Model checking for the concurrent constraint paradigm

Formal verification of temporal properties is necessary in many real applications. We can find in the literature many case studies which show us how formal verification techniques allowed scientists to find errors in systems that were thought to be correct. Model checking is an automatic formal verification technique that, given a model of a system and a temporal formula determines if the model satisfies the formula. The main drawback of model checking is the state explosion problem. In this thesis we consider the Concurrent Constraint (cc) paradigm to specify reactive and hybrid systems. Then, we provide the necessary formalism to verify such kind of systems. In particular, we handle three of the extended languages defined from the cc paradigm: the tcc, tccp and hcc languages. The first two languages have a discrete notion of time allowing the programmer to model reactive systems. The last one introduces a continuous notion of time which allows us to model hybrid systems. It is well known that an appropriate denotational semantics allows us to perform very interesting analysis over languages in a simple way. In that sense, in this thesis we show that although both denotational and operational semantics were given when tcc was defined, they do not always coincide. We define a fully abstract denotational semantics (w.r.t. the operational semantics) for the tcc model. We also describe an application of our new semantics to the analysis of the expressivity power of the new construct introduced in tcc to model the timeout or preemption behaviors. We show that the new construct makes the tcc language a more powerful language than the cc model. The main result of this thesis is the definition of a model checking algorithm for tccp programs. The idea is to exploit the good features of the cc paradigm to solve the state explosion problem of model checking. We take advantage of the constraint notion in order to redefine the three phases of the model checking technique. First of all we use constraints to define what a state is in the model of the system. A state of the model can be seen as a conjunction of constraints. This means that a state of our model represents a set of states of a classical Kripke Structure. Furthermore, constraints are directly used in the logic that we consider, thus it is not necessary to transform our model into a Kripke Structure. For classical temporal logics, this transformation would be necessary since they could not handle our model directly. Note that we have only partial information while classical logics need full information about values of variables. We also define a method to verify hcc programs. We show that the hcc language allows the programmer to specify hybrid systems in general and linear hybrid systems in particular. The key idea in this case is also to take advantage of the nature of the cc paradigm. The approach presented in this thesis is the first attempt to apply the model checking technique to the hcc language.