We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.

Abstract not found

Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the state-space explosion problem. In this paper we show how this can be made formal. We also give some hints about the underlying algorithmics. Finally, we compare with other well-known methods for coping with the state-space explosion problem.

Abstract not found

Abstract Different time scales do often occur in real-time systems, e.g., a polling real-time system samples the environment many times per second, whereas the environment may only change a few times per second. When these systems are modeled as (networks of) timed automata, the validation using symbolic model checking techniques can significantly be slowed down by unnecessary fragmentation of the symbolic state space. This paper introduces a syntactical adjustment to a subset of timed automata that addresses this fragmentation problem and that can speed-up forward symbolic reachability analysis in a significant way. We prove that this syntactical adjustment does not alter reachability properties and that it indeed is effective. We illustrate our exact acceleration technique with run-time data obtained with the model checkers Uppaal and Kronos. Moreover, we demonstrate that automated application of our exact acceleration technique can significantly speed-up the verification of the run-time behavior of LEGO Mindstorms programs. 1 We thank Oliver M"oller for interesting discussions and we thank Jozef Hooman and the four anonymous reviewers for valuable comments on earlier versions of this paper. 2 Email: martijnh@cs.kun.nl

Computing invariants is the key issue in the analysis of infinite-state systems whether analysis means testing, verification or parameter synthesis. In particular, methods that allow to treat combinations of loops are of interest. We present a set of algorithms and methods that can be applied to characterize over-approximations of the set of reachable states of combinations of self-loops. We present two families of complementary techniques. The first one identifies a number of basic cases of pair of self-loops for which we provide an exact characterization of the reachable states. The second family of techniques is a set of rules based on static analysis that allow to reduce n self-loops (n 2) to n - 1 independent pairs of self-loops. The results of the analysis of the pairs of self-loops can then be combined to provide an over-approximation of the reachable states of the n self-loops. We illustrate our methods by synthesizing conditions under which the Biphase Mark protocol works proper...

A method for automated analysis of fault-tolerance of distributed systems is presented. It is based on a stream model of computation augmented with approximation constructs, and this facilitates efficient analysis. Analyses of a protocol for fault-tolerant moving agents and a reliable broadcast protocol illustrate the method.

We say a program is data-independent with respect to a data type X if the operations it can perform on values of type X are restricted to just equality testing, although the system may also input, store and move around values of type X within its variables. This property can be exploited to give procedures for the automatic veri cation, called model checking, of such programs independently of the instance for the type X.

Regular languages have proved useful for the symbolic state exploration of infinite state systems. Regular languages can be used to represent infinite sets of system configurations, the transitional semantics of the system consequently can be modeled by finite-state transducers. A standard problem encountered when doing symbolic state exploration for in nite state systems is, how to explore all states in a finite amount of time. When representing the one-step transition relation of a system by a finite-state transducer T , this problem boils down to finding a finite-state representation for T , capturing the transitive closure of the one-step reduction relation. In this paper we give a semi-algorithm to compute T . The construction is based on building a quotient of an infinite-state representation, where the quotienting uses past and future bisimulations computed on finite approximations of T . As in general, T is not representable by a finite-state transducer, the constructi...