Symbolic model checking for µ-calculus requires exponential time

Model checking [3] is a very popular paradigm for automatic verification of properties of finite state systems like those defined by circuits or communication protocols. A system is interpreted as a finite state labeled transition system or equivalently as a finite Kripke structure. If sys contains k concurrent components, each with m states, then the Kripke structure described by sys may have m states. Hence, the size of the Kripke structure might be exponential in the size m × k of its description. This phenomenon is known as the state explosion problem. To avoid the state explosion, a method called symbolic model checking was proposed in [12]. This method avoids building a state graph by using propositional formulas to represent sets and relations. Required properties of a system are formulated by formulas in temporal or modal formalisms like LTL, CTL, CTL or μ-calculus (see surveys [4, 14]). The μ-calculus [10] is a powerful language for expressing properties of Kripke structures by using the least fixed point operator. It provides a single, uniform and elegant framework subsuming most temporal and modal logics of programs [5]. In this paper we investigate the complexity of the following decision problem. Symbolic Model Checking for μ-calculus: Input: A description of a finite state Kripke structure K and its state s by propositional formulas, and a μ-calculus formula φ. Question: Determine whether the state s of the Kripke structure K satisfies the property defined by φ. Notice that the size of an instance of the model checking problem is the size of the description of K, s, plus the size of φ. This is a natural measurement. Indeed, in order to verify a circuit with 1000 Flip-Flops, a model checker will be provided with the graph of the circuit rather than with its state transition