Abstract The Concurrency Workbench is an automated tool for analyzing networks of finite-state processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. 1 Introduction This paper describes the Concurrency Workbench [11, 12, 13], a tool that supports the automatic verification of finite-state processes. Such tools are practically motivated: the development of complex distributed computer systems requires sophisticated verification techniques to guarantee correctness, and the increase in detail rapidly becomes unmanageable without computer assistance. Finite-state systems, such as communications protocols and hardware, are particularly suitable for automated analysis because their finitary nature ensures the existence of decision procedures for a wide range of system properties.

This paper describes a procedure, based around the construction of tableau proofs, for determining whether finite-state systems enjoy properties formulated in the propositional mu-calculus. It presents a tableau-based proof system for the logic and proves it sound and complete, and it discusses techniques for the efficient construction of proofs that states enjoy properties expressed in the logic. The approach is the basis of an ongoing implementation of a model checker in the Concurrency Workbench, an automated tool for the analysis of concurrent systems. 1 Introduction One area of program verification that has proven amenable to automation involves the analysis of finite-state processes. While computer systems in general are not finite-state, many interesting ones, including a variety of communication protocols and hardware systems, are, and their finitary nature enables the development and implementation of decision procedures that test for various properties. Model checking has p...

Abstract. We propose a notion of conformance between a specification S andanimplementationmodelI extracted from a message-passing program. In our framework, S and I are CCS processes, which soundly abstract the externallyvisible communication behavior of a messagepassing program. We use the extracted models to check that programs do not get stuck, waiting to receive or trying to send messages in vain. We show that our definition of stuckness and conformance capture important correctness conditions of message-passing software. Our definition of conformance was motivated bythe need for modular reasoning over models, leading to the requirement that conformance preserve substitutabilitywith respect to stuck-freeness: If I conforms to S, andP is anyenvironment such that P | S is stuck-free, then it follows that P | I is stuck-free. We present a simple algorithm for checking if I conforms to S, whenI and S obeycertain restrictions. 1

Abstract not found

This paper describes a technique for generating a logical formula that differentiates between two bisimulation-inequivalent finite-state systems. The method works in conjunction with a partition-refinement algorithm for computing bisimulation equivalence and yields formulas that are often minimal in a precisely defined sense.

This paper presents a possible formalisation of the notion simulator tool for process languages like ACP, CCS, ()CRL, LOTOS and PSF. First we give precise definitions for the notions simulator and simulation. Then we can investigate the equivalence that a simulator induces on the explored process terms. This is done by considering two processes, say p and q; equivalent if each simulation of p is also a simulation of q and vice versa. It is proven that there is no `reasonable' simulator inducing bisimulation equivalence. Furthermore it is demonstrated that simulators inducing coarser equivalences, e.g. ready, failure and trace equivalences, are unlikely to be computationally tractable. Our conclusion is that a practical simulator induces an equivalence that is finer (less identifying) than bisimulation and even finer than graph isomorphism.