The idea to use simulations (or refinements) as a compositional abstraction device is well-known, both in untimed and timed settings, and has already been studied theoretically and practically in many papers during the last three decades. Nevertheless, existing approaches do not handle two fundamental modeling concepts which, for instance, are frequently used in the popular Uppaal model checker...

Model checking 7] has proven to be an eeec-tive analysis tool for domains such as hardware circuits and communication protocols. However, it has not yet been widely applied to more general concurrent systems, such as those realized by Ada multi-tasking programs. A major impediment to the use of model checking in such systems is the exponential growth of the state space, which results from the p...

Policies are increasingly used to govern the behaviour of complex distributed systems. Most policy models that allow policy composition, to address the complexity of policies, are only concerned with structural composition. In this paper we argue that it is natural to compose policies also along the temporal axis, i.e. express policies that can dynamically change over time or on the occurrence ...

Model-based design constructs physical systems in two stages. First, a causal relation network (CRN) of quantities that entails the desired behavior is constructed from a domain model. Second, a physical system is designed by assembling components such that all the causal relations specified by the CRN are imposed. The Compositional Model-based Design method, CMD, simplifies the design of compl...

1 Abbreviations and Notations 2

We describe a parallel, symbolic, model-checking algorithm, built around a compositional reasoning method. The method constructs a collection of per-process (i.e., local) invariants, which together imply a desired global safety property. The local invariant computation is a simultaneous fixpoint evaluation, which easily lends itself to parallelization. Moreover, locality of reasoning helps limi...

Modeling the environment of a design module under verification is a known practical problem in compositional verification. In this paper, we propose an approach to translate an ACTL specification into such an environment. Throughout the translation, we construct an efficient tableau for the full range of ACTL and synthesize the tableau into Verilog HDL behavior level program. The synthesized pr...

We extend the formal developments for message sequence charts (MSCs) to support scenarios with lost and found messages. We define a notion of extended compositional message sequence charts (ECMSCs) which subsumes the notion of compositional message sequence charts in expressive power but additionally allows to define lost and found messages explicitly. As usual, ECMSCs might be combined by mean...

ion and Assume-guarantee Reasoning for Automated Software Verification S. Chaki, E. Clarke, D. Giannakopoulou, and C.S. Păsăreanu 1 Carnegie Mellon Software Engineering Institute 2 Carnegie Mellon University 3 RIACS, NASA Ames Research Center, Moffett Field, CA, USA 4 Kestrel Technology LLC, NASA Ames Research Center, Moffett Field, CA, USA Abstract. Compositional verification and abstraction a...

This paper describes a compositional proof strategy for verifying properties of requirements specifications. The proof strategy, which may be applied using either a model checker or a theorem prover, uses known state invariants to prove state and transition invariants. Two proof rules are presented: a standard incremental proof rule analogous to Manna and Pnueli’s incremental proof rule and a c...