Skip to main content
SpringerLink
Log in

State-rich model checking

  • State of the Art
  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

In this paper we survey the area of formal verification techniques, with emphasis on model checking due to its wide acceptance by both academia and industry. The major approaches and their characteristics are presented, together with the main problems faced while trying to apply them. With the increased complexity of systems, as well as interest in software correctness, the demand for more powerful automatic techniques is pushing the theories and tools towards integration. We discuss the state of the art in combining formal methods tools, mainly model checking with theorem proving and abstract interpretation. In particular, we present our own recent contribution on an approach to integrate model checking and theorem proving to handle state-rich systems specified using a combination of Z and CSP.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdallah AE, Jones CB, Sanders JW (eds) (2004) Communicating sequential process: the first 25 years, no. 3525, in Lecture Notes in Computer Science, symposion on the occasion of 25 years of CSP, Springer, London UK, July 2004

  2. Abrial J-R (1996) The B book–-assigning programs to meanings. Cambridge University Press, Cambridge

  3. Alur R, Henzinger T, Mang F, Qadeer S, Rajamani S, Tasinan S (2002) Mocha: Modularity in model checking. Computer Aided Verification, pp. 521–525, 1998.

  4. Amey P (2005) Correctness by construction: better can also be cheaper. Crosstalk J Def Softw Eng Dec: 5–8

  5. Atiya D, King S, Woodcock JCP (2003) Ravenscar protected objects: a Circus semantics. Technical Report 356, Department of Computer Science, University of York, York

  6. Austin PD, Welch PH (2000) Java communicating sequential process–-JCSP. http://www.cs.ukc.ac.uk/projects/ofa/jcsp/

  7. Back R-J, von Wright J (1998) Refinement calculus: A systematic introduction. Graduate text in computer science. Springer, Berlin Heidelberg New York

  8. Ball T, Cook B, Das S, Rajamani SK (2004) Refining approximations in software predicate abstraction. In: Proceedings of 10th international conference on tools and algorithms for the construction and analysis of systems – TACAS'04, pp. 388–403

  9. Barnes J (2003) High integrity software: the spark approach to safety and security, 2nd edn. Addison–Wesley, Reading

  10. Bensalem S, Ganesh V, Lakhnech Y, Munoz C, Owre S, RueßH, Rushby J, Rusu V, Saïdi H, Shankar N, Singerman E, Tiwari A (2000) An overview of SAL. In: Holloway CM (ed.) LFM 2000: 5th NASA Langley formal methods workshop. NASA Langley Research Center, Hampton, VA, pp. 187–196

  11. Biere A, Cimatti A, Clarke EM, Fujita M, Zhu Y (1999) Symbolic model checking using SAT procedures instead of BDDs. In: DAC '99: Proceedings of the 36th ACM/IEEE conference on design automation, ACM, New York, pp. 317–320

  12. Bryant RE (1986) Graph-based algorithms for boolean function manipulation. IEEE Trans Comput 35(8):677–691

    Google Scholar 

  13. Burch I (1994) Symbolic Model Checking for Sequential Circuit Verification. IEEE Trans Comput Aided Des Integr Circ Syst 13:401–424

    Google Scholar 

  14. Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Rustan K, Leino M, Poll5 E (2003) An overview of JML tools and applications. In: Eighth international workshop on formal methods for industrial critical systems (FMICS), Electronic Notes in Theoretical Computer Science. University of Nijmegen, Elsevier, pp. 73–89

  15. Butler M, Leuschel M (2005) Combining CSP and B for specification and property verification. In: Fitzgerald J, Hayes IJ, Tarlecki A (eds.) FM 2005: Formal methods, no. 3582, Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York, pp. 221–236

  16. Cavada R, Cimatti A, Olivetti E, Pistore M, Roveri M (2005) NuSMV 2.2 user's manual. Carneige Mellon University, Trento, Italy, nusmv.irst.itc.it

  17. Chaki S, Clarke EM, Ouaknine J, Sharygina N, Sinha N (2004) State/event-based software model checking. In: Boiten EA, Derrick J, Smith G (eds.) In: Proceedings of the 4th international conference in integrated formal methods, no. 2999, Lecture Notes in Computer Science, pp. 128–147

  18. Clarke EM, Jha S (1993) Symmetry and induction in model checking. Technical report, Carnegie Mellon University, Pittsburgh

  19. Clarke EM, Wing JM (1996) Formal methods–-state of the art and future directions. ACM Comput Surv 28(4):626–643

    Google Scholar 

  20. Clarke EM, Grumberg O, Peled D (2000) Model checking. MIT Press, Cambridge

  21. Cleaveland R, Hennessy M (1993) Testing equivalence as a bisimulation equivalence. Formal Aspects Comput J 5(1):1–20

    Google Scholar 

  22. Cleaveland R, Iyer P, Yankelevich D (1993) Optimality in abstractions of model checking. Technical report, North Carolina State University, US and University of Buenos Aires, Argentina

  23. Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. In: Proceedings of international static analysis symposium – SAS'05, London

  24. Cousot P, Cousot R (1992) Abstract interpretation framworks. J Logic Comput 2(4):511–547

    Google Scholar 

  25. Deharbe D, Shankar S, Clarke EM Jr (1998) Model checking VHDL with CV. In: Formal methods in circuit automation design (FMCAD'98), Lecture Notes in Computer Science, vol. 1522. Springer, Berlin Heidelberg New York, pp. 508–513

  26. Detlefs D, Rustan K, Leino M, Nelson G, Saxe JB (1998) Extended static checking. Technical Report 159, COMPAQ Systems Research Center (SRC), http://www.research.digital.com/SRC/

  27. Dovier A, Piazza C, Policriti A (2000) A fast bisimulation algorithm. Technical report, University di Verona and University Udine, November 2000, UDM/14/00/RR

  28. Elseaidy W (ed.) (1994) Modeling and verifying active structural control systems. Sci Comput Program 29(1–2):99–122

    Google Scholar 

  29. Farias AC (2003) Efficient and mechanised analysis of infinite CSP-Z processes. Master's thesis, Universidade Federal de Pernambuco, Pernambuco

  30. Fischer C (2000) Combination and implementation of process and data: From CSP-OZ to Java. PhD thesis, University of Oldenburg, Oldenburg

  31. Formal Systems (Europe) Ltd. (2000) ProBE user's manual version 1.28

  32. Freitas L (2004) Predicate transition system–-automata theory. Appendix A.3 in [34] (CD-ROM)

  33. Freitas L (2005) Model checking Circus. PhD thesis, Univeristy of York, York

  34. Freitas L, Cavalcanti A, Sampaio A (2002) JACK–-a framework for process algebra implementation in Java. In: Proceedings of XVIII Simposio Brasileiro de Engenharia de Software in Gramado, October 2002, pp. 98–113

  35. Goldsmith M (2000) FDR2 user's manual version 2.67. Formal Systems (Europe) Ltd, Oxford

  36. Goldsmith M (2001) Overview of FDR in [94], chap. 4. Addison–Wesley, Reading, pp. 125–140

  37. Hall A, Chapman R (2002) Correctness by construction: developing a commercial secure system. IEEE Softw J 19(1):18–25

    Google Scholar 

  38. Har'el Z, Kurshan RP (1990) Software for analytical development of communications protocols. AT&T Tech J 69(1):45–59

  39. Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10):576–583

    Google Scholar 

  40. Hoare CAR, Jifeng H (1998) Unifying Theories of Programming. International series in computer science. Prentice-Hall, Englewood Cliffs

  41. Holzmann GJ (1997) The Model-Checker SPIN. IEEE Trans Softw Eng 23(5):1–17

    Google Scholar 

  42. Hopcroft J, Motwani R, Ullman JD (2001) Introduction to automata theory, languages, and computation, 2nd edn. Addison–Wesley, Reading

  43. The ICS Group (2005) ICS Manual (Version 2.0). SRI International, Computer Science Laboratory, SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025, USA

  44. Jackson D, Schechter I, Shlyakhter I (2000) Alcoa: the alloy constraint analyzer. In: Proceedings of the 22nd international conference on software engineering, June 2000, pp. 730–733

  45. Jones G, Goldsmith M (1998) Programming in occam 2. International series in computer science, 2nd edn. Prentice-Hall, Englewood Cliffs

  46. Kang H-J, Park I-C (2003) SAT-based unbounded symbolic model checking. In: Proceedings of the 40th design automation conference (DAC'03), IEEE, pp. 840–843

  47. Kokkarinen I (1998) A veridication-oriented theory of data in labelled transition systems. PhD thesis, Tampere University, Finland

  48. Kozen D (1998) Results on the propositional μ-calculus. Theor Comput Sci 27:333–354

    Google Scholar 

  49. Lahriri SK, Ball T, Cook B (2005) Predicate abstraction via symbolic decision procedures. Technical Report MSR-TR-2005-53, Microsoft Research

  50. Lazić RS (1999) A semantic study of data independence with applications to model checking. PhD thesis, Programming Research Group, Oxford University, Oxford

  51. Lemma-One (2003) ProofPower Tutorial

  52. Leuschel MA, Massart T, Currie A (2001) How to make FDR spin: LTL model checking of CSP by refinement. In: Oliveira JN, Zave P (eds.) Formal methods Europe 2001, vol. 2021. Springer, Berlin Heidelberg New York, pp. 99–118

  53. Leuschel LA, Butler M, Lo Presti S (2005) ProB User Manual version 1.1.4. Declarative systems and software engineering, University of Southampton, and Softwaretechnik und Programmiersprachen, University of Düusseldorf, Germany

  54. Lowe G (1996) A hierarchy of authentication specifications. Technical report, University of Leicester, Leicester

  55. Lowe G (1997) CASPER user manual. Oxford University, Oxford

  56. Lowe G (2002) Simplifying transformations–-the CyberCash security protocol in [94], chap. 8. Addison Wesley, Reading, pp. 201–220

  57. Lowe G, Roscoe B (1997) Using CSP to detect errors in the TMN protocol. Technical report, Oxford University, Oxford

  58. Malik P, Utting M (2005) CZT: A framework for Z tools. In: Treharne H, King S, Henson M, Schneider S (eds.) ZB 2005: Formal specification and development in Z and B: 4th international conference of B and Z users, Guildford, UK, Springer, Berlin Heidelberg New York, pp. 13–15

  59. Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems–-specification, vol. 1. Springer, Berlin Heidelberg New York

  60. Manna Z, Pnueli A (1995) The temporal logic of reactive and concurrent systems–-safety, vol. 2. Springer, Berlin Heidelberg New York

  61. Martin JMR (1996) The design and construction of deadlock-free concurrent systems. PhD thesis, University of Buckingham, Buckingham

  62. Martin JMR, Huddart Y (2000) Parallel algorithms for deadlock and livelock analysis of concurrent systems. Communicating Process Architectures IOS Press.

  63. McMillan KL (1993) Symbolic model checking. Kluwer, Dordrecht

  64. Microsoft Research (2004) SLAM: A static driver verifier. research.microsoft.com/slam/

  65. Milner R (1990) Communication and concurrency. International series in Computer lence. Prentice-Hall, Englewood Cliffs

  66. Misra J, Chandy KM (1990) Proofs of networks of processes. IEEE Trans Softw Eng SE 7(4):417–426

    Google Scholar 

  67. Morgan C (1994) Programming from specifications. Prentice-Hall, Englewood Cliffs

  68. Mota A (1997) Formalization and analysis of the SACI-1 micro satellite in CSP-Z. Master's thesis, Universidade Federal de Pernambuco, Pernambuco (in Portuguese)

  69. Mota A (2001) Model cecking CSP-Z: Techniques to overcome state explosion. PhD thesis, Universidade Federal de Pernambuco, Pernambuco

  70. Mota A, Sampaio A (2001) Model checking CSP-Z. Science of computer programming, vol. 4. Elsevier, Amsterdam

  71. de Moura L, Rueß H, Sorea M (2002) Lazy theorem proving for bounded model checking over infinite domains. In: Proceedings of the 18th conference on automated deduction (CADE), Lecture Notes in Computer Science, Copenhagen, Denmark, 27–30 July, Springer, Berlin Heidelberg New York

  72. de Moura L, Rueß H, Sorea M (2003) Bounded model checking and induction: From refutation to verification. In: Voronkov A (ed.) Computer-aided verification, CAV 2003, Lecture Notes in Computer Science, vol. 2725. Springer, Berlin Heidelberg New York pp. 14–26

  73. de Moura L, Owre S, Rueß H, Rushby J, Shankar N, Sorea M, Tiwari A (2004) SAL 2. In: Proceedings of the 16th international conference on computer aided verification (CAV), Lecture Notes in Computer Science, Boston, July 2004, Springer, Berlin Heidelberg New York

  74. Oliveira M (2006) Formal derivation of state-rich reactive programs using Circus. PhD thesis, University of York, York

  75. Oliveira M, Cavalcanti A, Woodcock J (2005) Unifying theories in ProofPowerZ Draft, Univeristy of York, York

  76. Paige R, Tarjan R (1987) Three partition refinement algorithms. SIAM J Comput 16(6):973–989

    Google Scholar 

  77. Paranhos D, Cirne W, Brasileiro F (2003) Trading cycles for information: Using replication to schedule bag-of-tasks applications on computational grids. In: Proceedings of the Euro-Par 2003: International conference on parallel and distributed computing, August 2003, pp. 169–180

  78. Parashkevov AN, Yantchev J (1996) ARC–-A tool for efficient refinement and equivalence checking for CSP. In: IEEE 2nd international conference on algorithms and architectures for parallel processing ICA3PP, pp. 68–75

  79. Parashkevov AN, Yantchev J (1996) ARC–-A verification tool for concurrent systems. In: Proceedings of the 3rd Australasian parallel and real-time conference. Brisbane, Australia

  80. Peled D (1994) Combining partial order reductions with on-the-fly model checking. In: CAV '94: Proceedings of the 6th international conference on computer aided verification. London, UK, Springer, Berlin Heidelberg New York

  81. Pnueli A (1984) In transition for global to modular temporal reasoning about programs. In: Apt KR (ed.) Logics and models of concurrent systems, NATO ASI. Springer, Berlin Heidelberg New York

  82. Poll E, van den Berg J, Jacobs B (2000) Specification of the JavaCard API in JML, chap. 3. pp 135–154. Kluwer, Dordrecht. Also Department of Computer Science, University of Nijmegen. CSI report CSI-R0005

  83. Pong F, Dubois M (1997) Verification techniques for cache coherence protocols. ACM Comput Surv 29(1) 82–126

    Google Scholar 

  84. Rajasekaran S, Lee I (1998) Parallel algorithms for relational coarsest partition problems. In: Proceedings of the IEEE transactions on parallel and distributed systems, vol 9(7). IEEE CS, pp. 687–699[Query17]

  85. Roscoe AW (ed.) (1994) A classical mind: Essays in honour of C. A. R. Hoare. International series in computer science. Prentice-Hall, Englewood Cliffs

  86. Roscoe AW (1994) Model checking CSP in [86], chap. 21. Prentice-Hall, Englewood Cliffs, pp. 353–378

  87. Roscoe AW (1997) The theory and practice of concurrency. International series in computer science. Prentice-Hall, Englewood Cliffs

  88. Roscoe AW, MacCarthy H (1994) Verifying a replicated database: A case study in model checking CSP. Technical report, Oxford University, Oxford

  89. Roscoe AW, Gardiner PHB, Goldsmith MH, Hulance JR, Jackson DM, Scattergood JB (1995) Hierarchical compression for model checking CSP or how to check 1020 dining philosophers for deadlock. First TACAS in Lecture Notes in Computer Science, vol. 1019(1)

  90. Rushby J (1995) Model checking and other ways of automating formal methods. Model checking for concurrent programs software, quality week–-San Francisco, Position Paper––SRI International

  91. Rushby J (1997) Specification, proof checking, and model checking for protocols and distributed systems with PVS. Formal description techniques and protocol specification, testing and verification (FORTE/PSTV)–-Osaka, Japan; SRI international–-paper and tutorial slides, pp. 9–12

  92. Rushby J (1999) Mechanised formal methods: Where next? In: The World congress on formal methods–-Toulouse France, no. 1708, Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York. pp. 48–51, invited paper; SRI international–-paper and tutorial slides

  93. Rushby J (2000) From refutation to verification. Formal description techniques and protocol specification, testing and verification (FORTE XIII/PSTV XX)–-Pisa, Italy, pp. 369–374

  94. Ryan P, Schneider S, Roscoe B, Goldsmith M, Lowe G (2001) Modelling and analysis of security protocols. Addison-Wesley, Reading

  95. Saaltink M (1992) Z/Eves 2.0 user's guide. ORA Canada TR-99-5493-06a

  96. Scattergood JB (1992) A parser for CSP. Technical report, Oxford University, Oxford

  97. Schneider S (1997) Verifying authentication protocols with CSP. Technical report, Royal Holloway, University of London, London

  98. Schneider S (1998) Security properties and CSP. Technical report, Royal Holloway, University of London, London

  99. Shankar N (2002) Mechanised verification methodologies. In: Summer school in specification, verification, and refinement, Turku, Finland

  100. Shankar N, Sorea M (2004) Counterexample-driven model checking. CSL technical report SRI-CSL-03-04, SRI International

  101. Spivey JM (1998) The Z notation: a reference manual. Prentice-Hall, Englewood Cliffs

  102. Valmari A (1990) A stubborn attack on state explosion in [18], chap. 2. No. 531, Lecture Notes in Computer Science. Springer, Berlin Heidelberg New York, pp. 156–165

  103. Valmari A (2005) What does theory say about the possibilities of improving efficiency. UK Model Checking Days, University of York, York, http://www.cs.york.ac.uk/~luettgen/ukmcdays

  104. Wehrheim H (2000) Data abstraction techniques in the validation of csp-oz specifications. Formal Aspects Comput J 12(3):147–164

    Google Scholar 

  105. Williams PF, Biere A, Clarke EM, Gupta A (2000) Combining decision diagrams and SAT procedures for efficient symbolic model checking. In: CAV '00: Proceedings of the 12th international conference on computer aided verification, London, UK, Springer, Berlin Heidelberg New York, pp. 124–138

  106. Woodcock J (2003) UK grand challenge in computer science: dependable systems evolution. http://www.nesc.ac.uk

  107. Woodcock J, Davies J (1996) Using Z: Specification, refinement, and proof. International series in computer science. Prentice-Hall, Englewood Cliffs

  108. Woodcock JCP, Cavalcanti ALC (2001) The steam boiler in a unified theory of Z and CSP. In: Proceedings of 8th Asia–Pacific software engineering conference (APSEC01), IEEE Computer Society, pp. 291–298

  109. Woodcock J, Cavalcanti A (2002) Circus –-a concurrent language for refinement. Technical report, University of Kent, Canterbury

  110. Z Standard (2000) Formal specification, Z notation, syntax, type and semantics–-consensus working draft 2.6. Technical Report JTC1.22.45, BSI panel IST/5/-/19/2 (Z notation) and ISO panel JTC1/SC22/WG19 (Rapporteur Group for Z),http://www.cs.york.ac.uk/~ian/zstan/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of York, York, UK

    Leo Freitas, Jim Woodcock & Ana Cavalcanti

Authors
  1. Leo Freitas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jim Woodcock
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ana Cavalcanti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leo Freitas.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Freitas, L., Woodcock, J. & Cavalcanti, A. State-rich model checking. Innovations Syst Softw Eng 2, 49–64 (2006). https://doi.org/10.1007/s11334-006-0021-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11334-006-0021-9

Keywords

Search

Navigation