Handling Inconsistencies in CTL Model-Checking using Belief Revision Thiago Sousa and Renata Wassermann 1 Department of Computer Science Institute of Mathematics and Statistics University of S˜ ao Paulo, Brazil {thiago,renata}@ime.usp.br Abstract. Given a formal description of a system, there are computational tools that verify the validity of some properties in the system. These tools usually only tell the user whether the property holds or not, without giving any hint as to how the system could be adapted in order for the desired property to hold. In this paper, we present a formal approach for handling inconsistencies in CTL (computation tree logic) model-checking using belief revision. Given a CTL formula inconsistent with a model of the system described in SMV, we revise this model in such a way that the formula becomes true. This revision forces changes in the SMV description of the system. Our implementation enriches the NuSMV model checker with three types of change: addition of lines, elimination of lines and change in the initial state, where the first two cause modifications in the transitions between the states of the model. 1. Introduction Handling inconsistencies in requirements specifications is a critical activity in the soft- ware development process. Inconsistent specifications can lead to system failures, and defects detected late in development can be more expensive to correct than inconsistencies discovered early. Therefore, techniques for the detection and resolution of inconsistencies in requirements specifications can be crucial for the successful development of software systems. A variety of techniques has been developed for checking specifications for incon- sistencies. These include formal techniques such as those based on model checking or the- orem proving [Winter 1997, B¨ uessow 2003, Leuschel and Butler 2003, Kolyang et al. 1996, E.M. Clarke et al. 1994]. While many of these approaches provide rigorous, and often au- tomated, analysis of software specifications to reveal inconsistencies, they often also do not support the system developer in solving these inconsistencies after they have been discovered. To address this issue, we have developed an approach based on belief revision to suggest ways for changing system specifications. Belief revision [G¨ ardenfors 1988, Hansson 1997] is a sub-area of artificial intelligence whose main focus is to keep the consistency of a set of beliefs when new beliefs are incorporated. This paper presents an approach based on belief revision for handling inconsis- tencies focusing in a particular model-checking tool, NuSMV [Cimatti et al. 2002]. The basic principle of model-checking is to analyse whether a model that represents the system