Towards a denotational semantics of timed RSL using duration calculus

The Timed RAISE Specification Language(Timed RSL)is an extension of RAISE Specificatioin Language by adding time constructors for specifying real-time applications.Duration Calculus(DC) is a real-time interval logic,which can be used to specify and reason about timing and logical constraints on duration propoerties of Boolean states in a dynamic system.This paper gives a denotational semantics to a subset of Timed RSL expressions,using Duration Calculus extended with super-dense shop modality and notations to capture time point properties of piecewise continuous states of arbitrary types.Using this semantics,the paper pesents a proof rule for verifying Timed RSL iterative expressions and implements the rule to prove the satisfaction by a sample Timed RSL specification of its real-time requrements.     

Checking Temporal Duration Properties of Timed Automata

In this paper, the problem of checking a timed automaton for a Duration Calculus formula of the form Temporal Duration Property is addressed. It is shown that Temporal Duration Properties are in the class of discretisable real-time properties of Timed Automata, and an algorithm is given to solve the problem based on linear programming techniques and the depth-first search method in the integral region graph of the automaton. The complexity of the algorithm is in the same class as that of the solution of the reachability problem of timed automata.     

Advanced Features of Duration Calculus and Their Applications in Sequential Hybrid Programs

Duration Calculus was introduced as a logic to specify real-time requirements of computing systems. It has been used successfully in a number of case studies. Moreover, many variants were proposed to deal with various features of real time systems, including sequential communicating processes, sequential hybrid systems and imperative programming languages. This paper aims to integrate several variants of Duration Calculus, and to provide a semantic framework for real-time programming languages and sequential hybrid programs. A shortversion of this paper appeared in J. Davis, A.W. Roscoe and J.C.P. Woodcock editors, Millennial Perspectives in Computer Science,Proceedings of the 1999 Oxford-Microsoft Symposium in Honour ofProfessor C.A.R. Hoare.     

Decidability of mean value calculus

Mean Value Calculus(MVC)^[1] is a real-time logic which can be used to specify and verify real-time systems^[2].As a conservative extension of Duration Calculus(DC)^[3],MVC increases the expressive power but keeps the properties of DC.In this paper we present decidability results of MVC.An interesting result is that propositional MVC with chop star operator is still decidable,which develops the results of [4]and [5].     

使用延时演算的时间化RSL的指称语义

使用扩展的持续时间演算(EDC)模型,给出了时间化的RAISE描述语言(RSL)的一个子集的指称语义.在扩展的持续时间演算模型中加入了一些新的特征,并探究了它们的代数定律.这些定律在形式化实时程序和验证实时性质中起着重要作用.最后还给出了时间化RSL的一些代数定律.这些定律可以从其指称语义证明,并用于程序的转化和优化.     

Duration-constrained regular expressions

This paper investigates the logic-automata-connection for Duration Calculus. It has been frequently observed that Duration Calculus with linear duration terms comes close to being a logic of linear hybrid automata. We attempt to make this relation precise by constructing Kleene-connection between duration-constrained regular expressions and a subclass of linear hybrid automata called loop-reset automata in which any variable tested in a loop is reset in the same loop. The formalism of duration-constrained regular expressions is an extension of regular expressions with duration constraints, which are essentially formulas of Duration Calculus without negation, yet extended by a Kleene-star operator. In this paper, we show that this formalism is equivalent in expressive power to loop-reset automata by providing a translation procedure from expressions to automata and vice verse.Received June 1999Accepted in revised form September 2003 by M. R. Hansen and C. B. Jones     

Decidability of a Hybrid Duration Calculus

We present a logic which we call Hybrid Duration Calculus (HDC). HDC is obtained by adding the following hybrid logical machinery to the Restricted Duration Calculus (RDC): nominals, satisfaction operators, down-arrow binder, and the global modality. RDC is known to be decidable, and in this paper we show that decidability is retained when adding the hybrid logical machinery. Decidability of HDC is shown by reducing the satisfiability problem to satisfiability of Monadic Second-Order Theory of Order. We illustrate the increased expressive power obtained in hybridizing RDC by showing that HDC, in contrast to RDC, can express all of the 13 possible relations between intervals.     

Model-checking discrete duration calculus

Duration Calculus was introduced in [ZHR91] as a logic to specify and reason about requirements for real-time systems. It is an extension of Interval Temporal Logic [Mos85] where one can reason about integrated constraints over time-dependent and Boolean valued states without explicit mention of absolute time. Several major case studies, e.g. the gas burner system in [RRH93], have shown that Duration Calculus provides a high level of abstraction for both expressing and reasoning about specifications. Using Timed Automata [A1D92] one can express how real-time systems can be constructed at a level of detail which is close to an actual implementation. We consider in the paper the correctness of Timed Automata with respect to Duration Calculus formulae. For a subset of Duration Calculus, we show that one can automatically verify whether a Timed Automaton ? is correct with respect to a formulaD, abbreviated ? ?D, i.e. one can domodel-checking. The subset we consider is expressive enough to formalize the requirements to the gas burner system given in [RRH93]; but only for a discrete time domain. Model-checking is done by reducing the correctness problem ? ?D to the inclusion problem of regular languages.     

An intuitive formal proof for Deadline Driven Scheduler

This paper presents another formal proot for the correctness of the Deadline Driven Scheduler(DDS),This proof is given in terms of Duration Calculus which provides abstraction for random preemption of Processor.Compared with other approaches,this proof relies on many intuitive facts.Therefore this proof is more intuitive,while it is still formal.     

Model-checking dense-time Duration Calculus

Since the seminal work of Zhou Chaochen, M. R. Hansen, and P. Sestoft on decidability of dense-time Duration Calculus [ZHS93] it is well known that decidable fragments of Duration Calculus can only be obtained through withdrawal of much of the interesting vocabulary of this logic. While this was formerly taken as an indication that key-press verification of implementations with respect to elaborate Duration Calculus specifications were also impossible, we show that the model property is well decidable for realistic designs which feature natural constraints on their switching dynamics.The key issue is that the classical undecidability results rely on a notion of validity of a formula that refers to a class of models which is considerably richer than the possible behaviours of actual embedded real-time systems: that of finitely variable trajectories. By analysing two suitably sparser model classes we obtain model-checking procedures for rich subsets of Duration Calculus. Together with undecidability results also obtained, this sheds light upon the exact borderline between decidability and undecidability of Duration Calculi and related logics.Received June 1999Accepted in revised form September 2003 by M. R. Hansen and C. B. Jones     

Interval Duration Logic: Expressiveness and Decidability

We investigate a variant of dense-time Duration Calculus which permits model checking using timed/hybrid automata. We define a variant of the Duration Calculus, called Interval Duration Logic, (IDL), whose models are timed state sequences [1].A subset LIDL of IDL consisting only of located time constraints is presented. As our main result, we show that the models of an LIDL formula can be captured as timed state sequences accepted by an event-recording integrator automaton. A tool called IDLVALID for reducing LIDL formulae to integrator automata is briefly described. Finally, it is shown that LIDL has precisely the expressive power of event-recording integrator automata, and that a further subset LIDL- corresponds exactly to event-recording timed automata [2]. This gives us an automata-theoretic decision procedure for the satisfiability of LIDL– formulae.     

The Saga of Synchronous Bus Arbiter: On Model Checking Quantitative Timing Properties of Synchronous Programs

Quantified Discrete-time Duration Calculus, (QDDC), is a form of interval temporal logic [14]. It is well suited to specify quantitative timing properties of synchronous systems. An automata theoretic decision procedure for QDDC allows converting a QDDC formula into a finite state automaton recognising precisely the models of the formula. The automaton can be used as a synchronous observer for model checking the property of a synchronous program. This theory has been implemented into a tool called DCVALID which permits model checking QDDC properties of synchronous programs written in Esterel, Verilog and SMV notations.In this paper, we consider two well-known synchronous bus arbiter circuits (programs) from the literature. We specify some complex quantitative properties of these arbiters, including their response time and loss time, using QDDC. We show how the tool DCVALID can be used to effectively model check these properties (with some surprising results).     

tdc.msm: an R library for the analysis of multi-state survival data

The aim of this paper is to present an R library, called tdc.msm, developed to analyze multi-state survival data. In this library, the time-dependent regression model and multi-state models are included as two possible approaches for such data. For the multi-state modelling five different models are considered, allowing the user to choose between Markov and semi-Markov property, as well as to use homogeneous or non-homogeneous models. Specifically, the following multi-state models in continuous time were implemented: Cox Markov model; Cox semi-Markov model; homogeneous Markov model; non-homogeneous piecewise model and non-parametric Markov model. This software can be used to fit multi-state models with one initial state (e.g., illness diagnosis), a finite number of intermediate states, representing, for example, a change of treatment, and one absorbing state corresponding to a terminal event of interest. Graphical output includes survival estimates, transition probabilities estimates and smooth log hazard for continuous covariates.     

Model-checking discrete duration calculus

Duration Calculus was introduced in [ZHR91] as a logic to specify and reason about requirements for real-time systems. It is an extension of Interval Temporal Logic [Mos85] where one can reason about integrated constraints over time-dependent and Boolean valued states without explicit mention of absolute time. Several major case studies, e.g. the gas burner system in [RRH93], have shown that Duration Calculus provides a high level of abstraction for both expressing and reasoning about specifications. Using Timed Automata [A1D92] one can express how real-time systems can be constructed at a level of detail which is close to an actual implementation. We consider in the paper the correctness of Timed Automata with respect to Duration Calculus formulae. For a subset of Duration Calculus, we show that one can automatically verify whether a Timed Automaton is correct with respect to a formulaD, abbreviated D, i.e. one can domodel-checking. The subset we consider is expressive enough to formalize the requirements to the gas burner system given in [RRH93]; but only for a discrete time domain. Model-checking is done by reducing the correctness problem D to the inclusion problem of regular languages.     

Discrete Time Non-Homogeneous Semi-Markov Reliability Transition Credit Risk Models and the Default Distribution Functions

This paper shows how to apply discrete time non-homogeneous semi-Markov processes (DTNHSMP) with an age index to credit risk. The idea is to consider the credit risk problem as a reliability model indexed by the age and in this way, many semi-Markov results could be adapted to describe credit risk problem. The default state is seen as a “non working state”. As the semi-Markov process is a generalization of Markov process, the presented model can be seen as a more general migration model. In fact, in semi-Markov environment the distribution function (d.f.) of the waiting time before a transition can be of any type and without the strong constraints of the Markov model. Furthermore, some results on the asymptotic behavior of the presented model are given. This permits the construction of the d.f. of the default random variable for each “working state”. An example, constructed manipulating some Standard & Poor’s (S&P) data, is presented.     

Applying a testing approach to the Calculus of Fair Ambients

We apply a testing approach to the Calculus of Fair Ambients and investigate the resulting testing equivalence. We prove that variant conditions on its definition do not change its discriminating power, and it is congruent on finite processes. On a proper subset of processes, open bisimilarity is strictly included in testing equivalence. It is also proved that the translation from Pi-Calculus to Fair Ambients is fully abstract with respect to testing equivalence.     

Semi-Markov decision problems and performance sensitivity analysis

Recent research indicates that Markov decision processes (MDPs) can be viewed from a sensitivity point of view; and the perturbation analysis (PA), MDPs, and reinforcement learning (RL) are three closely related areas in optimization of discrete-event dynamic systems that can be modeled as Markov processes. The goal of this paper is two-fold. First, we develop the PA theory for semi-Markov processes (SMPs); and then we extend the aforementioned results about the relation among PA, MDP, and RL to SMPs. In particular, we show that performance sensitivity formulas and policy iteration algorithms of semi-Markov decision processes can be derived based on the performance potential and realization matrix. Both the long-run average and discounted-cost problems are considered. This approach provides a unified framework for both problems, and the long-run average problem corresponds to the discounted factor being zero. The results indicate that performance sensitivities and optimization depend only on first-order statistics. Single sample path-based implementations are discussed.     

基于细胞膜演算的Web服务事务处理形式化描述与验证

采用细胞膜演算具体分析了当前比较主流的Web服务中原子事务协调协议WS-AT．针对WS-AT协议采用简单的状态转换表和转换图,无法描述协调者和多个参与者的复杂协调活动,采用细胞膜演算给出了其形式化描述,用于规范协调者和参与者的活动,并分析了该协议的活性和安全性,得到了38187个状态．模型检验的实验结果表明,该协议满足稳定性、一致性和非平凡性,而不满足非阻塞性．进而,分析出注册和协调协议混在一起是其不满足非阻塞性的原因．     

Passage-time computation and aggregation strategies for large semi-Markov processes

High-level semi-Markov modelling paradigms such as semi-Markov stochastic Petri nets and process algebras are used to capture realistic performance models of computer and communication systems but often have the drawback of generating huge underlying semi-Markov processes. Extraction of performance measures such as steady-state probabilities and passage-time distributions therefore relies on sparse matrix-vector operations involving very large transition matrices. Previous studies have shown that exact state-by-state aggregation of semi-Markov processes can be applied to reduce the number of states. This can, however, lead to a dramatic increase in matrix density caused by the creation of additional transitions between remaining states. Our paper addresses this issue by presenting the concept of state space partitioning for aggregation.We present a new deterministic partitioning method which we term barrier partitioning. We show that barrier partitioning is capable of splitting very large semi-Markov models into a number of partitions such that first passage-time analysis can be performed more quickly and using up to 99% less memory than existing algorithms.