SPECIFICATION AND VERIFICATION OF MESSAGE SEQUENCE CHARTS Doron Peled Bell Labs Murray Hill, NJ 07974 doran @research. bell-labs. com Abstract The use of message sequence charts (MSCs) is popular in designing and documenting communication protocols. A recent surge of inter- est in MSCs has led to various algorithms for their automatic analysis, e.g., finding race conditions. In this paper we adopt a causality based temporal logic to specify properties of MSCs. This alleviates some prob- lems that arise when specifying properties of MSCs using the traditional interleaving-based linear temporal logic: systems of MSCs are not nec- essarily finite state systems, leading to undecidability of LTL model checking. Even when dealing with finite state MSC systems, the set of linearizations can easily generate an exponential state space explo- sion. We provide an efficient model checking algorithm for systems of MSCs. Our construction models the FIFO MSC systems using a restricted version of w-automata with two successor relations. We im- plemented a model checking environment for MSCs as an extension to the SPIN model checking system. Keywords: Message sequence charts, Model checking, Specification, Verification. 1. INTRODUCTION Software verification is a very challenging task. One of the reasons is that software lacks some of the regularity that is typically found in hardware circuits. Some of the successful attempts to apply verification technology to software focused on communication protocols, abstract versions of algorithms, and finite state systems. One potential target of verification algorithms is the early design of software systems. There, the cost-performance of finding bugs is better than in later development stages, and the description is typically already an abstract version of the desired system. Tonunaso Bolognesi and Diego Latella (Eds.), Formal Methods for Distributed System Develcpment. !!:> 2000 IFIP International Federation for Information Processing. Published by Kluwer Academic Publishers. All rights reserved. The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35533-7_26