--- _id: '4462' abstract: - lang: eng text: 'A major hurdle in the algorithmic verification and control of systems is the need to find suitable abstract models, which omit enough details to overcome the state-explosion problem, but retain enough details to exhibit satisfaction or controllability with respect to the specification. The paradigm of counterexample-guided abstraction refinement suggests a fully automatic way of finding suitable abstract models: one starts with a coarse abstraction, attempts to verify or control the abstract model, and if this attempt fails and the abstract counterexample does not correspond to a concrete counterexample, then one uses the spurious counterexample to guide the refinement of the abstract model. We present a counterexample-guided refinement algorithm for solving ω-regular control objectives. The main difficulty is that in control, unlike in verification, counterexamples are strategies in a game between system and controller. In the case that the controller has no choices, our scheme subsumes known counterexample-guided refinement algorithms for the verification of ω-regular specifications. Our algorithm is useful in all situations where ω-regular games need to be solved, such as supervisory control, sequential and program synthesis, and modular verification. The algorithm is fully symbolic, and therefore applicable also to infinite-state systems.' acknowledgement: This research was supported in part by the DARPA SEC grant F33615-C-98-3614, the ONR grant N00014-02-1-0671, and the NSF grants CCR-9988172, CCR-0085949, and CCR-0225610. alternative_title: - LNCS article_processing_charge: No author: - first_name: Thomas A full_name: Henzinger, Thomas A id: 40876CD8-F248-11E8-B48F-1D18A9856A87 last_name: Henzinger orcid: 0000−0002−2985−7724 - first_name: Ranjit full_name: Jhala, Ranjit last_name: Jhala - first_name: Ritankar full_name: Majumdar, Ritankar last_name: Majumdar citation: ama: 'Henzinger TA, Jhala R, Majumdar R. Counterexample-guided control. In: Proceedings of the 30th International Colloquium on Automata, Languages and Programming. Vol 2719. Springer; 2003:886-902. doi:10.1007/3-540-45061-0_69' apa: 'Henzinger, T. A., Jhala, R., & Majumdar, R. (2003). Counterexample-guided control. In Proceedings of the 30th International Colloquium on Automata, Languages and Programming (Vol. 2719, pp. 886–902). Eindhoven, The Netherlands: Springer. https://doi.org/10.1007/3-540-45061-0_69' chicago: Henzinger, Thomas A, Ranjit Jhala, and Ritankar Majumdar. “Counterexample-Guided Control.” In Proceedings of the 30th International Colloquium on Automata, Languages and Programming, 2719:886–902. Springer, 2003. https://doi.org/10.1007/3-540-45061-0_69. ieee: T. A. Henzinger, R. Jhala, and R. Majumdar, “Counterexample-guided control,” in Proceedings of the 30th International Colloquium on Automata, Languages and Programming, Eindhoven, The Netherlands, 2003, vol. 2719, pp. 886–902. ista: 'Henzinger TA, Jhala R, Majumdar R. 2003. Counterexample-guided control. Proceedings of the 30th International Colloquium on Automata, Languages and Programming. ICALP: Automata, Languages and Programming, LNCS, vol. 2719, 886–902.' mla: Henzinger, Thomas A., et al. “Counterexample-Guided Control.” Proceedings of the 30th International Colloquium on Automata, Languages and Programming, vol. 2719, Springer, 2003, pp. 886–902, doi:10.1007/3-540-45061-0_69. short: T.A. Henzinger, R. Jhala, R. Majumdar, in:, Proceedings of the 30th International Colloquium on Automata, Languages and Programming, Springer, 2003, pp. 886–902. conference: end_date: 2003-07-04 location: Eindhoven, The Netherlands name: 'ICALP: Automata, Languages and Programming' start_date: 2003-06-30 date_created: 2018-12-11T12:08:58Z date_published: 2003-06-25T00:00:00Z date_updated: 2024-01-10T11:19:41Z day: '25' doi: 10.1007/3-540-45061-0_69 extern: '1' intvolume: ' 2719' language: - iso: eng month: '06' oa_version: None page: 886 - 902 publication: Proceedings of the 30th International Colloquium on Automata, Languages and Programming publication_identifier: isbn: - '9783540404934' publication_status: published publisher: Springer publist_id: '265' quality_controlled: '1' scopus_import: '1' status: public title: Counterexample-guided control type: conference user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17 volume: 2719 year: '2003' ... --- _id: '4464' abstract: - lang: eng text: We introduce the paradigm of schedule-carrying code (SCC). A hard real-time program can be executed on a given platform only if there exists a feasible schedule for the real-time tasks of the program. Traditionally, a scheduler determines the existence of a feasible schedule according to some scheduling strategy. With SCC, a compiler proves the existence of a feasible schedule by generating executable code that is attached to the program and represents its schedule. An SCC executable is a real-time program that carries its schedule as code, which is produced once and can be revalidated and executed with each use. We evaluate SCC both in theory and practice. In theory, we give two scenarios, of nonpreemptive and distributed scheduling for Giotto programs, where the generation of a feasible schedule is hard, while the validation of scheduling instructions that are attached to the programs is easy. In practice, we implement SCC and show that explicit scheduling instructions can reduce the scheduling overhead up to 35% and can provide an efficient, flexible, and verifiable means for compiling Giotto programs on complex architectures, such as the TTA. acknowledgement: This work was supported by the AFOSR MURI grant F49620-00-1-0327, the California MICRO grant 01-037, the DARPA grant F33615-C-98-3614, the MARCO grant 98-DT-660, and the NSF grants CCR-0208875, CCR-0085949, and CCR-0225610. alternative_title: - LNCS article_processing_charge: No author: - first_name: Thomas A full_name: Henzinger, Thomas A id: 40876CD8-F248-11E8-B48F-1D18A9856A87 last_name: Henzinger orcid: 0000−0002−2985−7724 - first_name: Christoph full_name: Kirsch, Christoph last_name: Kirsch - first_name: Slobodan full_name: Matic, Slobodan last_name: Matic citation: ama: 'Henzinger TA, Kirsch C, Matic S. Schedule-carrying code. In: Proceedings of the 3rd International Conference on Embedded Software. Vol 2855. ACM; 2003:241-256. doi:10.1007/978-3-540-45212-6_16' apa: 'Henzinger, T. A., Kirsch, C., & Matic, S. (2003). Schedule-carrying code. In Proceedings of the 3rd International Conference on Embedded Software (Vol. 2855, pp. 241–256). Philadelphia, PA, USA: ACM. https://doi.org/10.1007/978-3-540-45212-6_16' chicago: Henzinger, Thomas A, Christoph Kirsch, and Slobodan Matic. “Schedule-Carrying Code.” In Proceedings of the 3rd International Conference on Embedded Software, 2855:241–56. ACM, 2003. https://doi.org/10.1007/978-3-540-45212-6_16. ieee: T. A. Henzinger, C. Kirsch, and S. Matic, “Schedule-carrying code,” in Proceedings of the 3rd International Conference on Embedded Software, Philadelphia, PA, USA, 2003, vol. 2855, pp. 241–256. ista: 'Henzinger TA, Kirsch C, Matic S. 2003. Schedule-carrying code. Proceedings of the 3rd International Conference on Embedded Software. EMSOFT: Embedded Software , LNCS, vol. 2855, 241–256.' mla: Henzinger, Thomas A., et al. “Schedule-Carrying Code.” Proceedings of the 3rd International Conference on Embedded Software, vol. 2855, ACM, 2003, pp. 241–56, doi:10.1007/978-3-540-45212-6_16. short: T.A. Henzinger, C. Kirsch, S. Matic, in:, Proceedings of the 3rd International Conference on Embedded Software, ACM, 2003, pp. 241–256. conference: end_date: 2003-10-15 location: Philadelphia, PA, USA name: 'EMSOFT: Embedded Software ' start_date: 2003-10-13 date_created: 2018-12-11T12:08:59Z date_published: 2003-09-29T00:00:00Z date_updated: 2024-01-10T11:33:57Z day: '29' doi: 10.1007/978-3-540-45212-6_16 extern: '1' intvolume: ' 2855' language: - iso: eng month: '09' oa_version: None page: 241 - 256 publication: Proceedings of the 3rd International Conference on Embedded Software publication_identifier: isbn: - '9783540202233' publication_status: published publisher: ACM publist_id: '267' quality_controlled: '1' scopus_import: '1' status: public title: Schedule-carrying code type: conference user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17 volume: 2855 year: '2003' ... --- _id: '4460' abstract: - lang: eng text: "Symbolic model checking, which enables the automatic verification of large systems, proceeds by calculating expressions that represent state sets. Traditionally, symbolic model-checking tools are based on back- ward state traversal; their basic operation is the function pre, which, given a set of states, returns the set of all predecessor states. This is because specifiers usually employ formalisms with future-time modalities, which are naturally evaluated by iterating applications of pre. It has been shown experimentally that symbolic model checking can perform significantly better if it is based, instead, on forward state traversal; in this case, the basic operation is the function post, which, given a set of states, returns the set of all successor states. This is because forward state traversal can ensure that only parts of the state space that are reachable from an initial state and relevant for the satisfaction or violation of the specification are explored; that is, errors can be detected as soon as possible.\r\nIn this paper, we investigate which specifications can be checked by symbolic forward state traversal. We formulate the problems of symbolic backward and forward model checking by means of two μ-calculi. The pre-μ calculus is based on the pre operation, and the post-μ calculus is based on the post operation. These two μ-calculi induce query logics, which augment fixpoint expressions with a boolean emptiness query. Using query logics, we are able to relate and compare the symbolic backward and forward approaches. In particular, we prove that all ω-regular (linear-time) specifications can be expressed as post-μ queries, and therefore checked using symbolic forward state traversal. On the other hand, we show that there are simple branching-time specifications that cannot be checked in this way." acknowledgement: This research was supported in part by the SRC contract 99-TJ-683.003 and the NSF grant CCR-9988172. article_processing_charge: No article_type: original author: - first_name: Thomas A full_name: Henzinger, Thomas A id: 40876CD8-F248-11E8-B48F-1D18A9856A87 last_name: Henzinger orcid: 0000−0002−2985−7724 - first_name: Orna full_name: Kupferman, Orna last_name: Kupferman - first_name: Shaz full_name: Qadeer, Shaz last_name: Qadeer citation: ama: Henzinger TA, Kupferman O, Qadeer S. From pre-historic to post-modern symbolic model checking. Formal Methods in System Design. 2003;23(3):303-327. doi:10.1023/A:1026228213080 apa: Henzinger, T. A., Kupferman, O., & Qadeer, S. (2003). From pre-historic to post-modern symbolic model checking. Formal Methods in System Design. Springer. https://doi.org/10.1023/A:1026228213080 chicago: Henzinger, Thomas A, Orna Kupferman, and Shaz Qadeer. “From Pre-Historic to Post-Modern Symbolic Model Checking.” Formal Methods in System Design. Springer, 2003. https://doi.org/10.1023/A:1026228213080. ieee: T. A. Henzinger, O. Kupferman, and S. Qadeer, “From pre-historic to post-modern symbolic model checking,” Formal Methods in System Design, vol. 23, no. 3. Springer, pp. 303–327, 2003. ista: Henzinger TA, Kupferman O, Qadeer S. 2003. From pre-historic to post-modern symbolic model checking. Formal Methods in System Design. 23(3), 303–327. mla: Henzinger, Thomas A., et al. “From Pre-Historic to Post-Modern Symbolic Model Checking.” Formal Methods in System Design, vol. 23, no. 3, Springer, 2003, pp. 303–27, doi:10.1023/A:1026228213080. short: T.A. Henzinger, O. Kupferman, S. Qadeer, Formal Methods in System Design 23 (2003) 303–327. date_created: 2018-12-11T12:08:58Z date_published: 2003-06-20T00:00:00Z date_updated: 2024-01-10T11:50:31Z day: '20' doi: 10.1023/A:1026228213080 extern: '1' intvolume: ' 23' issue: '3' language: - iso: eng month: '06' oa_version: None page: 303 - 327 publication: Formal Methods in System Design publication_identifier: issn: - 0925-9856 publication_status: published publisher: Springer publist_id: '268' quality_controlled: '1' scopus_import: '1' status: public title: From pre-historic to post-modern symbolic model checking type: journal_article user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17 volume: 23 year: '2003' ... --- _id: '4469' abstract: - lang: eng text: Giotto provides an abstract programmer's model for the implementation of embedded control systems with hard real-time constraints. A typical control application consists of periodic software tasks together with a mode-switching logic for enabling and disabling tasks. Giotto specifies time-triggered sensor readings, task invocations, actuator updates, and mode switches independent of any implementation platform. Giotto can be annotated with platform constraints such as task-to-host mappings, and task and communication schedules. The annotations are directives for the Giotto compiler, but they do not alter the functionality and timing of a Giotto program. By separating the platform-independent from the platform-dependent concerns, Giotto enables a great deal of flexibility in choosing control platforms as well as a great deal of automation in the validation and synthesis of control software. The time-triggered nature of Giotto achieves timing predictability, which makes Giotto particularly suitable for safety-critical applications. acknowledgement: The authors would like to thank R. Majumdar for implementing a prototype Giotto compiler for Lego Mindstorms robots. They would like to thank D. Derevyanko and W. Williams for building the Intel x86 robots; and E. Lee and X. Liu for help with implementing Giotto as a “model of computation” in Ptolemy II [26]. Finally, they would also like to thank M. Sanvido for his suggestions on the design of the Giotto drivers; and P. Griffiths for implementing the functionality code of the electronic throttle controller. article_processing_charge: No article_type: original author: - first_name: Thomas A full_name: Henzinger, Thomas A id: 40876CD8-F248-11E8-B48F-1D18A9856A87 last_name: Henzinger orcid: 0000−0002−2985−7724 - first_name: Benjamin full_name: Horowitz, Benjamin last_name: Horowitz - first_name: Christoph full_name: Kirsch, Christoph last_name: Kirsch citation: ama: 'Henzinger TA, Horowitz B, Kirsch C. Giotto: A time-triggered language for embedded programming. Proceedings of the IEEE. 2003;91(1):84-99. doi:10.1109/JPROC.2002.805825' apa: 'Henzinger, T. A., Horowitz, B., & Kirsch, C. (2003). Giotto: A time-triggered language for embedded programming. Proceedings of the IEEE. IEEE. https://doi.org/10.1109/JPROC.2002.805825' chicago: 'Henzinger, Thomas A, Benjamin Horowitz, and Christoph Kirsch. “Giotto: A Time-Triggered Language for Embedded Programming.” Proceedings of the IEEE. IEEE, 2003. https://doi.org/10.1109/JPROC.2002.805825.' ieee: 'T. A. Henzinger, B. Horowitz, and C. Kirsch, “Giotto: A time-triggered language for embedded programming,” Proceedings of the IEEE, vol. 91, no. 1. IEEE, pp. 84–99, 2003.' ista: 'Henzinger TA, Horowitz B, Kirsch C. 2003. Giotto: A time-triggered language for embedded programming. Proceedings of the IEEE. 91(1), 84–99.' mla: 'Henzinger, Thomas A., et al. “Giotto: A Time-Triggered Language for Embedded Programming.” Proceedings of the IEEE, vol. 91, no. 1, IEEE, 2003, pp. 84–99, doi:10.1109/JPROC.2002.805825.' short: T.A. Henzinger, B. Horowitz, C. Kirsch, Proceedings of the IEEE 91 (2003) 84–99. date_created: 2018-12-11T12:09:00Z date_published: 2003-01-29T00:00:00Z date_updated: 2024-01-10T11:55:18Z day: '29' doi: 10.1109/JPROC.2002.805825 extern: '1' intvolume: ' 91' issue: '1' language: - iso: eng month: '01' oa_version: None page: 84 - 99 publication: Proceedings of the IEEE publication_identifier: issn: - '0018-9219 ' publication_status: published publisher: IEEE publist_id: '261' quality_controlled: '1' scopus_import: '1' status: public title: 'Giotto: A time-triggered language for embedded programming' type: journal_article user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17 volume: 91 year: '2003' ... --- _id: '4338' abstract: - lang: eng text: 'Mosaic hybrid zones arise when ecologically differentiated taxa hybridize across a network of habitat patches. Frequent interbreeding across a small-scale patchwork can erode species differences that might have been preserved in a clinal hybrid zone. In particular, the rapid breakdown of neutral divergence sets an upper limit to the time for which differences at marker loci can persist. We present here a case study of a mosaic hybrid zone between the fire-bellied toads Bombina bombina and B. variegata (Anura: Discoglossidae) near Apahida in Romania. In our 20 × 20 km study area, we detected no evidence of a clinal transition but found a strong association between aquatic habitat and mean allele frequencies at four molecular markers. In particular, pure populations of B. bombina in ponds appear to cause massive introgression into the surrounding B. variegata gene pool found in temporary aquatic sites. Nevertheless, the genetic structure of these hybrid populations was remarkably similar to those of a previously studied transect near Pescenica (Croatia), which had both clinal and mosaic features: estimates of heterozygote deficit and linkage disequilibrium in each country are similar. In Apahida, the observed strong linkage disequilibria should stem from an imperfect habitat preference that guides most (but not all) adults into the habitats to which they are adapted. In the absence of a clinal structure, the inferred migration rate between habitats implies that associations between selected loci and neutral markers should break down rapidly. Although plausible selection strengths can maintain differentiation at those loci adapting the toads to either permanent or temporary breeding sites, the divergence at neutral markers must be transient. The hybrid zone may be approaching a state in which the gene pools are homogenized at all but the selected loci, not dissimilar from an early stage of sympatric divergence.' acknowledgement: "We thank G. Mara and T. Galbena for enthusiastic field\r\nassistance, A. Hofmann and R. Sieglstetter for access to their\r\nunpublished data, B. Fo¨rg-Brey and G. Praetzel for help in\r\nthe lab. Helpful comments on a previous version of the man-\r\nuscript were provided by R. Ennos, J. Szymura, F. Balloux,\r\nJ. Bridle, L. Kruuk, F. Bonhomme, M. Arnold, and two anon-\r\nymous reviewers. We also thank A. Pinggera for providing\r\nthe cover illustration. This work was supported by Natural\r\nEnvironment Research Council studentships to THV and TRS\r\nand Deutsche Forschungsgemeinschaft grant Nu 51/2-1 to BN." article_processing_charge: No article_type: original author: - first_name: Timothy full_name: Vines, Timothy last_name: Vines - first_name: S C full_name: Kohler, S C last_name: Kohler - first_name: M full_name: Thiel, M last_name: Thiel - first_name: Ioan full_name: Ghira, Ioan last_name: Ghira - first_name: T R full_name: Sands, T R last_name: Sands - first_name: Catriona full_name: Maccallum, Catriona last_name: Maccallum - first_name: Nicholas H full_name: Barton, Nicholas H id: 4880FE40-F248-11E8-B48F-1D18A9856A87 last_name: Barton orcid: 0000-0002-8548-5240 - first_name: Beate full_name: Nürnberger, Beate last_name: Nürnberger citation: ama: Vines T, Kohler SC, Thiel M, et al. On the maintenance of reproductive isolation in a mosaic hybrid zone between the toads Bombina bombina and B. variegata. Evolution. 2003;57(8):1876-1888. doi:10.1111/j.0014-3820.2003.tb00595.x apa: Vines, T., Kohler, S. C., Thiel, M., Ghira, I., Sands, T. R., Maccallum, C., … Nürnberger, B. (2003). On the maintenance of reproductive isolation in a mosaic hybrid zone between the toads Bombina bombina and B. variegata. Evolution. Wiley-Blackwell. https://doi.org/10.1111/j.0014-3820.2003.tb00595.x chicago: Vines, Timothy, S C Kohler, M Thiel, Ioan Ghira, T R Sands, Catriona Maccallum, Nicholas H Barton, and Beate Nürnberger. “On the Maintenance of Reproductive Isolation in a Mosaic Hybrid Zone between the Toads Bombina Bombina and B. Variegata.” Evolution. Wiley-Blackwell, 2003. https://doi.org/10.1111/j.0014-3820.2003.tb00595.x. ieee: T. Vines et al., “On the maintenance of reproductive isolation in a mosaic hybrid zone between the toads Bombina bombina and B. variegata,” Evolution, vol. 57, no. 8. Wiley-Blackwell, pp. 1876–1888, 2003. ista: Vines T, Kohler SC, Thiel M, Ghira I, Sands TR, Maccallum C, Barton NH, Nürnberger B. 2003. On the maintenance of reproductive isolation in a mosaic hybrid zone between the toads Bombina bombina and B. variegata. Evolution. 57(8), 1876–1888. mla: Vines, Timothy, et al. “On the Maintenance of Reproductive Isolation in a Mosaic Hybrid Zone between the Toads Bombina Bombina and B. Variegata.” Evolution, vol. 57, no. 8, Wiley-Blackwell, 2003, pp. 1876–88, doi:10.1111/j.0014-3820.2003.tb00595.x. short: T. Vines, S.C. Kohler, M. Thiel, I. Ghira, T.R. Sands, C. Maccallum, N.H. Barton, B. Nürnberger, Evolution 57 (2003) 1876–1888. date_created: 2018-12-11T12:08:20Z date_published: 2003-08-01T00:00:00Z date_updated: 2024-01-23T09:16:43Z day: '01' doi: 10.1111/j.0014-3820.2003.tb00595.x extern: '1' intvolume: ' 57' issue: '8' language: - iso: eng month: '08' oa_version: None page: 1876 - 1888 publication: Evolution publication_identifier: issn: - 0014-3820 publication_status: published publisher: Wiley-Blackwell publist_id: '1692' quality_controlled: '1' scopus_import: '1' status: public title: On the maintenance of reproductive isolation in a mosaic hybrid zone between the toads Bombina bombina and B. variegata type: journal_article user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17 volume: 57 year: '2003' ...