We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing the component. Satisfaction of a formula in the logic corresponds to being below a particular structure (a tableau for the formula) in the preorder. We show how to do assume-guarantee style reasoning within this framework. In addition, we demonstrate efficient methods for model checking in the logic and for checking the preorder in several special cases. We have implemented a system based on these methods, and we use it to give a compositional verification of a CPU controller. 1 Introduction Temporal logic model checking procedures are useful tools for the verification of finite state systems [3, 12, 20]. However, these procedures have traditionally suffered from the state explosion proble...

The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a well-understood procedure. It is straightforwardly applicable to many description languages and is actually implemented in several industrial tools. But one of the main limitations of today's verification tools is the size of the memory needed to exhaustively build the state graphs of the programs. For numerous properties, it is not necessary to explicitly build this graph and an exhaustive depth--first traversal is often sufficient. This leads to an on--line algorithms for computing Buchi acceptance (in the deterministic case) and behavioral equivalences: they are presented in detail. In order to avoid retraversing states, it is however important to store some of the already visited states in memory. To keep the memory size bounded (and avoid a performance falling down), visited states are randomly replaced. In most cases this depth--first traversal with replacement ca...

. Compositional generation is an incremental technique for generating a reduced labelled transition system representing the behaviour of a set of communicating processes. In particular, since intermediate reductions can be performed after each generation step, the size of the Lts can be kept small and state-explosion can be avoided in many cases. This paper deals with compositional generation in presence of asynchronous communications via shared buffers. More precisely, we show how partial-order reduction techniques can be used in this context to define equivalence relations: that preserve useful properties, are congruence w.r.t asynchronous composition, and rely on a (syntactic) notion of preorder on execution sequences characterizing their "executability" in any buffer environment. Two such equivalences are proposed, together with dedicated asynchronous composition operators able to directly produce reduced Lts. 1 Introduction This work takes place in the context of fo...

The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a well-understood procedure It is actually implemented in several industrial tools but one of their main limitations is the size of the memory needed to exhaustively build the state graphs of the programs. For numerous properties such as Buchi acceptance (in the deterministic case) and behavioral equivalence, it is not necessary to explicitly build this graph and an exhaustive depth--first traversal is often sufficient. In order to avoid retraversing states, it is however important to store in memory some of the already visited states and randomly replace them (to keep the memory size bounded and avoid a performance falling down) In most cases this depth--first traversal with replacement can push back significantly the limits of verification tools.