. Recursive state machines (RSMs) enhance the power of ordinary state machines by allowing vertices to correspond either to ordinary states or to potentially recursive invocations of other state machines. RSMs can model the control flow in sequential imperative programs containing recursive procedure calls. They can be viewed as a visual notation extending Statecharts-like hierarchical state machines, where concurrency is disallowed but recursion is allowed. They are also related to various models of pushdown systems studied in the verification and program analysis communities. After introducing RSMs, we focus on whether state-space analysis can be performed efficiently for RSMs. We consider the two central problems for algorithmic analysis and model checking, namely, reachability (is a target state reachable from initial states) and cycle detection (is there a reachable cycle containing an accepting state). We show that both these problems can be solved in time O(n` 2 ) and space O(n`), where n is the size of the recursive machine and ` is the maximum, over all component state machines, of the minimum of the number of entries and the number of exits of each component. We also study the precise relationship between RSMs and closely related models. 1

resi, Gino Biondini, Fabiano Cattaneo, Thorna Humphries, Artur Klauser, Pier Luca Lanzi, Edoardo Marcora, Mark Maybee, Mattia Monga, Alessandro Orso, Gian Pietro Picco, Matteo Pradella, Giuseppe Ricci, Massimo Ricotti, Sergio Silva, Judith Stafford, Laura Vidal, Giovanni Vigna, : : : and many others. Grazie di cuore a tutti. Milano, December 1998. Contents 1 Introduction 1 1.1 Focus and contribution of the thesis . . . . . . . . . . . . . . . . 2 1.2 Structure of the thesis . . . . . . . . . . . . . . . . . . . . . . . . . 4 2 Background and New Challenges 5 2.1 Related technology . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.1 Centralized event/message based environments . . . . . 7 2.1.2 Internet technology . . . . . . . . . . . . . . . . . . . . . . 10 2.1.3 Distributed event-based infrastructures . . . . . . . . . . 12 2.2 New challenges for Event-based technologies . . . . . . . . . . . 15 2.2.1 Discu

We consider the model checking problem for probabilistic pushdown automata (pPDA) and properties expressible in various probabilistic logics. We start with properties that can be formulated as instances of a generalized random walk problem. We prove that both qualitative and quantitative model checking for this class of properties and pPDA is decidable. Then we show that model checking for the qualitative fragment of the logic PCTL and pPDA is also decidable. Moreover, we develop an error-tolerant model checking algorithm for general PCTL and the subclass of stateless pPDA. Finally, we consider the class of properties definable by deterministic B uchi automata, and show that both qualitative and quantitative model checking for pPDA is decidable. 1.

Recent works have proposed... In this paper we consider LTL with regular valuations: the set of configurations satisfying an atomic proposition can be an arbitrary regular language. The model-checking problem is solved via two different techniques, with an eye on efficiency. The resulting algorithms are polynomial in certain measures of the...

. Hierarchical State Machines (HSMs) are a natural model for representing the behavior of software systems. In this paper, we investigate a variety of model-checking problems for an extension of HSMs in which state machines are allowed to call each other recursively. 1

Abstract not found

Abstract. We study a logic called FLC (Fixpoint Logic with Chop) that extends the modal mu-calculus by a chop-operator and termination formulae. For this purpose formulae are interpreted by predicate transformers instead of predicates. We show that any context-free process can be characterized by an FLC-formula up to bisimulation or simulation. Moreover, we establish the following results: FLC is strictly more expressive than the modal mu-calculus; it is decidable for finite-state processes but undecidable for context-free processes; satisfiability and validity are undecidable; FLC does not have the finite-model property. 1

Recent developments in mobile code and embedded systems have lead to an increased interest in open platforms, i.e. platforms which enable different applications to interact in a dynamic environment. However, the flexibility of open platforms presents major difficulties for the (formal) verification of secure interaction between the different applications. To overcome these difficulties, compositional verification techniques are required. This paper presents a compositional approach to the specification and verification of secure applet interactions. This approach involves a compositional model of the interface behavior of applet interactions, a temporal logic property specification language, and a proof system for proving correctness of property decompositions. The usability of the approach is demonstrated on a realistic smartcard case study.

Context-free processes (BPA) have been used for dataflow-analysis in recursive procedures with applications in optimizing compilers [6]. We introduce a more refined model called BPA(ZZ) that can model not only recursive dependencies, but also the passing of integer parameters to subroutines. Moreover, these parameters can be tested against conditions expressible in Presburger-arithmetic.

Searching the state space of a system using enumerative and on-the-fly depth-first traversal is an established technique for model checking finite-state systems. In this paper, we propose algorithms for on-the-fly exploration of recursive state machines, or equivalently pushdown systems, which are suited for modeling the behavior of procedural programs. We present algorithms for reachability (is a bad state reachable?) as well as for fair cycle detection (is there a reachable cycle with progress?). We also report on an implementation of these algorithms to check safety and liveness properties of recursive boolean programs, and its performance on existing benchmarks.