Judi Romijn

Technische Universiteit Eindhoven, Eindhoven, North Brabant, Netherlands

Are you Judi Romijn?

Claim your profile

Publications (36)6.22 Total impact

  • Source
    Judi Romijn · Wieger Wesselink · Arjan J. Mooij
    [Show abstract] [Hide abstract]
    ABSTRACT: We report a case study in automated incremental assertion-based proof checking with PVS. Given an annotated distributed algorithm, our tool ProPar generates the proof obligations for partial correctness, plus a proof script per obligation. ProPar then lets PVS attempt to discharge all obligations by running the proof scripts. The Chang-Roberts algorithm elects a leader on a unidirectional ring with unique identities. With ProPar, we check its correctness with a very high degree of automation: over 90% of the proof obligations is discharged automatically. This case study underlines the feasibility of the approach and is, to the best of our knowledge, the first verification of the Chang-Roberts algorithm for arbitrary ring size in a proof checker.
    Full-text · Conference Paper · Jan 2007
  • Source
    Arjan J. Mooij · Judi Romijn · Wieger Wesselink
    [Show abstract] [Hide abstract]
    ABSTRACT: Synthesizing a proper implementation for a scenario-based specification is often impossible, due to the distributed nature of implementations. To be able to detect problematic specifications, realizability criteria have been identified, such as non-local choice. In this work we develop a formal framework to study realizability of compositional MSC [GMP03]. We use it to derive a complete classification of criteria that is closely related to the criteria for MSC from [MGR05]. Comparing specifications and implementations is usually complicated, because different formalisms are used. We treat both of them in terms of a single formalism. Therefore we extend the partial order semantics of [Pra86, KL98] with a way to model deadlocks and with a more sophisticated way to address communication.
    Full-text · Conference Paper · Jul 2006
  • Source
    Arjan J. Mooij · Nicolae Goga · Judi M. T. Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: MSC is a visual formalism for specifying the behavior of systems. To obtain implementations for individual processes, the MSC choice construction poses fundamental problems. The best-studied cause is non-local choice, which e.g. is unavoidable in systems with autonomous processes. In this paper we characterize two additional problematic classes of choice nodes. Based on these three classes we point out some errors in related work. Extending our work on pragmatic implementations of non- local choice, we motivate a different choice semantics which allows a little more behavior. Finally, inspired by practical case studies, we present the first implementation approach for non-local choice nodes that can handle arbitrary numbers of processes.
    Full-text · Conference Paper · Apr 2005
  • Thomas Hune · Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: We present an extension of the model checker Uppaal capable of synthesize linear parameter constraints for the correctness of parametric timed automata. The symbolic representation of the (parametric) state-space is shown to be correct. A second contribution of this paper is the identi cation of a subclass of parametric timed automata (L/U automata), for which the emptiness problem is decidable, contrary to the full class where it is know to be undecidable. Also we present a number of lemmas enabling the veri cation eort to be reduced for L/U automata in some cases. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies from the literature (exhibiting a aw in a published paper).
    No preview · Article · Jun 2004
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We present an extension of the model checker Uppaal, capable of synthesizing linear parameter constraints for the correctness of parametric timed automata. A symbolic representation of the (parametric) state space in terms of parametric difference bound matrices is shown to be correct. A second contribution of this paper is the identification of a subclass of parametric timed automata (L/U automata), for which the emptiness problem is decidable, contrary to the full class where it is known to be undecidable. Also, we present a number of results that reduce the verification effort for L/U automata in certain cases. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies from the literature (exhibiting a flaw in a published paper).
    Full-text · Article · Jun 2004 · Journal of Logic and Algebraic Programming
  • Conference Paper: Guiding Spin Simulation.
    Nicolae Goga · Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present a technique for the Spin tool, inspired by practical experiences with Spin and a FireWire protocol. We show how to guide simulations with Spin, by constructing a special guide process that limits the behaviour of the original system. We set up a theoretical framework in which we prove under some sufficient conditions that the adjusted system (with the added guide process) exhibits a subset of the behaviour of the original system, and has no new deadlocks. We have applied this technique to a Promela specification of the IEEE 1394.1 FireWire net update algorithm. The experiment shows that this technique increases the error detecting power of Spin in the sense that we found errors in the guided specification, which could not be discovered with Spin simulation and validation in the original specification.
    No preview · Conference Paper · Jan 2004
  • Source
    Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: The new IEEE 1394.1 FireWire draft standard, which is expected to be finalised this year, contains a new protocol for constructing and maintaining spanning trees in the network topology, called net up-date. This protocol is complex and merits formal specification and analysis. In the scope of the NWO Vernieuwingsimpuls Project 'Improving the Quality of Protocol Standards', we have taken part in the standardisation process, and have helped the development of this protocol through Promela prototyping (Spin simulation and model checking), PVS protocol derivation and manual proof. Our efforts have resulted in the discovery and correction of many errors, omissions and inconsistencies, as well as the addition of the correctness properties of the protocol to the standard description.
    Preview · Article · Jan 2004
  • Savi Maharaj · Judi Romijn · Carron Shankland
    [Show abstract] [Hide abstract]
    ABSTRACT: We introduce a comparative case study on the application of formal methods and techniques to the Tree Identify Protocol of the IEEE standard 1394 serial multimedia bus. The Tree Identify Protocol makes an ideal subject for this purpose because it is small yet complex, and may be modelled in a variety of ways. We provide an informal explanation of the protocol, describe how the case study was conducted, and give an overview of the results.
    No preview · Article · Apr 2003 · Formal Aspects of Computing
  • Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: The physical layer of the IEEE 1394 (FireWire, i-Link) architecture contains a protocol for spanning a tree in the network topology, which fails if the topology contains a loop. We show that the timing requirements for both the 1394-1995 and 1394a-2000 standards are too lenient: these allow for scenarios in which there is no loop in the topology, but the tree-spanning protocol does detect one. The scenarios are found by the model checker UPPAAL.
    No preview · Article · Mar 2003 · Formal Aspects of Computing
  • Izak van Langevelde · Judi Romijn · Nicolae Goga
    [Show abstract] [Hide abstract]
    ABSTRACT: The standardisation procedure of the IEEE P1394.1 Draft Standard for High Performance Serial Bus Bridges is supported through the use of the state-of-the-art model checker Spin, which has been used to simulate the complex net update procedure of the standard, and the use of which will eventually be refined to obtain a solid model check- ing analysis of the standard. A concise description of net updates is formalised in terms of spanning trees, and it is shown how Spin was used to track down errors in the stan- dard and to gather support for the solutions proposed.
    No preview · Conference Paper · Jan 2003
  • Article: Editorial.

    No preview · Article · Jan 2003
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for eciently computing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of linearly priced timed automata, which extends timed automata with prices on both locations and transitions.
    Full-text · Article · Apr 2002
  • Judi Romijn
    [Show abstract] [Hide abstract]
    ABSTRACT: The IEEE 1394 architecture standard defines a high performance serial multimedia bus that allows several components in a network to communicate with each other at high speed. In the physical layer of the architecture, a leader election protocol is used to find a spanning tree with a unique root in the network topology. If there is a cycle in the network, the protocol treats this as an error situation. This paper presents a formal model of the leader election protocol in the language IOA and a correctness proof. Hereby, it is shown that under certain timing restrictions the protocol behaves correctly. The timing parameters in the IEEE 1394 standard documentation obey the restrictions found in this proof.
    No preview · Article · Aug 2001 · Formal Methods in System Design
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for efficiently computing optimal cost of reaching a goal state in the model of Linearly Priced Timed Automata (LPTA). The central contribution of this paper is a priced extension of so-called zones. This, together with a notion of facets of a zone, allows the entire machinery for symbolic reachability for timed automata in terms of zones to be lifted to cost-optimal reachability using priced zones. We report on experiments with a cost-optimizing extension...
    Full-text · Conference Paper · Jul 2001
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for efficiently comput-ing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of lin-early priced timed automata, which extends timed automata with prices on both locations and transitions. The presented algorithm is based on a symbolic semantics of UTPA, and an efficient representation and operations based on difference bound matrices. In analogy with Dijkstra's shortest path al-gorithm, we show that the search order of the algorithm can be chosen such that the number of symbolic states explored by the algorithm is optimal, to be optimal, in the sense that the number of explored states can not be reduced by any other search order. We also present a number of techniques inspired by branch-and-bound algorithms which can be used for lim-iting the search space and for quickly finding near-optimal solutions. The algorithm has been implemented in the verification tool UPPAAL. When applied on a number of experiments the pre-sented techniques reduced the explored state-space with up to 90%.
    Full-text · Article · Apr 2001
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper introduces the model of linearly priced timed automata as an extension of timed automata, with prices on both transitions and locations. For this model we consider the minimum-cost reachability problem: i.e. given a linearly priced timed automaton and a target state, determine the minimum cost of executions from the initial state to the target state. This problem generalizes the minimum-time reachability problem for ordinary timed automata. We prove decidability of this problem by offering an algorithmic solution, which is based on a combination of branch-and-bound techniques and a new notion of priced regions. The latter allows symbolic representation and manipulation of reachable states together with the cost of reaching them.
    Full-text · Conference Paper · Mar 2001

  • No preview · Conference Paper · Jan 2001
  • [Show abstract] [Hide abstract]
    ABSTRACT: We present an extension of the model checker Uppaal capable of synthesize linear parameter constraints for the correctness of parametric timed automata. The symbolic representation of the (parametric) state-space is shown to be correct. A second contribution of this paper is the identification of a subclass of parametric timed automata (L/U automata), for which the emptiness problem is decidable, contrary to the full class where it is know to be undecidable. Also we present a number of lemmas enabling the verification effort to be reduced for L/U automata in some cases. We illustrate our approach by deriving linear parameter constraints for a number of well-known case studies from the literature (exhibiting a flaw in a published paper).
    No preview · Chapter · Dec 2000
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present an algorithm for efficiently computing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of linearly priced timed automata, which extends timed automata with prices on both locations and transitions. The presented algorithm is based on a symbolic semantics of UTPA, and an efficient representation and operations based on difference bound matrices. In analogy with Dijkstra’s shortest path algorithm, we show that the search order of the algorithm can be chosen such that the number of symbolic states explored by the algorithm is optimal, in the sense that the number of explored states can not be reduced by any other search order. We also present a number of techniques inspired by branch-and-bound algorithms which can be used for limiting the search space and for quickly finding near-optimal solutions. The algorithm has been implemented in the verification tool Uppaal. When applied on a number of experiments the presented techniques reduced the explored state-space with up to 90%.
    Full-text · Chapter · Dec 2000
  • [Show abstract] [Hide abstract]
    ABSTRACT: . In this paper we present an algorithm for eciently computing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of linearly priced timed automata, which extends timed automata with prices on both locations and transitions. The presented algorithm is based on a symbolic semantics of UTPA for which we provide an ecient representation and a set of operations based on dierence bound matrices. In analogy with Dijkstra's shortest path algorithm, we show that the search order of the algorithm can be chosen to be optimal, in the sense that the number of explored states can not be reduced by any other search order. We also present a number of techniques inspired by branch-and-bound algorithms which can be used for limiting the search space and for quickly nding near-optimal solutions. The algorithm has been implemented in the verication tool Uppaal. When applied...
    No preview · Article · Dec 2000

Publication Stats

842 Citations
6.22 Total Impact Points

Institutions

  • 2003-2006
    • Technische Universiteit Eindhoven
      • Department of Mathematics and Computer Science
      Eindhoven, North Brabant, Netherlands
  • 2000-2004
    • Radboud University Nijmegen
      • Department of Computing Science
      Nymegen, Gelderland, Netherlands
  • 2001
    • Universiteit Twente
      • Department of Computer Science
      Enschede, Provincie Overijssel, Netherlands