Abstract
We introduce in this paper \(\textsc {AMT~2.0}\), a tool for qualitative and quantitative analysis of hybrid continuous and Boolean signals that combine numerical values and discrete events. The evaluation of the signals is based on rich temporal specifications expressed in extended Signal Temporal Logic (xSTL), which integrates Timed Regular Expressions (TRE) within Signal Temporal Logic (STL). The tool features qualitative monitoring (property satisfaction checking), trace diagnostics for explaining and justifying property violations and specificationdriven measurement of quantitative features of the signal.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
1 Introduction
Cyberphysical systems, such as automotive embedded controllers, medical devices or autonomous vehicles, are often modeled and analyzed by simulation. Simulators generate traces admitting real values often interpreted as continuoustime signals. To evaluate the system under design, these traces are inspected for satisfying some correctness requirements and are often subject to quantitative analysis based on recording some values in certain segments of the signal and performing some computation (summation, minimum) on them.
Over the past decade an extensive framework has been developed whose goal was to bring automated support for this tedious and errorprone task, centered around Signal Temporal Logic (STL) [18, 19]. STL extends the classical LTL in two directions: it uses predicates over realvalued variables in addition to atomic propositions, and it is defined over dense continuous time accessed symbolically with timed modalities as in Metric Temporal Logic (MTL) [17]. This framework, which was initially accompanied by a rudimentary prototype tool [20], had a lot of reported applications in domains such as automotive, robotics, analog circuits, systems biology. It can be viewed as an extension of runtime verification toward cyberphysical hybrid systems. Interested readers may consult the survey in [7].
In this article we present AMT 2.0, a new version of the tool. The new version is much more mature in terms of software engineering aspects such as rigorous typing of signals and properties, introducing programming language features that include declarations and aliases, improvement of the graphical editors, systematic software testing, etc. Furthermore, its functionality has been extended significantly by incorporating several new research results obtained over the last years:

1.
We combine STL with a fragment of Timed Regular Expressions (TRE) [4, 5], as a complementary formalism to express temporal patterns. The monitoring algorithm for our specification language xSTL thus obtained integrates the recent TRE pattern matching algorithm reported in [22].

2.
We use the TRE formalism to define segments of the signal to which quantitative measurements should be applied. Thus we obtain a declarative measurement language that does for the quantitative domain what formal specification languages do for correctness checking. The results, first reported in [14], are fully incorporated into the tool.

3.
We implement the error diagnostics algorithm of [13] which accompanies the report on a property violation with a justification: a small subsignal (temporal implicant) which is sufficient to imply the property violation and to convince the user of this fact.
With all these features we progress in easing the task of designers who seek to analyze a complex system based on simulations, providing them with an alternative to manual inspection or explicit programming of observers.
The rest of the paper is organized as follows. In Sect. 2 we present the xSTL specification language. Section 3 gives an overview of the tool and its main features. We illustrate the usage of AMT 2.0 in Sect. 4 with two examples. We present the related work in Sect. 5 and give concluding remarks in Sect. 6.
2 Extended Signal Temporal Logic
Extended Signal Temporal Logix (xSTL) essentially combines STL with a variant of TRE. In this section, we provide the mathematical definitions of the specification language.
We denote by \(P\) and \(X\) finite sets of propositional and data variables, such that \(P=m\) and \(X=n\). Data variables are defined over an arbitrary domain \(\mathbb {D}\), typically the reals or the integers. We use the notation \(w~:~\mathbb {T} \rightarrow \mathbb {D}^n \times \mathbb {B}^m\) to represent a multidimensional signal with \(\mathbb {T}= [0,d) \subseteq \mathbb {R}\) and \(\mathbb {B} = \{ \textsf {true}, \textsf {false}\}\). We denote by \({w}_{p}\) the projection of \(w\) on its component p. We denote by \(\theta ~:~\mathbb {D}^{n} \rightarrow \mathbb {B}\) a predicate that maps valuations of variables in X into \(\{ \textsf {true}, \textsf {false}\}\).
The syntax of an STL formula \(\varphi \) with both future and past temporal operators and interpreted over \(X\cup P\) is defined by the grammar
where \(p\in P\), \(x_{1}, \ldots , x_{n} \in X\) and \(I \subseteq \mathbb {R}^+\) is an interval. We denote by the until operator that is decorated with an unbounded interval . We use the strict semantics [2] for until and since temporal operators that allows us to define (continuoustime) next and (continuoustime) previous . The instantaneous rise and fall events can be derived using the rules and . We derive other standard operators as follows: \(\textsf {true}\equiv p\vee \lnot p\), \(\textsf {false}\equiv \lnot \textsf {true}\), \(\varphi _1 \wedge \varphi _2 \equiv \lnot (\lnot \varphi _1 \vee \lnot \varphi _2)\), \(\varphi _1 \rightarrow \varphi _2 \equiv \lnot \varphi _1 \vee \varphi _2\), , , , and .
The semantics of an STL formula with respect to a signal w is described via the satisfiability relation \((w,t) \models \varphi \), indicating that the signal w satisfies \(\varphi \) at time point t, according to the following definition.
We now define a variant of TRE according to the following grammar:
where I is an interval of \(\mathbb R_+\). The semantics of a timed regular expression r with respect to a signal w and times \(t \le t'\) in [0, d] is given in terms of a match relation , which indicates that the segment of w between t and \(t'\) matches the expression. This relation is defined inductively as follows:
The last two operations associate a precondition (resp. postcondition) to the expression. We note that with the pre and postcondition, we can also syntactically define rise and fall operators by using the rules \({{\mathrm{\uparrow }}}p \equiv \lnot p {{\mathrm{?}}}\epsilon {{\mathrm{!}}}p\) and \({{\mathrm{\downarrow }}}p \equiv p {{\mathrm{?}}}\epsilon {{\mathrm{!}}}\lnot p\). Extended STL specifications require regular expressions to be embedded into STL formulas. We define two operators, begin match (@(r)) and end match ((r)@) that intuitively project any signal segment \((t,t')\) that matches the expression r to its beginning t and its end \(t'\), respectively. Thus, xSTL simply extends STL with these two operators:
and with the following semantics
3 Tool Presentation
The AMT 2.0 tool provides for qualitative and quantitative analysis of simulation/measurement traces. Its input consists of two major ingredients. The first is typically a formula or a collection of formulas in xSTL specifying the desired properties (and later measurements) of a continuous signal. The second is a finite representation of the continuous signal. Input signals obtained from simulators or measurement devices are given as finite sequences of timestamped values of the form \((t_i,w[t_i])\). The tool supports two commonlyused formats: Value Change Dump (vcd) and Comma Separated Values (csv) files. To obtain continuoustime signals, values between sampling points are interpolated inside the tool to yield either piecewiseconstant or piecewiselinear signals.
The tool can work either interactively via its graphical user interface (GUI) or, alternatively, in batch mode when we want to monitor against many signals or incorporate monitoring in a more sophisticated analysis procedure that may iterate over behaviorgenerating models and/or properties in an outer loop. Figure 1 shows the main evaluation window of the GUI which provides two main functionalities: (1) editing xSTL specifications; and (2) launching the monitoring procedure by selecting properties and signals and presenting the outcome graphically. The AMT 2.0 tool is entirely implemented in Java to facilitate its usage across different platforms and operating systems.
The tool supports three main functionalities: (1) qualitative offline monitoring of extended STL specifications; (2) localization and explanation of property violations; and (3) measurements of quantitative features of signals driven by temporal pattern expressed using TRE. In the remainder of the section we present these functionalities in more detail.
3.1 Specifications in AMT 2.0
The tool facilitates specification of xSTL properties in several ways. The GUI provides an xSTL editor, depicted in Fig. 2, with syntax highlighting and line numbering. In addition, the xSTL parser implements a number of features borrowed from programming languages. This includes (1) declaration of variables and constants, (2) parameterized property templates, (3) support for Boolean, real and integer variables and (4) type checking with extensive error reporting.
3.2 Qualitative Monitoring of xSTL
In this section, we sketch the algorithm for the major functionality of the tool, qualitative monitoring of xSTL specifications. The procedure is based on two main methods that we describe in the sequel: the offline marking procedure for STL [19] and the pattern matching procedure for TRE [22].
The qualitative monitoring procedure for \(\textsc {STL}\) is an offline method that works directly on the input signals. The procedure is recursive on the structure of the specification – it propagates the truth values from input signals via subformulas up to the main formula. The algorithm uses the notion of a satisfaction signal – we assign to each subformula \(\psi \) of \(\varphi \) a Boolean signal \(w_{\psi }\) such that \(w_{\psi }[t] = \textsf {true}\) iff \((w,t) \models \psi \). For each \(\textsc {STL}\) operator, we define a method that computes its satisfaction signal from the satisfaction signals of its arguments. For some operators, this computation is trivial. For example, satisfaction signal \(w_{\lnot \varphi }\) is obtained by flipping the truth values of the satisfaction signal \(w_{\varphi }\). The computation of satisfaction signals for temporal operators is more involved. We give an intuition on the computation of \(w_{\psi }\) where and refer the reader to [19] for the technical description of the complete procedure. The computation is based on the following observation: whenever \(\varphi \) holds throughout an interval J, \(\psi \) holds throughout \((J \ominus I) \cap \mathbb {T}\), where \(J \ominus I = \{ t  t'~~t\in J \; \text {and} \; t' \in I\}\) is the Minkowski difference. Hence, the essence of the procedure is to backshift (Minkowski difference restricted to \(\mathbb {T}\)) all the positive intervals in \(w_{\varphi }\) and thus obtain the set of time points where holds. This method is illustrated in Fig. 3.
The integration of TRE into the monitoring procedure of xSTL is done in two steps. First, we define the matchset \(\mathcal {M}(r,w)\) of a TRE over a signal \(w\) as the set of all segments of \(w\) that match r, i.e. , and use the algorithm of [22] to compute the matchset. We then use the match begin (@(r)) and match end ((r)@) operators to project the matchsets to satisfaction signals that are then directly integrated into the STL monitoring procedure described above.
The algorithm proposed in [22] computes the set of segments of a signal w that match a TRE \(\varphi \). Since we are dealing with continuoustime signals, the number of segments is noncountable and so is potentially the number of matches. The algorithm is based on the observation that all those segments can be can be embedded in twodimensional space, inside the triangle \(0\le t \le t'\le w\), where a point \((t,t')\) represents the segment starting at t and ending in \(t'\). The matching algorithm uses a symbolic representation of the matches as a finite union of twodimensional zones. Zones are special class of convex polytopes which are defined as the conjunction of inequalities of the form \(x_i \prec b_i\) and \(x_i  x_j \prec c_{i,j}\), where \(\mathord \prec \in \{ <, \le \}\). For instance, the match set \(\mathcal {M}(\epsilon ,w)\) for the empty word \(\epsilon \) is the diagonal zone \(\{(t,t')\in \mathbb {T} \times \mathbb {T}~~t=t'\}\), while the match for a literal p or \(\lnot p\) is a disjoint union of triangles touching the diagonal whose number depends on the number of switching points in \({w}_{p}\). The match set of the time restriction operator is obtained by intersecting the match set with the corresponding diagonal band, hence \(\mathcal {M}(\langle \varphi \rangle _I, w) = \mathcal {M}(\varphi ) \cap \{(t,t')~~t'  t \in I\}\). The match sets for p and \(\langle p \rangle _{[1,2]}\) are depicted in Fig. 4. We point the reader to [22] for a complete description of the procedure. The satisfaction signals \(w_{@(r)}\) and \(w_{(r)@}\) for the matchbegin and matchend operators are computed from the match set of r by projecting every \((t,t')\in \mathcal {M}(r)\) on t and \(t'\), respectively.
3.3 Trace Diagnostics for STL
The trace diagnostics procedure implements the algorithm presented in [13]. Given an STL formula \(\varphi \) and a trace \(w\) that violates \(\varphi \), the procedure gives an explanation of the fault in the form of a temporal implicant, which is a small subsignal \(w'\) of \(w\) which is sufficient to imply violation. In other words, any possible completion of \(w'\) into a full signal will violate the property. The diagnostics procedure uses the satisfaction signals computed by the monitoring algorithm from Sect. 3.2 to explain the faults. The method uses the satisfaction explanation operator E (and its dual violation explanation operator F) that for a given formula \(\varphi \) returns an implicant of \(\varphi \) (respectively of \(\lnot \varphi \)) which is satisfied by \(w\). The explanation operators are defined inductively on the structure of the formula \(\varphi \) and on the times t at which explanation of its subformulas are required.
We illustrate the idea behind the procedure with the following example. Consider the \(\textsc {STL}\) specification , a signal \(w\) in which p does not hold during [0, 3) and then holds during [3, 5). It is clear, for instance, that \((w, 0) \not \models \varphi \) and \((w, 3) \models \varphi \). The violation of \(\varphi \) by \(w\) at time 0 can be explained by the fact that \(w\) is continuously false throughout the interval [0, 1]. In other words, we have that \(F(\varphi , w, 0) = \bigwedge _{t \in [0,1]} (w_{p}[t] = \textsf {false})\). In contrast, the value of \(w\) at any time \(t \in [3,4]\) is sufficient to explain the satisfaction of \(\varphi \) by \(w\) at time 3. Thus \(E(\varphi , w, 3)\) could be any \((w_{p}[t]= \textsf {true})\) such that \(t \in [3,4]\). We use the notion of a selection function to choose one explanation when there are many possible ones. The full algorithm is described in [13].
3.4 SpecificationDriven Measurements
In this section, we present a simple declarative measurement specification language [14] built on top of TRE. The idea is to require the signal segments over which measurements should be taken to be those that match some pattern specified by an expression. An example of a measurement is the time elapsed between the beginning and end of some activity, or the total fuel consumption in a segment where the acceleration pedal is continuously on until the velocity crosses some threshold.
We first recall that the match set of a TRE defines all the trace segments that match the expression, and the number of those can be uncountably infinite. However if we restrict ourselves to patterns that are delimited by instantaneous discrete events, we will have only finitely many matches. Formally, we use the following subclass of expressions. An eventbounded TRE (etre) is an expression of the form
with p a proposition, and \(\hat{r}_1, \hat{r}_2\) eventbounded TREs.
The measure patterns defining the segments to be measured are of the form \(\alpha {{\mathrm{?}}}\psi {{\mathrm{!}}}\beta \), where \(\psi \) is the main pattern, and \(\alpha \) and \(\beta \) are, respectively pre and postconditions. The main pattern \(\psi \) specifies the portion of the signal over which the measure is taken. To guarantee a finite number of matching segments, \(\psi \) is restricted to be an etre while \(\alpha \) and \(\beta \), which can be used to define additional constraints, are TREs.
Given a measure pattern \(\varphi \) and a signal w, we first compute all the segments of \(w\) that match \(\varphi \). We then apply a measuring operator that collects specific signal values over the matched segments. A measure is written with the syntax \(\mathrm {op}(\varphi )\) with \(\mathrm {op} \in \{ \textsf {time}, \textsf {value}_x, \textsf {duration}, \textsf {inf}_x, \textsf {sup}_x, \textsf {integral}_x, \textsf {average}_x \}\). We finally aggregate the specific measures and provide to the user the minimum, maximum and average measured value, as well as a histogram that summarizes the measurements.
We illustrate specificationdriven measurement with an example from the DSI3 automotive communication protocol [16]. The microcontroller and the sensors that use the protocol, communicate by sending analog pulses during the protocol initialization phase. The standard describes the acceptable shapes and duration of such pulses. Figure 5 depicts the specification of a discovery response pulse from the DSI3 standard. In particular, the standard defines the relevant thresholds (2IResp and IResp) which are used to describe the shape, as well as the acceptable duration of the pulse’s ramp (\(t_{1}\)) and its total duration (\(t_{2}\)).
To define the pulse pattern we first define the following predicates:
and then let
We finally apply the measure operation \(\textsf {duration}(\varphi )\) to extract the duration of the segments that match the pulse pattern.
4 Examples
In this section, we introduce two running examples that we use to illustrate the features and the functionalities of AMT 2.0. The first example is concerned with a mixedsignal bounded stabilization property and is used to illustrate the qualitative monitoring and trace diagnostics functionalities. The second example demonstrates the measurement functionality as applied to jitter in a digital clock.
4.1 MixedSignal Bounded Stabilization
Informal Requirements. This requirement states that after every rising edge of the Boolean \(trigger \), the usuallystable analog signal \(var \) is allowed to oscillate under the following conditions:

1.
\(var \) must always remain below 5 V; and

2.
\(var \) must within 600 s go below 0.2 V, and continuously remain under that threshold for at least 600 s.
Simulation Traces. We evaluate this requirement on 5 different simulation traces. Figure 6 depicts the Boolean \(trigger \) signal, as well as the 5 traces named \(var0 \) to \(var4 \). We can already reason informally about the satisfaction of the bounded stabilization property by these traces:

1.
Trace \(var0 \) violates the specification because the signal never stabilizes, i.e. it continues oscillating until the end of simulation;

2.
Trace \(var1 \) satisfies the specification  the signal always remains smaller then 5 V, and it goes below 0.2 V within 600 s, continuously remaining below that threshold until the end of the simulation;

3.
Trace \(var2 \) violates the specification because the signal exceeds 5 V;

4.
Trace \(var3 \) violates the specification because the signal does not stabilize below 0.2 V within the specified period; and

5.
Trace \(var4 \) violates the specification because of the 3 glitches that occur towards the end of the simulation.
Formal Specification in xSTL. To define the property we first declare the Boolean variable \(trigger \), as well as the real variables \(var0 \) to \(var4 \). We also declare two constants \(vh \) and \(vl \), representing the 5 V and 0.2 V thresholds, respectively. We note that we are evaluating the same formula over different signals. Hence, we define a generic property template \(stab \) for the bounded stabilization formula, which is the conjunction of conditions (1) and (2) of the informal requirements. The first conjunct says that the realvalued signal must be smaller than 5V. The second conjunct is a conditional formula that uses logical implication. It says that whenever the \(trigger \) signal is on its rising edge, the x signal must go below 0.2 V within 600 s and continuously remain below that threshold for at least 300 s. Then each assertion is an instantiation of the template with one of the signals \(var0 \) to \(var4 \).
Qualitative Monitoring of the Specification. We illustrate the qualitative monitoring of the property applied to the traces as done using the GUI of the tool. In the evaluation configuration window, we first specify the xSTL specification, the simulation traces and an optional alias file. In addition to setting up the inputs, we also select the representation of the real numbers, the interpolation and the feature of the diagnostics module.
After evaluating the specification on the traces, we can visually depict the results, as shown in Fig. 1. The nodes in the xSTL parse tree view are expandable via a double click. By expanding the node of the specification, we can see that assertion two is satisfied, while assertions one, three, four and five are violated. We note that we can visualize the satisfaction signals for any subproperty of the specification.
Fault Explanation. The fault explanation is given in the form of temporal implicants which are (small) subsegments of the input signals which are sufficient to imply the property violation. Figure 7 illustrates the visual output of the diagnostics procedure in AMT 2.0 for the bounded stabilization specification. The first two figures show the trace diagnostics report for the third assertion. We can see that the trigger signal does not contribute to the fault, but var3 does at a single point in time within the interval [100, 150]. At that time, var3 is greater than the invariant threshold 5 V which explains the property violation. The last two figures show that same report, but for the fifth assertion. In this case, the fault is explained by the fact that signal trigger gets high at time 100 and by the values of signal var4 at times 350, 600 and 750. We can see that the last two times coincide with the glitches, thus witnessing that var4 never continuously holds below 0.2 V for at least 300 time units.
We note that the tool computes the fault explanations in a hierarchical manner, following the parse tree of the formula. This additional and complementary information can be quite useful in understanding the fault. We finally note that the trace diagnostics can be made hierarchic.
4.2 Digital Clock Jitter
Informal Requirements. Given a continuoustime Booleanvalued signal \(clock \), a clock period is defined as a segment that starts with the rising edge of the \(clock \) and ends with its consecutive rising edge. The measurement specification is to measure the duration of all the clock periods matched within the \(clock \) signal in order to assess the clock jitter.
Simulation Trace. We apply the specifications to a Boolean \(clock \) signal, see Fig. 8.
Formal Specification in xSTL. We now formalize the measurement specification for the digital clock jitter analysis in xSTL. We first declare the Boolean variable \(clock \), as well as its negation \(nclock \). We then specify the pattern \(clock\_period \) that consists of concatenations that starts with the rising edge of \(clock \) (\(start{clock} \)), followed by an interval of positive duration where \(clock \) holds, followed by another interval of positive duration where \(nclock \) holds, and ending with the next rising edge of \(clock \). Finally, we declare the actual measurement to be taken as \(duration(clock\_period) \) which extracts the durations of all signal segments that match the \(clock\_pattern \) pattern.
PatternDriven Measurements. The visualization of the measurement specification consists of a histogram depicting the distribution of the measures taken over signal segments that match the pattern, the total number of matched segments, as well as the minimum, maximum and average value of the measures. The visual summary of the clock jitter measurement is shown in Fig. 9.
5 Related Work
Breach [11] is a MATLAB/Simulink toolbox that enables various types of STL specification analysis. In particular, Breach supports falsificationbased testing, parameter synthesis and requirement mining of STL properties. STaLiRo [3] is another Simulink/MATLAB toolbox for different robustness analysis of MTL specifications. It provides support for falsificationbased testing, parameter mining, runtime verification, conformance testing, computing the worst expected robustness for stochastic systems and debugging of formal requirements. The ViSpec [15] tool, associated with STaLiRo, allows visual specification of MTL requirements. BIOCHAM [10] is a tool for inferring unknown (biological) model parameters from temporal logic constraints. The authors in [9] extend STL with freeze quantifiers that allow them to express oscillatory properties. Similar oscillatory properties of the heart behavior are studied using quantitative regular expressions (QRE) in [1].
Montre [21] is a prototype tool for TRE pattern matching. It provides support for both offline and online matching. AMT 2.0 implements the offline matching algorithms used by Montre and adds a specification measurement language on top of it. Montre does not provide support for STL, monitoring and trace diagnostics.
The combination of STL and TRE was inspired by the Property Specification Language (PSL) [12] and SystemVerilog Assertions (SVA) [23] standards used in the digital hardware verification. Both PSL and SVA use the suffix implication operator to combine temporal logic with regular expressions. In contrast, we define match begin and end operators that give us more freedom to decide whether the begin or the end of an expression match is relevant for the property. The only other work that combines temporal logic and the regular expressions in the context of continuoustime applications is presented in [8], where the authors propose the metric dynamic logic as the specification language for reasoning about timeevent sequences.
6 Conclusion
We introduced in this paper the AMT 2.0 tool for qualitative and quantitative analysis of traces coming from cyberphysical systems applications. The tool uses an expressive specification language based on a combination of STL and TRE and admits qualitative monitoring, trace diagnostics and propertydriven measurements as its main functionalities. The development of the tool is a continuous work in progress and there is a number of features which are planned to be developed in the near future, in particular solving the inverse problem of finding parameters in a formula template the lead to satisfaction by a given signal or a set of signals [6].
References
Abbas, H., Rodionova, A., Bartocci, E., Smolka, S.A., Grosu, R.: Quantitative regular expressions for arrhythmia detection algorithms. In: Feret, J., Koeppl, H. (eds.) CMSB 2017. LNCS, vol. 10545, pp. 23–39. Springer, Cham (2017). https://doi.org/10.1007/9783319674711_2
Alur, R., Feder, T., Henzinger, T.A.: The benefits of relaxing punctuality. J. ACM 43(1), 116–146 (1996)
Annpureddy, Y., Liu, C., Fainekos, G., Sankaranarayanan, S.: STaLiRo: a tool for temporal logic falsification for hybrid systems. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 254–257. Springer, Heidelberg (2011). https://doi.org/10.1007/9783642198359_21
Asarin, E., Caspi, P., Maler, O.: A Kleene theorem for timed automata. In: Logic in Computer Science (LICS), pp. 160–171 (1997)
Asarin, E., Caspi, P., Maler, O.: Timed regular expressions. J. ACM 49(2), 172–206 (2002)
Asarin, E., Donzé, A., Maler, O., Nickovic, D.: Parametric identification of temporal properties. In: Khurshid, S., Sen, K. (eds.) RV 2011. LNCS, vol. 7186, pp. 147–160. Springer, Heidelberg (2012). https://doi.org/10.1007/9783642298608_12
Bartocci, E., Deshmukh, J., Donzé, A., Fainekos, G., Maler, O., Nickovic, D., Sankaranarayanan, S.: Specificationbased monitoring of cyberphysical systems: a survey on theory, tools and applications. In: The Handbook of Runtime Verification (2018)
Basin, D., Krstić, S., Traytel, D.: Almost eventrate independent monitoring of metric dynamic logic. In: Lahiri, S., Reger, G. (eds.) RV 2017. LNCS, vol. 10548, pp. 85–102. Springer, Cham (2017). https://doi.org/10.1007/9783319675312_6
Brim, L., Dluhos, P., Safránek, D., Vejpustek, T.: STL\(^{*}\): Extending Signal Temporal Logic with signalvalue freezing operator. Inf. Comput. 236, 52–67 (2014)
Calzone, L., Fages, F., Soliman, S.: BIOCHAM: an environment for modeling biological systems and formalizing experimental knowledge. Bioinformatics 22(14), 1805–1807 (2006)
Donzé, A.: Breach, a toolbox for verification and parameter synthesis of hybrid systems. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 167–170. Springer, Heidelberg (2010). https://doi.org/10.1007/9783642142956_17
Eisner, C., Fisman, D.: A Practical Introduction to PSL. Springer, Boston (2006). https://doi.org/10.1007/9780387361239
Ferrère, T., Maler, O., Ničković, D.: Trace diagnostics using temporal implicants. In: Finkbeiner, B., Pu, G., Zhang, L. (eds.) ATVA 2015. LNCS, vol. 9364, pp. 241–258. Springer, Cham (2015). https://doi.org/10.1007/9783319249537_20
Ferrère, T., Maler, O., Ničković, D., Ulus, D.: Measuring with timed patterns. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015, Part II. LNCS, vol. 9207, pp. 322–337. Springer, Cham (2015). https://doi.org/10.1007/9783319216683_19
Hoxha, B., Bach, H., Abbas, H., Dokhanci, A., Kobayashi, Y., Fainekos, G.: Towards formal specification visualization for testing and monitoring of cyberphysical systems. In: International Workshop on Design and Implementation of Formal Tools and Systems, DIFTS 2014 (2014)
Distributed System Interface. DSI3 Bus Standard. DSI Consortium
Koymans, R.: Specifying realtime properties with metric temporal logic. RealTime Syst. 2(4), 255–299 (1990)
Maler, O., Nickovic, D.: Monitoring temporal properties of continuous signals. In: Lakhnech, Y., Yovine, S. (eds.) FORMATS/FTRTFT 2004. LNCS, vol. 3253, pp. 152–166. Springer, Heidelberg (2004). https://doi.org/10.1007/9783540302063_12
Maler, O., Nickovic, D.: Monitoring properties of analog and mixedsignal circuits. STTT 15(3), 247–268 (2013)
Nickovic, D., Maler, O.: AMT: a propertybased monitoring tool for analog systems. In: Raskin, J.F., Thiagarajan, P.S. (eds.) FORMATS 2007. LNCS, vol. 4763, pp. 304–319. Springer, Heidelberg (2007). https://doi.org/10.1007/9783540754541_22
Ulus, D.: Montre: a tool for monitoring timed regular expressions. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017, Part I. LNCS, vol. 10426, pp. 329–335. Springer, Cham (2017). https://doi.org/10.1007/9783319633879_16
Ulus, D., Ferrère, T., Asarin, E., Maler, O.: Timed pattern matching. In: Legay, A., Bozga, M. (eds.) FORMATS 2014. LNCS, vol. 8711, pp. 222–236. Springer, Cham (2014). https://doi.org/10.1007/9783319105123_16
Vijayaraghavan, S., Ramanathan, M.: A Practical Guide for SystemVerilog Assertions. Springer, Boston (2006). https://doi.org/10.1007/b137011
Acknowledgments
This work was partially supported by project ANR13CESA0008 CADMIDIA and the Productive 4.0 project (ECSEL 737459). The ECSEL Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Denmark, Germany, Finland, Czech Republic, Italy, Spain, Portugal, Poland, Ireland, Belgium, France, Netherlands, United Kingdom, Slovakia, Norway.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this book are included in the book's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the book's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2018 The Author(s)
About this paper
Cite this paper
Ničković, D., Lebeltel, O., Maler, O., Ferrère, T., Ulus, D. (2018). AMT 2.0: Qualitative and Quantitative Trace Analysis with Extended Signal Temporal Logic. In: Beyer, D., Huisman, M. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2018. Lecture Notes in Computer Science(), vol 10806. Springer, Cham. https://doi.org/10.1007/9783319899633_18
Download citation
DOI: https://doi.org/10.1007/9783319899633_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 9783319899626
Online ISBN: 9783319899633
eBook Packages: Computer ScienceComputer Science (R0)