 
Summary: Improving the Precision of INCA by
Eliminating Solutions with Spurious Cycles
Stephen F. Siegel and George S. Avrunin, Member, IEEE Computer Society
AbstractThe Inequality Necessary Condition Analyzer (INCA) is a finitestate verification tool that has been able to check properties
of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that
must have integer solutions if the property can be violated. There may, however, be integer solutions to the inequalities that do not
correspond to an execution violating the property. INCA thus accepts the possibility of an inconclusive result in exchange for greater
tractability. We describe here a method for eliminating one of the two main sources of these inconclusive results.
Index TermsINCA, finitestate verification, cycles, integer programming.
æ
1 INTRODUCTION
FINITESTATE verification tools deduce properties of finite
state models of computer systems. They can be used to
check such properties as freedom from deadlock, mutually
exclusive use of a resource, and eventual response to a
request. If the model represents all the executions of a
system (perhaps by making use of some abstraction), a
finitestate verification tool can take into account all the
executions of the system. Moreover, finitestate verification
tools can be applied at any stage of system development at
