We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.

We demonstrate the feasibility of using the XSB tabled logic programming system as a programmable fixed-point engine for implementing efficient local model checkers. In particular, we present XMC, an XSBbased local model checker for a CCS-like value-passing language and the alternation-free fragment of the modal mu-calculus. XMC is written in under 200 lines of XSB code, which constitute a declarative specification of CCS and the modal mu-calculus at the level of semantic equations. In order to gauge the performance of XMC as an algorithmic model checker, we conducted a series of benchmarking experiments designed to compare the performance of XMC with the local model checkers implemented in C/C++ in the Concurrency Factory and SPIN specification and verification environments. After applying certain newly developed logic-programmingbased optimizations (along with some standard ones), XMC's performance became extremely competitive with that of the Factory and shows promise in its comparison with SPIN.

This chapter addresses the question how to verify distributed and communicating systems in an e#ective way from an explicit process algebraic standpoint. This means that all calculations are based on the axioms and principles of the process algebras.

This paper presents an efficient model checking algorithm for one--safe time Petri nets and a timed temporal logic. The approach is based on the idea of (1) using only differences of timing variables to be able to construct a finite representation of the set of all reachable states and (2) further reducing the size of this representation by exploiting the concurrency in the net. This reduction of the state space is possible, because the considered linear--time temporal logic is stuttering invariant. The firings of transitions are only partially ordered by causality and a given formula

Abstract. We present MC 2, what we believe to be the first randomized, Monte Carlo algorithm for temporal-logic model checking, the classical problem of deciding whether or not a property specified in temporal logic holds of a system specification. Given a specification S of a finite-state system, an LTL (Linear Temporal Logic) formula ϕ, and parameters ɛ and δ, MC 2 takes N = ln(δ) / ln(1 − ɛ) random samples (random walks ending in a cycle, i.e lassos) from the Büchi automaton B = BS × B¬ϕ to decide if L(B) = ∅. Should a sample reveal an accepting lasso l, MC 2 returns false with l as a witness. Otherwise, it returns true and reports that with probability less than δ, pZ < ɛ, where pZ is the expectation of an accepting lasso in B. It does so in time O(N · D) and space O(D), where D is B’s recurrence diameter, using a number of samples N that is optimal to within a constant factor. Our experimental results demonstrate that MC 2 is fast, memory-efficient, and scales very well.

With the advancement of computer technology, highly concurrent systems are being developed. The verification of such systems is a challenging task, as their state space grows exponentially with the number of processes. Partial order reduction is an effective technique to address this problem. It relies on the observation that the effect of executing transitions concurrently is often independent of their ordering. In this paper we present the basic principles behind partial order reduction and its implementation.

. A finite representation of the prime event structure corresponding to the behaviour of a program is suggested. The algorithm of linear complexity using this representation for model checking of the formulas of Discrete Event Structure Logic without past modalities is given. A method of building finite representations of event structures in an efficient way by applying partial order reductions is provided. 1 Introduction Model checking is one of the most successful methods of automatic verification of program properties. A model-checking algorithm decides whether a finite-state concurrent system satisfies its specification, given as a formula of a temporal logic [3, 10]. Behaviour of a concurrent system can be modeled in two ways. In the interleaving semantics, the meaning of a program is an execution tree, temporal-logic assertions are interpreted over paths of this tree. In partial-order semantics (or event structure semantics), behaviour is an event structure, where the ordering r...

. In this paper, we describe a case study on the verification of a real industrial protocol for wireless atm, called mascara. Several tools have been used: sdl has been chosen as the specification language and the commercial tool Objectgeode has been used for creating and maintaining sdl descriptions. The if tool-set has been used for generation, minimization and comparison of system models and verification of expected properties. All specification and verification tools are connected via the if language, which has been defined as an intermediate representation for timed asynchronous systems as well as an open validation environment. Due to the complexity of the protocol, static analysis techniques, such as live variable analysis and program slicing, were the key to the success of this case study. The results obtained give some hints concerning a methodology for the formal verification of real systems. 1 Introduction Model checking [CE81,QS82] is by now a well established m...

Verification by state-space exploration is one of the most successful strategies for analyzing the correctness of finite-state concurrent reactive systems. Partial-order methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in the verification results. This paper presents results of experiments performed with these algorithms on real protocol examples, and discusses the practical significance of partial-order methods. 1. Introduction State-space exploration is one of the most successful strategies for checking the correctness of finite-state concurrent reactive systems. It consists in exploring a global state graph, called the state space, representing the combined behavior of all concurrent components in the system. Many different types of properties of a system can be checked by exploring its state space: deadlocks, dead code, unspecified receptions, violations of user-specified assertions, etc. Moreo...

Abstract. We describe an improvement of the partial-order reduction algorithm for breadth-first search which was introduced in Spin version 4.0. Our improvement is based on the algorithm by Alur et al. for symbolic state model checking for local safety properties [1]. The crux of the improvement is an optimization in the context of explicit state model checking of the condition that prevents action ignoring, also known as the cycle proviso. There is an interesting duality between the cycle provisos for the breadth-first search (BFS) and depth first search (DFS) exploration of the state space, which is reflected in the role of the BFS queue and the DFS stack, respectively. The improved version of the algorithm is supported in the current version of Spin and can be shown to perform significantly better than the initial version.