Skip to main content
SpringerLink
Log in

Seven at one stroke: LTL model checking for high-level specifications in B, Z, CSP, and more

  • Special Section on ISOLA 2007
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

The size of formal models is steadily increasing and there is a demand from industrial users to be able to use expressive temporal query languages for validating and exploring high-level formal specifications. We present an extension of LTL, which is well adapted for validating B, Z and CSP specifications. We present a generic, flexible LTL model checker, implemented inside the PROB tool, that can be applied to a multitude of formalisms such as B, Z, CSP, B||CSP, as well as Object Petri nets, compensating CSP, and dSL. Our algorithm can deal with deadlock states, partially explored state spaces, past operators, and can be combined with existing symmetry reduction techniques of PROB. We establish correctness of our algorithm in general, as well as combined with symmetry reduction. Finally, we present various applications and empirical results of our tool, showing that it can be applied successfully in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abrial J.-R.: The B-Book. Cambridge University Press, Cambridge (1996)

    MATH  Google Scholar 

  2. Barradas H.R., Bert D.: Specification and proof of liveness properties under fairness assumptions in B event systems. In: Butler, M.J., Petre, L., Sere, K. (eds) IFM, LNCS, vol. 2335, pp. 360–379. Springer, Berlin (2002)

    Google Scholar 

  3. Bellegarde, F., Darlot, C., Julliand, J., Kouchnarenko, O.: Reformulation: A way to combine dynamic properties and b refinement. In: Oliveira, J.N., Zave, P. (eds.) FME. Lecture Notes in Computer Science, vol. 2021, pp. 2–19. Springer, Berlin (2001)

  4. Bert D., Potet M.-L., Stouls N.: Genesyst: a tool to reason about behavioral aspects of B event specifications. application to security properties. In: Treharne, H., King, S., Henson, M.C., Schneider, S.A. (eds) ZB 2005, LNCS, vol. 3455, pp. 299–318. Springer, Berlin (2005)

    Google Scholar 

  5. Bouquet F., Legeard B., Peureux F.: CLPS-B—a constraint solver for B. In: Katoen, J.-P., Stevens, P. (eds) Tools and Algorithms for the Construction and Analysis of Systems. LNCS, vol. 2280, pp. 188–204. Springer, Berlin (2002)

    Chapter  Google Scholar 

  6. Butler, M., Leuschel, M.: Combining CSP and B for specification and property verification. In: Proceedings of Formal Methods 2005, LNCS, vol. 3582, pp. 221–236, Newcastle upon Tyne. Springer, Berlin (2005)

  7. Chaki S., Clarke E., Ouaknine J., Sharygina N., Sinha N.: Concurrent software verification with states, events, and deadlocks. Formal Aspects Comput V17(4), 461–483 (2005)

    Article  Google Scholar 

  8. Chouali S., Julliand J., Masson P.-A., Bellegarde F.: Pltl-partitioned model checking for reactive systems under fairness assumptions. ACM Trans. Embedded Comput. Syst. 4(2), 267–301 (2005)

    Article  Google Scholar 

  9. Clarke E.M., Grumberg O., Peled D.: Model Checking. MIT Press, Cambridge (1999)

    Google Scholar 

  10. Cui, B., Dong , Y., Du, X., Kumar, N., Ramakrishnan, C.R., Ramakrishnan, I.V., Roychoudhury, A., Smolka, S.A., Warren, D.S.: Logic programming and model checking. In: Palamidessi, C., Glaser, H., Meinke, K. (eds.) Proceedings of ALP/PLILP’98. LNCS, vol. 1490, pp 1–20. Springer, Berlin (1998)

  11. Delzanno G., Podelski A.: Constraint-based deductive model checking. STTT 3(3), 250–270 (2001)

    MATH  Google Scholar 

  12. Derrick J., North S., Simons T.: Issues in implementing a model checker for Z. In: Liu, Z., He, J. (eds) ICFEM. LNCS, vol. 4260, pp. 678–696. Springer, Berlin (2006)

    Google Scholar 

  13. Derrick, J., Smith, G.: Linear temporal logic and Z refinement. In: Rattray, C., Maharaj, S., Shankland, C. (eds) AMAST 04. LNCS, vol. 3116, pp. 117 131. Springer (2004)

  14. Dollé D., Essamé D., Falampin J.: B dans le tranport ferroviaire. L’expérience de Siemens Transportation Systems. Technique et Science Informatiques 22(1), 11–32 (2003)

    Article  Google Scholar 

  15. Essamé, D., Dollé, D.: B in large-scale projects: The Canarsie line CBTC experience. In: Proceedings of the 7th International B Conference (B2007). LNCS, vol. 4355, pp. 252–254, Besancon, France. Springer-Verlag, Berlin (2007)

  16. Farwer, B., Leuschel, M.: Model checking object Petri nets in Prolog. In: Proceedings PPDP ’04, pp. 20–31. ACM Press, New York (2004)

  17. Ferreira, C., Butler, M.: A process compensation language. In: Santen, T., Stoddart, B. (eds.) Proceedings Integrated Formal Methods (IFM 2000). LNCS, vol. 1945, pp. 424–435. Springer, Berlin (2000)

  18. Formal Systems (Europe) Ltd. Failures-Divergence Refinement—FDR2 User Manual (version 2.8.2)

  19. Groslambert, J.: A jag extension for verifying LTL properties on B event systems. In: Proceedings B’07, pp. 262–265 (2007)

  20. Groslambert, J.: Verification of LTL on B event systems. In: Proceedings B’07, pp. 109–124 (2007)

  21. Hall, A.: Using formal methods to develop an atc information system. IEEE Software, pp. 66–76, March 1996. Reprinted in Industrial-Strength Formal Methods in Practice, M.G. Hinchey & J.P. Bowen, Springer (1999)

  22. Hallerstede, T.S.: Stefan Und Hoang. Qualitative Probabilistic Modelling in Event-B. In: Ifm’2007, LNCS, vol. 4591, pp. 49–63 (2007)

  23. Hatcliff J., Dwyer M.B.: Using the bandera tool set to model-check properties of concurrent java software. In: Larsen, K.G., Nielsen, M. (eds) CONCUR. LNCS, vol. 2154, pp. 39–58. Springer, Berlin (2001)

    Google Scholar 

  24. Holzmann G.J.: The model checker Spin. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)

    Article  MathSciNet  Google Scholar 

  25. Ifill, W., Schneider, S.A., Treharne, H.: Augmenting B with control annotations. In: Proceedings B’07, pp. 34–48 (2007)

  26. Ip, C.N., Dill, D.L.: Better verification through symmetry. In: Computer Hardware Description Languages and their Applications, pp. 97–111 (1993)

  27. Laroussinie F., Schnoebelen P.: A hierarchy of temporal logics with past. Theor. Comput. Sci. 148(2), 303–324 (1995)

    Article  MATH  MathSciNet  Google Scholar 

  28. Leuschel, M.: The high road to formal validation:. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ. Lecture Notes in Computer Science, vol. 5238, pp. 4–23. Springer, Berlin

  29. Leuschel M., Butler M.: ProB: a model checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds) FME 2003: Formal Methods. LNCS, vol. 2805, pp. 855–874. Springer, Berlin (2003)

    Google Scholar 

  30. Leuschel, M., Butler, M., Spermann, C., Turner, E.: Symmetry reduction for B by permutation flooding. In: Proceedings B2007. LNCS, vol. 4355, pp. 79–93, Besancon, France. Springer, Berlin (2007)

  31. Leuschel, M., Massart T.: Infinite state model checking by abstract interpretation and program specialisation. In: Bossi, A., (ed.) Proceedings LOPSTR’99. LNCS, vol. 1817, pp. 63–82, Venice, Italy (2000)

  32. Leuschel, M., Massart, T.: Efficient approximate verification of B via symmetry markers. In: Proceedings International Symmetry Conference, pp. 71–85, Edinburgh, UK (2007)

  33. Leuschel, M., Massart T., Currie, A.: How to make FDR spin: LTL model checking of CSP by refinement. In: Oliviera, J.N., Zave, P., (eds.) FME’2001. LNCS, vol. 2021, pp. 99–118, Berlin, Germany, March 2001. Springer, Berlin (2001)

  34. Lichtenstein, O., Pnueli, A.: Checking that finite state concurrent programs satisfy their linear specification. In: Proceedings POPL ’85, pp. 97–107. ACM Press, New York (1985)

  35. Nilsson, U., Lübcke, J.: Constraint logic programming for local and symbolic model checking. In: Lloyd, J. (ed.) Proceedings of the International Conference on Computational Logic (CL’2000). LNAI, vol. 1861, pp. 384–398, London, UK. Springer, Berlin (2000)

  36. Parreaux, B.: Vérification de systèmes d’événements B par model-checking PLTL. Thèse de Doctorat, LIFC, Université de Franche-Comté, 08 Décembre (2000)

  37. Plagge, D., Leuschel, M.: Validating Z Specifications using the ProB Animator and Model Checker. In: Davies, J., Gibbons, J. (eds.) Proceedings IFM 2007. LNCS, vol. 4591, pp. 480–500. Springer, Berlin (2007)

  38. Pokorny, R.L., Ramakrishnan, C.R.: Model checking linear temporal logic using tabled logic programming. In: Proceedings Tabling in Parsing and Deduction TAPD 2000, Vigo, Spain, September (2000)

  39. Pouzancre G.: How to diagnose a modern car with a formal B model?. In: Bert, D., Bowen, J.P., King, S., Waldén, M.A. (eds) ZB’2003. LNCS, vol. 2651, pp. 98–100. Springer, Berlin (2003)

    Google Scholar 

  40. Ramakrishna, Y.S., Ramakrishnan, C.R., Ramakrishnan, I.V., Smolka, S.A., Swift, T., Warren, D.S.: Efficient model checking using tabled resolution. In: Grumberg, O. (ed.) Proceedings CAV’97. LNCS, vol. 1254, pp. 143–154. Springer, Berlin (1997)

  41. Roscoe A.W.: The Theory and Practice of Concurrency. Prentice-Hall, New Jersey (1999)

    Google Scholar 

  42. Roscoe A.W.: On the expressive power of CSP refinement. Formal Aspects Comput. 17(2), 93–112 (2005)

    Article  MATH  Google Scholar 

  43. Sagonas, K., Swift, T., Warren, D.S.: XSB as an efficient deductive database engine. In: Proceedings of the ACM SIGMOD International Conference on the Management of Data, pp. 442–453, Minneapolis, Minnesota. ACM, New York (1994)

  44. Schneider S.: Concurrent and Real-time Systems: The CSP Approach. Wiley, New York (1999)

    Google Scholar 

  45. Sistla A.P., Gyuris V., Emerson E.A.: Smc: a symmetry-based model checker for verification of safety and liveness properties. ACM Trans. Softw. Eng. Methodol. 9(2), 133–166 (2000)

    Article  Google Scholar 

  46. Tarjan R.E.: Depth-first search and linear graph algorithms. SIAM J. Comput. 1(2), 146–160 (1972)

    Article  MATH  MathSciNet  Google Scholar 

  47. Treharne H., Schneider S.: How to drive a B machine. In: Bowen, J.P., Dunne, S., Galloway, A., King, S. (eds) ZB’2000. LNCS, vol. 1878, pp. 188–208. Springer, Berlin (2000)

    Google Scholar 

  48. Turner, E., Leuschel, M., Spermann, C., Butler, M.: Symmetry reduced model checking for B. In: Proceedings Symposium TASE 2007, pp. 25–34, Shanghai, China. IEEE (2007)

  49. Vardi M.Y.: Branching vs. linear time: final showdown. In: Margaria, T., Yi, W. (eds) TACAS’01, LNCS, vol. 2031, pp. 1–22. Springer, Berlin (2001)

    Google Scholar 

  50. Wachter B.D., Genon A., Massart T., Meuter C.: The formal design of distributed controllers with dsl and Spin. Formal Aspects Comput. 17(2), 177–200 (2005)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Softwaretechnik und Programmiersprachen, Institut für Informatik, Heinrich-Heine-Universität Düsseldorf, Universitätsstr. 1, 40225, Düsseldorf, Germany

    Daniel Plagge & Michael Leuschel

Authors
  1. Daniel Plagge
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Leuschel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Leuschel.

Additional information

This research is partially supported by the EU funded FP7 project 214158: DEPLOY (Industrial deployment of advanced system engineering methods for high productivity and dependability).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Plagge, D., Leuschel, M. Seven at one stroke: LTL model checking for high-level specifications in B, Z, CSP, and more. Int J Softw Tools Technol Transfer 12, 9–21 (2010). https://doi.org/10.1007/s10009-009-0132-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-009-0132-3

Keywords

Search

Navigation