We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.

We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mu-calculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at model-checking, and finally at the relationship of modal logics to other formalisms.

Abstract not found

ion The main problem with model checking is the state explosion problem -- the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...

) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK-2800 Lyngby, Denmark. Abstract A major obstacle in applying finite-state model checking to the verification of large systems is the combinatorial explosion of the state space arising when many loosely coupled parallel processes are considered. The problem also known as the state-explosion problem has been attacked from various sides. This paper presents a new approach based on partial model checking: Parts of the concurrent system are gradually removed while transforming the specification accordingly. When the intermediate specifications constructed in this manner can be kept small, the stateexplosion problem is avoided. Experimental results with a prototype implemented in Standard ML, shows that for Milner's Scheduler --- an often used benchmark --- this approach improves on the published results on Binary Decision Diagrams and is comparable to results obtained using generalized...

. Symbolic verification based on Binary Decision Diagrams (BDDs) has proven to be a powerful technique for ensuring the correctness of digital hardware. In contrast, BDDs have not caught on as widely for software verification, partly because the data types used in software are more complicated than those used in hardware. In this work, we propose an extension of BDDs for dealing with dynamic data structures. Specifically, we focus on queues, since they are commonly used in modeling communication protocols. We introduce Queue BDDs (QBDDs), which include all the power of BDDs while also providing an efficient representation of queue contents. Experimental results show that QBDDs are well-suited for the verification of communication protocols. Keywords: communication protocols, queues, symbolic verification, BDDs, state explosion, state-space exploration, model checking 1. Introduction Binary Decision Diagrams (BDDs) [5] have proven to be a powerful tool for the verification of digital ...

We present the first compositional proof system for checking processes against formulas in the modal ¯-calculus which is capable of handling dynamic process networks. The proof system is obtained in a systematic way from the operational semantics of the underlying process algebra. A non-trivial proof example is given, and the proof system is shown to be sound in general, and complete for finite-state processes. 1 Introduction In this paper we address the problem of verifying modal ¯-calculus properties of general infinite-state processes, and we present what we believe to be the first genuinely compositional solution to this problem. The value of compositionality in program logics is well established. Compositionality allows better structuring and decomposition of the verification task, it allows reuse of proofs, and it allows reasoning about partially instantiated programs, thus supporting program synthesis. Even more fundamentally it allows, at least in principle, verification exe...

We sketch a BDD-like structure for representing unions of simple convex polyhedra, describing the legal values of a set of clocks given bounds on the values of clocks and clock differences. 1 Introduction The basic problem we are trying to tackle is the combination BDD's and DBM's (difference bound matrices) in order to allow a completely BDD-based approach to the verification of continuous real-time systems. Early approaches in this direction include [WTD95] and [Bal96]. Another inspiration for this work comes from [ST98]. Some of the ideas come from the implementation of a decision algorithm for timed bisimulation ([WL97]). 2 Definition of CDD's We assume a finite set of real-valued clocks C = fX 1 ; : : : ; X k g. We are interested in a data structure to represent and manipulate sets of possible values of these clocks. In particular, we shall confine ourselves to sets being the finite unions of simple convex polyhedra. The simple convex polyhedra are described by bounds on the ind...

. We present the first compositional proof system for checking processes against formulas in the modal ¯-calculus which is capable of handling general infinite-state processes. The proof system is obtained in a systematic way from the operational semantics of the underlying process algebra. A non-trivial proof example is given, and the proof system is shown to be sound in general, and complete for finite-state processes. 1 Introduction In this paper we address the problem of verifying modal ¯-calculus properties of general infinite-state processes, and we present what we believe to be the first genuinely compositional solution to this problem. The value of compositionality in program logics is well established. Compositionality allows better structuring and decomposition of the verification task, it allows proof reuse, and it allows reasoning about partially instantiated programs, thus supporting program synthesis. Even more fundamentally it allows, at least in principle, verification...

We present a sequent calculus for proving that processes in a process algebra satisfy assertions in Hennessy-Milner logic. The main novelty lies in the use of the operational semantics to derive introduction rules (on the left and right of sequents) for the different operators of the process calculus. This gives a generic proof system applicable to any process algebra with an operational semantics specified in the GSOS format. We identify the desirable property of compositionality with cut-elimination, and we prove that this holds for a class of sequents. Further, we show that the proof system enjoys good completeness and !-completeness properties relative to its intended model. 1 Introduction The provision of proof systems for program logics is an important research goal, as such systems enable one to give formal proofs guaranteeing that programs satisfy required properties. A desirable feature of such proof systems is that they should allow a compositional style of proof developme...