ScholarlyCommons

Title

Realizability and Verification of MSC Graphs

Author(s)

Rajeev Alur, University of PennsylvaniaFollow
Kousha Etessami, Bell Laboratories
Mihalis Yannakakis, Avaya Labs

Date of this Version

February 2005

Document Type

Journal Article

Recommended Citation

Rajeev Alur, Kousha Etessami, and Mihalis Yannakakis, "Realizability and Verification of MSC Graphs", Theoretical Computer Science: Automata, Languages and Programming 331(1), 97-114. February 2005. http://dx.doi.org/10.1016/j.tcs.2004.09.034

Abstract

Scenario-based specifications such as message sequence charts (MSC) offer an intuitive and visual way to describe design requirements. MSC-graphs allow convenient expression of multiple scenarios, and can be viewed as an early model of the system that can be subjected to a variety of analyses. Problems such as LTL model checking are undecidable for MSC-graphs in general, but are known to be decidable for the class of bounded MSC-graphs.

Our first set of results concerns checking realizability of bounded MSC-graphs. An MSC-graph is realizable if there is a distributed implementation that generates precisely the behaviors in the graph. There are two notions of realizability, weak and safe, depending on whether or not we require the implementation to be deadlock-free. It is known that for a finite set of MSCs, weak realizability is coNP-complete while safe realizability has a polynomial-time solution. We establish that for bounded MSC-graphs, weak realizability is, surprisingly, undecidable, while safe realizability is in EXPSPACE.

Our second set of results concerns verification of MSC-graphs. While checking properties of a graph G, besides verifying all the scenarios in the set L(G) of MSCs specified by G, it is desirable to verify all the scenarios in the set L^w(G)--the closure of G, that contains the implied scenarios that any distributed implementation of G must include. For checking whether a given MSC M is a possible behavior, checking M ∈ L(G) is NP-complete, but checking M ∈ L^w(G) has a quadratic solution. For temporal logic specifications, considering the closure makes the verification problem harder: while checking LTL properties of L(G) is PSPACE-complete for bounded graphs G, checking even simple "local" properties of L^w(G) is undecidable.

Subject Area

CPS Formal Methods

Publication Source

Theoretical Computer Science: Automata, Languages and Programming

Volume

331

Issue

1

Start Page

97

Last Page

114

DOI

10.1016/j.tcs.2004.09.034

Copyright/Permission Statement

NOTICE: This is the author’s version of a work that was accepted for publication in Theoretical Computer Science. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms, may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Theoretical Computer Science, Vol. 331, Issue 1, February 2005, DOI: 10.1016/j.tcs.2004.09.034.

Keywords

formal verification, software specification, message sequence charts