who are interested in the interdisciplinary methods and applications relevant to the analysis, design and management of complex systems. 15 St. Mary’s St. Brookline MA 02446 l 617.358.1295 l www.bu.edu/systems

Abstract. Considering functional correctness and performance evaluation in a common framework is desirable, both for scientific and economic reasons. In this paper, we describe how the Cadp toolbox, originally designed for verifying the functional correctness of Lotos specifications, can also be used for performance evaluation. We illustrate the proposed approach by the performance study of the Scsi-2 bus arbitration protocol. 1

The paper presents a new tool for automated veri cation of Timed Automata as well as protocols written in the speci cation language Estelle. The current version oers an automatic translation from Estelle speci cations to timed automata, and two complementary methods of reachability analysis, the rst of which is based on Bounded Model Checking (BMC), while the second one is an on-the-y veri cation on an abstract model of the system.

Abstract. We describe a method for the specification and verification of the dynamic behaviour of component systems. Building applications using a component framework allows the developers to specify the architecture, the deployment, the life-cycle of the system with well-defined formalisms, and to gain productivity by reusing existing components. But then one wants to make sure that the application built from existing components is safe, in the sense that its parts fit together appropriately and behave together smoothly. Each component must be adequate to its assigned role within the system, and the update or replacement of a component should not cause deadlock or failure of the rest of the system. The usual notion of type compatibility of interfaces is not sufficient; we need to capture the dynamic interaction between components, and typically to avoid deadlocks or unexpected behaviours in the system. In this work, we focus on hierarchical component systems. We describe both the functional behaviour and the non-functional features (life-cycle management) of components in terms of synchronised transition systems; we define a notion of correct component composition; then we show how we can prove, using (compositional) model-checking techniques, temporal properties of a component system. Transformations of a system, for example replacement of a sub-component, are expressed as transformations of its behavioural semantics, allowing to prove preservation of some properties, or the validity of new properties after transformation. 1

Abstract. Explicit model checking algorithms explore the full state space of a system. We have gathered a large collection of state spaces and performed an extensive study of their structural properties. The results show that state spaces have several typical properties and that they differ significantly from both random graphs and regular graphs. We point out how to exploit these typical properties in practical model checking algorithms. 1

Abstract. The inability to provide counterexamples for the violation of timed probabilistic reachability properties constrains the practical use of CSL model checking for continuous time Markov chains (CTMCs). Counterexamples are essential tools in determining the causes of property violations and are required during debugging. We propose the use of explicit state model checking to determine runs leading into property offending states. Since we are interested in finding paths that carry large amounts of probability mass we employ directed explicit state model checking technology to find such runs using a variety of heuristics guided search algorithms, such as Best First search and Z*. The estimates used in computing the heuristics rely on a uniformisation of the CTMC. We apply our approach to a probabilistic model of the SCSI-2 protocol. 1

Abstract. Components, connectors and architectures have now made a breakthrough in software industry, leading to Component-Based Software Engineering (CBSE). In this paper, we argue for the pragmatic use level and to solve CBSE issues. We give some possible benefits of such an approach and list some of its open issues. 1

apport de recherche

The equivalence checking problem consists in verifying that a system (e.g., a protocol) matches its abstract specification (e.g., a service) by comparing their Labeled Transition Systems (Ltss) modulo a given equivalence relation. Two approaches are traditionally used to perform equivalence checking: global verification

Abstract. Software adaptation aims at generating software pieces called adaptors to compensate interface and behavioural mismatch between components or services. This is crucial to foster reuse. So far, adaptation techniques have proceeded by computing global adaptors for closed systems made up of a fixed set of components. This is not satisfactory when the systems may evolve, with components entering or leaving it at any time, e.g., for pervasive computing. To enable adaptation on such systems, we propose tool-equipped adaptation techniques for the computation of open systems adaptors. Our proposal also support incremental adaptation to avoid the computation of global adaptors. 1