The formal design of distributed controllers with
            <sub>d</sub>
            SL and Spin

Wachter, Bram De; Genon, Alexandre; Massart, Thierry; Meuter, Cédric

doi:10.1007/s00165-005-0066-9

Cited by 8 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We still need to validate our approach on more realistic examples. For that purpose, our method will be integrated shortly in our tool TraX and fully interfaced with our distributed controllers design environment d SL [1,2] to allow efficient testing of real industrial distributed controllers. We will also continue to investiguate possible further improvements of our technique, as the one inspired on the RCtl model checking with computation slicing described in [15].…”

Section: Discussionmentioning

confidence: 99%

“…When the purpose of such a system is to perform some control of critical equipment like an industrial plant, a plane, or a satellite, its correctness is extremely important. The designer can ease her work by various techniques [1,2,3] including validation and debugging. In particular, traditional model-based approaches abstract the action the system can do into events which change the system's global state.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Testing Distributed Systems Through Symbolic Model Checking

Kalyon

Massart

Meuter

et al. 2007

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The observation of a distributed system's finite execution can be abstracted as a partial ordered set of events generally called finite (partial order) trace. In practice, this trace can be obtained through a standard code instrumentation, which takes advantage of existing communications between processes to partially order events of different processes. We show that testing that such a distributed execution satisfies some global property amounts therefore to model check the corresponding trace. This work can be time consuming; we therefore provide an efficient symbolic Ctl model-checking algorithm for traces. This method is based on a symbolic data structure, called Interval Sharing Trees, allowing to efficiently represent and manipulate sets of k-uples of naturals. Efficient symbolic operations are defined on this data structure in order to deal with all Ctl modalities. We show that in practice this data structure is well adapted for Ctl model checking of traces.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Testing Distributed Systems Through Symbolic Model Checking

Kalyon

Massart

Meuter

et al. 2007

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

Monitoring Distributed Controllers: When an Efficient LTL Algorithm on Sequences Is Needed to Model-Check Traces

Genon

Massart

Meuter

2006

FM 2006: Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. It is well known that through code instrumentation, a distributed system's finite execution can generate a finite trace as a partially ordered set of events. We motivate the need to use LTL model-checking on sequences and not on traces as defined by Diekert and Gastin, to validate distributed control systems executions, abstracted by such traces, and present an efficient symbolic algorithm to do the job. It uses the standard method proposed by Vardi and Wolper, which from the LTL formula, builds a monitor that accepts all the bad sequences. We show that, given a monitor and a trace, the problem to check that both the monitor and the trace have a common sequence is NP-complete in the number of concurrent processes. Our method explores the possible configurations symbolically, since it handles sets of configurations. Moreover, it uses techniques similar to the partial order reduction, to avoid exploring as many execution interleavings as possible. It works very well in practice, compared to the standard exploration method, with or without partial order reduction (which, in practice, does not work well here).

show abstract