State-rich model checking

Innovations in Systems and Software Engineering

Volumn 2, Issue 1, 2006, Pages 49-64

  Freitas, Leo ^a   Woodcock, Jim ^a   Cavalcanti, Ana ^a  

^a UNIVERSITY OF YORK   (United Kingdom)

Author keywords

Abstract interpretation; Formal method tools; Model checking; Theorem proving

Indexed keywords

COMPUTATIONAL COMPLEXITY; COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER SIMULATION; INTEGRATION; THEOREM PROVING;

ABSTRACT INTERPRETATION; FORMAL METHOD TOOLS; MODEL CHECKING;

SYSTEMS ANALYSIS;

EID: 33746859332     PISSN: 16145046     EISSN: 16145054     Source Type: Journal    
DOI: 10.1007/s11334-006-0021-9     Document Type: Article

References (110)

1. Abdallah AE, Jones CB, Sanders JW (eds) (2004) Communicating sequential process: The first 25 years, no. 3525, in Lecture Notes in Computer Science, symposion on the occasion of 25 years of CSP, Springer, London UK, July 2004
2. Abrial J-R (1996) The B book - assigning programs to meanings. Cambridge University Press, Cambridge
3. Alur R, Henzinger T, Mang F, Qadeer S, Rajamani S, Tasinan S (2002) Mocha: Modularity in model checking. Computer Aided Verification, pp. 521-525, 1998.
4. Amey P (2005) Correctness by construction: Better can also be cheaper. Crosstalk J Def Softw Eng Dec: 5-8
5. Atiya D, King S, Woodcock JCP (2003) Ravenscar protected objects: A Circus semantics. Technical Report 356, Department of Computer Science, University of York, York
6. Austin PD, Welch PH (2000) Java communicating sequential process - JCSP. http://www.cs.ukc.ac.uk/projects/ofa/jcsp/
7. Back R-J, von Wright J (1998) Refinement calculus: A systematic introduction. Graduate text in computer science. Springer, Berlin Heidelberg New York
8. Ball T, Cook B, Das S, Rajamani SK (2004) Refining approximations in software predicate abstraction. In: Proceedings of 10th international conference on tools and algorithms for the construction and analysis of systems - TACAS'04, pp. 388-403
9. Barnes J (2003) High integrity software: The spark approach to safety and security, 2nd edn. Addison-Wesley, Reading
10. Bensalem S, Ganesh V, Lakhnech Y, Munoz C, Owre S, Rueß H, Rushby J, Rusu V, Sädi H, Shankar N, Singerman E, Tiwari A (2000) An overview of SAL. In: Holloway CM (ed.) LFM 2000: 5th NASA Langley formal methods workshop. NASA Langley Research Center, Hampton, VA, pp. 187-196
11. Biere A, Cimatti A, Clarke EM, Fujita M, Zhu Y (1999) Symbolic model checking using SAT procedures instead of BDDs. In: DAC '99: Proceedings of the 36th ACM/IEEE conference on design automation, ACM, New York, pp. 317-320
12. Bryant RE (1986) Graph-based algorithms for boolean function manipulation. IEEE Trans Comput 35(8):677-691
13. Burch I (1994) Symbolic Model Checking for Sequential Circuit Verification. IEEE Trans Comput Aided Des Integr Circ Syst 13:401-424
14. Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Rustan K, Leino M, Poll E (2003) An overview of JML tools and applications. In: Eighth international workshop on formal methods for industrial critical systems (FMICS), Electronic Notes in Theoretical Computer Science. University of Nijmegen, Elsevier, pp. 73-89
15. Butler M, Leuschel M (2005) Combining CSP and B for specification and property verification. In: Fitzgerald J, Hayes IJ, Tarlecki A (eds.) FM 2005: Formal methods, no. 3582, Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York, pp. 221-236
16. Cavada R, Cimatti A, Olivetti E, Pistore M, Roveri M (2005) NuSMV 2.2 user's manual. Carneige Mellon University, Trento, Italy, nusmv.irst.itc.it
17. Chaki S, Clarke EM, Ouaknine J, Sharygina N, Sinha N (2004) State/ event-based software model checking. In: Boiten EA, Derrick J, Smith G (eds.) In: Proceedings of the 4th international conference in integrated formal methods, no. 2999, Lecture Notes in Computer Science, pp. 128-147
18. Clarke EM, Jha S (1993) Symmetry and induction in model checking. Technical report, Carnegie Mellon University, Pittsburgh
19. Clarke EM, Wing JM (1996) Formal methods - state of the art and future directions. ACM Comput Surv 28(4):626-643
20. Clarke EM, Grumberg O, Peled D (2000) Model checking. MIT Press, Cambridge
21. Cleaveland R, Hennessy M (1993) Testing equivalence as a bisimulation equivalence. Formal Aspects Comput J 5(1):1-20
22. Cleaveland R, Iyer P, Yankelevich D (1993) Optimality in abstractions of model checking. Technical report, North Carolina State University, US and University of Buenos Aires, Argentina
23. Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. In: Proceedings of international static analysis symposium - SAS'05, London
24. Cousot P, Cousot R (1992) Abstract interpretation framworks. J Logic Comput 2(4):511-547
25. Deharbe D, Shankar S, Clarke EM Jr (1998) Model checking VHDL with CV. In: Formal methods in circuit automation design (FMCAD'98), Lecture Notes in Computer Science, vol. 1522. Springer, Berlin Heidelberg New York, pp. 508-513
26. Detlefs D, Rustan K, Leino M, Nelson G, Saxe JB (1998) Extended static checking. Technical Report 159, COMPAQ Systems Research Center (SRC), http://www.research.digital.com/SRC/
27. Dovier A, Piazza C, Policriti A (2000) A fast bisimulation algorithm. Technical report, University di Verona and University Udine, November 2000, UDM/14/00/RR
28. Elseaidy W (ed.) (1994) Modeling and verifying active structural control systems. Sci Comput Program 29(1-2):99-122
29. Farias AC (2003) Efficient and mechanised analysis of infinite CSP-Z processes. Master's thesis, Universidade Federal de Pernambuco, Pernambuco
30. Fischer C (2000) Combination and implementation of process and data: From CSP-OZ to Java. PhD thesis, University of Oldenburg, Oldenburg
31. Formal Systems (Europe) Ltd. (2000) ProBE user's manual version 1.28
32. Freitas L (2004) Predicate transition system - automata theory. Appendix A.3 in [34] (CD-ROM)
33. Freitas L (2005) Model checking Circus. PhD thesis, Univeristy of York, York
34. Freitas L, Cavalcanti A, Sampaio A (2002) JJACK - a framework for process algebra implementation in Java. In: Proceedings of XVIII Simposio Brasileiro de Engenharia de Software in Gramado, October 2002, pp. 98-113
35. Goldsmith M (2000) FDR2 user's manual version 2.67. Formal Systems (Europe) Ltd, Oxford
36. Goldsmith M (2001) Overview of FDR in [94], chap. 4. Addison-Wesley, Reading, pp. 125-140
37. Hall A, Chapman R (2002) Correctness by construction: Developing a commercial secure system. IEEE Softw J 19(1):18-25
38. Har'el Z, Kurshan RP (1990) Software for analytical development of communications protocols. AT&T Tech J 69(1):45-59
39. Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10):576-583
40. Hoare CAR, Jifeng H (1998) Unifying Theories of Programming. International series in computer science. Prentice-Hall, Englewood Cliffs
41. Holzmann GJ (1997) The Model-Checker SPIN. IEEE Trans Softw Eng 23(5):1-17
42. Hopcroft J, Motwani R, Ullman JD (2001) Introduction to automata theory, languages, and computation, 2nd edn. Addison-Wesley, Reading
43. The ICS Group (2005) ICS Manual (Version 2.0). SRI International, Computer Science Laboratory, SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025, USA
44. Jackson D, Schechter I, Shlyakhter I (2000) Alcoa: The alloy constraint analyzer. In: Proceedings of the 22nd international conference on software engineering, June 2000, pp. 730-733
45. Jones G, Goldsmith M (1998) Programming in occam 2. International series in computer science, 2nd edn. Prentice-Hall, Englewood Cliffs
46. Kang H-J, Park I-C (2003) SAT-based unbounded symbolic model checking. In: Proceedings of the 40th design automation conference (DAC'03), IEEE, pp. 840-843
47. Kokkarinen I (1998) A veridication-oriented theory of data in labelled transition systems. PhD thesis, Tampere University, Finland
48. Kozen D (1998) Results on the propositional μ-calculus. Theor Comput Sci 27:333-354
49. Lahriri SK, Ball T, Cook B (2005) Predicate abstraction via symbolic decision procedures. Technical Report MSR-TR-2005-53, Microsoft Research
50. Lazić RS (1999) A semantic study of data independence with applications to model checking. PhD thesis, Programming Research Group, Oxford University, Oxford
51. Lemma-One (2003) ProofPower Tutorial
52. Leuschel MA, Massart T, Currie A (2001) How to make FDR spin: LTL model checking of CSP by refinement. In: Oliveira JN, Zave P (eds.) Formal methods Europe 2001, vol. 2021. Springer, Berlin Heidelberg New York, pp. 99-118
53. Leuschel LA, Butler M, Lo Presti S (2005) ProB User Manual version 1.1.4. Declarative systems and software engineering, University of Southampton, and Softwaretechnik und Programmiersprachen, University of Düusseldorf, Germany
54. Lowe G (1996) A hierarchy of authentication specifications. Technical report, University of Leicester, Leicester
55. Lowe G (1997) CASPER user manual. Oxford University, Oxford
56. Lowe G (2002) Simplifying transformations - the CyberCash security protocol in [94], chap. 8. Addison Wesley, Reading, pp. 201-220
57. Lowe G, Roscoe B (1997) Using CSP to detect errors in the TMN protocol. Technical report, Oxford University, Oxford
58. Malik P, Utting M (2005) CZT: A framework for Z tools. In: Treharne H, King S, Henson M, Schneider S (eds.) ZB 2005: Formal specification and development in Z and B: 4th international conference of B and Z users, Guildford, UK, Springer, Berlin Heidelberg New York, pp. 13-15
59. Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems - specification, vol. 1. Springer, Berlin Heidelberg New York
60. Manna Z, Pnueli A (1995) The temporal logic of reactive and concurrent systems - safety, vol. 2. Springer, Berlin Heidelberg New York
61. Martin JMR (1996) The design and construction of deadlock-free concurrent systems. PhD thesis, University of Buckingham, Buckingham
62. Martin JMR, Huddart Y (2000) Parallel algorithms for deadlock and livelock analysis of concurrent systems. Communicating Process Architectures IOS Press.
63. McMillan KL (1993) Symbolic model checking. Kluwer, Dordrecht
64. Microsoft Research (2004) SLAM: A static driver verifier. research.microsoft.com/slam/
65. Milner R (1990) Communication and concurrency. International series in Computer lence. Prentice-Hall, Englewood Cliffs
66. Misra J, Chandy KM (1990) Proofs of networks of processes. IEEE Trans Softw Eng SE 7(4):417-426
67. Morgan C (1994) Programming from specifications. Prentice-Hall, Englewood Cliffs
68. Mota A (1997) Formalization and analysis of the SACI-1 micro satellite in CSP-Z. Master's thesis, Universidade Federal de Pernambuco, Pernambuco (in Portuguese)
69. Mota A (2001) Model cecking CSP-Z: Techniques to overcome state explosion. PhD thesis, Universidade Federal de Pernambuco, Pernambuco
70. Mota A, Sampaio A (2001) Model checking CSP-Z. Science of computer programming, vol. 4. Elsevier, Amsterdam
71. de Moura L, Rueß H, Sorea M (2002) Lazy theorem proving for bounded model checking over infinite domains. In: Proceedings of the 18th conference on automated deduction (CADE), Lecture Notes in Computer Science, Copenhagen, Denmark, 27-30 July, Springer, Berlin Heidelberg New York
72. de Moura L, Rueß H, Sorea M (2003) Bounded model checking and induction: From refutation to verification. In: Voronkov A (ed.) Computer-aided verification, CAV 2003, Lecture Notes in Computer Science, vol. 2725. Springer, Berlin Heidelberg New York pp. 14-26
73. de Moura L, Owre S, Rueß H, Rushby J, Shankar N, Sorea M, Tiwari A (2004) SAL 2. In: Proceedings of the 16th international conference on computer aided verification (CAV), Lecture Notes in Computer Science, Boston, July 2004, Springer, Berlin Heidelberg New York
74. Oliveira M (2006) Formal derivation of state-rich reactive programs using Circus. PhD thesis, University of York, York
75. Oliveira M, Cavalcanti A, Woodcock J (2005) Unifying theories in ProofPowerZ Draft, Univeristy of York, York
76. Paige R, Tarjan R (1987) Three partition refinement algorithms. SIAM J Comput 16(6):973-989
77. Paranhos D, Cirne W, Brasileiro F (2003) Trading cycles for information: Using replication to schedule bag-of-tasks applications on computational grids. In: Proceedings of the Euro-Par 2003: International conference on parallel and distributed computing, August 2003, pp. 169-180
78. Parashkevov AN, Yantchev J (1996) ARC - A tool for efficient refinement and equivalence checking for CSP. In: IEEE 2nd international conference on algorithms and architectures for parallel processing ICA3PP, pp. 68-75
79. Parashkevov AN, Yantchev J (1996) ARC - A verification tool for concurrent systems. In: Proceedings of the 3rd Australasian parallel and real-time conference. Brisbane, Australia
80. Peled D (1994) Combining partial order reductions with on-the-fly model checking. In: CAV '94: Proceedings of the 6th international conference on computer aided verification. London, UK, Springer, Berlin Heidelberg New York
81. Pnueli A (1984) In transition for global to modular temporal reasoning about programs. In: Apt KR (ed.) Logics and models of concurrent systems, NATO ASI. Springer, Berlin Heidelberg New York
82. Poll E, van den Berg J, Jacobs B (2000) Specification of the JavaCard API in JML, chap. 3. pp 135-154. Kluwer, Dordrecht. Also Department of Computer Science, University of Nijmegen. CSI report CSI-R0005
83. Pong F, Dubois M (1997) Verification techniques for cache coherence protocols. ACM Comput Surv 29(1) 82-126
84. Rajasekaran S, Lee I (1998) Parallel algorithms for relational coarsest partition problems. In: Proceedings of the IEEE transactions on parallel and distributed systems, vol 9(7). IEEE CS, pp. 687-699 [Query17]
85. Roscoe AW (ed.) (1994) A classical mind: Essays in honour of C. A. R. Hoare. International series in computer science. Prentice-Hall, Englewood Cliffs
86. Roscoe AW (1994) Model checking CSP in [86], chap. 21. Prentice-Hall, Englewood Cliffs, pp. 353-378
87. Roscoe AW (1997) The theory and practice of concurrency. International series in computer science. Prentice-Hall, Englewood Cliffs
88. Roscoe AW, MacCarthy H (1994) Verifying a replicated database: A case study in model checking CSP. Technical report, Oxford University, Oxford
89. Roscoe AW, Gardiner PHB, Goldsmith MH, Hulance JR, Jackson DM, Scattergood JB (1995) Hierarchical compression for model checking CSP or how to check 10 20 dining philosophers for deadlock. First TACAS in Lecture Notes in Computer Science, vol. 1019(1)
90. Rushby J (1995) Model checking and other ways of automating formal methods. Model checking for concurrent programs software, quality week - San Francisco, Position Paper - SRI International
91. Rushby J (1997) Specification, proof checking, and model checking for protocols and distributed systems with PVS. Formal description techniques and protocol specification, testing and verification (FORTE/ PSTV) - Osaka, Japan; SRI international - paper and tutorial slides, pp. 9-12
92. Rushby J (1999) Mechanised formal methods: Where next? In: The World congress on formal methods - Toulouse France, no. 1708, Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York. pp. 48-51, invited paper; SRI international - paper and tutorial slides
93. Rushby J (2000) From refutation to verification. Formal description techniques and protocol specification, testing and verification (FORTE XIII/PSTV XX) - Pisa, Italy, pp. 369-374
94. Ryan P, Schneider S, Roscoe B, Goldsmith M, Lowe G (2001) Modelling and analysis of security protocols. Addison-Wesley, Reading
95. Saaltink M (1992) Z/Eves 2.0 user's guide. ORA Canada TR-99-5493-06a
96. Scattergood JB (1992) A parser for CSP. Technical report, Oxford University, Oxford
97. Schneider S (1997) Verifying authentication protocols with CSP. Technical report, Royal Holloway, University of London, London
98. Schneider S (1998) Security properties and CSP. Technical report, Royal Holloway, University of London, London
99. Shankar N (2002) Mechanised verification methodologies. In: Summer school in specification, verification, and refinement, Turku, Finland
100. Shankar N, Sorea M (2004) Counterexample-driven model checking. CSL technical report SRI-CSL-03-04, SRI International
101. Spivey JM (1998) The Z notation: A reference manual. Prentice-Hall, Englewood Cliffs
102. Valmari A (1990) A stubborn attack on state explosion in [18], chap. 2. No. 531, Lecture Notes in Computer Science. Springer, Berlin Heidelberg New York, pp. 156-165
103. Valmari A (2005) What does theory say about the possibilities of improving efficiency. UK Model Checking Days, University of York, York, http://www.cs.york.ac.uk/~luettgen/ukmcdays
104. Wehrheim H (2000) Data abstraction techniques in the validation of csp-oz specifications. Formal Aspects Comput J 12(3):147-164
105. Williams PF, Biere A, Clarke EM, Gupta A (2000) Combining decision diagrams and SAT procedures for efficient symbolic model checking. In: CAV '00: Proceedings of the 12th international conference on computer aided verification, London, UK, Springer, Berlin Heidelberg New York, pp. 124-138
106. Woodcock J (2003) UK grand challenge in computer science: Dependable systems evolution. http://www.nesc.ac.uk
107. Woodcock J, Davies J (1996) Using Z: Specification, refinement, and proof. International series in computer science. Prentice-Hall, Englewood Cliffs
108. Woodcock JCP, Cavalcanti ALC (2001) The steam boiler in a unified theory of Z and CSP. In: Proceedings of 8th Asia-Pacific software engineering conference (APSEC01), IEEE Computer Society, pp. 291-298
109. Woodcock J, Cavalcanti A (2002) Circus - a concurrent language for refinement. Technical report, University of Kent, Canterbury
110. Z Standard (2000) Formal specification, Z notation, syntax, type and semantics - consensus working draft 2.6. Technical Report JTC1.22.45, BSI panel IST/5/-/19/2 (Z notation) and ISO panel JTC1/SC22/WG19 (Rapporteur Group for Z), http://www.cs.york.ac.uk/~ian/zstan/