Formal Aspects of Computing

, Volume 20, Issue 4–5, pp 481–505 | Cite as

Model checking Duration Calculus: a practical approach

  • Roland Meyer
  • Johannes Faber
  • Jochen Hoenicke
  • Andrey Rybalchenko
Open Access
Original Article

Abstract

Model checking of real-time systems against Duration Calculus (DC) specifications requires the translation of DC formulae into automata-based semantics. The existing algorithms provide a limited DC coverage and do not support compositional verification. We propose a translation algorithm that advances the applicability of model checking tools to realistic applications. Our algorithm significantly extends the subset of DC that can be checked automatically. The central part of the algorithm is the automatic decomposition of DC specifications into sub-properties that can be verified independently. The decomposition is based on a novel distributive law for DC. We implemented the algorithm in a tool chain for the automated verification of systems comprising data, communication, and real-time aspects. We applied the tool chain to verify safety properties in an industrial case study from the European Train Control System (ETCS).

Keywords

Model checking Verification Duration Calculus Timed automata Real-time systems European Train Control System Case study 

Notes

Open Access

This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.

References

  1. ABBL03.
    Aceto L, Bouyer P, Burgueño A, Larsen KG (2003) The power of reachability testing for timed automata. Theor Comput Sci 300(1–3): 411–475CrossRefMATHGoogle Scholar
  2. AD94.
    Alur R, Dill DL (1994) A theory of timed automata. Theor Comput Sci 126(2): 183–235CrossRefMathSciNetMATHGoogle Scholar
  3. BLR95.
    Bouajjani A, Lakhnech Y, Robbana R (1995) From duration calculus to linear hybrid automata. In: Wolper P (eds) CAV, LNCS, vol 939. Springer, Heidelberg, pp 196–210Google Scholar
  4. BMMR01.
    Ball T, Majumdar R, Millstein T, Rajamani S (2001) Automatic predicate abstraction of C programs. In: PLDI, volume 36 of ACM SIGPLAN Notices. ACM Press, New York, pp 203–213Google Scholar
  5. Brü07.
    Brückner I (2007) Slicing Concurrent Real-Time System Specifications for Verification. In: Davies J, Gibbons J(eds) Integrated Formal Methods, LNCS, vol 4591. Springer, Heidelberg, pp 54–74CrossRefGoogle Scholar
  6. CGJ+00.
    Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Emerson EA, Sistla AP(eds) CAV, LNCS, vol 1855. Springer, Heidelberg, pp 154–169Google Scholar
  7. CPR05.
    Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. In: SAS, LNCS, vol 3672. Springer, Heidelberg, pp 87–101Google Scholar
  8. DL02.
    Dierks H, Lettrari M (2002) Constructing test automata from graphical real-time requirements. In: Damm W, Olderog E-R(eds) FTRTFT, LNCS, vol 2469. Springer, Heidelberg, pp 433–453Google Scholar
  9. ECS99.
    ECSAG. ERTMS/ETCS Functional requirements specification (1999)Google Scholar
  10. ERT02.
    ERTMS User Group, UNISIG. ERTMS/ETCS System requirements specification (2002)Google Scholar
  11. FH07.
    Fränzle M, Hansen MR (2007) Deciding an interval logic with accumulated durations. In: TACAS, LNCS, vol 4424. Springer, Heidelberg, pp 201–215Google Scholar
  12. FJSS07.
    Faber J, Jacobs S, Sofronie-Stokkermans V (2007) Verifying CSP-OZ-DC specifications with complex data types and timing parameters. In: Davies J, Gibbons J(eds) Integrated Formal Methods. LNCS, vol 4591. Springer, Heidelberg, pp 233–252CrossRefGoogle Scholar
  13. Frä04.
    Fränzle M (2004) Model-checking dense-time duration calculus. Formal Asp Comput 16(2): 121–139CrossRefMATHGoogle Scholar
  14. GS97.
    Graf S, Saidi H (1997) Construction of abstract state graphs with PVS. In: Grumberg O (ed.) CAV, vol 1254. Springer, Heidelberg, pages 72–83Google Scholar
  15. Han06.
    Hansen M (2006) DC with nominals. Personal communication, March (2006)Google Scholar
  16. HJMM04.
    Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: Jones ND, Leroy X(eds) POPL. ACM Press, New York, pp 232–244CrossRefGoogle Scholar
  17. HJU05.
    Hermanns H, Jansen DN, Usenko YS (2005) From StoCharts to MoDeST: a comparative reliability analysis of train radio communications. In: WOSP. ACM Press, New York, pp 13–23Google Scholar
  18. HM05.
    Hoenicke J, Maier P (2005) Model-checking of specifications integrating processes, data and time. In: Fitzgerald JS, Hayes IJ, Tarlecki A(eds) FM, LNCS, vol 3582. Springer, Heidelberg, pp 465–480Google Scholar
  19. HMF06.
    Hoenicke J, Meyer R, Faber J (2006) PEA toolkit home page. http://csd.informatik.uni-oldenburg.de/projects/epea.html
  20. HO02.
    Hoenicke J, Olderog ER (2002) CSP-OZ-DC: A combination of specification techniques for processes, data and time. Nordic J Comput 9Google Scholar
  21. Hoa85.
    Hoare CAR (1985) Communicating Sequential Processes. Prentice-Hall, Englewood CliffsMATHGoogle Scholar
  22. Hoe06.
    Hoenicke J (2006) Combination of Processes, Data, and Time. Ph.D. thesis, University of OldenburgGoogle Scholar
  23. KP05.
    Krishna SN, Pandya PK (2005) Modal strength reduction in quantified discrete duration calculus. In: Ramanujam R, Sen S(eds) FSTTCS, LNCS, vol 3821. Springer, Heidelberg, pp 444–456Google Scholar
  24. McM03.
    McMillan KL Jr (2003) Interpolation and SAT-based model checking. In: Hunt WA Jr, Somenzi F(eds) CAV, LNCS, vol 2725. Springer, Heidelberg, pp 1–13Google Scholar
  25. MFR06.
    Meyer R, Faber J, Rybalchenko A (2006) Model checking duration calculus: A practical approach. In: Barkaoui K, Cavalcanti A, Cerone A(eds) ICTAC, LNCS, vol 4281. Springer, Heidelberg, pp 332–346Google Scholar
  26. Pan02.
    Pandya PK (2002) Interval duration logic: Expressiveness and decidability. ENTCS 65(6)Google Scholar
  27. Pla07.
    Platzer A (2007) Differential dynamic logic for verifying parametric hybrid systems. In: Olivetti N.(eds) TABLEAUX, LNCS, vol 4548. Springer, Heidelberg, pp 216–232Google Scholar
  28. PR05.
    Podelski A, Rybalchenko A (2005) Transition predicate abstraction and fair termination. In: POPL. ACM Press, New York, pp 132–144Google Scholar
  29. PR07.
    Podelski A, Rybalchenko A (2007) ARMC: the logical choice for software model checking with abstraction refinement. In: PADL, LNCS, vol 4281. Springer, Heidelberg, pp 245–259Google Scholar
  30. Rav94.
    Ravn AP (1994) Design of Embedded Real-Time Computing Systems. Ph.D. thesis, Technical University of DenmarkGoogle Scholar
  31. Ros98.
    Roscoe AW (1998) Theory and Practice of Concurrency. Prentice Hall, Englewood CliffsGoogle Scholar
  32. RSS07.
    Rybalchenko A, Sofronie-Stokkermans V (2007) Constraint solving for interpolation. In: VMCAI, LNCS, vol 4349. Springer, Heidelberg, pp. 346–362Google Scholar
  33. Ryb07.
    Rybalchenko A (2007) ARMC. http://www.mpi-sws.mpg.de/~rybal/armc
  34. Smi00.
    Smith G (2000) The Object-Z Specification Language. Kluwer, DordrechtMATHGoogle Scholar
  35. UPP05.
    Uppaal home page. University of Aalborg and University of Uppsala. http://www.uppaal.com, 1995–2005
  36. Var91.
    Vardi MY (1991) Verification of concurrent programs: The automata-theoretic framework. Ann Pure Appl Logic 51(1–2): 79–98CrossRefMathSciNetMATHGoogle Scholar
  37. VW86.
    Vardi MY, Wolper P (1986) An automata-theoretic approach to automatic program verification. In: LICS. IEEE Computer Society, pp 332–344Google Scholar
  38. ZH04.
    Zhou C, Hansen MR (2004) Duration Calculus. Springer, HeidelbergMATHGoogle Scholar
  39. ZH05.
    Zimmermann A, Hommel G (2005) Towards modeling and evaluation of ETCS real-time communication and operation. J Syst Softw 77(1): 47–54CrossRefGoogle Scholar
  40. ZHS93.
    Zhou C, Hansen MR, Sestoft P (1993) Decidability and undecidability results for duration calculus. In: Enjalbert P, Finkel A, Wagner KW(eds) STACS, LNCS, vol 665. Springer, Heidelberg, pp 58–68Google Scholar

Copyright information

© The Author(s) 2008

Authors and Affiliations

  • Roland Meyer
    • 1
  • Johannes Faber
    • 1
  • Jochen Hoenicke
    • 2
  • Andrey Rybalchenko
    • 3
  1. 1.Department für InformatikCarl von Ossietzky Universität OldenburgOldenburgGermany
  2. 2.Institut für InformatikAlbert-Ludwigs Universität FreiburgFreiburgGermany
  3. 3.Max Planck Institute for Software SystemsSaarbrückenGermany

Personalised recommendations