The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branching-time formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branching-time properties. Third, based on its local definition, simulation between finite-state systems can be checked in polynomial time. Finally, simulation implies trace-containment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...

Abstract not found

Reactive systems exhibit ongoing, possibly non-terminating, interaction with the environment. Real-time systems are reactive systems that must satisfy quantitative timing constraints. This paper presents a structured compositional design method for discrete real-time systems that can be used to combat the combinatorial explosion of states in the verification of large systems. A composition rule describes how the correctness of the system can be determined from the correctness of its modules, without knowledge of their internal structure. The advantage of compositional verification is clear. Each module is both simpler and smaller than the system itself. Composition requires the use of both model-checking and deductive techniques. A refinement rule guarantees that specifications of high-level modules are preserved by their implementations. The StateTime toolset is used to automate parts of compositional designs using a combination of model-checking and simulation. The design method is illustrated using a reactor shutdown system that cannot be verified using the StateTime toolset (due to the combinatorial explosion of states) without compositional reasoning. The reactor example also illustrates the use of the refinement rule.

Coin lemmas are one of the tools for the analysis of randomized distributed algorithms. Their principal role is to reduce the analysis of a randomized system to the analysis of an ordinary nondeterministic system. This paper describes the main ideas behind the formulation and use of coin lemmas and gives examples of coin lemmas of increasing complexity and generality. 1 Introduction Coin lemmas [8, 10, 11] are one of the existing tools for the analysis of randomized distributed algorithms. An algorithm is modeled as a probabilistic automaton, a labeled transition system whose transitions lead to probability distributions over states rather than to single states; a computation of an algorithm is modeled as a probabilistic execution, a cycle-free Markov chain obtained by unfolding the transition relation of the algorithm and by choosing a single transition at each point of the unfolding. The operation of choosing one transition at each point of the unfolding is called resolution of nond...