Model Checking of Message Sequence Charts

Scenario based speci cations such as message sequence charts MSC o er an intuitive and visual way of describing design require ments Such speci cations focus on message exchanges among communi cating entities in distributed software systems Structured speci cations such as MSC graphs and Hierarchical MSC graphs HMSC allow con venient expression of multiple scenarios and can be viewed as an early model of the system In this paper we present a comprehensive study of the problem of verifying whether this model satis es a temporal require ment given by an automaton by developing algorithms for the di erent cases along with matching lower bounds When the model is given as an MSC model checking can be done by constructing a suitable automaton for the linearizations of the partial order speci ed by the MSC and the problem is coNP complete When the model is given by an MSC graph we consider two possible semantics depending on the synchronous or asynchronous interpretation of concate nating two MSCs For synchronous model checking of MSC graphs and HMSCs we present algorithms whose time complexity is proportional to the product of the size of the description and the cost of processing MSCs at individual vertices Under the asynchronous interpretation we prove undecidability of the model checking problem We then identify a natural requirement of boundedness give algorithms to check bounded ness and establish asynchronous model checking to be Pspace complete for bounded MSC graphs and Expspace complete for bounded HMSCs