In this section, we discuss the main functionalities of the COMPASS 3.0 toolset.
Correctness Checking. COMPASS supports checking for correctness of the model by providing properties. The toolset indicates for each property whether it holds or not, and gives a counter example in the latter case. Verification relies on edge technologies based on BDD- and SAT-based model checking, including K-liveness verification . In order to assist the user in the specification of timed models, COMPASS 3.0 offers functionality to check the timed correctness of the model w.r.t. Zenoness and clock divergence. The former is caused by cycles in the system’s state space that do not require progressing of time. The latter is caused by clocks that can attain an arbitrarily large value. The toolset can automatically check Zenoness for all modes in the system, and divergence for all clocks.
Contract-Based Analysis. COMPASS 3.0 offers the possibility to perform contract-based analysis . Contracts must be specified in the model and attached to components. Each contract consists of an assumption (a property of the environment of the component) and a guarantee (a property of the implementation of the component, which must hold as long as the assumption holds). In order to perform compositional analysis, a contract refinement must be further specified, which links a contract to a set of contracts of the subcomponents. COMPASS 3.0 supports the following analyses. Validation is performed on assumptions and guarantees. The user can choose a subset of these properties and check consistency or entailment. Refinement checking verifies whether the contract refinements are correct. Namely, that whenever the implementations of the subcomponents satisfy their contracts and the environment satisfies its assumption, then the guarantee of the supercomponent and the assumptions of its subcomponents are satisfied. Finally, tightening looks for a weakening and/or strengthening of the assumptions/guarantees, respectively, such that the refinement still holds.
Fault Trees. COMPASS 3.0 can generate fault trees associated with particular error states in the model. Standard fault trees are flat in nature (being two- or three-leveled), hiding some of the nested dependencies. Contract-based analysis can be used to generate a hierarchical fault tree, which captures the hierarchy of the model. This approach makes use of the specified contracts, and checks which events may cause them to be invalidated. COMPASS 3.0 offers further alternatives to analyze fault trees. Static probabilities can be calculated for the entire tree by specifying the probabilities of basic events. Fault Tree Evaluation calculates the probability of failure for a given time span. Finally, Fault Tree Verification checks a probabilistic property specified for the fault tree.
Performability. COMPASS 3.0 offers two model checking approaches to probabilistic analysis (which, using a probabilistic property, determine the probability of failure within a time period): using numerical analysis or using Monte-Carlo simulation. The former originally only supported Continuous Time Markov Chains (CTMCs) using the MRMC  tool. This has now been extended to Interactive Markov Chains (IMCs) using IMCA , which makes it possible to analyze continuous-time stochastic models which exhibit non-determinism. However, neither approach supports hybrid models containing clocks. For the analysis of these models, statistical model checking techniques [7, 8] are employed, which use Monte-Carlo simulation to determine, within a certain margin of likelihood and error, the probability of quantitative properties.
Timed Failure Propagation Graphs. Timed Failure Propagation Graphs (TFPGs)  support various aspects of diagnosis and prognosis, such as modeling the temporal dependency between the occurrence of events and their dependence on system modes. A TFPG is a labeled directed graph where nodes represent either fault modes or discrepancies, which are off-nominal conditions that are effects of fault modes. COMPASS 3.0 supports three kinds of analyses based on TFPGs: synthesis, where a TFPG is automatically derived from the model, behavioral validation, which checks whether a given TFPG is complete (i.e., a faithful abstraction) w.r.t. the model; and effectiveness validation, which checks whether the TFPG is sufficiently accurate for allowing diagnosability of failures.