Formal Methods for Real-Time Systems
01 Jan 1994-pp 619-620
TL;DR: It is considered here when and to what extent it is appropriate to use formal methods in the development of safety critical systems.
Abstract: We believe that formal methods are both under-used and over-sold and consider here when and to what extent it is appropriate to use formal methods in the development of safety critical systems.
Citations
More filters
Proceedings Article•
01 Jan 1999
TL;DR: The Monitoring and Checking (MaC) framework which assures the correctness of the current execution at run-time and two languages to specify monitoring scripts and requirements are presented.
Abstract: We describe the Monitoring and Checking (MaC) framework which assures the correctness of the current execution at run-time Monitoring is performed based on a formal specification of system requirements MaC bridges the gap between formal specification and verification, which ensures the correctness of a design rather than an implementation, and testing, which partially validates an implementation An important aspect of the framework is a clear separation between implementation-dependent description of monitored objects and high-level requirements specification Another salient feature is automatic instrumentation of executable code The paper presents an overview of the framework and two languages to specify monitoring scripts and requirements, and briefly explain our on-going prototype implementation Comments Postprint version Published in 1999 International Conference on Parallel and Distributed Processing Techniques and Applications PDPTA99, 1999, Volume 1, pages 279-287 Publisher URL: http://wwwinformatikuni-trierde/~ley/db/conf/pdpta/pdpta1999-1html This conference paper is available at ScholarlyCommons: http://repositoryupennedu/cis_papers/294 Runtime Assurance Based On Formal Speci cations I Lee, S Kannan, M Kim, O Sokolsky, and M Viswanathan Department of Computer and Information Science University of Pennsylvania Philadelphia, PA 19104
191 citations
Additional excerpts
...The example is inspired by the railroad crossing problem, which is routinely used as an illustration of real-time formalisms [7]....
[...]
09 Jun 1999
TL;DR: The MaC framework provides assurance on the correctness of an execution of a real-time system at runtime and bridges the gap between formal specification and testing, which validates implementations but lacks formality.
Abstract: We describe the Monitoring and Checking (MaC) framework which provides assurance on the correctness of an execution of a real-time system at runtime. Monitoring is performed based on a formal specification of system requirements. MaC bridges the gap between formal specification, which analyzes designs rather than implementations, and testing, which validates implementations but lacks formality. An important aspect of the framework is a clear separation between implementation-dependent description of monitored objects and high-level requirements specification. Another salient feature is automatic instrumentation of executable code. The paper presents an overview of the framework, languages to express monitoring scripts and requirements, and a prototype implementation of MaC targeted at systems implemented in Java.
141 citations
20 Sep 1999
TL;DR: The UniForM Workbench supports combination of Formal Methods (on a solid logical foundation), provides tools for the development of hybrid, real-time or reactive systems, transformation, verification, validation and testing, and comprises a universal framework for the integration of methods and tools in a common development environment.
Abstract: The UniForM Workbench supports combination of Formal Methods (on a solid logical foundation), provides tools for the development of hybrid, real-time or reactive systems, transformation, verification, validation and testing. Moreover, it comprises a universal framework for the integration of methods and tools in a common development environment. Several industrial case studies are described.
45 citations
13 Mar 2007
TL;DR: By introducing a binary operator that binds values based on the current state, this work extends its previous approach to runtime verification of a single finite path against a formula in Next-free Linear-Time Logic with free variables and quantification.
Abstract: We extend our previous approach to runtime verification of a single finite path against a formula in Next-free Linear-Time Logic (LTL) with free variables and quantification. The existing approach is extended from event-based to set-based states, and the design-space of quantification is discussed. By introducing a binary operator that binds values based on the current state, we can dispense with the static analysis of a formula. The binding semantics of propositions containing quantified variables is simplified by a pure top-down evaluation. The alternating binding automaton corresponding to a formula is evaluated in a breadth-first manner, allowing us to instantly detect refuted formulae during execution.
29 citations
TL;DR: This paper aims to demonstrate the efforts towards in-situ applicability of EMMARM, which aims to provide real-time information about concrete mechanical properties such as E-modulus and compressive strength.
9 citations
Cites background from "Formal Methods for Real-Time System..."
...However, we have shown [14] that there are a significant number of limitations with existing real-time development formalisms....
[...]
References
More filters
TL;DR: The authors formalize the safety analysis of timing properties in real-time systems based on a formal logic, RTL (real-time logic), which is especially suitable for reasoning about the timing behavior of systems.
Abstract: The authors formalize the safety analysis of timing properties in real-time systems. The analysis is based on a formal logic, RTL (real-time logic), which is especially suitable for reasoning about the timing behavior of systems. Given the formal specification of a system and a safety assertion to be analyzed, the goal is to relate the safety assertion to the systems specification. There are three distinct cases: (1) the safety assertion is a theorem derivable from the systems specification; (2) the safety assertion is unsatisfiable with respect to the systems specification; or (3) the negation of the safety assertion is satisfiable under certain conditions. A systematic method for performing safety analysis is presented.
684 citations
TL;DR: An approach to solving the task allocation problem using a technique known as simulated annealing is described and a distributed hard real-time architecture is defined and new analysis is presented which enables timing requirements to be guaranteed.
Abstract: A distributed hard real time system can be composed from a number of communicating tasks. One of the difficulties with building such systems is the problem of where to place the tasks. In general there are PT ways of allocating T tasks to P processors, and the problem of finding an optimal feasible allocation (where all tasks meet physical and timing constraints) is known to be NP-Hard. This paper describes an approach to solving the task allocation problem using a technique known as simulated annealing. It also defines a distributed hard real-time architecture and presents new analysis which enables timing requirements to be guaranteed.
367 citations
TL;DR: This paper defines software safety and describes a technique called software fault tree analysis which can be used to analyze a design as to its safety and has been applied to a program which controls the flight and telemetry for a University of California spacecraft.
Abstract: With the increased use of software controls in critical realtime applications, a new dimension has been introduced into software reliability–the "cost" of errors. The problems of safety have become critical as these applcations have increasingly included areas where the consequences of failure are serious and may involve grave dangers to human life and property. This paper defines software safety and describes a technique called software fault tree analysis which can be used to analyze a design as to its safety. The technique has been applied to a program which controls the flight and telemetry for a University of California spacecraft. A critical failure scenario was detected by the technique which had not been revealed during substantial testing of the program. Parts of this analysis are presented as an example of the use of the technique and the results are discussed.
243 citations