Introduction Formal validation of distributed systems relies on several specification formalisms (such as the international standards lotos [?] or sdl [?]), and it requires different kinds of tools to cover the whole development process. Presently, a wide range of tools are available, either commercial or academic ones, but none of them fulfills in itself all the practical needs. Commercial tools (like Objectgeode [?], sdt [?], statemate [?],etc.) provide several development facilities, like editing, code generation and testing. However, they are usually restricted to basic verification techniques (exhaustive simulation, deadlock detection, etc) and are "closed" in the sense that there are only limited possibilities to interface them with others. On the other hand, there exist many ac

This paper summarizes our experience with IF, an open validation environment for distributed software systems. Indeed, face to the increasing complexity of such systems, none of the existing tools can cover by itself the whole validation process. The IF environment was built upon an expressive intermediate language and allows to connect several validation tools, providing most of the advanced techniques currently available. The results obtained on several large case-studies, including telecommunication protocols and embedded software systems, confirm the practical interest of this approach.

Data-flow analysis to identify “dead ” variables and reset them to an “undefined ” value is an effective technique for fighting state explosion in the enumerative verification of concurrent systems. Although this technique is well-adapted to imperative languages, it is not directly applicable to value-passing process algebras, in which variables cannot be reset explicitly due to the singleassignment constraints of the functional programming style. This paper addresses this problem by performing data-flow analysis on an intermediate model (Petri nets extended with state variables) into which process algebra specifications can be translated automatically. It also addresses important issues such as avoiding the introduction of useless reset operations and handling shared read-only variables that child processes inherit from their parents.

. Formal Description Techniques (fdt), such as lotos or sdl are at the base of a technology for the specification and the validation of telecommunication systems. Due to the availability of commercial tools, these formalisms are now being widely used in the industrial community. Alternatively, a number of quite efficient verification tools have been developed by the research community. But, most of these tools are based on simple adhoc formalisms and the gap between them and real fdt restricts their use at industrial scale. This context motivated the development of an intermediate representation called if which is presented in the paper. if has a simple syntactic structure, but allows to express in a convenient way most useful concepts needed for the specification of timed asynchronous systems. The benefits of using if are multiples. First, it is general enough to handle significant subsets of most fdt, and in particular a translation from sdl to if is already implemented. ...

Abstract. In order to apply formal methods in practice, the practitioner has to comprehend a vast amount of research literature and realistically evaluate practical merits of different approaches. In this paper we focus on explicit finite state model checking and study this area from practitioner’s point of view. We provide a systematic overview of techniques for fighting state space explosion and we analyse trends in the research. We also report on our own experience with practical performance of techniques. Our main conclusion and recommendation for practitioner is the following: be critical to claims of dramatic improvement brought by a single sophisticated technique, rather use many different simple techniques and combine them. 1

Abstract. We present an improved approach to verifying systems involving many copies of a few kinds of components. Replication of this type occurs frequently in practice and is regarded a major source of state explosion during temporal logic model checking. Our solution makes use of symmetry reduction through counter abstraction. The efficiency of this approach directly depends on the size of the components ’ local state space, which is exponential in the number of local variables. We show how program analysis can significantly reduce the local state space and can help towards a succinct BDD representation of the system. Our reduction techniques synergistically combine into efficient symbolic verification, as documented by promising experimental results. 1

Abstract. State explosion in model checking continues to be the primary obstacle to widespread use of software model checking. The large input ranges of variables used in software is the main cause of state explosion. As software grows in size and complexity, the problem only becomes worse. As such, model checking research into data abstraction as a way of mitigating state explosion has become more and more important. Data abstractions aim to reduce the effect of large input ranges. This work focuses on a static program analysis technique called dead variable analysis. The goal of dead variable analysis is to discover variable assignments that are not used. When applied to model checking, this allows us to ignore the entire input range of dead variables and thus reduce the size of the explored state space. Prior research into dead variable analysis for model checking does not make full use of dynamic run-time information that is present during model checking. We present an algorithm for intraprocedural dead variable analysis that uses dynamic run-time information to find more dead variables on-the-fly and further reduce the size of the explored state space. We introduce a definition for the maximal state space reduction possible through an on-the-fly dead variable analysis and then show that our algorithm produces a maximal reduction in the absence of nondeterminism. 1

Much of the success of data flow analysis has come from a well-developed unified