ECDAR Composition of Real-Time Specifications — Revisited Kim Guldstrand Larsen Aalborg University, DENMARK.

Slides:



Advertisements
Similar presentations
Timed Automata Rajeev Alur University of Pennsylvania SFM-RT, Bertinoro, Sept 2004.
Advertisements

1 Logics & Preorders from logic to preorder – and back Kim Guldstrand Larsen Paul PetterssonMogens Nielsen
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Solving Timed Games with Variable Observations: Proof of Concept Peter Bulychev Franck Cassez Alexandre David Kim G. Larsen Jean-François Raskin Pierre-Alain.
UPPAAL Introduction Chien-Liang Chen.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Timed Automata.
Introduction to Uppaal ITV Multiprogramming & Real-Time Systems Anders P. Ravn Aalborg University May 2009.
UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.
Energy and Mean-Payoff Parity Markov Decision Processes Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria MFCS 2011.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Robustness and Implementability of Timed Automata Martin De Wulf Laurent Doyen Nicolas Markey Jean-François Raskin Centre Fédéré en Vérification FORMATS-FTRTFT.
Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.
Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.
Process Algebra (2IF45) Dr. Suzana Andova. 1 Process Algebra (2IF45) Practical issues Lecturer - Suzana Andova - Group: Software Engineering and Technology.
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
Possibilistic and probabilistic abstraction-based model checking Michael Huth Computing Imperial College London, United Kingdom.
Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Formal Software Testing and Model Checking Generating Test Cases For a Timed I/O Automaton Model Leonid Mokrushin.
Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.
Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.
Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.
Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Verification and Controller Synthesis for Timed Automata : the tool KRONOS Stavros Trypakis.
Scheduling Using Timed Automata Borzoo Bonakdarpour Wednesday, April 13, 2005 Selected Topics in Algorithms and Complexity (CSE960)
¹ -Calculus Based on: “Model Checking”, E. Clarke and O. Grumberg (ch. 6, 7) “Symbolic Model Checking: 10^20 States and Beyond”, Burch, Clark, et al “Introduction.
Chess Review November 18, 2004 Berkeley, CA Hybrid Systems Theory Edited and Presented by Thomas A. Henzinger, Co-PI UC Berkeley.
Controller Synthesis for Discrete and Timed Systems Stavros Trypakis (joint work with Karine Altisen)
Chess Review May 10, 2004 Berkeley, CA Rich Interface Theories for Component-based Design Arindam Chakrabarti Luca de Alfaro Thomas A. Henzinger Marcin.
Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu.
Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
UPPAAL Ghaith Haddad. Introduction UPPAAL is a tool for modeling, validation and verification of real-time systems. Appropriate for systems that can be.
A Decidable Recursive Logic for Weighted Transition Systems Bingtian Xue Aalborg University, DENMARK ICTAC, Sep 18, 2014 Joint work with Kim G. Larsen.
Energy Parity Games Laurent Doyen LSV, ENS Cachan & CNRS Krishnendu Chatterjee IST Austria.
Kim G. Larsen Peter Bulychev, Alexandre David, Dehui Du, Axel Legay, Guangyuan Li, Marius Mikucionis, Danny B. Poulsen, Amalie Stainer, Zheng Wang TexPoint.
Advanced Topics in SE Spring Process Algebra Hossein Hojjat Formal Methods Lab University of Tehran.
Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University.
Model Based Testing Group 7  Nishanth Chandradas ( )  George Stavrinides ( )  Jeyhan Hizli ( )  Talvinder Judge ( )  Saajan.
Reactive systems – general
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
Lecture51 Timed Automata II CS 5270 Lecture 5.
Games with Secure Equilibria Krishnendu Chatterjee (Berkeley) Thomas A. Henzinger (EPFL) Marcin Jurdzinski (Warwick)
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
Inferring Synchronization under Limited Observability Martin Vechev, Eran Yahav, Greta Yorsh IBM T.J. Watson Research Center (work in progress)
Lecture 81 Regional Automaton CS 5270 Lecture 8. Lecture 82 What We Need to Do Problem: –We need to analyze the timed behavior of a TTS. –The timed behavior.
Lecture 81 Optimizing CTL Model checking + Model checking TCTL CS 5270 Lecture 9.
UPPAAL-based Software-Defined Network Verification Uliana Popesko Lomonosov Moscow State University 2014.
1 Parallel Model Checking Game for CTL Lecture 6 – Lecturer: Orna Grumberg.
Xiaosong Lu Togashi Laboratory Department of Computer Science Shizuoka University April 1999 Specification and Verification of Hierarchical Reactive Systems.
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5.
Compositional Formal Verification using MOCHA PI: Tom Henzinger Student 1: Freddy Mang (game-theoretic methods) Student 2: Ranjit Jhala (probabilistic.
ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.
Process Algebra (2IF45) Basic Process Algebra Dr. Suzana Andova.
Compositional Verification part II Dimitra Giannakopoulou and Corina Păsăreanu CMU / NASA Ames Research Center.
Knowledge Repn. & Reasoning Lecture #9: Propositional Logic UIUC CS 498: Section EA Professor: Eyal Amir Fall Semester 2005.
Computing & Information Sciences Kansas State University Wednesday, 04 Oct 2006CIS 490 / 730: Artificial Intelligence Lecture 17 of 42 Wednesday, 04 October.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
UPPAAL Real-Time Systems Lab. Seolyoung, Jeong.
CENG 424-Logic for CS Introduction Based on the Lecture Notes of Konstantin Korovin, Valentin Goranko, Russel and Norvig, and Michael Genesereth.
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1
Timed Automata II CS 5270 Lecture Lecture5.
Program Synthesis is a Game
Robustness and Implementability of Timed Automata
Presentation transcript:

ECDAR Composition of Real-Time Specifications — Revisited Kim Guldstrand Larsen Aalborg University, DENMARK

Observations Kim G Larsen 2 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan

Observational Equivalence – Revisited Kim G Larsen 3 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan CWB Temporal Logic of Actions TLC Calculus of Communicating Systems Need for sound compositional specification formalisms supporting step-wise development and design of concurrent real-time systems

Context Dependent Bisimulation Modal Transition Systems Probabilistic MTS Interval Markov Chains Timed MTS UPPAAL Parameterized MTS Weighted MTS Dual-Priced MTS Modal Contracts ECDAR 2011 Constraint Markov Chains 2010 APAC 2012 Bisimulation 4 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan CWBTAU

Context Dependent Bisimulation Modal Transition Systems Probabilistic MTS Interval Markov Chains Timed MTS UPPAAL Parameterized MTS Weighted MTS Dual-Priced MTS Modal Contracts ECDAR 2011 Constraint Markov Chains 2010 APAC 2012 Bisimulation 5 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan CWBTAU

Specification Theory Imp: set of implementations Labelled Transition Systems Spec: set of specifications

Operations on Specifications  Structural Composition:  Given S 1 and S 2 construct S 1 par S 2 such that | S 1 par S 2 | = |S 1 | par |S 2 |  · should be precongruence wrt par to allow for compositional analysis !  Logical Conjunction:  Given S 1 and S 2 construct S 1 Æ S 2 such that |S 1 Æ S 2 | = |S 1 | Å |S 2 |  Quotienting:  Given overall specification T and component specification S construct the quotient specification T\S such that S par X · T iff X · T\S 7 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan

Modal Transition Systems  MTS is an automata-based specification formalism  MTS allow to express that certain actions may or must happen in their implementation  MTS supports all the required operations on specifications (conjunction, parallel composition, quotienting).  Applications in component-based software development, interface theories, modal abstractions and program analysis. 8 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan [L. & Thomsen 88 Boudol & L. 90]

Example – Tea-Coffee Machines 9 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan cointeacoffeecointeacoffee cointeacoffee cointeacoin Specifications Refinement Implementations coin coffee tea

MTS Definition  An MTS is a triple (P,  ,  } ) where P is a set of states and   µ  } µ P £ Act £ P If    =  } then the MTS is an implementation.  R µ P £ P is a modal refinement iff whenever (S,T) 2 R then i) whenever S-a-> } S’ then T-a-> } T’ for some T’ with (S’,T’) 2 R ii) whenever T-a->  T’ then S-a->    S’ for some S’ with (S’,T’) 2 R We write S ≤ m T whenever (S,T) 2 R for some modal refinement R. 10 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan

Example – Tea-Coffee Machines 11 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan cointeacoffeecointeacoffee cointeacoffee cointea coin coffee tea coin Specifications Refinement Implementations ≤ ≤ ≤ ≤ tea

MTS Operators 12 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan s 1 || s 2 s 1 \ s 2 Synchronous Parallel Composition Quotienting Conjunction s 1 Æ s 2 Refinment & Consistency Checking are PTIME-complete

Context Dependent Bisimulation Modal Transition Systems Probabilistic MTS Interval Markov Chains Timed MTS UPPAAL Parameterized MTS Weighted MTS Dual-Priced MTS Modal Contracts ECDAR 2011 Constraint Markov Chains 2010 APAC 2012 Bisimulation 13 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan CWBTAU

Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan SEMANTICS: (A,x=0) – 3.14  (A,x=3.14) - a?  (B,x=3.14)  (A,x=0)  (A,x=5.23) - a?  (B,x=5.23)  (ERROR, x=5.23) Extended Kim G Larsen 14 Clocks Channels Networks Integer variables Structure variables, clocks, channels User defined types and functíons Timed Automata

Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan int UT (int X, int Y) { return (X+1)*Y; } const int N = 10; const int D = 30; const int d = 4; typedef int[0,N-1] id_t; broadcast chan rec[N]; broadcast chan w[N]; Extended Clocks Channels Networks Integer variables Structure variables, clocks, channels User defined types and functíons Kim G Larsen 15

S S Real-Time version of Milner’s Scheduler Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan N0N0 N0N0 N1N1 N1N1 N2N2 N2N2 NiNi NiNi N i+1 w0w0 w1w1 w2w2 wiwi w i+1 rec 1 rec 2 rec i rec i+1 rec 0 Kim G Larsen 16

Simulation & Verification Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan A[] not Env.ERROR A[] forall (i:id_t) forall (j:id_t) ( Node(i).Token and Node(j).Token imply i==j) Kim G Larsen 17

Compositional Verification Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan SubSpec 1 SubSpec 2 SubSpec 3 A[] not Env.ERROR A[] forall (i:id_t) forall (j:id_t) ( Node(i).Token and Node(j).Token imply i==j) Kim G Larsen 18

Context Dependent Bisimulation Modal Transition Systems Probabilistic MTS Interval Markov Chains Timed MTS UPPAAL Parameterized MTS Weighted MTS Dual-Priced MTS Modal Contracts ECDAR 2011 Constraint Markov Chains 2010 APAC 2012 Bisimulation 19 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan CWBTAU

Timed MTS, Refinements & Implementations 20 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan [CAV93] Karlis Cerans, Jens Chr. Godskesen, Kim Guldstrand Larsen: Timed Modal Specification - Theory and Tools. CAV 1993 [EMSOFT02] Luca de Alfaro, Thomas A. Henzinger, Mariëlle Stoelinga: Timed Interfaces. EMSOFT 2002 An Implementation Inconsistent

Timed Game Automata & Synthesis Problems to be considered: - Does there exist a winning strategy? - If yes, compute one (as simple as possible) controllable uncontrollable Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 21

Computing Winning States Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 22 Backwards Fixed-Point Computation

Reachability Games Backwards Fixed-Point Computation Theorem: The set of winning states is obtained as the least fixpoint of the function: X   (X) [ Goal cPred(X) = { q 2 Q | 9 q’ 2 X. q  c q’} uPred(X) = { q 2 Q | 9 q’ 2 X. q  u q’} Pred t (X,Y) = { q 2 Q | 9 t. q t 2 X and 8 s · t. q s 2 Y C }  (X) = Pred t [ X [ cPred(X), uPred(X C ) ] Definitions X Y Pred t (X,Y) Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 23

Decidability of Timed Games Theorem [AMPS98,HK999] Reachability and safety timed games are decidable and EXPTIME-complete. Futhermore memoryless and ”region-based” strategies are sufficient. Theorem [AM99,BHPR07,JT07] Optimal-time reachability timed games are decidable and EXPTIME-complete. Algorithm [CDFLL05,BCDFLL07] Efficient ”zone-based”, on-the-fly synthesis algorithm for (optimal-time) rechability and safety timed games. (UPPAAL Tiga) [AM99] Asarin, Maler: As soon as possible: time optimal control for timed automata. HSCC99. [BHPR07] Brihaye, Henziunger, Prabhu, Raskin: Minimum-time reachability in timed-games. ICALP07. [JT07] Jurdzinski, Trivedi: Rechability-time games on timed automata. ICALP07. [CDFLL05] Cassez, David, Fleury, Larsen, Lime: Efficient On-the-Fly Algorithms for the Analysis of Timed Games. CONCUR 2005 [BCDFLL07] Behrmann, Cougnard, David, Fleury, Larsen, Lime: UPPAAL-Tiga: Time for Playing Games! CAV 2007 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 24

Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Timed I/O Aut.: A Modern University coin pub tea cof MachineResearcher Administration grant patent UNIVERSITY Input: control. (required) Output: uncontrol. (allowed) Input: control. (required) Output: uncontrol. (allowed) Kim G Larsen 25

Overall Specification coinpub tea cof MachineResearcher Administration grant patent grantpatent ¸ ? Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 26

Timed I/O Transition Systems St touch? dim! 1.4 off! Implementations Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 27

Refinement = Timed Alternating Simulation Intuition: S leaves less choices than T for an implementation. Intuition: S leaves less choices than T for an implementation. Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 28

Refinement (example) T A (S) B (T) INC UNI Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 29

Timed Game Refinement as a Game A AiAi ClCl gigi hlhl a? o! … … B BjBj DmDm ujuj vmvm a? o! … … IAIA IBIB S T slsl riri tjtj pmpm not A · B iff AxB sat control: A<> Error not A · B iff AxB sat control: A<> Error Error I A : I B U U A,B ujuj a? tjtj hlhl o! slsl gigi a? riri vmvm o! pmpm : G : V A i,B j C l,D m … … … … FORMATS09 Optimized Refinement Algorithm Timed I/O Automata refuter verifier Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 30

Refinement in ECDAR Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 31

More Refinement.. In ECDAR coinpub tea cof MachineResearcher Administration grant patent grantpatent · ????? Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 32

Consistency S1S1 S3S3 S2S2 S4S4 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 33

Consistency  (X) = Err [ Pred t [ X [ iPred(X), oPred(X C ) ] Theorem A specificiation (state) s is inconsistent iff s 2 ¹ X. ¼ (X) Definitions Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Pruned Version S Kim G Larsen 34

Conjunction, S Æ T A AiAi ClCl gigi hlhl a? o! … … B BjBj DmDm ujuj vmvm a? o! … … IAIA IBIB A,B A i,B j g i Æ u j a? S T o! h l Æ v m C l,D m slsl riri tjtj pmpm r i [ tj IA Æ IBIA Æ IB sl [ pmsl [ pm Theorem S Æ T · S S Æ T · T (U · S) and (U · T) ) U · (S Æ T) Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 35

Conjunction, Ex. S T S Æ T Clearly Inconsistent ! Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 36

Composition, S|T Classical rules for Composition of I/O transition Systems Theorem If A 1 · B 1 and A 2 · B 2 then A 1 |A 2 · B 1 |B 2 Theorem If A 1 · B 1 and A 2 · B 2 then A 1 |A 2 · B 1 |B 2 coin?pub! tea cof MachineResearcher Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 37

Quotienting, T\S T S i? X oX!oX! oS!oS! A AiAi CiCi gigi hihi oS!oS! … … B BjBj DjDj ujuj vjvj oS!oS! … … IAIA IBIB T S sisi riri tjtj pjpj oX!oX!kiki qiqi … EiEi oX?oX?wjwj æjæj … FiFi Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 38

Quotienting, T\S T S i? X oX!oX! oS!oS! A AiAi CiCi gigi hihi oS!oS! … … B BjBj DjDj ujuj vjvj oS!oS! … … IAIA IBIB T S sisi riri tjtj pjpj oX!oX!kiki qiqi … EiEi oX?oX?wjwj æjæj … FiFi A\B IA Æ : IBIA Æ : IB § UNI IB Æ : IAIB Æ : IA i? INC h i,vj os?os? C i \ D j : H,vj os?os? INC : V os?os? UNI k i,wj ox!ox! q i,æ j E i \ F j g i,u j i? s i,p j r i,t j A i \ B j T\S Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 39

Quotienting, T\S T S i? X oX!oX! oS!oS! A AiAi CiCi gigi hihi oS!oS! … … B BjBj DjDj ujuj vjvj oS!oS! … … IAIA IBIB T S sisi riri tjtj pjpj oX!oX!kiki qiqi … EiEi oX?oX?wjwj æjæj … FiFi A\B IA Æ : IBIA Æ : IB § UNI IB Æ : IAIB Æ : IA i? INC h i,vj os?os? C i \ D j : H,vj os?os? INC : V os?os? UNI k i,wj ox!ox! q i,æ j E i \ F j g i,u j i? s i,p j r i,t j A i \ B j Theorem (S | X) · T iff X · (T\S) Theorem (S | X) · T iff X · (T\S) T\S Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 40

Quotienting, ”Application” coinpub tea cof MachineResearcher Administration grant patent grantpatent Specification · coinpub tea cof MachineResearcher Spec \ Adm · IFF Spec\Adm u · 20 Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 41

Compositional Refinement Checking … · C1C1 C2C2 CnCn C3C3 … C2C2 CnCn C3C3 S S \ C 1 · iff P( S \ C 1 ) iff … CnCn C3C3 · P( P(S C 1 ) \C 2 ) iff … … Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Andersen: Partial MC & Laroussinie, L.: CMC Tool Kim G Larsen 42

Assume-Guarantee Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan ButA ButB Good Bad GuaranteeAssumption A>>G = (A | G) \ A Kim G Larsen 43 Properties  (A | G) · ¸ (A | A>>G )  A>>G ¸ G  A · A’ ) A>>G ¸ A’>> G  G · G’ ) A>>G · A>>G’ Properties  (A | G) · ¸ (A | A>>G )  A>>G ¸ G  A · A’ ) A>>G ¸ A’>> G  G · G’ ) A>>G · A>>G’

Assume-Guarantee Reasoning Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan A, G A 1, G 1 A 2, G 2 Proof Rule: A>>G ¸ ( A 1 >>G 1 | A 2 >>G 2 ) Proof Rule: A>>G ¸ ( A 1 >>G 1 | A 2 >>G 2 ) Kim G Larsen 44 FASE’12: Moving from Specifications to Contracts in Component-Based Design

Milner’s Scheduler Compositionaly Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan S S N0N0 N0N0 N1N1 N1N1 N2N2 N2N2 NiNi NiNi N i+1 w0w0 w1w1 w i+1 rec 1 rec 2 rec i rec i+1 rec 0 w2w2 wiwi Find SS i and verify: 1. N 1 · SS 1 2. SS 1 | N 2 · SS 2 3. SS 2 | N 3 · SS 3 … … n. SS n-1 | N n · SS n n+1. SS n | N 0 · SPEC Find SS i and verify: 1. N 1 · SS 1 2. SS 1 | N 2 · SS 2 3. SS 2 | N 3 · SS 3 … … n. SS n-1 | N n · SS n n+1. SS n | N 0 · SPEC SPEC Kim G Larsen 45

Milner’s Scheduler Compositionaly Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan S S N0N0 N0N0 N1N1 N1N1 N2N2 N2N2 NiNi NiNi N i+1 w0w0 w1w1 w i+1 rec 1 rec 2 rec i rec i+1 rec 0 w2w2 wiwi Find SS i …… A1A1 G A2A2 No new rec[1]! until rec[i+1]? After rec[1]? then rec[i+1]! within [d*i,D*i] After rec[1]? then rec[i+1]! within [d*i,D*i] Kim G Larsen 46 rec[1]! occurs with > N*d time sep. rec[1]! occurs with > N*d time sep.

Milner’s Scheduler Compositionaly Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan S S N0N0 N0N0 N1N1 N1N1 N2N2 N2N2 NiNi NiNi N i+1 w0w0 w1w1 w i+1 rec 1 rec 2 rec i rec i+1 rec 0 w2w2 wiwi A1A1 G A2A2 Take SS i = (A 1 & A 2 )>>G Kim G Larsen 47

Milner’s Scheduler Compositionaly Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan S S N0N0 N0N0 N1N1 N1N1 N2N2 N2N2 NiNi NiNi N i+1 w0w0 w1w1 w i+1 rec 1 rec 2 rec i rec i+1 rec 0 w2w2 wiwi Take SS i = (A 1 & A 2 )>>G Kim G Larsen 48

Experiments Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan D=30 Kim G Larsen 49

References  LICS88: Kim Guldstrand Larsen, Bent Thomsen: A Modal Process Logic.  EMSOFT 2002: Luca de Alfaro, Thomas A. Henzinger, Mariëlle Stoelinga: Timed Interfaces.  FMCO’09: Methodologies for Specification of Real-Time Systems Using Timed I/O Automata  WADT’10: An Interface Theory for Timed Systems  ATVA’10: ECDAR: An Environment for Compositional Design and Analysis of Real Time Systems  HSCC’10:Timed I/O Automata: A Complete Specification Theory for Real- time Systems  STTT’12: Compositional verification of real-time systems using Ecdar  QEST’10: Compositional Design Methodology with Constraint Markov Chains  QEST’11: APAC: A Tool for Reasoning about Abstract Probabilistic Automata  FASE’12: Moving from Specifications to Contracts in Component-Based Design  FMSD’13:: Weighted modal transition systems.  Sci. Comput. Prg ‘14: A modal specification theory for components with data.    Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Kim G Larsen 50 Timed TLA  UPPAAL ECDAR ?

Context Dependent Bisimulation Probabilistic MTS Interval Markov Chains UPPAAL APAC Colloquium in Honor of Martin Abadi, June 25-26, 2015, Cachan Congratulation !!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.