Scenario-based specifications such as message sequence charts (MSC) offer an intuitive and visual way to describe design requirements. MSC-graphs allow convenient expression of multiple scenarios, and can be viewed as an early modelof the system that can be subjected to a variety of analyses. Problems such as LTL model checking are undecidable for MSC-graphs in general, but are known to be decidable for the class of boundedMSC-graphs. Our first set of results concerns checking realizabilityof bounded MSC-graphs. An MSC-graph is realizable if there is a distributed implementation that generates precisely the behaviors in the graph. There are two notions of realizability, weakandsafe, depending on whether or not we require the implementation to be deadlock-free. It is known that for a finite set of MSCs, weak realizability is coNP-complete while safe realizability has a polynomial-time solution. We establish that for bounded MSC-graphs, weak realizability is, surprisingly, undecidable, while safe realizability is in E XPSPACE. Our second set of results concerns verification of MSC-graphs. While checking properties of a graphG, besides verifying all the scenarios in the set L(G) of MSCs specified byG, it is desirable to verify all the scenarios in the set Lw(G)—the closureof G, that contains the implied scenarios that any distributed implementation of G must include. For checking whether a given MSC M is a possible behavior, checking M ∈ L(G) is NP-complete, but checking M ∈ Lw(G) has a quadratic A preliminary version of this paper appears in Proceedings of the 28th International Colloquium onAutomata , Languages , and Programming(ICALP’01), LNCS 2076, Springer, pp. 797–808, 2001. This research was partially supported by NSF Career award CCR97-34115, NSF award CCR99-70925, and Alfred P. Sloan Faculty Fellowship. ∗Corresponding author. E-mail address:alur@cis.upenn.edu (R. Alur). 0304-3975/$ see front matter © 2004 Elsevier B.V. All rights reserved. doi:10.1016/j.tcs.2004.09.034 98 R. Alur et al. / Theoretical Computer Science 331 (2005) 97–114 solution. For temporal logic specifications, considering the closure makes the verification problem harder: while checking LTL properties of L(G) is PSPACE-complete for bounded graphs G, checking even simple “local” properties of Lw(G) is undecidable. © 2004 Elsevier B.V. All rights reserved.
[1]
Rajeev Alur,et al.
Model Checking of Message Sequence Charts
,
1999,
CONCUR.
[2]
Thomas J. Schaefer,et al.
The complexity of satisfiability problems
,
1978,
STOC.
[3]
Madhavan Mukund,et al.
On Message Sequence Graphs and Finitely Generated Regular MSC Languages
,
2000,
ICALP.
[4]
Hanêne Ben-Abdallah,et al.
Syntactic Detection of Process Divergence and Non-local Choice inMessage Sequence Charts
,
1997,
TACAS.
[5]
Hanêne Ben-Abdallah,et al.
MESA: Support for Scenario-Based Design of Concurrent Systems
,
1998,
TACAS.
[6]
Rajeev Alur,et al.
An Analyzer for Message Sequence Charts
,
1996,
Softw. Concepts Tools.
[7]
Rémi Morin,et al.
Recognizable Sets of Message Sequence Charts
,
2002,
STACS.
[8]
Doron A. Peled,et al.
Specification and Verification of Message Sequence Charts
,
2000,
FORTE.
[9]
Anca Muscholl,et al.
Message Sequence Graphs and Decision Problems on Mazurkiewicz Traces
,
1999,
MFCS.
[10]
Giancarlo Mauri,et al.
Membership Problems for Regular and Context-Free Trace Languages
,
1989,
Inf. Comput..
[11]
Gerard J. Holzmann,et al.
Design tools for requirements engineering
,
1997,
Bell Labs Technical Journal.
[12]
Ivar Jacobson,et al.
The Unified Modeling Language User Guide
,
1998,
J. Database Manag..
[13]
Markus Lohrey.
Safe Realizability of High-Level Message Sequence Charts
,
2002,
CONCUR.
[14]
Rajeev Alur,et al.
Inference of message sequence charts
,
2000,
Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.
[15]
Anca Muscholl,et al.
Deciding Properties of Message Sequence Charts
,
2003,
Scenarios: Models, Transformations and Tools.