## Tools and Algorithms for the Construction and Analysis of Systems: 10th International Conference, TACAS 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, March 29 - April 2, 2004, Proceedings, Volume 10This volume contains the proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004). TACAS 2004 took place in Barcelona, Spain, from March 29th to April 2nd, as part of the 7th European Joint Conferences on Theory and Practice of Software (ETAPS 2004), whose aims, organization, and history are detailed in a foreword by the ETAPS Steering Committee Chair, Jos ́ e Luiz Fiadeiro. TACAS is a forum for researchers, developers, and users interested in ri- rously based tools for the construction and analysis of systems. The conference serves to bridge the gaps between di?erent communities including, but not - mited to, those devoted to formal methods, software and hardware veri?cation, static analysis, programming languages, software engineering, real-time systems, and communication protocols that share common interests in, and techniques for, tool development. In particular, by providing a venue for the discussion of common problems, heuristics, algorithms, data structures, and methodologies, TACAS aims to support researchers in their quest to improve the utility, rel- bility, ?exibility, and e?ciency of tools for building systems. TACASseekstheoreticalpaperswithaclearlinktotoolconstruction,papers describingrelevantalgorithmsandpracticalaspectsoftheirimplementation,- pers giving descriptions of tools and associated methodologies, and case studies with a conceptual message. |

### Contents

Revisiting Positive Equality | 1 |

An Interpolating Theorem Prover | 16 |

Minimal Assignments for Bounded Model Checking | 31 |

An Empirical Study | 46 |

Efficient Computation of TimeBounded Reachability Probabilities in Uniform ContinuousTime Markov Decision Processes | 61 |

Model Checking Discounted Temporal Properties | 77 |

Automatic Creation of Environment Models via Training | 93 |

Error Explanation with Distance Metrics | 108 |

A Partial Order Semantics Approach to the Clock Explosion Problem of Timed Automata | 296 |

Lower and Upper Bounds in Zone Based Abstractions of Timed Automata | 312 |

A Scalable Incomplete Test for the Boundedness of UML RT Models | 327 |

Automatic Verification of Time Sensitive Cryptographic Protocols | 342 |

SimulationBased Verification of Autonomous Controllers via Livingstone PathFinder | 357 |

Automatic Parametric Verification of a Root Contention Protocol Based on Abstract State Machines and First Order Timed Logic | 372 |

Reﬁning Approximations in Software Predicate Abstraction | 388 |

Checking Strong Specifications Using an Extensible Software Model Checking Framework | 404 |

Online Efficient Predictive Safety Analysis of Multithreaded Programs | 123 |

Verification of ObjectOriented Designs Using UPPAAL | 139 |

CoPS Checker of Persistent Security | 144 |

Tampere Verification Tool | 153 |

An AspectOriented Framework for Synchronization | 158 |

An Animation Tool for ModelChecking Games | 163 |

A Tool for Checking ANSIC Programs | 168 |

Obtaining MemoryEfficient Reachability Graph Representations Using the SweepLine Method | 177 |

Automated Generation of a Progress Measure for the SweepLine Method | 192 |

Tarjans Algorithm Makes OntheFly LTL Verification More Efficient | 205 |

ResourceOptimal Scheduling Using Priced Timed Automata | 220 |

Decidable and Undecidable Problems in Schedulability Analysis Using Timed Automata | 236 |

The Succinct Solver Suite | 251 |

BindingTime Analysis for MetaML via Type Inference and Constraint Solving | 266 |

A Class of Polynomially Solvable Range Constraints for Interval Analysis without Widenings and Narrowings | 280 |

Applying Game Semantics to Compositional Software Modeling and Verification | 421 |

Solving DisjunctiveConjunctive Boolean Equation Systems with Alternating Fixed Points | 436 |

How Vacuous Is Vacuous? | 451 |

A Temporal Logic of Nested Calls and Returns | 467 |

Liveness with Incomprehensible Ranking | 482 |

Guided Invariant Model Checking Based on Abstraction and Symbolic Pattern Databases | 497 |

Numeric Domains with Summarized Dimensions | 512 |

Symbolically Computing MostPrecise Abstract Operations for Shape Analysis | 530 |

Monotonic AbstractionReﬁnement for CTL | 546 |

OmegaRegular Model Checking | 561 |

FASTer Acceleration of Counter Automata in Practice | 576 |

From Complementation to Certification | 591 |

607 | |

### Common terms and phrases

abstract algorithm analysis applications approach assignment automata automaton Bšuchi bisimulation Bogor boolean equation boolean equation systems bound clause clock complexity Computer Science concrete conﬁgurations consider constraints construction corresponding counterexample cycles deﬁned Deﬁnition denote depth-ﬁrst diﬀerent eﬀect eﬃcient error example execution false ﬁnd ﬁnite ﬁrst ﬁxed ﬂow formula function game semantics heuristic iﬀ implementation implication graph inﬁnite integer language Lemma linear linear temporal logic LNCS logic Markov Markov chains model checking multithreaded node operators partial order reduction path pattern database Petri nets predicate problem Proc properties protocol reachability graph reﬁned reﬁnement represented result satisﬁes scheduling Section semantics sequence simulation solution space speciﬁcation Springer-Verlag stack strongly connected component structure subformulas subset Succinct Solver sweep-line method symbolic TACAS techniques Theorem tool transition transition relation true UML RT vacuity variables vector veriﬁcation