Specifying and proving properties of timed I/O automata using Tempo (original) (raw)
Related papers
TAME: A Specialized Specification and Verification System for Timed Automata
1996
Assuring the correctness of speci cations of realtime systems can involve signi cant human e ort. The use of a mechanical theorem prover to encode such speci cations and to verify their properties could signicantly reduce this e ort. A barrier to routinely encoding and mechanically verifying speci cations has been the need rst to master the speci cation language and logic of a general theorem proving system. Our approach to overcoming this barrier is to provide mechanical support for producing speci cations and verifying proofs, specialized for particular mathematical models and proof techniques. We are currently developing a mechanical veri cation system called T AME Timed Automata Modeling Environment that provides this specialized support using SRI's Prototype V eri cation System PVS. Our system is intended t o p ermit steps in reasoning similar to those in hand proofs that use model-speci c techniques. TAME has recently been used to detect errors in a realistic example.
Methodologies for Specification of Real-Time Systems Using Timed I/O Automata
Lecture Notes in Computer Science, 2010
We present a real-time specification framework based on Timed I/O Automata and a comprehensive tool support for it. The framework supports various design methodologies including: top-down refinement-for decomposition of abstract specifications towards increasingly detailed models; bottom-up abstraction-for synthesis of complex systems from more concrete models; and step-wise modularisation of requirements-to factor out behaviours given by existing available components from a complex global requirements specification to be implemented. These methodologies are realized by consecutive applications of operators from the following set: refinement, consistency checking, logical and structural composition and quotienting. Additionally, our tool allows combining the component-oriented design process with verification of temporal logic properties increasing the flexibility of the process.
Mechanical verification of timed automata: a case study
1996
The paper reports the results of a case study on the feasibility of developing and applying mechanical methods, based on the proof system PVS, to prove propositions about real time systems specified in the Lynch-Vaandrager timed automata model. In using automated provers to prove propositions about systems described by a specific mathematical model, both the proofs and the proof process can be simplified by exploiting the spectral properties of the mathematical model. The paper presents the PVS specification of three theories that underlie the timed automata model, a template for specifying timed automata models in PVS and an example of its instantiation, and both hand proofs and the corresponding PVS proofs of two propositions. It concludes with a discussion of our experience in applying PVS to specify and reason about real time systems modeled as timed automata
Simulation of timed input/output automata
2006
This Master of Engineering Thesis describes the design, implementation, and usage of the TIOA Simulator. The TIOA Simulator, along with the other components of the TIOA Toolset aims to provide a framework for developing dependable distributed systems. The project is based on the Timed Input/Output Automaton framework, and supports TIOA, a formal language for specifying timed I/O automata. Simulation of TIOA programs is useful in the process of testing the proposed system over a specific set of executions. During the execution the Simulator is able to test proposed invariants and validate a proposed simulation relation between the system's implementation and its specification. A step correspondence between the steps of the implementation and the specification drives the validation of the simulation relation. The identification and validation of the invariants and the simulation relation constitutes the first step towards a formal verification of the system's correctness. The proposed step correspondence can be used in a formal proof to show that the proposed relation is indeed a simulation relation.
Timed I/O automata: a mathematical framework for modeling and analyzing real-time systems
Proceedings. 2003 International Symposium on System-on-Chip (IEEE Cat. No.03EX748)
We describe the Timed Input/Output Automata (TIOA) framework, a general mathematical framework for modeling and analyzing real-time systems. It is based on timed I/O automata, which engage in both discrete transitions and continuous trajectories. The framework includes a notion of external behavior, and notions of composition and abstraction. We define safety and liveness properties for timed I/O automata, and a notion of receptiveness, and prove basic results about all of these notions. The TIOA framework is defined as a special case of the new Hybrid I/O Automata (HIOA) modeling framework for hybrid systems. Specifically, a TIOA is an HIOA with no external variables; thus, TIOAs communicate via shared discrete actions only, and do not interact continuously. This restriction is consistent with previous real-time system models, and gives rise to some simplifications in the theory (compared to HIOA). The resulting model is expressive enough to describe complex timing behavior, and to express the important ideas of previous timed automata frameworks.
Decomposing Verification of Timed I/O Automata
Lecture Notes in Computer Science, 2004
This paper presents assume-guarantee style substitutivity results for the recently published timed I/O automaton modeling framework. These results are useful for decomposing verification of systems where the implementation and the specification are represented as timed I/O automata. We first present a theorem that is applicable in verification tasks in which system specifications express safety properties. This theorem has an interesting corollary that involves the use of auxiliary automata in simplifying the proof obligations. We then derive a new result that shows how the same technique can be applied to the case where system specifications express liveness properties.
Simulation and verification II: from timed automata to DEVS models
2003
In this paper, we present the formal transformation of Timed Input/Output Automata into simulation models, expressed in the DEVS formalism. This transformation takes place in an approach of a validation of high-level specifications by simulation. The validation is based on the simulation of a coupled model built with the system to be controlled and the control specifications. An example of this approach is given in the paper.
Translating Timed I/O Automata Specifications for Theorem Proving in PVS
Lecture Notes in Computer Science, 2005
The timed input/output automaton modeling framework is a mathematical framework for specification and analysis of systems that involve discrete and continuous evolution. In order to employ an interactive theorem prover in deducing properties of a timed input/output automaton, its statetransition based description has to be translated to the language of the theorem prover. This thesis describes a tool for translating from TIOA, the formal language for describing timed input/output automata, to the language of the Prototype Verification System (PVS)-a specification system with an integrated interactive theorem prover. We describe the translation scheme, discuss the design decisions, and briefly present case studies to illustrate the application of the translator in the verification process.
VerICS: a tool for verifying timed automata and estelle specifications
Tools and Algorithms for the Construction and Analysis of Systems, 2003
The paper presents a new tool for automated verification of Timed Automata as well as protocols written in the specification language Estelle. The current version offers an automatic translation from Estelle specifications to timed automata, and two complementary methods of reachability analysis. The first one is based on Bounded Model Checking (BMC), while the second one is an on-the-fly verification on an abstract model of the system.
The Theory of Timed I/O Automata
Synthesis Lectures on Computer Science, 2006
This monograph presents the Timed Input/Output Automaton (TIOA) modeling framework, a basic mathematical framework to support description and analysis of timed systems. An important feature of this model is its support for decomposing timed system descriptions. In particular, the framework includes a notion of external behavior for a timed I/O automaton, which captures its discrete interactions with its environment. The framework also defines what it means for one TIOA to implement another, based on an inclusion relationship between their external behavior sets, and defines notions of simulations, which provide sufficient conditions for demonstrating implementation relationships. The framework includes a composition operation for TIOAs, which respects external behavior, and a notion of receptiveness, which implies that a TIOA does not block the passage of time.