Judi Romijn

Technische Universiteit Eindhoven, Eindhoven, North Brabant, Netherlands

Are you Judi Romijn?

Claim your profile

Publications (33)1.58 Total impact

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We report a case study in automated incremental assertion-based proof checking with PVS. Given an annotated distributed algorithm, our tool ProPar generates the proof obligations for partial correctness, plus a proof script per obligation. ProPar then lets PVS attempt to discharge all obligations by running the proof scripts. The Chang-Roberts algorithm elects a leader on a unidirectional ring with unique identities. With ProPar, we check its correctness with a very high degree of automation: over 90% of the proof obligations is discharged automatically. This case study underlines the feasibility of the approach and is, to the best of our knowledge, the first verification of the Chang-Roberts algorithm for arbitrary ring size in a proof checker.
    Automated Technology for Verification and Analysis, 5th International Symposium, ATVA 2007, Tokyo, Japan, October 22-25, 2007, Proceedings; 01/2007
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Synthesizing proper implementations for scenario-based spec- ications is often impossible, due to the distributed nature of imple- mentations. To be able to detect problematic specications, realizability criteria have been identied, such as non-local choice. In this work we develop a formal framework to study realizability of com- positional MSC (GMP03). We use it to derive a complete classication of criteria that is closely related to the criteria for MSC from (MGR05). Comparing specications and implementations is usually complicated, because dieren t formalisms are used. We treat both of them in terms of a single formalism. Thereto we extend the partial order semantics of (Pra86,KL98) with a way to model deadlocks and with a more sophisti- cated way to address communication.
    Algebraic Methodology and Software Technology, 11th International Conference, AMAST 2006, Kuressaare, Estonia, July 5-8, 2006, Proceedings; 01/2006
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: MSC is a visual formalism for specifying the behavior of systems. To obtain implementations for individual processes, the MSC choice construction poses fundamental problems. The best-studied cause is non-local choice, which e.g. is unavoidable in systems with autonomous processes. In this paper we characterize two additional problematic classes of choice nodes. Based on these three classes we point out some errors in related work. Extending our work on pragmatic implementations of non- local choice, we motivate a different choice semantics which allows a little more behavior. Finally, inspired by practical case studies, we present the first implementation approach for non-local choice nodes that can handle arbitrary numbers of processes.
    Fundamental Approaches to Software Engineering, 8th International Conference, FASE 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings; 01/2005
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We present an extension of the model checker Uppaal, capable of synthesizing linear parameter constraints for the correctness of parametric timed automata. A symbolic representation of the (parametric) state space in terms of parametric difference bound matrices is shown to be correct. A second contribution of this paper is the identification of a subclass of parametric timed automata (L/U automata), for which the emptiness problem is decidable, contrary to the full class where it is known to be undecidable. Also, we present a number of results that reduce the verification effort for L/U automata in certain cases. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies from the literature (exhibiting a flaw in a published paper).
    Journal of Logic and Algebraic Programming 06/2004; · 0.53 Impact Factor
  • Thomas Hune, Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: We present an extension of the model checker Uppaal capable of synthesize linear parameter constraints for the correctness of parametric timed automata. The symbolic representation of the (parametric) state-space is shown to be correct. A second contribution of this paper is the identi cation of a subclass of parametric timed automata (L/U automata), for which the emptiness problem is decidable, contrary to the full class where it is know to be undecidable. Also we present a number of lemmas enabling the veri cation eort to be reduced for L/U automata in some cases. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies from the literature (exhibiting a aw in a published paper).
    06/2004;
  • Source
    Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: The new IEEE 1394.1 FireWire draft standard, which is expected to be finalised this year, contains a new protocol for constructing and maintaining spanning trees in the network topology, called net up-date. This protocol is complex and merits formal specification and analysis. In the scope of the NWO Vernieuwingsimpuls Project 'Improving the Quality of Protocol Standards', we have taken part in the standardisation process, and have helped the development of this protocol through Promela prototyping (Spin simulation and model checking), PVS protocol derivation and manual proof. Our efforts have resulted in the discovery and correction of many errors, omissions and inconsistencies, as well as the addition of the correctness properties of the protocol to the standard description.
    01/2004;
  • Conference Paper: Guiding Spin Simulation.
    Nicolae Goga, Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present a technique for the Spin tool, inspired by practical experiences with Spin and a FireWire protocol. We show how to guide simulations with Spin, by constructing a special guide process that limits the behaviour of the original system. We set up a theoretical framework in which we prove under some sufficient conditions that the adjusted system (with the added guide process) exhibits a subset of the behaviour of the original system, and has no new deadlocks. We have applied this technique to a Promela specification of the IEEE 1394.1 FireWire net update algorithm. The experiment shows that this technique increases the error detecting power of Spin in the sense that we found errors in the guided specification, which could not be discovered with Spin simulation and validation in the original specification.
    Formal Methods and Software Engineering, 6th International Conference on Formal Engineering Methods, ICFEM 2004, Seattle, WA, USA, November 8-12, 2004, Proceedings; 01/2004
  • [Show abstract] [Hide abstract]
    ABSTRACT: The standardisation procedure of the IEEE P1394.1 Draft Standard for High Performance Serial Bus Bridges is supported through the use of the state-of-the-art model checker Spin, which has been used to simulate the complex net update procedure of the standard, and the use of which will eventually be refined to obtain a solid model check- ing analysis of the standard. A concise description of net updates is formalised in terms of spanning trees, and it is shown how Spin was used to track down errors in the stan- dard and to gather support for the solutions proposed.
    17th International Parallel and Distributed Processing Symposium (IPDPS 2003), 22-26 April 2003, Nice, France, CD-ROM/Abstracts Proceedings; 01/2003
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for eciently computing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of linearly priced timed automata, which extends timed automata with prices on both locations and transitions.
    04/2002;
  • Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: The IEEE 1394 architecture standard defines a high performance serial multimedia bus that allows several components in a network to communicate with each other at high speed. In the physical layer of the architecture, a leader election protocol is used to find a spanning tree with a unique root in the network topology. If there is a cycle in the network, the protocol treats this as an error situation. This paper presents a formal model of the leader election protocol in the language IOA and a correctness proof. Hereby, it is shown that under certain timing restrictions the protocol behaves correctly. The timing parameters in the IEEE 1394 standard documentation obey the restrictions found in this proof.
    Formal Methods in System Design 08/2001; 19(2):165-194. · 0.28 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for efficiently comput-ing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of lin-early priced timed automata, which extends timed automata with prices on both locations and transitions. The presented algorithm is based on a symbolic semantics of UTPA, and an efficient representation and operations based on difference bound matrices. In analogy with Dijkstra's shortest path al-gorithm, we show that the search order of the algorithm can be chosen such that the number of symbolic states explored by the algorithm is optimal, to be optimal, in the sense that the number of explored states can not be reduced by any other search order. We also present a number of techniques inspired by branch-and-bound algorithms which can be used for lim-iting the search space and for quickly finding near-optimal solutions. The algorithm has been implemented in the verification tool UPPAAL. When applied on a number of experiments the pre-sented techniques reduced the explored state-space with up to 90%.
    04/2001;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for efficiently computing optimal cost of reaching a goal state in the model of Linearly Priced Timed Automata (LPTA). The central contribution of this paper is a priced extension of so-called zones. This, together with a notion of facets of a zone, allows the entire machinery for symbolic reachability for timed automata in terms of zones to be lifted to cost-optimal reachability using priced zones. We report on experiments with a cost-optimizing extension...
    Computer Aided Verification, 13th International Conference, CAV 2001, Paris, France, July 18-22, 2001, Proceedings; 01/2001
  • Tools and Algorithms for the Construction and Analysis of Systems, 7th International Conference, TACAS 2001 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2001 Genova, Italy, April 2-6, 2001, Proceedings; 01/2001
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper introduces the model of linearly priced timed automata as an extension of timed automata, with prices on both transitions and locations. For this model we consider the minimum-cost reachability problem: i.e. given a linearly priced timed automaton and a target state, determine the minimum cost of executions from the initial state to the target state. This problem generalizes the minimum-time reachability problem for ordinary timed automata. We prove decidability of this problem by offering an algorithmic solution, which is based on a combination of branch-and-bound techniques and a new notion of priced regions. The latter allows symbolic representation and manipulation of reachable states together with the cost of reaching them.
    Hybrid Systems: Computation and Control, 4th International Workshop, HSCC 2001, Rome, Italy, March 28-30, 2001, Proceedings; 01/2001
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for efficiently computing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of linearly priced timed automata, which extends timed automata with prices on both locations and transitions. The presented algorithm is based on a symbolic semantics of UTPA, and an efficient representation and operations based on difference bound matrices. In analogy with Dijkstra’s shortest path algorithm, we show that the search order of the algorithm can be chosen such that the number of symbolic states explored by the algorithm is optimal, in the sense that the number of explored states can not be reduced by any other search order. We also present a number of techniques inspired by branch-and-bound algorithms which can be used for limiting the search space and for quickly finding near-optimal solutions. The algorithm has been implemented in the verification tool Uppaal. When applied on a number of experiments the presented techniques reduced the explored state-space with up to 90%.
    12/2000: pages 174-188;
  • [Show abstract] [Hide abstract]
    ABSTRACT: We present an extension of the model checker Uppaal capable of synthesize linear parameter constraints for the correctness of parametric timed automata. The symbolic representation of the (parametric) state-space is shown to be correct. A second contribution of this paper is the identification of a subclass of parametric timed automata (L/U automata), for which the emptiness problem is decidable, contrary to the full class where it is know to be undecidable. Also we present a number of lemmas enabling the verification effort to be reduced for L/U automata in some cases. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies from the literature (exhibiting a flaw in a published paper).
    12/2000: pages 189-203;
  • [Show abstract] [Hide abstract]
    ABSTRACT: . In this paper we present an algorithm for eciently computing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of linearly priced timed automata, which extends timed automata with prices on both locations and transitions. The presented algorithm is based on a symbolic semantics of UTPA for which we provide an ecient representation and a set of operations based on dierence bound matrices. In analogy with Dijkstra's shortest path algorithm, we show that the search order of the algorithm can be chosen to be optimal, in the sense that the number of explored states can not be reduced by any other search order. We also present a number of techniques inspired by branch-and-bound algorithms which can be used for limiting the search space and for quickly nding near-optimal solutions. The algorithm has been implemented in the verication tool Uppaal. When applied...
    12/2000;
  • Thomas Hune, Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: . We present a prototype model checking tool that can synthesize linear parameter constraints for the correctness of timed systems. Our tool, which is an extension of Uppaal, compares favourably with similar tools known from the litererature. A second contribution of this paper is the identication of a subclass of parameterized timed automata, which appears to be suciently expressive from a practical perspective but also has nice theoretical properties. It was shown in [2] that the emptiness question for parametric timed automata is undecidable in general. We show that it is decidable for our subclass, and establish a number of lemmas which allow the reduction of the number of parameters when tackling specic verication questions. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies known from the literature (exhibiting a aw in a published paper), and show how our reduction lemmas make it possible to drastically red...
    11/2000;
  • [Show abstract] [Hide abstract]
    ABSTRACT: The IEEE 1394 high performance serial multimedia bus protocol allows several components to communicate with each other at high speed. In this paper we present a formal model and verification of a leader election algorithm that forms the core of the tree identify phase of the physical layer of the 1394 protocol.
    Formal Methods in System Design 01/2000; 16:307-320. · 0.28 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: For manufacturers of consumer electronics, conformance testing of embedded software is a vital issue. To improve performance, parts of this software are implemented in hardware, often designed in the Hardware Description Language VHDL. Conformance testing is a time consuming and error-prone process. Thus automating (parts of) this process is essential. There are many tools for test generation and for VHDL simulation. However, most test generation tools operate on a high level of abstraction and applying the generated tests to a VHDL design is a complicated task. Research carried out as part of the project "Specification, Testing and Verification of Software for Technical Applications" at the Stichting Mathematisch Centrum for Philips Research Laboratories under Contract RWC061 -PS-950006-ps. y Research supported by the Netherlands Organization for Scientific Research (NWO) under contract SION 612-33-006. 2 For each specific case one can build a layer of dedicated circuitry and...
    10/1999;

Publication Stats

625 Citations
1.58 Total Impact Points

Institutions

  • 2004–2006
    • Technische Universiteit Eindhoven
      • Department of Mathematics and Computer Science
      Eindhoven, North Brabant, Netherlands
  • 2000–2004
    • Radboud University Nijmegen
      • Department of Computing Science
      Nymegen, Gelderland, Netherlands
  • 2001
    • Universiteit Twente
      • Department of Computer Science
      Enschede, Provincie Overijssel, Netherlands