Model checking Duration Calculus: a practical approach

Model checking of real-time systems against Duration Calculus (DC) specifications requires the translation of DC formulae into automata-based semantics. The existing algorithms provide a limited DC coverage and do not support compositional verification. We propose a translation algorithm that advances the applicability of model checking tools to realistic applications. Our algorithm significantly extends the subset of DC that can be checked automatically. The central part of the algorithm is the automatic decomposition of DC specifications into sub-properties that can be verified independently. The decomposition is based on a novel distributive law for DC. We implemented the algorithm in a tool chain for the automated verification of systems comprising data, communication, and real-time aspects. We applied the tool chain to verify safety properties in an industrial case study from the European Train Control System (ETCS).

[1]  Martin Fränzle,et al.  Deciding an Interval Logic with Accumulated Durations , 2007, TACAS.

[2]  Günter Hommel,et al.  Towards modeling and evaluation of ETCS real-time communication and operation , 2005, Journal of Systems and Software.

[3]  Michael R. Hansen,et al.  Duration Calculus , 2004, Monographs in Theoretical Computer Science An EATCS Series.

[4]  Shankara Narayanan Krishna,et al.  Modal Strength Reduction in Quantified Discrete Duration Calculus , 2005, FSTTCS.

[5]  André Platzer,et al.  Differential Dynamic Logic for Verifying Parametric Hybrid Systems , 2007, TABLEAUX.

[6]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[7]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[8]  Andreas Podelski,et al.  Abstraction Refinement for Termination , 2005, SAS.

[9]  Paritosh K. Pandya,et al.  Interval Duration Logic: Expressiveness and Decidability , 2002, Theory and Practice of Timed Systems @ ETAPS.

[10]  Holger Hermanns,et al.  From StoCharts to MoDeST: a comparative reliability analysis of train radio communications , 2005, WOSP '05.

[11]  Anders P. Ravn,et al.  Design of embedded real-time computing systems , 1994 .

[12]  Andreas Podelski,et al.  Transition predicate abstraction and fair termination , 2005, POPL '05.

[13]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[14]  Moshe Y. Vardi Verification of Concurrent Programs: The Automata-Theoretic Framework , 1991, Ann. Pure Appl. Log..

[15]  Ahmed Bouajjani,et al.  From Duration Calculus To Linear Hybrid Automata , 1995, CAV.

[16]  Jochen Hoenicke,et al.  Combining Specification Techniques for Processes, Data and Time , 1998, ZUM.

[17]  Kim G. Larsen,et al.  The power of reachability testing for timed automata , 1998, Theor. Comput. Sci..

[18]  Graeme Smith,et al.  The Object-Z Specification Language , 1999, Advances in Formal Methods.

[19]  Henning Dierks,et al.  Constructing Test Automata from Graphical Real-Time Requirements , 2002, FTRTFT.

[20]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[21]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[22]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[23]  Gordon A. Rose,et al.  Object-Z , 1992, Object Orientation in Z.

[24]  Jochen Hoenicke,et al.  Combination of processes, data, and time , 2006 .

[25]  Andreas Podelski,et al.  A Model Checker based on Abstraction Refinement , 2002 .

[26]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[27]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[28]  Ingo Brückner,et al.  Slicing Concurrent Real-Time System Specifications for Verification , 2007, IFM.

[29]  Viorica Sofronie-Stokkermans,et al.  Constraint solving for interpolation , 2007, J. Symb. Comput..

[30]  Jochen Hoenicke,et al.  CSP-OZ-DC: A Combination of Specification Techniques for Processes, Data and Time , 2002, Nord. J. Comput..

[31]  Michael R. Hansen,et al.  Decidability and Undecidability Results for Duration Calculus , 1993, STACS.

[32]  Johannes Faber,et al.  Verifying CSP-OZ-DC Specifications with Complex Data Types and Timing Parameters , 2007, IFM.

[33]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[34]  Roland Meyer,et al.  Model Checking Duration Calculus: A Practical Approach , 2006, ICTAC.

[35]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[36]  Jochen Hoenicke,et al.  Model-Checking of Specifications Integrating Processes, Data and Time , 2005, FM.

[37]  Martin Fränzle,et al.  Model-checking dense-time Duration Calculus , 2004, Formal Aspects of Computing.