Compositional Veriication by Model Checking for Counter-examples

Many concurrent systems are required to maintain certain safety and liveness properties. One emerging method of achieving conndence in such systems is to statically verify them using model checking. In this approach an abstract, nite-state model of the system is constructed; then an automatic check is made to ensure that the requirements are satissed by the model. In practice, however, this method is limited by the state space explosion problem. We have developed a compositional method that directly addresses this problem in the context of multi-tasking programs. Our solution depends on three key space-saving ingredients: (1) checking for counterexamples , which leads to simpler search algorithms; (2) automatic extraction of interfaces , which allows a reenement of the nite model { even before its communicating partners have been compiled; and (3) using propositional \strengthening assertions" for the sole purpose of reducing state space. In this paper we present our compositional approach, and describe the software tools that support it.