Blog Business and More. Java Viewer: Fixed results from a MySQL 5. Post navigation В.Rajeev Alur. PhD thesis, Stanford University, Burch, E. Clarke, D. Dill, L. Hwang, and K. Symbolic model checking: 10 20 states and beyond. On a decision method in restricted second-order arithmetic. Stanford University Press, Clarke, I. Draghicescu, and R. Technical report, Carnegie Mellon University, Edmund Clarke, E. Allen Emerson, and A. Prasad Sistla. Automatic verification of finite-state concurrent systems using temporal-logic specifications.

CrossRef Google Scholar. Yaacov Choueka. Journal of Computer and System Sciences , —, Costas Courcoubetis and Mihalis Yannakakis. Minimum and maximum delay problems in real-time systems. David Dill and Howard Wong-Toi. Synthesizing processes and schedulers from temporal specifications. Allen Emerson and Edmund M. Using branching-time temporal logic to synthesize synchronization skeletons. Science of Computer Programming , —, Patrice Godefroid and Pierre Wolper.

A partial approach to model-checking. Communicating sequential processes. Communications of the ACM , 21 8 —, John Hopcroft and Jeff Ullman. Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Robert Kurshan. Journal of Computer and System Sciences , —71, Leslie Lamport. What good is temporal logic? Elsevier Science Publishers, Robert McNaughton. Testing and generating infinite sequences by a finite automaton.

Information and Control , —, Zohar Manna and Amir Pnueli. The temporal framework for concurrent programs. Boyer and J. Moore, editors, The correctness problem in Computer science , pages — Academic Press, Amir Pnueli. The temporal logic of programs. Applications of temporal logic to the specification and verification of reactive systems: a survey of current trends.

Springer-Verlag, Hartley Rogers. Theory of Recursive Functions and Effective Computability. McGraw-Hill, Shmuel Safra. Theoretical Computer Science , 49, Wolfgang Thomas. Automata on infinite objects. Moshe Vardi. Verification of concurrent programs — the automata-theoretic framework. Moshe Vardi and Pierre Wolper. W e now revisit some of the automata pr esented earlier in this chapter and give sample.

Example 4. Consider the automaton PeriodicSend u,M from. The following sequence is an execution of the automaton:. It descr ibes the evolution. W e now present an execution of the automaton. Timeout u,M from Example 4. S ince no other. A new message. Since no ne w message. The time elapses for e ver. This example illustrates that the automaton Timeout can perform multiple timeout.

That is, by hiding. Consider the time-bounded channel automaton. It is easy to obser ve that time c annot pass beyond any deliver y dead line. This propert y can be stated as an invariant asser tion. Invariant: In any reachable state x of automaton.

Such an invariant c an be proved by induction. Axioms T1 and T2 allow us to vie w any c losed execution as a. The invariant can then be proved using induction on the length k of the. The main safety property that needs to be satis-. FischerME from Example 4. This safety propert y. Invariant 1: In any reachable state x of.

FischerME , there do not exist i:Index and j:Index. Even though the invariant does not refer to time, its proof depends on the timing con-. F or example, the following auxiliary invariant can be used in proving. Invariant 2: In any reachable state x of. This invariant states that if the program counter of process i has the value check , the. If this.

Both of the processes would then obser ve x to contain their own. The following lemma states that some properties of executions carr y of to their traces and. Pr oof: The proof follows directly from the corresponding properties for the restriction of. A , V -sequences L emma 3.

F or the second par t of the lemma, obser ve that a non-Z eno trace is either closed or. Consider the Zeno. Thus, we see why we have a one-way implication in item 3 of L emma 4. W e are sometimes interested in bounding the amount of internal nondeterminism in a timed. It is not hard to see that the automata.

The second propert y follo ws from the fact that in each automaton, for ever y state x and. W e show that automata. FischerME and ClockSync. F or each automaton, we specify a trace, describe the set of. Le t x be the star t state of. Ther e are. Now , let x be the start state of. The following lemma states that if a timed automaton has FIN, then its set of traces is.

Then the hybrid sequence lim. Pr oof: This is analogous to the proof of Lemma 4. Suppose that A is a timed. There are two references to automata with FIN later in the chapter. The second r eference appears in the discussion about the. A timed automaton A is feasible provided that for e ver y state x of A there exists an admissible.

