Abstract
Model checking of real-time systems against Duration Calculus (DC) specifications requires the translation of DC formulae into automata-based semantics. The existing algorithms provide a limited DC coverage and do not support compositional verification. We propose a translation algorithm that advances the applicability of model checking tools to realistic applications. Our algorithm significantly extends the subset of DC that can be checked automatically. The central part of the algorithm is the automatic decomposition of DC specifications into sub-properties that can be verified independently. The decomposition is based on a novel distributive law for DC. We implemented the algorithm in a tool chain for the automated verification of systems comprising data, communication, and real-time aspects. We applied the tool chain to verify safety properties in an industrial case study from the European Train Control System (ETCS).
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Aceto L, Bouyer P, Burgueño A, Larsen KG (2003) The power of reachability testing for timed automata. Theor Comput Sci 300(1–3): 411–475
Alur R, Dill DL (1994) A theory of timed automata. Theor Comput Sci 126(2): 183–235
Bouajjani A, Lakhnech Y, Robbana R (1995) From duration calculus to linear hybrid automata. In: Wolper P (eds) CAV, LNCS, vol 939. Springer, Heidelberg, pp 196–210
Ball T, Majumdar R, Millstein T, Rajamani S (2001) Automatic predicate abstraction of C programs. In: PLDI, volume 36 of ACM SIGPLAN Notices. ACM Press, New York, pp 203–213
Brückner I (2007) Slicing Concurrent Real-Time System Specifications for Verification. In: Davies J, Gibbons J(eds) Integrated Formal Methods, LNCS, vol 4591. Springer, Heidelberg, pp 54–74
Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Emerson EA, Sistla AP(eds) CAV, LNCS, vol 1855. Springer, Heidelberg, pp 154–169
Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. In: SAS, LNCS, vol 3672. Springer, Heidelberg, pp 87–101
Dierks H, Lettrari M (2002) Constructing test automata from graphical real-time requirements. In: Damm W, Olderog E-R(eds) FTRTFT, LNCS, vol 2469. Springer, Heidelberg, pp 433–453
ECSAG. ERTMS/ETCS Functional requirements specification (1999)
ERTMS User Group, UNISIG. ERTMS/ETCS System requirements specification (2002)
Fränzle M, Hansen MR (2007) Deciding an interval logic with accumulated durations. In: TACAS, LNCS, vol 4424. Springer, Heidelberg, pp 201–215
Faber J, Jacobs S, Sofronie-Stokkermans V (2007) Verifying CSP-OZ-DC specifications with complex data types and timing parameters. In: Davies J, Gibbons J(eds) Integrated Formal Methods. LNCS, vol 4591. Springer, Heidelberg, pp 233–252
Fränzle M (2004) Model-checking dense-time duration calculus. Formal Asp Comput 16(2): 121–139
Graf S, Saidi H (1997) Construction of abstract state graphs with PVS. In: Grumberg O (ed.) CAV, vol 1254. Springer, Heidelberg, pages 72–83
Hansen M (2006) DC with nominals. Personal communication, March (2006)
Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: Jones ND, Leroy X(eds) POPL. ACM Press, New York, pp 232–244
Hermanns H, Jansen DN, Usenko YS (2005) From StoCharts to MoDeST: a comparative reliability analysis of train radio communications. In: WOSP. ACM Press, New York, pp 13–23
Hoenicke J, Maier P (2005) Model-checking of specifications integrating processes, data and time. In: Fitzgerald JS, Hayes IJ, Tarlecki A(eds) FM, LNCS, vol 3582. Springer, Heidelberg, pp 465–480
Hoenicke J, Meyer R, Faber J (2006) PEA toolkit home page. http://csd.informatik.uni-oldenburg.de/projects/epea.html
Hoenicke J, Olderog ER (2002) CSP-OZ-DC: A combination of specification techniques for processes, data and time. Nordic J Comput 9
Hoare CAR (1985) Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs
Hoenicke J (2006) Combination of Processes, Data, and Time. Ph.D. thesis, University of Oldenburg
Krishna SN, Pandya PK (2005) Modal strength reduction in quantified discrete duration calculus. In: Ramanujam R, Sen S(eds) FSTTCS, LNCS, vol 3821. Springer, Heidelberg, pp 444–456
McMillan KL Jr (2003) Interpolation and SAT-based model checking. In: Hunt WA Jr, Somenzi F(eds) CAV, LNCS, vol 2725. Springer, Heidelberg, pp 1–13
Meyer R, Faber J, Rybalchenko A (2006) Model checking duration calculus: A practical approach. In: Barkaoui K, Cavalcanti A, Cerone A(eds) ICTAC, LNCS, vol 4281. Springer, Heidelberg, pp 332–346
Pandya PK (2002) Interval duration logic: Expressiveness and decidability. ENTCS 65(6)
Platzer A (2007) Differential dynamic logic for verifying parametric hybrid systems. In: Olivetti N.(eds) TABLEAUX, LNCS, vol 4548. Springer, Heidelberg, pp 216–232
Podelski A, Rybalchenko A (2005) Transition predicate abstraction and fair termination. In: POPL. ACM Press, New York, pp 132–144
Podelski A, Rybalchenko A (2007) ARMC: the logical choice for software model checking with abstraction refinement. In: PADL, LNCS, vol 4281. Springer, Heidelberg, pp 245–259
Ravn AP (1994) Design of Embedded Real-Time Computing Systems. Ph.D. thesis, Technical University of Denmark
Roscoe AW (1998) Theory and Practice of Concurrency. Prentice Hall, Englewood Cliffs
Rybalchenko A, Sofronie-Stokkermans V (2007) Constraint solving for interpolation. In: VMCAI, LNCS, vol 4349. Springer, Heidelberg, pp. 346–362
Rybalchenko A (2007) ARMC. http://www.mpi-sws.mpg.de/~rybal/armc
Smith G (2000) The Object-Z Specification Language. Kluwer, Dordrecht
Uppaal home page. University of Aalborg and University of Uppsala. http://www.uppaal.com, 1995–2005
Vardi MY (1991) Verification of concurrent programs: The automata-theoretic framework. Ann Pure Appl Logic 51(1–2): 79–98
Vardi MY, Wolper P (1986) An automata-theoretic approach to automatic program verification. In: LICS. IEEE Computer Society, pp 332–344
Zhou C, Hansen MR (2004) Duration Calculus. Springer, Heidelberg
Zimmermann A, Hommel G (2005) Towards modeling and evaluation of ETCS real-time communication and operation. J Syst Softw 77(1): 47–54
Zhou C, Hansen MR, Sestoft P (1993) Decidability and undecidability results for duration calculus. In: Enjalbert P, Finkel A, Wagner KW(eds) STACS, LNCS, vol 665. Springer, Heidelberg, pp 58–68
Open Access
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
Author information
Authors and Affiliations
Corresponding author
Additional information
K. Barkaoui, M. Broy, A. Cavalcanti and A. Cerone
This work was partly supported by the German Research Council under the grants SFB/TR 14AVACS and GRK1076/1. This is an extented version of a paper that appeared in Theoretical Aspects of Computing - ICTAC 2006 [MFR06].
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Meyer, R., Faber, J., Hoenicke, J. et al. Model checking Duration Calculus: a practical approach. Form Asp Comp 20, 481–505 (2008). https://doi.org/10.1007/s00165-008-0082-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-008-0082-7