Ting Wang,Jun Sun,Xinyu Wang,Yang Liu,Yuanjie Si,Jin Song Dong,Xiaohu Yang,Xiaohong Li

DOI: https://doi.org/10.1109/tse.2014.2359893

IF: 7.4

2014-01-01

IEEE Transactions on Software Engineering

Abstract:Zeno runs, where infinitely many actions occur within finite time, may arise in Timed Automata models. Zeno runs are not feasible in reality and must be pruned during system verification. Thus it is necessary to check whether a run is Zeno or not so as to avoid presenting Zeno runs as counterexamples during model checking. Existing approaches on non-Zenoness checking include either introducing an additional clock in the Timed Automata models or additional accepting states in the zone graphs. In addition, there are approaches proposed for alternative timed modeling languages, which could be generalized to Timed Automata. In this work, we investigate the problem of non-Zenoness checking in the context of model checking LTL properties, not only evaluating and comparing existing approaches but also proposing a new method. To have a systematic evaluation, we develop a software toolkit to support multiple non-Zenoness checking algorithms. The experimental results show the effectiveness of our newly proposed algorithm, and demonstrate the strengths and weaknesses of different approaches.

Luca Aceto,Patricia Bouyer,Augusto Burgueño,Kim G. Larsen

DOI: https://doi.org/10.1016/s0304-3975(02)00334-1

1998-01-01

BRICS Report Series

Abstract:In this paper we provide a complete characterization of the class of properties of (networks of) timed automata for which model checking can be reduced to reachability checking in the context of testing automata.

François Laroussinie,Kim G. Larsen,Carsten Weise

DOI: https://doi.org/10.1007/3-540-60246-1_158

1995-01-01

BRICS Report Series

Abstract:One of the most successful techniques for automatic verification is thatof model checking. For finite automata there exist since long extremelyefficient model-checking algorithms, and in the last few years these algorithms have been made applicable to the verification of real-time automata using the region-techniques of Alur and Dill.In this paper, we continue this transfer of existing techniques from thesetting of finite (untimed) automata to that of timed automata. In particular, a timed logic L is put forward, which is sufficiently expressive that we for any timed automaton may construct a single characteristic L formula uniquely characterizing the automaton up to timed bisimilarity. Also, we prove decidability of the satisfiability problem for L with respect to given bounds on the number of clocks and constants of the timed automata to be constructed. None of these results have as yet been succesfully accounted for in the presence of time.

Lehmann, Sascha,Schupp, Sibylle

DOI: https://doi.org/10.1007/s10270-024-01205-w

2024-09-20

Software & Systems Modeling

Abstract:Verifying safety requirements by model checking becomes increasingly important for safety-critical applications. For the validity of such proof in practice, the model needs to capture the actual behavior of the real system, which could be tested by containment checks of real observation traces. Basic equivalence checks, however, are not applicable if the system is only partially or imprecisely observable, if the model abstracts from explicit states with symbolic semantics, or if the checks are not expressible in the logics supported by a model checker. In this article, we solve the problem of observation containment checking in timed automata via reachability checking on tester systems. We introduce the logic SRL (sequence reachability logic) to express observations as sequences of delayed reachability properties. Through SBLL (introduced by Aceto et al.) as intermediate logic, we synthesize a set of matcher model templates for partial and imprecise observations and further extend these templates for the case of limited state accessibility in a model. For the obtained matching traces, we define the back-transformation into the original model domain and formally prove the correctness of the transformation. We implemented the observation matching approach, and apply it to a set of 7 demo and 3 case study models with different levels of observability. The results show that all positive and negative observations are correctly classified, and that the most advanced matcher model instance still offers average run times between 0.1 and 1 s in all but 3 scenarios.

computer science, software engineering

S. Akshay,Paul Gastin,R. Govind,B. Srivathsan

2024-07-11

Abstract:The translation of Metric Interval Temporal Logic (MITL) to timed automata is a topic that has been extensively studied. A key challenge here is the conversion of future modalities into equivalent automata. Typical conversions equip the automata with a guess-and-check mechanism to ascertain the truth of future modalities. Guess-and-check can be naturally implemented via alternation. However, since timed automata tools do not handle alternation, existing methods perform an additional step of converting the alternating timed automata into timed automata. This de-alternation step proceeds by an intricate finite abstraction of the space of configurations of the alternating automaton. Recently, a model of generalized timed automata (GTA) has been proposed. The model comes with several powerful additional features, and yet, the best known zone-based reachability algorithms for timed automata have been extended to the GTA model, with the same complexity for all the zone operations. We provide a new concise translation from MITL to GTA. In particular, for the timed until modality, our translation offers an exponential improvement w.r.t. the state-of-the-art. Thanks to this conversion, MITL model checking reduces to checking liveness for GTAs. However, no liveness algorithm is known for GTAs. Due to the presence of future clocks, there is no finite time-abstract bisimulation (region equivalence) for GTAs, whereas liveness algorithms for timed automata crucially rely on the presence of the finite region equivalence. As our second contribution, we provide a new zone-based algorithm for checking Buchi non-emptiness in GTAs, which circumvents this fundamental challenge.

Formal Languages and Automata Theory

Andreas E. Dalsgaard,Alfons Laarman,Kim G. Larsen,Mads Chr. Olesen,Jaco van de Pol

DOI: https://doi.org/10.1007/978-3-642-33365-1_8

2012-01-01

Abstract:Model checking of timed automata is a widely used technique. But in order to take advantage of modern hardware, the algorithms need to be parallelized. We present a multi-core reachability algorithm for the more general class of well-structured transition systems, and an implementation for timed automata. Our implementation extends the opaal tool to generate a timed automaton successor generator in c++, that is efficient enough to compete with the uppaal model checker, and can be used by the discrete model checker LTSmin, whose parallel reachability algorithms are now extended to handle subsumption of semi-symbolic states. The reuse of efficient lockless data structures guarantees high scalability and efficient memory use. With experiments we show that opaal+LTSmin can outperform the current state-of-the-art, uppaal. The added parallelism is shown to reduce verification times from minutes to mere seconds with speedups of up to 40 on a 48-core machine. Finally, strict BFS and (surprisingly) parallel DFS search order are shown to reduce the state count, and improve speedups.

Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.1007/978-3-642-04761-9_10

2009-01-01

Abstract:We investigate the problem of verifying linear-time properties against inhomogeneous continuous-time Markov chains (ICTMCs). A fundamental question we address is how to compute reachability probabilities. We consider two variants: time-bounded and unbounded reachability. It turns out that both can be characterized as the least solution of a system of integral equations. We show that for the time-bounded case, the obtained integral equations can be transformed into a system of ordinary differential equations; for the time-unbounded case, we identify two sufficient conditions, namely the eventually periodic assumption and the eventually uniform assumption , under which the problem can be reduced to solving a time-bounded reachability problem for the ICTMCs and a reachability problem for a DTMC. These results provide the basis for a model checking algorithm for LTL. Under the eventually stable assumption , we show how to compute the probability of a set of ICTMC paths which satisfy a given LTL formula. By an automata-based approach, we reduce this problem to the previous established results for reachability problems.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.1007/11562436_20

2005-01-01

Abstract: Timed Statecharts, which can efficiently specify explicit dense time, is an extension to the visual specification language Statecharts with real-time constructs. We give a definition of timed Statecharts that specifies explicit temporal behavior as timed automata does. It is very difficult to verify directly whether timed Statecharts satisfies the required properties. However, by compiling it into timed automata, timed Statecharts may be checked using Uppaal tool. In the paper, the state of timed Statecharts is represented by inductive term, and a step semantics of timed Statecharts is briefly described. The translation rules are shown by a compositional approach for formalizing the timed Statecharts semantics directly on sequences of micro steps. Timed automata corresponding to timed Statecharts was also discussed.

Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.2168/lmcs-7(1:12)2011

2011-01-01

Logical Methods in Computer Science

Abstract:We study the verification of a finite continuous-time Markov chain (CTMC) C against a linear real-time specification given as a deterministic timed automaton (DTA) A with finite or Muller acceptance conditions. The central question that we address is: what is the probability of the set of paths of C that are accepted by A, i.e., the likelihood that C satisfies A? It is shown that under finite acceptance criteria this equals the reachability probability in a finite piecewise deterministic Markov process (PDP), whereas for Muller acceptance criteria it coincides with the reachability probability of terminal strongly connected components in such a PDP. Qualitative verification is shown to amount to a graph analysis of the PDP. Reachability probabilities in our PDPs are then characterized as the least solution of a system of Volterra integral equations of the second type and are shown to be approximated by the solution of a system of partial differential equations. For single-clock DTA, this integral equation system can be transformed into a system of linear equations where the coefficients are solutions of ordinary differential equations. As the coefficients are in fact transient probabilities in CTMCs, this result implies that standard algorithms for CTMC analysis suffice to verify single-clock DTA specifications.

Niklas Kochdumper,Stanley Bak

2024-04-08

Abstract:While reachability analysis is one of the most promising approaches for formal verification of dynamic systems, a major disadvantage preventing a more widespread application is the requirement to manually tune algorithm parameters such as the time step size. Manual tuning is especially problematic if one aims to verify that the system satisfies complicated specifications described by signal temporal logic formulas since the effect the tightness of the reachable set has on the satisfaction of the specification is often non-trivial to see for humans. We address this problem with a fully-automated verifier for linear systems, which automatically refines all parameters for reachability analysis until it can either prove or disprove that the system satisfies a signal temporal logic formula for all initial states and all uncertain inputs. Our verifier combines reachset temporal logic with dependency preservation to obtain a model checking approach whose over-approximation error converges to zero for adequately tuned parameters. While we in this work focus on linear systems for simplicity, the general concept we present can equivalently be applied for nonlinear and hybrid systems.

Logic in Computer Science,Systems and Control,Dynamical Systems

Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.1109/cdc.2011.6160992

2011-01-01

Abstract:We propose a novel stochastic extension of timed automata, i.e. Markovian Timed Automata. We study the problem of optimizing time-bounded reachability probabilities in this model, i.e., the maximum likelihood to hit a set of goal locations within a given deadline. We propose Bellman equations to characterize the probability, and provide two approaches to solve the Bellman equations, namely, a discretization and a reduction to Hamilton-Jacobi-Bellman equations.

Daniela Lepri,Peter Csaba Ölveczky,Erika Ábrahám

DOI: https://doi.org/10.4204/EPTCS.36.7

2010-09-22

Abstract:This paper presents a transformational approach for model checking two important classes of metric temporal logic (MTL) properties, namely, bounded response and minimum separation, for nonhierarchical object-oriented Real-Time Maude specifications. We prove the correctness of our model checking algorithms, which terminate under reasonable non-Zeno-ness assumptions when the reachable state space is finite. These new model checking features have been integrated into Real-Time Maude, and are used to analyze a network of medical devices and a 4-way traffic intersection system.

Logic in Computer Science

Jianhua Zhao,Bin Lei,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1109/ISoLA.2006.28

2006-01-01

Abstract:In this paper, we present a timed automaton reachability analysis algorithm which can use some other properties to improve the model checking efficiency. If the model checker aborts because of memory or CPU time limitation when checking a property P, the users can still use a set of auxiliary properties P_1, P_2, \dots, P_n about the system to reduce the space and time requirement. People can verify these auxiliary properties by either model checking or other methods like theorem proving. This algorithm gives the users a way to reduce the space and time requirement of model checking using their knowledge about the system under check.

Zhan-you MA,Yong-ming LI

2014-01-01

Abstract:A generalized possibilistic Kripke structure over the generalized possibility measure is proposed to describe the quantitative behaviors of systems.The syntax and semantics of linear temporal logic are redefined in the context of the generalized possibilistic Kripke structure.We then analyzed some properties of the linear time.i.e.the eventual reachability,the constraint reachability and the repeated reachability,since they are common problems in model checking.The results obtained in this paper expand the scope of the application of model checking based on possibility measures.

Yongming Li,Lijun Li

DOI: https://doi.org/10.1109/tfuzz.2012.2232298

IF: 12.253

2013-01-01

IEEE Transactions on Fuzzy Systems

Abstract:Using possibility measure, we study model checking of linear-time properties in possibilistic Kripke structures. First, the notion of possibilistic Kripke structures and the related possibility measure are introduced, and then, model checking of reachability and repeated reachability linear-time properties in finite possibilistic Kripke structures are studied. Standard safety properties and omega-regular properties in possibilistic Kripke structures are introduced; the verification of regular safety properties and omega-regular properties using finite automata are thoroughly studied. It has been shown that the verification of regular safety properties and omega-regular properties in a finite possibilistic Kripke structure can be transformed into the verification of reachability properties and repeated reachability properties in the product possibilistic Kripke structure that is introduced in this paper. Several examples are given to illustrate the methods that are presented in this paper.

Victor Roussanaly,Ocan Sankur,Nicolas Markey

DOI: https://doi.org/10.48550/arXiv.1905.07365

2019-05-17

Formal Languages and Automata Theory

Abstract:We present abstraction-refinement algorithms for model checking safety properties of timed automata. The abstraction domain we consider abstracts away zones by restricting the set of clock constraints that can be used to define them, while the refinement procedure computes the set of constraints that must be taken into consideration in the abstraction so as to exclude a given spurious counterexample. We implement this idea in two ways: an enumerative algorithm where a lazy abstraction approach is adopted, meaning that possibly different abstract domains are assigned to each exploration node; and a symbolic algorithm where the abstract transition system is encoded with Boolean formulas.

Frédéric Herbreteau,B. Srivathsan,Igor Walukiewicz

DOI: https://doi.org/10.1016/j.ic.2016.07.004

2016-07-29

Abstract:We consider the reachability problem for timed automata. A standard solution to this problem involves computing a search tree whose nodes are abstractions of zones. These abstractions preserve underlying simulation relations on the state space of the automaton. For both effectiveness and efficiency reasons, they are parametrized by the maximal lower and upper bounds (LU-bounds) occurring in the guards of the automaton. We consider the aLU abstraction defined by Behrmann et al. Since this abstraction can potentially yield non-convex sets, it has not been used in implementations. We prove that aLU abstraction is the biggest abstraction with respect to LU-bounds that is sound and complete for reachability. We also provide an efficient technique to use the aLU abstraction to solve the reachability problem.

Logic in Computer Science,Formal Languages and Automata Theory

Zhao Jianhua,Dang Van Hung

DOI: https://doi.org/10.1007/bf02950405

1998-01-01

Abstract:The major problem of checking a parallel composition of real-time systems for a real-time property is the explosion of untimed states and time regions. To attack this problem, one can use bisimulation equivalence w.r.t. the property to be checked to minimise the system state space. In this paper, we define such equivalence for the integrated linear duration properties of real-time automaton networks with shared variables. To avoid exhaustive state space exploration, we define a compatibility relation, which is a one-direction simulation relation between configurations. Based on this technique, we develop an algorithm for checking a real-time automaton network with shared variables w.r.t. a linear duration property. Our algorithm can avoid exhaustive state space exploration significantly when applied to Fischer’s mutual exclusion protocol.

Yu Zhang,Yunwei Dong,Fei Xie

DOI: https://doi.org/10.1109/QSIC.2014.36

2014-01-01

Abstract:Model checking has been successfully used for checking model design where the specification is given by a temporal logic formula. In this paper, we develop an approach to bounded model checking Linear Temporal Logic (LTL) properties of Hybrid Automata Pushdown System (HAPS) over finite traces. Such HAPS models are suitable formal representations for Cyber/Physical co-verification, verifying software controller with controlled plant together. We convert the LTL formula into a C program, which is interleaved with the execution of the HAPS under analysis. Our approach checks both safety and livens uniformly within the framework of bounded model checking through symbolic execution. We have realized this approach and applied it to real-world control systems. The evaluation has shown that our approach has major potential in verifying system-level LTL properties of cyber-physical systems.

Jian-Hua Zhao,Xuan-Dong Li,Tao Zheng,Guo-Liang Zheng

DOI: https://doi.org/10.1007/s11390-006-0041-9

IF: 1.871

2006-01-01

Journal of Computer Science and Technology

Abstract:Most of the timed automata reachability analysis algorithms in the literature explore the state spaces by enumeration of symbolic states, which use time constraints to represent a set of concrete states. A time constraint is a conjunction of atomic formulas which bound the differences of clock values. In this paper, it is shown that some atomic formulas of symbolic states generated by the algorithms can be removed to improve the model checking time- and space-efficiency. Such atomic formulas are called as irrelevant atomic formulas. A method is also presented to detect irrelevant formulas based on the test-reset information about clock variables. An optimized model-checking algorithm is designed based on these techniques. The case studies show that the techniques presented in this paper significantly improve the space- and time-efficiency of reachability analysis.