Formal methods: State of the art and future directions

ACM Computing Surveys

Volumn 28, Issue 4, 1996, Pages 626-643

  Clarke, Edmund M ^a   Wing, Jeannette M ^a   Alur, Rajeev ^a   Clarke, Edmund ^a   Cleaveland, Rance ^a   Dill, David ^a   Emerson, Allen ^a   Garland, Stephen ^a   German, Steven ^a   Guttag, John ^a   Hall, Anthony ^a   Henzinger, Thomas ^a   Holzmann, Gerard ^a   Jones, Cliff ^a   Kurshan, Robert ^a   Leveson, Nancy ^a   McMillan, Kenneth ^a   Moore, J ^a   Peled, Doron ^a   Pnueli, Amir ^a   Rushby, John ^a   Shankar, Natarajan ^a   Sifakis, Joseph ^a   Sistla, Prasad ^a   Steffen, Bernhard ^a   Wolper, Pierre ^a   Wing, Jeannette ^a   Woodcock, Jim ^a   Zave, Pamela ^a   more..

^a Carnegie Mellon University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 0000289556     PISSN: 03600300     EISSN: None     Source Type: Journal    
DOI: 10.1145/242223.242257     Document Type: Article

References (127)

1. ALUR, R., HENZINGER, T., AND Ho, P.-H. 1996. Automatic symbolic verification of embedded systems. IEEE Trans. Softw. Eng. 22, 3, 181-201.
2. APPENZELLER, D. P. AND KUEHLMANN, A. 1995. Formal verification of a PowerPC microprocessor. In Proceedings of the IEEE International Conference on Computer Design (ICCD'95) (Austin, TX, Oct.), 79-84.
3. ARCHINOFF, G. ET AL. 1990. Verification of the shutdown system software at the Darlington Nuclear Generating System. In International Conference on Control and Instrumentation in Nuclear Installations (Glasgow, Scotland, May).
4. ARNOLD, A., BEGAY, D., AND RADOUX, J.-P. 1996. The embedded software of an electricity meter: An experience in using Formal Methods in an industrial project. Sci. Comput. Program.
5. BARRETT, G. 1989. Formal methods applied to a floating-point number system. IEEE Trans. Softw. Eng. 15, 5 (May), 611-621.
6. BARRETT, G. 1995. Model checking in practice: The t9000 virtual channel processor. IEEE Trans. Softw. Eng. 21, 2 (Feb.), 69-78.
7. BEAR, S. 1991. An overview of HP-SL. In Proceedings of VDM'91: Formal Development Methods, Volume 551 of Lecture Notes in Computer Science. Springer-Verlag.
8. BENGTSSON, J., GRIFFIGEN, W., KRISTOFFERSEN, K., LARSEN, K., LARSSON, F., PETTERSSON, P., AND YI, W. 1996. Verification of an audio protocol with bus collision using UppAal. In Computer-Aided Verification '96, Lecture Notes in Computer Science 1102, R. Alur and T. Henzinger, Eds., Springer-Verlag, 244-256.
9. BJØRNER, N. ET AL. 1996. STeP: Deductive-algorithmic verification of reactive and real-time systems. In Proceedings of the Eighth International Conference on Computer-Aided Verification, Number 1102 in Lecture Notes in Computer Science (July), Springer-Verlag, 415-418.
10. BOSSCHER, D., POLAK, I., AND VAANDRAGER, F. 1994. Verification of an audio-control protocol. In FTRTFT 94: Formal Techniques in Real-Time and Fault-Tolerant Systems, Lecture Notes in Computer Science 863, H. Langmaack, W.-P. de Roever, and J. Vytopil Eds., Springer-Verlag, 170-192.
11. BOSWELL, A. 1995. Specification and validation of a security policy model. IEEE Trans. Softw. Eng. 21, 2 (Feb.), 63-68.
12. BOYER, R. AND YU, Y. 1996. Automated proofs of object code for a widely used microprocessor. J. ACM 43, 1 (Jan.), 166-192.
13. BOYER, R. S. AND MOORE, J. S. 1979. A Computational Logic. Academic Press, New York.
14. BOYER, R. S. AND MOORE, J. S. 1988. A Computational Logic Handbook. Academic Press, New York.
15. BRAYTON, R. ET AL. 1996. VIS: A system for verification and synthesis. In Proceedings of the Eighth International Conference on Computer-Aided Verification, Number 1102 in Lecture Notes in Computer Science, Springer-Verlag, 423-427.
16. BROCK, B., KAUFMANN, M., AND MOORE, J. S. 1996. Heavy inference: Theorems about commercial microprocessors. In Formal Methods in Computer-Aided Design (FMCAD'96) (Nov.), M. Srivas and A. Camilleri Eds., Springer-Verlag.
17. BROWNE, M. C., CLARKE, E. M., DILL, D. L., AND MISHRA, B. 1986. Automatic verification of sequential circuits using temporal logic. IEEE Trans. Comput. C-35, 12, 1035-1044.
18. BRYANT, R. E. 1986. Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35, 8.
19. BURCH, J. R., CLARKE, E. M., LONG, D. E., MCMILLAN, K. L., AND DILL, D. L. 1994. Symbolic model checking for sequential circuit verification. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 13, 4 (April), 401-424.
20. CALERO, J., ROMAN, C., AND PALMA, G. D. 1997. A practical design case using formal verification. In Proceedings of Design-SuperCon'97. To appear.
21. CARNOT, M., DASILVA, C., DEHBONEI, B., AND MEIJA, F. 1992. Error-free software development for critical systems using the B-methodology. In Third International IEEE Symposium on Software Reliability Engineering.
22. CHANDY, K. AND MISRA, J. 1988. Parallel Program Design. Addison-Wesley, Reading, MA.
23. CHAVES, J. 1992. Formal methods at AT&T: An industrial usage report. In Proceedings Formal Description Techniques IV - 1991, North-Holland, Amsterdam, 83-90.
24. CHEHAIBAR, G., GARAVEL, H., MOUNIER, L., TAWBI, N., AND ZULIAN, F. 1996. Specification and verification of the powerscale bus arbitration protocol: An industrial experiment with LOTOS. In Proceedings of FORTE/PSTV'96 (Kaiserslautern, Germany). Chapman & Hall, London.
25. CHISOLM, G., KLJAICH, J., SMITH, B., AND WOJCIK, A. 1987. An approach to the verification of a fault-tolerant, computer-based reactor safety system: A case study using automated reasoning (Vol. 1, interim report). Tech. Rep. NP-4924 (Jan.), Electric Power Research Institute, Palo Alto, CA. Prepared by Argonne National Laboratory.
26. CLARKE, E., GERMAN, S., AND ZHAO, X. 1996. Verifying the SRT division algorithm using theorem proving techniques. In Proceedings of the Eighth International Conference on Computer-Aided Verification, Number 1102 in Lecture Notes in Computer Science, Springer-Verlag, 111-122.
27. CLARKE, E. AND KURSHAN, R. 1996. Computer-aided verification. IEEE Spectrum 33, 6, 61-67.
28. CLARKE, E. AND ZHAO, X. 1993. Analytica: A theorem prover for Mathematica. Mathematica J., 56-71.
29. CLARKE, E. M. AND EMERSON, E. A. 1981. Syn-thesis of synchronization skeletons for branching time temporal logic. In Logic of Programs: Workshop, (Yorktown Heights, NY), Vol. 131 of Lecture Notes in Computer Science, Springer-Verlag.
30. CLARKE, E. M., EMERSON, E. A., AND SISTLA, A. P. 1986. Automatic verification of finitestate concurrent systems using temporal logic specifications. ACM Trans. Program Lang. Syst. 8, 2, 244-263.
31. CLARKE, E. M., GRUMBERG, O., HIRAISHI, H., JHA, S., LONG, D. E., MCMILLAN, K. L., AND NESS, L. A. 1993. Verification of the Futurebus+ cache coherence protocol. In Proceedings CHDL.
32. CLARKE, E. M., GRUMBERG, O., AND LONG, D. E. 1992. Model checking and abstraction. In Proceedings of Principles of Programming Languages.
33. CLEAVELAND, R., MADELAINE, E., AND SIMS, S. 1995. Generating front ends for verification tools. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS '95), Vol. 1019 of Lecture Notes in Computer Science, E. Brinksma, R. Cleaveland, K. Larsen, and B. Steffen Eds., Springer-Verlag, 153-173.
34. CLEAVELAND, R., PARROW, J., AND STEFFEN, B. 1993. The Concurrency Workbench: A semantics-based tool for the verification of concurrent systems. ACM Trans. Program Lang. Syst. 15, 1 (Jan.), 36-72.
35. CONSTABLE, R. ET AL. 1986. Implementing Mathematics with the NuPRL Proof Development Environment. Prentice-Hall, Englewood Cliffs, NJ.
36. CORNES, C., COURANT, J., FILLIÂTRE, J.-C., HUET, G., MANOURY, P., PAULIN-MOHRING, C., MUNOZ, C., MURTHY, C., PARENT, C., SAÏBI, A., AND WERNER, B. 1995. The coq proof assistant reference manual version 5.10. Tech. Rep. 177 (July), INRIA. http://pauillac.inria.fr/coq/systeme_coq-eng.html.
37. CRAIGEN, D., GERHART, S., AND RALSTON, T. 1993a. An international survey of industrial applications of formal methods. Tech. Rep. NIST GCR 93/626 (Vols. 1 and 2) (March), U.S. National Institute of Standards and Technology. Also published by the U.S. Naval Research Laboratory (Formal Rep. 5546-93-9582, Sept.), and the Atomic Energy Control Board of Canada.
38. CRAIGEN, D., GERHART, S., AND RALSTON, T. 1993b. Observations on industrial practice using formal methods. In Proceedings of the Fifteenth International Conference on Software Engineering (May).
39. CRAIGEN, D., GERHART, S., AND RALSTON, T. 1994. Formal methods in critical systems. IEEE Softw. 11, 1 (Jan.).
40. CRAIGEN, D., GERHART, S., AND RALSTON, T. 1995. Formal methods reality check: Industrial usage. IEEE Trans. Softw. Eng. 21, 2 (Feb.), 90-98.
41. CRAIGEN, D., KROMODIMOELJO, S., MEISELS, I., NEILSON, A., PASE, B., AND SAALTINK, M. 1988. m-EVES: A tool for verifying software. In Proceedings of the Tenth International Conference on Software Engineering (Singapore, April), 324-333.
42. CROXFORD, M. AND BUTTON, J. 1995. Breaking through the V and V bottleneck. In Proceedings of Ada in Europe 1995. Springer-Verlag.
43. DAMM, W. AND DELGADO-KLOOS, C. 1996. Practical Formal Methods for Hardware Design. Lecture Notes in Computer Science. Springer-Verlag.
44. DAMM, W., JOSKO, B., AND SCHLÖR, R. 1995. Specification and Validation Methods for Programming Languages and Systems, Chap. Specification and verification of VHDL-based system-level hardware designs, Oxford University Press, New York, 331-410.
45. DAWS, C. AND YOVINE, S. 1995. Two examples of verification of multirate timed automata with KRONOS. In Proceedings of 1995 IEEE Real-Time Systems Symposium, RTSS'95 (Pisa, Italy, Dec.). IEEE Computer Society Press, Los Alamitos, CA.
46. DÉHARBE, D. AND BORRIONE, D. 1995. Semantics of a verification-oriented subset of VHDL. In CHARME'95, Correct Hardware Design and Verification Methods, P. Camurati and H. Eveking, Eds., Vol. 987 of Lecture Notes in Computer Science Springer-Verlag, 293-310.
47. DELISLE, N. AND GARLAN, D. 1990. A formal specification of an oscilloscope. IEEE Softw. 7, 5 (Sept.), 29-36.
48. DEPALMA, G. AND GLASER, A. 1996. Formal verification augments simulation. Electr. Eng. Times, 56.
49. DILL, D. L., DREXLER, A. J., HU, A. J., AND YANG, C. H. 1992. Protocol verification as a hardware design aid. In IEEE International Conference on Computer Design: VLSI in Computers and Processors, 522-525.
50. DINOLT, G. ET AL. 1984. Multinet gateway-towards A1 certification. In IEEE Symposium on Security and Privacy (1984).
51. ELSEAIDY, W., CLEAVELAND, R., AND BAUGH, J. 1996. Modeling and verifying active structural control systems. Sci. Comput. Program. (to appear). A preliminary version of this paper appears in the Proceedings of the 1994 Real-Time Systems Symposium.
52. ELSEAIDY, W., CLEAVELAND, R., AND BAUGH, J. 1996. Modeling and verifying active structural control systems. Sci. Comput. Program. (to appear). A preliminary version of this paper appears in the Proceedings of the 1994 Real-Time Systems Symposium.
53. FERNANDEZ, J.-C., GARAVEL, H., KERBRAT, A., MATEESCU, R., MOUNIER, L., AND SIGHIREANU, M. 1996. CADP (CÆSAR/ALDEBARAN development package): A protocol validation and international verification toolbox. In Proceedings of the 8th Conference on Computer-Aided Verification, Number 1102 in Lecture Notes in Computer Science. R. Alur and T. A. Henzinger, Eds., Springer-Verlag.
54. FILKORN, T., SCHNEIDER, H., SCHOLZ, A., STRASSER, A., AND WARKENTIN, P. 1994. SVE User's Guide. Tech. Rep. ZFE BT SE 1-SVE-1, Siemens AG, Corporate Research and Development, Munich.
55. GARLAN, D., ABOWD, G., JACKSON, D., TOMAYKO, J., AND WING, J. 1995. The CMU Master of Software Engineering Core Curriculum. In Proceedings of the Eighth SEI Conference on Software Engineering Education (CSEE) Vol. 895 of Lecture Notes in Computer Science, Springer-Verlag, 65-86.
56. GARLAND, S. J. AND GUTTAG, J. V. 1988. Inductive methods for reasoning about abstract data types. In Proceedings of the Fifteenth Symposium on Principles of Programming Languages, 219-228.
57. GERTH, R., PELED, D., VARDI, M. Y., AND WOLPER, P. 1995. Simple on-the-fly automatic verification of linear temporal logic. In Proceedings IFIP/WG6.1 Symposium on Protocol Specification, Testing, and Verification (Warsaw, Poland, June).
58. GORDON, M. 1987. HOL: A proof generating system for higher-order logic. In VLSI Specification, Verification and Synthesis. Kluwer.
59. GORDON, M. J., MILNER, A. J., AND WADSWORTH, C. P. 1979. Edinburgh LCF, Vol. 78 of Lecture Notes in Computer Science. Springer-Verlag.
60. GUIHO, G. AND HENNEBERT, C. 1990. SACEM software validation. In Twelfth International Conference on Software Engineering.
61. GUTTAG, J. AND HORNING, J. 1993. Larch: Languages and Tools for Formal Specification. Springer-Verlag. Written with S. J. Garland, K. D. Jones, A. Modet, and J. M. Wing.
62. HALL, A. 1996. Using formal methods to develop an ATC information system. IEEE Softw. 12, 6 (March), 66-76.
63. HAREL, D. 1987. Statecharts: A visual formalism for complex systems. Sci. Comput. Program. 8, 231-274. Preliminary version: Tech. Rep. CS84-05, The Weizmann Institute of Science, Rehovot, Israel, Feb. 1984.
64. HAREL, D. 1992. Biting the silver bullet: Toward a brighter future for system development. IEEE Comput. 25, 1 (Jan.), 8-20.
65. HAR'EL, Z. AND KURSHAN, R. P. 1990. Software for analytical development of communications protocols. AT&T Bell Lab. Tech. J. 69, 1 (Jan.-Feb.), 45-59.
66. HEIMDAHL, M. AND LEVESON, N. 1996. Completeness and consistency in hierarchical state-based requirements. IEEE Trans. Softw. Eng. SE-22, 6 (June), 363-377.
67. HENINGER, K. 1980. Specifying software requirements for complex systems: New techniques and their application. IEEE Trans. Softw. Eng. 6, 1 (Jan.), 2-13.
68. HENZINGER, T. A., NICOLLIN, X., SIFAKIS, J., AND YOVINE, S. 1994. Symbolic model checking for real-time systems. Inf. Comput. 111, 111-244.
69. HO, P.-H. AND WONG-TOI, H. 1995. Automated analysis of an audio control protocol. In Computer-Aided Verification '95, Lecture Notes in Computer Science 939, P. Wolper Ed., Springer-Verlag, 381-394.
70. HOARE, C. A. R. 1985. Communicating Sequential Processes. Prentice-Hall International, Englewood Cliffs, NJ.
71. HOJATI, R., BRAYTON, R., AND KURSHAN, R. 1993. BDD-based debugging of designs using language containment and fair CTL. In Proceedings of the Fifth International Conference on Computer-Aided Verification, Number 697 in Lecture Notes in Computer Science, C. Courcoubetis Ed., Springer-Verlag, 41-57.
72. HOLZMANN, G. 1991. Design and Validation of Computer Protocols. Prentice-Hall, Englewood Cliffs, New Jersey.
73. HOLZMANN, G. 1992. Practical methods for the formal validation of SDL specifications. Comput. Commun. Special issue on Practical Uses of FDT's.
74. HOLZMANN, G. 1994. The theory and practice of a formal method: NewCoRe. In Proceedings of IFIP World Computer Congress (Hamburg, Germany, Aug.).
75. HOLZMANN, G. AND PATTI, J. 1989. Validating SDL specifications: An experiment. In Proceedings of the Ninth International Conference on Protocol Specification, Testing, and Verification, INWG/IFIP (Twente, Netherlands, June) C. Vissers and E. Brinksma, Eds.
76. HOLZMANN, G. AND PELED, D. 1994. An improvement in formal verification. In Proceedings of FORTE94 (Berne, Switzerland, Oct.).
77. HOUSTON, I. AND KING, S. 1991. CICS project report: Experiences and results from using Z. In Proceedings of VDM'91: Formal Development Methods, Volume 551 of Lecture Notes in Computer Science, Springer-Verlag.
78. ISO. 1987. Information Systems Processing-Open Systems Interconnection - LOTOS. Tech. Rep. International Standards Organization DIS 8807.
79. JACKY, J. 1995. Specifying a safety-critical control system in Z. IEEE Trans. Softw. Eng. 21, 2 (Feb.), 99-106.
80. JAGADEESAN, L., PUCHOL, C., AND OLNHAUSEN, J. V. 1996. A formal approach to reactive systems software: A telecommunications application in Esterel. Formal Aspects Comput. 8, 2 (March), 123-151.
81. JANICKI, R., PARNAS, D. L., AND ZUCKER, J. 1996. Tabular representations in relational documents. In Relational Methods in Computer Science. C. Brink, Ed., Springer-Verlag (to appear).
82. JONES, C. B. 1986. Systematic Software Development Using VDM. Prentice-Hall International, New York.
83. KALTENBACH, M. 1994. Model checking for UNITY. Tech. Rep. TR94-31 (Dec.), The University of Texas at Austin.
84. KAPUR, D. AND MUSSER, D. 1987. Proof by consistency. Artif. Intell. 31, 125-157.
85. KAUFMANN, M. AND MOORE, J. S. 1995. ACL2: A Computational Logic for Applicative Common Lisp, The User's Manual (Version 1.8). ftp:// ftp.cli.com/pub/acl2/v1-8/acl2-sources/doc/ HTML/acl2-doc.html.
86. KINDRED, D. AND WING, J. 1996. Fast, automatic checking of security protocols. In Proceedings of the USENIX Workshop on Electronic Commerce Protocols (1996).
87. KING, T. 1994. Formalising British Rail's signalling rules. In FME'94: Industrial Benefit of Formal Methods, Volume 873 of Lecture Notes in Computer Science (1994), Springer-Verlag, 45-54.
88. KLJAICH, J., SMITH, B., AND WOJCIK, A. 1989. Formal verification of fault tolerance using theorem-proving techniques. IEEE Trans. Comput. 38, 366-376.
89. KUEHLMANN, A., SRINIVASAN, A., AND LAPOTIN, D. P. 1995. Verity - a formal verification program for custom CMOS circuits. IBM J. Res. Dev. 39, 1/2, 149-165.
90. KUHN, D. AND DRAY, J. 1990. Formal specification and verification of control software for cryptographic equipment. In Sixth Computer Security Applications Conference (1990).
91. KURSHAN, R. AND LAMPORT, L. 1993. Verification of a multiplier: 64 Bits and beyond. In Computer Aided Verification, Volume 697 of Lecture Notes in Computer Science, C. Courcoubetis, Ed., Springer-Verlag, 166-179.
92. KURSHAN, R. P. 1994a. Computer-Aided Verification of Coordinating Processes. Princeton University Press, Princeton, NJ.
93. KURSHAN, R. P. 1994b. The complexity of verification. In Proceedings 26th ACM Symposium on Theory of Computing (STOC) (Montreal), 365-371.
94. LAMPORT, L. 1984. The temporal logic of actions. ACM Trans. Program. Lang. Syst., 872-923.
95. LESCANNE, P. 1983. Computer experiments with the REVE term rewriting system generator. In Proceedings of the Tenth Symposium on Principles of Programming Languages (Austin, Texas, Jan.), 99-108.
96. LONG, D. L. 1993. Model checking, abstraction, and compositional reasoning. Ph.D. Thesis, Carnegie Mellon Univ., Computer Science Dept.
97. LOWE, G. 1996. Breaking and fixing the Needham-Schroder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, Vol. 1055 of Lecture Notes in Computer Science. Springer-Verlag.
98. LUO, Z. AND POLLACK, R. 1992. LEGO proof development system: User's manual. Tech. Rep. ECS-LFCS-92-211 (May), Computer Science Dept., Univ. of Edinburgh.
99. LYNCH, N. AND TUTTLE, M. 1987. Hierarchical correctness proofs for distributed algorithms. Tech. Rep. (April), MIT Laboratory for Computer Science, Cambridge, MA.
100. MANNA, Z. AND PNUELI, A. 1991. The Temporal Logic of Reactive and Concurrent Systems, Springer-Verlag, New York.
101. MATAGA, P. AND ZAVE, P. 1995. Multiparadigm specification of an AT&T switching system. In Applications of Formal Methods, M. G. Hinchey and J. P. Bowen, Eds., Prentice-Hall International, Englewood Cliffs, NJ, 375-398.
102. MCMILLAN, K. L. 1993. Symbolic Model Checking: An Approach to the State Explosion Problem. Kluwer.
103. MILLER, S. P. AND SRIVAS, M. 1995. Formal verification of the AAMP5 microprocessor: A case study in the industrial use of formal methods. In WIFT'95: Workshop on Industrial-Strength Formal Specification Techniques (Boca Raton, FL), IEEE Computer Society, Washington, DC, 2-16.
104. MILNER, A. 1980. A Calculus of Communicating Systems, Vol. 92 of Lecture Notes in Computer Science. Springer-Verlag.
105. MOORE, J. S., LYNCH, T., AND KAUFMANN, M. 1996. A mechanically checked proof of the correctness of the AMD5K86 floating point division algorithm. http://devil.ece.utexas.edu:80/lynch/ divide/divide.html.
106. NIELSEN, M., HAVELUND, K., WAGNER, K., AND GEORGE, C. 1989. The RAISE language, method and tools. Formal Aspects Comput. 1, 85-114.
107. OWRE, S., RUSHBY, J., AND SHANKAR, N. 1992. PVS: A prototype verification system. In Eleventh International Conference on Automated Deduction (CADE), Vol. 607 of Lecture Notes in Artificial Intelligence, D. Kapur Ed., Springer-Verlag, 748-752.
108. OXFORD UNIVERSITY. 1996. http://www.comlab. ox.ac.uk/igdp/. Master's of Science in Software Engineering.
109. PELED, D. 1996. Combining partial order reductions with on-the-fly model-checking. J. Formal Meth. Syst. Des. 8 (1), 39-64. Also appeared in the Proceedings of the Sixth International Conference on Computer Aided Verification 1994 (Stanford, CA), Lecture Notes in Computer Science 818, Springer-Verlag, 377-390.
110. PELED, D. 1996. Combining partial order reductions with on-the-fly model-checking. J. Formal Meth. Syst. Des. 8 (1), 39-64. Also appeared in the Proceedings of the Sixth International Conference on Computer Aided Verification 1994 (Stanford, CA), Lecture Notes in Computer Science 818, Springer-Verlag, 377-390.
111. PNUELI A. 1981. A temporal logic of concurrent programs. Theor. Comput. Sci. 13, 45-60.
112. QUEILLE, J. AND SIFAKIS, J. 1982. Specification and verification of concurrent systems in CÆSAR. In Proceedings of Fifth ISP.
113. RAJAN, S., SHANKAR, N., AND SRIVAS, M. 1995. An integration of model-checking with automated proof checking. In Computer-Aided Verification, '95, Volume 939 of Lecture Notes in Computer Science P. Wolper, Ed., Springer-Verlag, 84-97.
114. RICHARDSON, D., O'MALLEY, T., AND MOORE, C. T. 1989. Approaches to specification-based testing. In ACM SIGSOFT 89: Third Symposium on Software Testing, Analysis, and Verification (Dec.).
115. ROSCOE, A. 1994. Model-checking CSP. In A Classical Mind: Essays in Honour of C.A.R. Hoare, A. Roscoe, Ed., Prentice-Hall, Englewood Cliffs, NJ.
116. ROY, V. AND DE SIMONE, R. 1990. Auto/Autograph. In Computer-Aided Verification '90, Vol. 3 of DIMACS Series on Discrete Mathematics and Theoretical Computer Science (Piscataway, NJ, June), E. Clarke and R. Kurshan, Eds., American Mathematical Society, Providence, RI, 235-250.
117. RUESS, H., SHANKAR, N., AND SRIVAS, M. 1996. Modular verification of SRT division. In Proceedings of the Eighth International Conference on Computer-Aided Verification, No. 1102 in Lecture Notes in Computer Science (July), Springer-Verlag, 123-134.
118. RUSSINOFF, D. 1996. A mechanically checked proof of the correctness of the AMD K5 floating-point square root algorithm (submitted).
119. SPC. 1993. Consortium requirements engineering guidebook. Tech. Rep. SPC-92060-CMC version 01.00.09, Software Productivity Consortium, Herndon, VA.
120. SPIVEY, J. M. 1988. Introducing Z: a Specification Language and its Formal Semantics. Cambridge University Press, New York.
121. STEFFEN, B., MARGARIA, T., CLASSEN, A., AND BRAUN, V. 1996. The Meta '95 environment. In Proceedings of Computer-Aided Verification '96, Lecture Notes Computer Science, Springer-Verlag.
122. STEFFEN, B., MARGARIA, T., CLASSEN, A., BRAUN, V., AND REITENSPIESS, M. 1996. An environment for the creation of intelligent network services. In Intelligent Networks: IN/AIN Technologies, Operations, Services, and Applications - A Comprehensive Report (Chicago), I. E. Consortium Ed., 287-300. Invited contribution. Also invited to the Annual Review of Communications, IEC, 919-935.
123. STEFFEN, B., MARGARIA, T., CLASSEN, A., BRAUN, V., AND REITENSPIESS, M. 1996. An environment for the creation of intelligent network services. In Intelligent Networks: IN/AIN Technologies, Operations, Services, and Applications - A Comprehensive Report (Chicago), I. E. Consortium Ed., 287-300. Invited contribution. Also invited to the Annual Review of Communications, IEC, 919-935.
124. VARDI, M. Y. AND WOLPER, P. 1986. An automata-theoretic approach to automatic program verification. In Proceedings of Logic in Computer Science.
125. WING, J. 1985. Specification firms: A vision for the future. In Proceedings of the Third International Workshop on Software Specification and Design (London, Aug.), 241-243.
126. ZAVE, P. 1995. Secrets of call forwarding: A specification case study. In Proceedings of the Eighth International IFIP Conference on Formal Description Techniques for Distributed Systems and Communications Protocols (FORTE '95) Chapman & Hall, London, 153-168.
127. ZAVE, P. AND JACKSON, M. 1996. Where do operations come from? A multiparadigm specification technique. IEEE Trans. Softw. Eng. 22, 7 (July), 508-528.