Abstract. We investigate the Presburger liveness problems for nondeterministicreversal-bounded multicounter machines with a free counter (NCMFs). We show the following:-The 9-Presburger-i.o. problem and the 9-Presburger-eventual problem areboth decidable. So are their duals, the 8-Presburger-almost-always problemand the 8-Presburger-always problem.- The 8-Presburger-i.o. problem and the 8-Presburger-eventual problem areboth undecidable. So are their duals, the 9-Presburger-almost-always prob-lem and the 9-Presburger-always problem. These results can be used to formulate a weak form of Presburger linear tem-poral logic and develop its model-checking theories for NCMFs. They can also be combined with [12] to study the same set of liveness problems on an extendedform of discrete timed automata containing, besides clocks, a number of reversalbounded counters and a free counter. 1 Introduction An infinite-state system can be obtained by augmenting a finite automaton with oneor more unbounded storage devices. The devices can be, for instance, counters (unary stacks), pushdown stacks, queues, and/or Turing tapes. However, an infinite-state sys-tem can easily achieve Turing-completeness, e.g., when two counters are attached to a finite automaton (resulting in a "Minsky machine"). For these systems, even simpleproblems such as membership are undecidable.

We consider past pushdown timed automata that are discrete pushdown timed automata with past formulas as enabling conditions. Using past formulas allows a past pushdown timed automaton to access the past values of the finite state variables in the automaton. We prove that the reachability (i.e., the set of reachable configurations from an initial configuration) of a past pushdown timed automaton can be accepted by a nondeterministic reversal-bounded counter machine augmented with a pushdown stack (i.e., a reversalbounded NPCM). By using the known fact that the emptiness problem for reversal-bounded NPCMs is decidable, we show that model-checking past pushdown timed automata against Presburger safety properties on discrete clocks and stack word counts is decidable. We also investigate the reachability problem for a class of transition systems under some fairness constraints in the form of generalized past formulas. Finally, we present an example ASTRAL specification to demonstrate the usefulness of the results.

Abstract. Recent advances in parallel model checking for liveness properties achieve significant capacity increases over sequential model checkers. However, the capacity of parallel model checkers is in turn limited by available aggregate memory and network bandwidth. We propose a new parallel algorithm that sacrifices complete coverage for increased capacity to find errors. The algorithm, called BEE (for bee-based error exploration) uses coordinated depth-bounded random walks to reduce memory and bandwidth demands. A unique advantage of BEE is that it is well-suited for use on clusters of non-dedicated workstations.

ASTRAL is a high-level formal speci cation language for real-time systems. This paper presents a symbolic model checker that translates an ASTRAL process instance to a labeled transition system with each transition representable by a Presburger formula. The labeled transition system is unfolded into the execution tree of an ASTRAL process and the Omega library is used to carry out the image computations. Different levels of approximation of the environment behaviors of the instance are considered, as well as symbolic search strategies including depth-first search, breadth-first search, and depth-breadth search. Three approximation techniques to speed up the model checking process for use in debugging a speci cation are also presented. They are random walk, partial image and dynamic environment generation. Ten mutation tests on a railroad crossing benchmark are used to compare the performance of the techniques applied separately and in combination. The test results are presented and analyzed.