Howard Bowman
Abstract
Abstract
Zeno-timelocks constitute a challenge for the formal verification of timed automata: they are difficult to detect, and the verification of most properties (e.g., safety) is only correct for timelock-free models. Some time ago, Tripakis proposed a syntactic check on the structure of timed automata: if a certain condition (called strong non-zenoness’ SNZ) is met by all the loops in a given automaton, then zeno-timelocks are guaranteed not to occur. Checking for SNZ is efficient, and compositional (if all components in a network of automata are strongly non-zeno, then the network is free from zeno-timelocks). Strong non-zenoness, however, is sufficient-only: There exist non-zeno specifications which are not strongly non-zeno. A TCTL formula is known that represents a sufficient-and-necessary condition for non-zenoness; unfortunately, this formula requires a demanding model-checking algorithm, and not all model-checkers are able to express it. In addition, this algorithm provides only limited diagnostic information. Here we propose a number of alternative solutions. First, we show that the compositional application of SNZ can be weakened: some networks can be guaranteed to be free from Zeno-timelocks, even if not every component is strongly non-zeno. Secondly, we present new syntactic, sufficient-only conditions that complement SNZ. Finally, we describe a sufficient-and-necessary condition that only requires a simple form of reachability analysis. Furthermore, our conditions identify the cause of zeno-timelocks directly on the model, in the form of unsafe loops. We also comment on a tool that we have developed, which implements the syntactic checks on Uppaal models. The tool is also able to derive, from those unsafe loops in a given automaton (in general, an Uppaal model representing a product automaton of a given network), the reachability formulas that characterise the occurrence of zeno-timelocks. A modified version of the carrier sense multiple access with collision detection protocol is used as a case-study.
- ABBL03. The power of reachability testing for timed automataTheor Comput Sci20031-3(3004114751023.6806010.1016/S0304-3975(02)00334-1Google Scholar
Digital Library
- ACD93. Model-checking in dense real-timeInform Comput199310412340783.68076122137010.1006/inco.1993.1024Google ScholarDigital Library
- AD94. A theory of timed automataTheor Comput Sci19941261832350803.68071127158010.1016/0304-3975(94)90010-8Google ScholarDigital Library
- AM04. Alur R, Madhusudan P (2004) Decision problems for timed automata: a survey. In: Bernardo M, Corradini F (eds) Formal methods for the design of real-time systems. International School on Formal Methods for the design of Computer, Communication and Software Systems, SFM-RT 2004. Revised Lectures Bertinoro, Italy, 2004, number 3185 in LNCS, pp 200–236, Springer, Berlin Heidelberg New YorkGoogle Scholar
- BDL04. Berhmann G, David A, Larsen K (2004) A tutorial on uppaal. In: Bernardo M, Corradini F (eds) Formal Methods for the design of real-time systems. International School on Formal Methods for the design of Computer, Communication and Software Systems, SFM-RT 2004. Revised Lectures, LNCS 3185, Springer, Berlin Heidelberg New York, pp 200–236Google Scholar
- BFK98. Automatic verification of a lip synchronisation algorithm using UPPAALFormal Aspects Comput1998105–65505750951.6853310.1007/s001650050032Google ScholarDigital Library
- BG06. Concurrency theory, calculi and automata for modelling untimed and timed concurrent systems2006Berlin Heidelberg New YorkSpringerGoogle Scholar
- BGK02. Automated analysis of an audio control protocol using uppaalJ Logic Algebraic Programm200252-531631811008.68009194350710.1016/S1567-8326(02)00036-XGoogle Scholar
- BGS05. Bowman H, Gomez R, Su L (2005) A tool for the syntactic detection of zeno-timelocks in timed automata. In: ENTCS, 139(1):25– 47, November 2005. Proceedings of the 6th AMAST Workshop on Real-time Systems (ARTS 2004)Google Scholar
- BHV01. Berhmann G, Hune T, Vaandrager F (2001) Distributed timed model checking—how the search order matters. In: Proceedings of CAV 2000, number 1855 in LNCS, Springer, Berlin Heidelberg New York, pp 216–231Google Scholar
- BLT94. Converging towards a timed LOTOS standardComput Standards Interfaces1994168711810.1016/0920-5489(94)90002-7Google ScholarDigital Library
- Bow99. Bowman H (1999) Modelling timeouts without timelocks. In: ARTS’99, Formal Methods for Real-Time and Probabilistic Systems, 5th International AMAST Workshop, LNCS 1601, Springer, Berlin Heidelberg New York, pp 335–353Google Scholar
- Bow01. Bowman H (2001) Time and action lock freedom properties for timed automata. In: Kim M, Chin B, Kang S, Lee D (eds), FORTE 2001, Formal Techniques for Networked and Distributed Systems, Cheju Island, Korea, 2001. Kluwer Dordrecht, pp 119–134Google Scholar
- BS98. Bornot S, Sifakis J (1998) On the composition of hybrid systems. In: Hybrid systems: computation and control, LNCS, vol 1386, Springer, Berlin Heidelberg New York, pp 49–63Google Scholar
- BST98. Bornot S, Sifakis J, Tripakis S (1998) Modeling urgency in timed systems. In: Compositionality: the significant difference, international symposium, COMPOS’97, Bad Malente, Germany, September 8–12, 1997. Revised Lectures, LNCS, vol 1536, Springer, Berlin Heidelberg New York, pp 103–129Google Scholar
- BY04. Bengtsson J, Yi W (2004) Timed automata: semantics, algorithms and tools. In: Reisig W, Rozenberg G (eds) Lecture notes on concurrency and Petri Nets, LNCS, vol 3098. Springer, Berlin Heidelberg New YorkGoogle Scholar
- DKRT97. D’Argenio PR, Katoen J-P, Ruys TC, Tretmans J (1997) The bounded retransmission protocol must be on time! In: Brinksma E (ed) Proceedings of the 3 workshop on tools and algorithms for the construction and analysis of systems, Enschede, The Netherlands, vol 1217 of LNCS, Springer, Berlin Heidelberg New York pp 416–431Google Scholar
- DOTY96. Daws C, Olivero A, Tripakis S, Yovine S (1996) The tool KRONOS. In: Hybrid systems III, Verification and Control, LNCS 1066. Springer, Berlin Heidelberg New YorkGoogle Scholar
- GVZ06. Gebremichael B, Vaandrager F, Zhang M (2006) Analysis of a protocol for dynamic configuration of IPv4 link local addresses using uppaal. Technical Report ICIS-R06XX, Radboud University, Nijmegen, The NetherlandsGoogle Scholar
- HBL04. Hendriks M, Behrmann G, Larsen K, Niebert P, Vaandrager F (2004) Adding symmetry reduction to uppaal. In: Larsen K, Niebert P (eds) Proceedings of FORMATS 2003, LNCS 2791, Springer, Berlin Heidelberg New York, pp 46–59Google Scholar
- HH95. Henzinger T, Ho P-H (1995) HyTech: The Cornell HYbrid TECHnology tool. In: Proceedings of TACAS, workshop on tools and algorithms for the construction and analysis of systemsGoogle Scholar
- HLP01. Guided synthesis of control programs using uppaalNordic J Comput20018143640978.68021Google ScholarDigital Library
- HNSY94. Symbolic model checking for real-time systemsInform Comput199411121932440806.68080127674910.1006/inco.1994.1045Google ScholarDigital Library
- IKL00. Iversen T, Kristoffersen K, Larsen K, Laursen M, Madsen R, Mortensen S, Pettersson P, Thomasen C (2000) Model-checking real-time control programs -Verifying LEGO mindstorms systems using uppaal. In: Proceedings of the 12th Euromicro conference on real-time systems, pp 147–155Google Scholar
- LBB01. Larsen K, Berhmann G, Brinksma E, Fehnker A, Hune T, Pettersson P, Romijn J (2001) As cheap as possible: Efficient cost-optimal reachability for priced timed automata. In Proceedings of CAV 2001, number 2102 in LNCS, Springer, Berlin Heidelberg New York pp 493–505Google Scholar
- Mil89. Communication and concurrency1989Englewood CliffsPrentice-Hall0683.68008Google ScholarDigital Library
- Reg93. Regan T (1993) Multimedia in temporal LOTOS: A lip synchronisation algorithm. In: PSTV XIII, 13th protocol spec., testing and verification. North-Holland AmsterdamGoogle Scholar
- Sta00. Data and computer communications20006Englewood CliffsPrentice Hall0860.68005Google Scholar
- Tri98. Tripakis S (1998) The analysis of timed systems in practice. PhD thesis, Universite Joseph Fourier, Grenoble, France, December 1998Google Scholar
- Tri99. Tripakis S (1999) Verifying progress in timed systems. In: ARTS’99, formal methods for real-time and probabilistic systems, 5th international AMAST workshop, LNCS, vol 1601. Springer, Berlin Heidelberg New YorkGoogle Scholar
- Yov97. KRONOS: A verification tool for real-time systemsSpringer Int J Softw Tools Technol Transfer199711–21231331060.6860610.1007/s100090050009Google ScholarDigital Library
Index Terms
- How to stop time stopping
Recommendations
A Tool for the Syntactic Detection of Zeno-timelocks in Timed Automata
Timed automata are a very successful notation for specifying and verifying real-time systems, but timelocks can freely arise. These are counter-intuitive situations in which a specifier's description of a component automaton can inadvertently prevent ...
Interrupt Timed Automata: verification and expressiveness
We introduce the class of Interrupt Timed Automata (ITA), a subclass of hybrid automata well suited to the description of timed multi-task systems with interruptions in a single processor environment.
While the reachability problem is undecidable for ...
Translation of Timed Promela to Timed Automata with Discrete Data
Concurrency Specification and Programming (CS&P)The aim of the work is twofold. In order to face the problem of modeling time constraints in Promela, a timed extension of the language is presented. Next, timed Promela is translated to timed automata with discrete data, that is timed automata extended ...
Comments