On the Complexity of Branching Modular Model Checking (Extended Abstract)

In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assume-guarantee paradigm. In this paper we consider assume-guarantee specifications in which the assumptions and the guarantees are specified by universal branching temporal formulas (i.e., all path quantifiers are universal). Verifying modules with respect to such specifications is called the branching modular model-checking problem. We consider both 8CTL and 8CTL?, the universal fragments of CTL and CTL?. We develop two fundamental techniques: building maximal models for 8CTL and 8CTL? formulas and using alternating automata to obtain space-efficient algorithms for fair model checking. Using these techniques we classify the complexity of satisfiability, validity, implication, and modular model checking for both 8CTL and8CTL?. In particular, branching modular model checking is PSPACE-complete for 8CTL and EXPSPACE-complete for 8CTL?.