecidability of safety properties in case each component is equipped with two or more clocks. This result contrasts previous decidability result for the case where each component has a single clock. Also, we show that the problem is decidable when clocks range over the discrete time domain. This decidability result holds when the processes have any finite number of clocks. Furthermore, we outline the border between decidability and undecidability of safety for TNs by considering several syntactic and semantic variants.
Model Checking Linear Duration Invariants of Networks of Automata
Lecture Notes in Computer Science, 2010
Linear duration invariants (LDIs) are important safety properties of real-time systems. In this paper, we reduce the problem of verification of a network of timed automata against an LDI to an equivalent problem of model checking whether a failure state is never reached. Our approach is first to transform each component automaton Ai of the network A to an automaton Gi. The transformation helps us to record entry and exit to critical locations that appear in the LDI. We then introduce an auxiliary checker automaton S and define a failure state to verify the LDI on a given interval. Since a model checker checks exhaustively, a failure of the checker automaton to find the failure state will prove that the LDI holds.
Timed model checking with abstractions
Proceedings of the tenth ACM international conference on Embedded software, 2012
Multicore architectures are increasingly used nowadays in embedded real-time systems. Parallel execution of tasks feigns the possibility of a massive increase in performance. However, this is usually not achieved because of contention on shared resources. Concurrently executing tasks mutually block their accesses to the shared resource, causing non-deterministic delays. Timing analysis of tasks in such systems is then far from trivial. Recently, several analytic methods have been proposed for this purpose, however, they cannot model complex arbitration schemes such as FlexRay which is a common bus arbitration protocol in the automotive industry. This paper considers real-time tasks composed of superblocks, i. e., sequences of computation and resource accessing phases. Resource accesses such as accesses to memories and caches are synchronous, i. e., they cause execution on the processing core to stall until the access is served. For such systems, the paper presents a state-based modeling and analysis approach based on Timed Automata which can model accurately arbitration schemes of any complexity. Based on it, we compute safe bounds on the worstcase response times of tasks. The scalability of the approach is increased significantly by abstracting several cores and their tasks with one arrival curve, which represents their resource accesses and computation times. This curve is then incorporated into the Timed Automata model of the system. The accuracy and scalability of the approach are evaluated with a real-world application from the automotive industry and benchmark applications.
On checking parallel real-time systems for linear duration invariants
Software Engineering for Parallel and …, 1998
In this paper we define timed regular expressions to de-scribe the timed behaviour of parallel real-time systems and consider the problem of checking algorithmically the set of timed behaviours defined by timed regular expressions for a real-time requirement specified by a linear ...
Parameterized model checking of networks of timed automata with Boolean guards
Theoretical Computer Science, 2020
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
Logic Based Abstractions of Real-Time Systems
2000
When verifying concurrent systems described by transition systems, state explosion is one of the most serious problems. If quantitative temporal information (expressed by clock ticks) is considered, state explosion is even more serious. We present a notion of abstraction of transition systems, where the abstraction is driven by the formulae of a quantitative temporal logic, called qu-mu-calculus, defined in the paper. The abstraction is based on a notion of bisimulation equivalence, called ρ, n -equivalence, where ρ is a set of actions and n is a natural number. It is proved that two transition systems are ρ, n -equivalent iff they give the same truth value to all qu-mu-calculus formulae such that the actions occurring in the modal operators are contained in ρ, and with time constraints whose values are less than or equal to n. We present a non-standard (abstract) semantics for a timed process algebra able to produce reduced transition systems for checking formulae. The abstract semantics, parametric with respect to a set ρ of actions and a natural number n, produces a reduced transition system ρ, nequivalent to the standard one. A transformational method is also defined, by means of which it is possible to syntactically transform a program into a smaller one, still preserving ρ, n -equivalence.
Symbolic model checking of real-time systems
Proceedings Eighth International Symposium on Temporal Representation and Reasoning. TIME 2001, 2000
We present a new real-time temporal logic for the specification and verification of discrete quantitative temporal properties. This logic is an extension of the well-known logic CTL. Its semantics is defined on discrete time transition systems which are in turn interpreted in an abstract manner instead of the usual stuttering interpretation. Hence, our approach directly supports abstractions of real-time systems by ignoring irrelevant qualitative properties, but without loosing any quantitative information. We analyse the complexity of the presented model checking algorithm and furthermore present a fragment of the logic that can be efficiently checked.
Model-checking for real-time systems
Logic in Computer Science, …, 1990
This research extends CTL model-checking to the analysis of real-time systems, whose correctness depends on the magnitudes of the timing delays. For specifications, the syntax of CTL is extended to allow quantitative temporal operators. The formulas of the resulting logic, TCTL, are interpretation over continuous computation trees, trees in which paths are maps from the set of nonnegative reals to system states. To model finite-state systems the notion of timed graphs is introduced-state-transition graphs extended with a ...
Timed Multiset Rewriting and the Verification of Time-Sensitive Distributed Systems
Lecture Notes in Computer Science, 2016
Time-Sensitive Distributed Systems (TSDS), such as applications using autonomous drones, achieve goals under possible environment interference (e.g., winds). Moreover, goals are often specified using explicit time constraints which must be satisfied by the system perpetually. For example, drones carrying out the surveillance of some area must always have recent pictures, i.e., at most M time units old, of some strategic locations. This paper proposes a Multiset Rewriting language with explicit time for specifying and analysing TSDSes. We introduce two properties, realizability (some trace is good) and survivability (where, in addition, all admissible traces are good). A good trace is an infinite trace in which goals are perpetually satisfied. We propose a class of systems called progressive timed systems (PTS), where intuitively only a finite number of actions can be carried out in a bounded time period. We prove that for this class of systems both the realizability and the survivability problems are PSPACE-complete. Furthermore, if we impose a bound on time (as in bounded model-checking), we show that for PTS, realizability becomes NP-complete, while survivability is in the ∆ p 2 class of the polynomial hierarchy. Finally, we demonstrate that the rewriting logic system Maude can be used to automate time bounded verification of PTS.
On the Existence of Cutoffs for Model Checking Disjunctive Timed Networks
2017
Given a logical formula and a system described as the composition of arbitrarily many copies of some process template, the parameterized model checking problem wants to establish whether the system satisfies the formula. The focus is on the fact that the property should not depend on the actual number of participating processes. Exactly this, makes the problem equivalent to verifying an infinite state system, and thus undecidable problem in general. Several authors identified relevant sub-classes of systems or formulae to be model checked. In this work we study the parameterized model checking problem of real-time systems against real-time temporal logics. In particular we study the possibility of finding an upper bound to the size of the system, known as cutoff, ensuring that adding more participants does not change the set of satisfiable formulae. A distinction exists between dynamic cutoffs, depending both on the process templates and the formula, and static cutoffs, that only co...
Efficient Model-Checking for Real-Time Task Networks
2009 International Conference on Embedded Software and Systems, 2009
Formal methods play an important role in the development of safety-critical systems. Their well-defined semantics can be employed for automatic formal system verification. Modelchecking, a well-established formal verification technique, is however often restricted to an abstract level due to complexity reasons. For example, checking temporal system behaviour with respect to hardware architectures and operating systems is often not possible. Real-time scheduling theory on the other hand provides efficient techniques for temporal analysis of real-world systems at architecture level. However, models used in real-time scheduling theory usually lack a semantics that is compatible to those used by formal specifications. This prevents to verify temporal system behaviour at the architecture level with the same formal methods. We present an approach that combines a timed automata representation of task networks and efficient scheduling analysis techniques. Based on existing task network formalisms we define a consistent timed automaton model, and a mapping between both formalisms. We prove that the mapping induces behavioural equivalence of the models. We show an application of the approach by verifying task networks against Live Sequence Charts (LSC).
Verification Time Reduction of Properties of Networks of Timed Automata
2014
Quasi-equal clock reduction for networks of timed automata replaces equivalence classes of clocks which are equal except for unstable phases, i.e., points in time where these clocks differ on their valuation, by a single representative clock. An existing approach yields significant reductions of the overall verification time but is limited to so-called wellformed networks and local queries, i.e., queries which refer to a single timed automaton only. In this work we present two new transformations. The first, for networks of timed automata, summarises unstable phases without losing information under weaker well-formedness assumptions than needed by the existing approach. The second, for queries, now supports the full query language of Uppaal. We demonstrate that the cost of verifying non-local properties is much lower in transformed networks than in their original counterparts with quasi-equal clocks.
On the Complexity of Verification of Time-Sensitive Distributed Systems
Lecture Notes in Computer Science, 2021
This paper develops a Multiset Rewriting language with explicit time for the specification and analysis of Time-Sensitive Distributed Systems (TSDS). Goals are often specified using explicit time constraints. A good trace is an infinite trace in which the goals are satisfied perpetually despite possible interference from the environment. In our previous work [16], we discussed two desirable properties of TSDSes, realizability (there exists a good trace) and survivability (where, in addition, all admissible traces are good). Here we consider two additional properties, recoverability (all compliant traces do not reach points-of-no-return) and reliability (the system can always continue functioning using a good trace). Following [16], we focus on a class of systems called Progressing Timed Systems (PTS), where intuitively only a finite number of actions can be carried out in a bounded time period. We prove that for this class of systems the properties of recoverability and reliability coincide and are PSPACE-complete. Moreover, if we impose a bound on time (as in bounded model-checking), we show that for PTS the reliability property is in the Π p 2 class of the polynomial hierarchy, a subclass of PSPACE. We also show that the bounded survivability is both NP-hard and coNP-hard.
Proving properties of real-time systems through logical specifications and Petri net models
IEEE Transactions on Software Engineering, 1994
The problem of formally analyzing properties of real-time systems is addressed. A method is proposed that allows specifying system properties in the TRIO language (an extension of temporal logic suitable to deal explicitly with the "time" variable and to measure it) and modeling the system as a timed Petri net. It is argued that such an approach is more general than analyzing program properties. The proof method is based on an axiomatization of timed Petri nets in terms of TRIO so that their properties can be derived as suitable theorems in much the same spirit as classical Hoare's method allows proving properties of programs coded in a Pascal-like language. The method is then exemplified through two classical "benchmarks" of the literature on concurrent and real-time systems, namely an elevator system and the dining philosophers problem. A thorough review of the related literature and a comparison thereof with the new method is also provided. Possible alternative methods, theoretical extensions, and practical applications are briefly discussed.
A process algebraic framework for specification and validation of real-time systems
Formal Aspects of Computing, 2009
Following the trend to combine techniques to cover several facets of the development of modern systems, an integration of Z and CSP, called Circus , has been proposed as a refinement language; its relational model, based on the unifying theories of programming (UTP), justifies refinement in the context of both Z and CSP. In this paper, we introduce Circus Time , a timed extension of Circus , and present a new UTP time theory, which we use to give semantics to Circus Time and to validate some of its laws. In addition, we provide a framework for validation of timed programs based on FDR, the CSP model-checker. In this technique, a syntactic transformation strategy is used to split a timed program into two parallel components: an untimed program that uses timer events, and a collection of timers. We show that, with the timer events, it is possible to reason about time properties in the untimed language, and so, using FDR. Soundness is established using a Galois connection between the u...
A time abstraction method for efficient verification of communicating systems
Proceedings of the 31st annual conference on Design automation conference - DAC '94, 1994
An important practical approach to automatic verification of finite state concurrent systems is temporal logic model checking. However, a major barrier towards wider application of such methods is the state explosion problem that often occurs during the composition of complex communicating systems. In addition to being large, many systems have very deep state spaces as well.
Predicate Diagrams for the Verification of Real-Time Systems
Electronic Notes in Theoretical Computer Science, 2006
We propose a format of predicate diagrams for the verification of real-time systems. We consider systems that are defined as extended timed graphs, a format that combines timed automata and constructs for modeling data, possibly over infinite domains. Predicate diagrams are succinct and intuitive representations of Boolean abstractions. They also represent an interface between deductive tools used to establish the correctness of an abstraction, and model checking tools that can verify behavioral properties of finite-state models. The contribution of this paper is to extend the format of predicate diagrams to timed systems. We also establish a set of verification conditions that are sufficient to prove that a given predicate diagram is a correct abstraction of an extended timed graph. The formalism is supported by a toolkit, and we demonstrate its use at the hand of Fischer's real-time mutualexclusion protocol.
Verification of Temporal Properties of Concurrent Systems
DAIMI Report Series, 1993
This thesis is concerned with the verification of concurrent systems modelled by process algebras. It provides methods and techniques for reasoning about temporal properties as described by assertions from an expressive modal logic -- the modal µ-calculus. It describes a compositional approach to model checking, efficient local and global algorithms for model checking finite-state systems, a general local fixed-point finding algorithm, a proof system for model checking infinite-state systems, a categorical completeness result for an intuitionistic version of the modal µ-calculus, and finally it shows some novel applications of the logic for expressing behavioural relations.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.