Automatic Verification of Real-Time Communicating Systems by Constraint-Solving [chapter]

Wang Yi, Paul Pettersson, Mats Daniels
1995 IFIP Advances in Information and Communication Technology  
In this paper, an algebra of timed processes with real valued clocks is presented, which serves as a formal description language for real time communicating systems. We show that requirements such as a process will never reach an undesired state" can be veri ed by solving a simple class of constraint systems on the clock variables. A complete method for reachability analysis associated with the language is developed, and implemented as an automatic veri cation tool based on constraint solving
more » ... chniques. Finally as examples, we study and verify the safety properties of Fischer's mutual exclusion protocol and a railway crossing controller. Intuitively, it means that the whole system described by P&Q may m a k e a m o ve i . e . doing a only if the components described by P and Q can do the same. That is, all components of a concurrent system must synchronize on every action at every time point. Otherwise, the system will be deadlocked. This seems to be a strong restriction for practical application of timed automata, as real systems are often highly distributed and in many cases, a system component m a y only want to communicate with the environment o r a particular component, without synchronizing with the others. Therefore, we i n troduce a CCS like parallel composition operator for timed automata, to describe one to one communication and interleaving. As the rst contribution of this paper, we present an algebra of timed automata, which provides a number of algebraic operators including the parallel composition operator to model communication and concurrency. The operators can be used to construct complex automata i.e. complex system descriptions in terms of simpler ones i.e. component descriptions. Thus, the algebra may serve a s a structural description language for real time communicating systems. As the second contribution of the paper, we develop a veri cation tool based on constraint solving techniques, for the type of systems described above. There have been a n umber of veri cation techniques developed for timed automata, e.g. 2, 1, 14 . However, most of the existing algorithms are based on the notion of region graphs, which always construct the whole reachability graph for a given automaton rst and then check properties of the graph. Though there have been e cient algorithms to construct minimal reachability graphs such as 2 , the problem of state explosion is still an obstacle for automatic veri cation. In particular, when the systems to be analyzed include many components, it would be impossible to construct the whole reachability graph even in the untimed setting. It has been pointed out in 12 and elsewhere that the practical goal of veri cation of real time systems is to verify simple logical properties, which does not need the whole power of model checking e.g. for timed CTL. We shall only consider simple safety properties, which can be veri ed without constructing the whole reachability graph of a timed system. For instance, a railway control system see section 4 should guarantee that at most one train can cross a critical point at the same time". This is a typical safety property meaning that bad things can never happen. However, we can also verify properties requiring that a good thing will eventually happen within a certain time limit. For example, a train should be able to pass a critical point such as a bridge, within a bounded delay". We will show that such properties can be veri ed by solving a simple class of linear constraint systems. The rest of the paper will be organized as follows: In section 2, we present an algebra of timed processes, in which a syntactical term describes a timed automaton; any timed automaton can be expressed in the algebra. In section 3, we study the reachability problems associated with the algebra. An algorithm is presented, and proved to be sound i.e. it always provides the right answer and complete i.e. it always terminates. It is implemented as a tool, based on an existing constraint solving program. In section 4, as examples, we study a variant of the railway crossing problem and Fischer's mutual exclusion protocol. Finally, i n s e c t i o n 5 w e give some concluding remarks.
doi:10.1007/978-0-387-34878-0_18 fatcat:evm2ftyh2vg3llblbpr5sxmsva