Abstract The Concurrency Workbench is an automated tool for analyzing networks of finite-state processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. 1 Introduction This paper describes the Concurrency Workbench [11, 12, 13], a tool that supports the automatic verification of finite-state processes. Such tools are practically motivated: the development of complex distributed computer systems requires sophisticated verification techniques to guarantee correctness, and the increase in detail rapidly becomes unmanageable without computer assistance. Finite-state systems, such as communications protocols and hardware, are particularly suitable for automated analysis because their finitary nature ensures the existence of decision procedures for a wide range of system properties.

This paper develops a model-checking algorithm for a fragment of the modal mu-calculus and shows how it may be applied to the efficient computation of behavioral relations between processes. The algorithm's complexity is proportional to the product of the size of the process and the size of the formula, and thus improves on the best existing algorithm for such a fixed point logic. The method for computing preorders that the model checker induces is also more efficient than known algorithms.

Abstract not found

We present a compositional approach for the verification of temporal and real-time properties of statecharts. Statecharts is a synchronous language that is obtained by extending classical state-transition diagrams with notions of parallelism, broadcast communication and hierarchy. These features have been shown to permit very elegant and modular specifications. However, the synchrony hypothesis leads to some drawbacks in the definition of a formal semantics, because of well-known causal paradoxes. The first result is the definition of a compositional labelled transition system semantics for statecharts that provides the basis for compositional verification. Such a semantics is obtained by translating statecharts into a new process language called SP, that is characterized by an operator of process refinement for representing the statecharts hierarchy. We show how to instantiate the basic actions and the operations over actions of SP in order to have processes agreeing with the Pnueli and Shalev semantics of statecharts. We define a compositional proof system for checking whether an SP process satisfies a mu-calculus formula. This proof system exploits the technique of tagging fixpoints of Winskel for supporting local model checking. It is proved to be sound in general and complete for finite-state processes, i.e. for statecharts. Finally, we show how this compositional approach to verification can be adapted to a discrete timed version of statechart by considering an extension of mu-calculus with freeze quantification and clock constraints. The main idea is that of considering judgments relativized MOREto clock constraints and of adapting the tagged fixpoints method to this framework.

We present a proof system for determining satisfaction between processes in a fairly general process algebra and assertions of the modal µ-calculus. The proof system is compositional in the structure of processes. It extends earlier work on compositional reasoning within the modal µ-calculus and combines it with techniques from work on local model checking. The proof system is sound for all processes and complete for a class of finite-state processes.

This paper presents a proof method for proving that infinite-state systems satisfy properties expressed in the modal ¯-calculus. The method is sound and complete relative to externally proving inclusions of sets of states. It can be seen as a recast of a tableau method due to Bradfield and Stirling following lines used by Winskel for finite-state systems. Contrary to the tableau method, it avoids the use of constants when unfolding fixed points and it replaces the rather involved global success criterion in the tableau method with local success criteria. A proof tree is now merely a means of keeping track of where possible choices are made -- and can be changed -- and not an essential ingredient in establishing the correctness of a proof: A proof will be correct when all leaves are directly seen to be valid. Therefore, it seems well-suited for implementation as a tool, by, for instance, integration into existing general-purpose theorem provers. 1 Introduction Verifying dynamic propert...

The propositional µ-calculus of Kozen extends modal logic with fixed points to achieve a powerful logic for expressing temporal properties of systems modelled by labelled transition systems. We further extend Kozen's logic with polyadic modalities to allow for expressing also quite naturally behavioural relations like bisimulation equivalence and simulation preorders. We show that the problem of model checking is still efficiently decidable, giving rise to efficient worst-case algorithms for verifying the infinity of behavioural relations expressible in this polyadic modal µ-calculus. Some of these algorithms compete in efficiency with carefully hand-crafted algorithms found in the literature. In spite of this result, the validity problem turns out to be highly undecidable. This is in contrast to the propositional µ-calculus where it is decidable in deterministic exponential time. It follows as a corollary, that -- also in contrast to the propositional µ-calculus -- the polyadic modal...