1 UMC User Guide (version 2.5) Franco Mazzanti Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" ISTI-CNR Via A.Moruzzi 1 56124 Pisa, Italy franco.mazzanti@isti.cnr.it 1 Introduction The goal of the UMC project is to experiment in three different directions: - We are interested in exploring and exploiting the advantages given by the "on the fly" approach to model construction and checking [5,2,9]. - We are interested in investigating the kind of user interface which might help a non- expert user in taking advantage of formal specifications and verification techniques. - We are interested in testing the appropriateness of the UML [19,26] methodology for the specification and verification of the dynamic behaviour of a system. This experimentation is carried out through the actual development of a new verification tool (UMC), specifically tailored to the aims of the project. The immediate purpose of the project is definitively not that one of building a heavyweight verification machine (e.g. targeting the verification of systems with a very large number of states), even if the gained experience might certainly be useful for possible future extensions moving also in this direction. The development of the tool builds over the experience obtained with the previous development of FMC (see [13]), another "on the fly" model checker for networks of automata (specified in the fc2 format or as a collection of regular CCS / basic Lotos agents). In our case, the model under investigation is specified by a textual description of a set of UML statechart diagrams - one for each class of objects which constitutes the system - and by a set of objects instantiations. The properties to be verified are specified as mu-ACTL+ formulas: a temporal logic with the power of full mu-calculus, which includes the high level composite operators typical of branching time action based logic ACTL [6]. The reference dynamic semantics for UML statecharts is as far as possible corresponding to the "official" semantics as given in [26], as already formally described in [1,21,29] (with some limitations). In Section 2 we will describe how the underlying model to be analysed can be defined, and in Section 3 we will describe the temporal logic which can be used to express the properties to be verified. In Section 4 we will describe the how to use the tool both through its simple command-line interface and its web interface. In Section 5 we give an overview of the overall structure of UMC and of then verification algorithm used by the tool. In Section 6 we show a small but complete example of model verification.