Model Checking Duration Calculus - UNU-IIST

More documents

Recommendations

Info

length. To give IA semantics to negated formulae, the authors of [BLR95] showthat the negation of a strongly overlap free DIL + formula has a congruent DIL +formula. To translate a negated trace, our construction does not require thetrace to be overlap free. Therefore, our automata semantics covers a strictlylarger class of negated formulae.We conjecture that the classes of constraint diagrams used for model checkingtimed automata in [DL02] form proper subsets of Testform. The argument isthat test formulae can be used to characterise the accepting paths in the testautomata of [DL02]. We have not yet compared the expressiveness of our classwith the results in [ABBL03]. The differences in the semantics make the logicshard to compare.The idea of sync events is closely related to the theory of nominals. In aDC extended with nominals [Han06], intervals can be identified uniquely usingtheir names. Similarly, sync events identify chop points. The closer relationshipbetween both approaches remains future work.We currently work on model checking DC liveness properties with the automatatheoretic approach. For this reason, we need to check for termination inthe product of the system and the test automaton.In addition, enhancing our decomposition techniques is ongoing work. Theyallow for compositional verification of inherently parallel systems like the ETCS,where the models’ sizes often exceed the capabilities of state-of-the-art modelcheckers. It is not subject of this paper to compare the performance of ARMCand other underlying model checkers for reachability, e.g., Uppaal [UUP05],HyTech [HHWT97], or Kronos [DOTY02].Related work on ETCS case studies like [ZH05, HJU05] focuses on the stochasticexamination of the communication reliability and models components like thetrain and the RBC in an abstract way without considering data aspects.References[ABBL03][AD94][AEI06][BLR95][CGJ + 00][DL02]L. Aceto, P. Bouyer, A. Burgueño, and K. G. Larsen. The power ofreachability testing for timed automata. Theoretical Computer Science,300(1-3):411–475, 2003.R. Alur and D. L. Dill. A theory of timed automata. Theoretical ComputerScience, 126(2):183–235, 1994.AEIF. ERTMS Change Control Management.http://www.aeif.org/ccm/default.asp, March 2006.A. Bouajjani, Y. Lakhnech, and R. Robbana. From duration calculus tolinear hybrid automata. In CAV, volume 939 of LNCS, pages 196–210.Springer-Verlag, 1995.E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexampleguidedabstraction refinement. In CAV, volume 1855 of LNCS, pages154–169. Springer-Verlag, 2000.H. Dierks and M. Lettrari. Constructing test automata from graphicalreal-time requirements. In FTRTFT, volume 2469 of LNCS, pages 433–453. Springer-Verlag, 2002.14
[DOTY02] C. Daws, A. Olivero, S. Tripakis, and S. Yovine. Kronos home page. Verimag,France, http://www-verimag.imag.fr/TEMPORISE/kronos/, 2002.[ECS99] ECSAG. ERTMS/ETCS Functional requirements specification.http://www.aeif.org/ccm/default.asp, 1999. Version 4.29.[ERT02] ERTMS User Group, UNISIG. ERTMS/ETCS System requirements specification.http://www.aeif.org/ccm/default.asp, 2002. Version 2.2.2.[Frä04] M. Fränzle. Model-checking dense-time duration calculus. Formal Aspectsof Computing, 16(2):121–139, 2004.[GS97] S. Graf and H. Saidi. Construction of abstract state graphs with PVS. InCAV, volume 1254, pages 72–83. Springer-Verlag, 1997.[Han06] M. Hansen. DC with nominals. Personal communication, March 2006.[HHWT97] T. A. Henzinger, P-H. Ho, and H. Wong-Toi. HYTECH: A model checkerfor hybrid systems. In CAV, volume 1254, pages 460–463. Springer-Verlag,1997.[HJMM04] T. A. Henzinger, R. Jhala, R. Majumdar, and K. L. McMillan. Abstractionsfrom proofs. In POPL’2004: Principles of Programming Languages,pages 232–244. ACM Press, 2004.[HJU05] H. Hermanns, D. N. Jansen, and Y. S. Usenko. From StoCharts to MoDeST:a comparative reliability analysis of train radio communications. InWorkshop on Software and Performance, pages 13–23. ACM Press, 2005.[HM05] J. Hoenicke and P. Maier. Model-checking of specifications integratingprocesses, data and time. In FM 2005, volume 3582 of LNCS, pages465–480. Springer-Verlag, 2005.[HMF06] J. Hoenicke, R. Meyer, and J. Faber. PEA toolkit home page.http://csd.informatik.uni-oldenburg.de/projects/epea.html, 2006.[HO02] J. Hoenicke and E.-R. Olderog. CSP-OZ-DC: A combination of specificationtechniques for processes, data and time. NJC, 9, 2002.[Hoa85] C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1985.[Hoe06] J. Hoenicke. Combination of Processes, Data, and Time. PhD thesis,University of Oldenburg, Germany, 2006. To appear.[McM03] K. L. McMillan. Interpolation and SAT-based model checking. In CAV,volume 2725 of LNCS, pages 1–13. Springer-Verlag, 2003.[Mob06] Moby product home page. University of Oldenburg, Germany,http://csd.informatik.uni-oldenburg.de/ ∼ moby, 1998-2006.[Rav94] A. P. Ravn. Design of Embedded Real-Time Computing Systems. PhDthesis, Technical University of Denmark, 1994.[Ryb02] A. Rybalchenko. A model checker based on abstraction refinement. Master’sthesis, Universität des Saarlandes, Germany, 2002.[Ryb06] A. Rybalchenko. ARMC. http://www.mpi-inf.mpg.de/ ∼ rybal/armc,2006.[Smi00] G. Smith. The Object-Z Specification Language. Kluwer Academic Publishers,2000.[UUP05] Uppaal home page. University of Aalborg and University of Uppsala,http://www.uppaal.com, 1995-2005.[VW86] M. Y. Vardi and P. Wolper. An automata-theoretic approach to automaticprogram verification. In LICS, pages 332–344, 1986.[ZH04] C. Zhou and M. R. Hansen. Duration Calculus. Springer-Verlag, 2004.[ZH05] A. Zimmermann and G. Hommel. Towards modeling and evaluation ofETCS real-time communication and operation. The Journal of Systemsand Software, 77(1):47–54, 2005.15
Page 9 and 10: 4.2 A Test Automata Semantics for T
Page 11 and 12: Our case study incorporates five di
Page 13: Table 1. Experimental results (Athl

Model Checking Duration Calculus - UNU-IIST

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?