- Course ID
- NWI-IMC046
- Credits
- 6 ec

Tuesdays 10.45-12.30 in HG00.065 (lectures) and Thursday 14.45-17.30 in HG02.032 (assignments/exercises)

Some knowledge of automata theory; logic; probability theory; algorithms; complexity theory.

After successful completion of the course, participants are able to:

- recognize situations in which the applications of model checking techniques for specification and analysis may be useful,
- explain the basic theory and algorithms of model checking for finite state, real-time, and probabilistic automata,
- model (critical parts of) realistic computer-based systems as networks of automata,
- formalize desired properties of these systems in terms of automata or temporal logic, and
- use state-of-the-art tools for their analysis.

As our daily lives depend increasingly on digital systems, the reliability of these systems becomes a crucial concern, and as the complexity of the systems grows, their reliability can no longer be sufficiently controlled by traditional approaches of testing and simulation. It becomes essential to build mathematical models of these systems, and to use (algorithmic) verification methods to analyse these models. In model checking, specifications about the system are expressed as (temporal) logic formulas, and efficient symbolic algorithms are used to traverse the model defined by the system and check if the specification holds or not. As model checking is fully automatic, requiring no complex knowledge of proof strategies or biases of simulation tools, it is the method of choice for industry-scale verification.

This course introduces several variants of model checking, in particular:

- Explicit-state and symbolic algorithms for model checking linear-time (LTL) and branching-time (CTL) temporal logics for finite machines
- DBM-based algorithms for model checking TCTL for networks of timed automata
- PCTL for Markov chains and Markov decision processes

linear time temporal logic (LTL); branching time temporal logic (CTL); explicit-state model checking; abstraction and bisimulations techniques; partial order reduction techniques; symbolic model checking; timed automata, DBMs; probabilistic CTL; Markov chains and Markov decision processes; fault-tree analysis; model checking tools such as nuSMV, Uppaal, Uppaal SMC and PRISM.

Participants are expected to invest 168h (=6ec) in this course. Altogether there will be 15 lectures and 15 problem sessions. Each week you will need 2 hours to attend a lecture, 2 hours two attend the problem sessions, and an additional 3 hours to prepare the lecture material and work on the weekly problems. For each of the two practical assignments you will need approximately half a week. This leaves you with 3 days to prepare and make the exam: 168 = 15*(2+2+3) + 2*20 + 23.

Grades will be awarded on the basis of an exam and two larger homework assignments. In computing the final score, the exam counts for 70% and each of the assignments for 15%.

The course material consists of hand-outs, sheets, and recent papers from the literature. These will be made available electronically via the course webpage or distributed during the course. Most of the theory discussed in the course is presented in the textbook Principles of model checking / Christel Baier; Joost-Pieter Katoen. – Cambridge, Mass: MIT Press, 2008. This book is mandatory for the course. Please also be aware of the errata.

A nice paper that places model checking in the larger perspective of software correctness is Mars Code by Gerard Holzmann, which describes how NASA developed reliable software for the Mars Curiosity Rover. The risks forum of Peter Neumann publishes monthly overviews of interesting software bugs.

Depending on the interest of the students, requirements imposed by homework assignments, and recent scientific developments, the specific topics covered in this course may vary from year to year.