On Modal Refinement and Consistency Kim G. Larsen, Ulrik Nyman, and Andrzej Wąsowski Department of Computer Science, Aalborg University, Denmark {kgl,ulrik,wasowski}@cs.aau.dk Abstract. Almost 20 years after the original conception, we revisit sev- eral fundamental questions about modal transition systems. First, we demonstrate the incompleteness of the standard modal refinement us- ing a counterexample due to Hüttel. Deciding any refinement, complete with respect to the standard notions of implementation, is shown to be computationally hard (co-NP hard). Second, we consider four forms of consistency (existence of implementations) for modal specifications. We characterize each operationally, giving algorithms for deciding, and for synthesizing implementations, together with their complexities. 1 Background and Overview Modal transition systems (MTSs) are a generalization of labeled transition sys- tems (LTSs). Similarly to LTSs modal transition systems use labeled transitions between states to model behaviors. Unlike LTSs, they distinguish allowed and required behaviors (over- and under-approximations), which makes them a suit- able semantic model for abstraction in program analysis and verification. MTSs, originally introduced by Larsen and Thomsen almost 20 years ago [1], have since been applied in program analysis [2, 3], model checking [4, 5], verifi- cation [6, 7], equation solving [8], interface theories [9], software product lines [9, 10] and model merging [11, 12]. Foundational work on modal transition systems included extensions to modal hybrid systems [13], timed modal specifications [14–16] and variants of disjunctive MTSs [8, 17, 18]. Surprisingly though, several fundamental questions about the theory of MTSs have never been addressed. Refinement relations for modal transition systems are defined contravari- antly. If S refines T then all allowed behaviors of S need to be allowed in T , while all required behaviors of T need also be required by S. An implementation is an MTS that has been completely specified, i.e. all its allowed behavior is also required, leaving no further choice for refinement. One fundamental issue for a modal refinement is to see whether it characterizes the inclusion of implementa- tion sets thoroughly: can one for an MTS S refining an MTS T imply that all implementations of S are also implementations of T ? And vice-versa? Standard modal refinement is sound, but not complete in this sense. Meaning that here exist MTSs for which implementation inclusion holds, but which do not refine each other. We show that deciding any sound and complete refinement, preserving the set of implementations of standard modal refinement or weak