We consider the problem of model checking message-passing systems with real-time requirements. As behavioural specifications, we use message sequence charts (MSCs) annotated with timing constraints. Our system model is a network of communicating finite state machines with local clocks, whose global behaviour can be regarded as a timed automaton. Our goal is to verify that all timed behaviours exhibited by the system conform to the timing constraints imposed by the specification. In general, this corresponds to checking inclusion for timed languages, which is an undecidable problem even for timed regular languages. However, we show that we can translate regular collections of time-constrained MSCs into a special class of event-clock automata that can be determinized and complemented, thus permitting an algorithmic solution to the model checking problem. Digital Object Identifier 10.4230/LIPIcs.FSTTCS.2010.204 1

specifications

Our goal is to use formal methods to reason about systems where time and concurrency play a significant role. We are interested in checking if the behaviours exhibited by an implementation conform to those stipulated by the specification in a timed and distributed system. To describe the behaviours of distributed systems which operate on a global time, we introduce two notions of timed partial orders. The first, timed message sequence charts (TMSCs) are concrete models used to describe system executions. and represent families of TMSCs. For appropriate formalisms of implementation (timed message passing automata) and specification (monadic second order logic) over TMSCs, we obtain an expressive equivalence. Infinite collections of TCMSCs can also be specified using time constrained message sequence graphs (TCMSGs). We address two problems that arise in this setting, consistency and coverage. Consistency asks if every run of the implementation is compatible with some TCMSC generated by the TCMSG. Coverage asks