论文信息 - Principles of model checking

Principles of model checking

Our growing dependence on increasingly complex computer and software systems necessitates the development of formalisms, techniques, and tools for assessing functional properties of these systems. One such technique that has emerged in the last twenty years is model checking, which systematically (and automatically) checks whether a model of a given system satisfies a desired property such as deadlock freedom, invariants, and request-response properties. This automated technique for verification and debugging has developed into a mature and widely used approach with many applications. Principles of Model Checking offers a comprehensive introduction to model checking that is not only a text suitable for classroom use but also a valuable reference for researchers and practitioners in the field. The book begins with the basic principles for modeling concurrent and communicating systems, introduces different classes of properties (including safety and liveness), presents the notion of fairness, and provides automata-based algorithms for these properties. It introduces the temporal logics LTL and CTL, compares them, and covers algorithms for verifying these logics, discussing real-time systems as well as systems subject to random phenomena. Separate chapters treat such efficiency-improving techniques as abstraction and symbolic manipulation. The book includes an extensive set of examples (most of which run through several chapters) and a complete set of basic results accompanied by detailed proofs. Each chapter concludes with a summary, bibliographic notes, and an extensive list of exercises of both practical and theoretical nature.

Christel Baier | Joost-Pieter Katoen | C. Baier | J. Katoen

[1] C. Lewis. IV.—IMPLICATION AND THE ALGEBRA OF LOGIC , 1912 .

[2] S C Kleene,et al. Representation of Events in Nerve Nets and Finite Automata , 1951 .

[3] George H. Mealy,et al. A method for synthesizing sequential circuits , 1955 .

[4] Edward F. Moore,et al. Gedanken-Experiments on Sequential Machines , 1956 .

[5] R. Bellman. A Markovian Decision Process , 1957 .

[6] Jaakko Hintikka,et al. Time And Modality , 1958 .

[7] Richard Bellman,et al. ON A ROUTING PROBLEM , 1958 .

[8] A. Nerode,et al. Linear automaton transformations , 1958 .

[9] Dana S. Scott,et al. Finite Automata and Their Decision Problems , 1959, IBM J. Res. Dev..

[10] R. Bellman,et al. Dynamic Programming and Markov Processes , 1960 .

[11] B. A. Trakhtenbrot,et al. Finite Automata and the Logic of Single-Place Predicates , 1962 .

[12] David E. Muller,et al. Infinite sequences and finite machines , 1963, SWCT.

[13] Edsger W. Dijkstra,et al. Solution of a problem in concurrent programming control , 1965, CACM.

[14] Harris Hyman. Comments on a problem in concurrent programming control , 1966, CACM.

[15] Robert McNaughton,et al. Testing and Generating Infinite Sequences by a Finite Automaton , 1966, Inf. Control..

[16] Johan Anthory Willem Kamp,et al. Tense logic and the theory of linear order , 1968 .

[17] M. Rabin. Decidability of second-order theories and automata on infinite trees , 1968 .

[18] Frank Harary,et al. Graph Theory , 2016 .

[19] Keith A. Bartlett,et al. A note on reliable full-duplex transmission over half-duplex links , 1969, Commun. ACM.

[20] J. Kemeny,et al. Denumerable Markov chains , 1969 .

[21] Stephen A. Cook,et al. The complexity of theorem-proving procedures , 1971, STOC.

[22] Robin Milner,et al. An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[23] Bennett Fox. Markovian Decision Processes (H. Mine and S. Osaki) , 1971 .

[24] Ronald A. Howard,et al. Dynamic Probabilistic Systems , 1971 .

[25] John E. Hopcroft,et al. An n log n algorithm for minimizing states in a finite automaton , 1971 .

[26] Robert E. Tarjan,et al. Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[27] Edsger W. Dijkstra. Information Streams Sharing a Finite Buffer , 1972, Inf. Process. Lett..

[28] Howard Pospesel. Introduction to Logic: Propositional Logic , 1974 .

[29] Leslie Lamport,et al. A new solution of Dijkstra's concurrent programming problem , 1974, Commun. ACM.

[30] Yaacov Choueka,et al. Theories of Automata on omega-Tapes: A Simplified Approach , 1974, J. Comput. Syst. Sci..

[31] Richard J. Lipton,et al. Reduction: a method of proving properties of parallel programs , 1975, CACM.

[32] Robert M. Keller,et al. Formal verification of parallel programs , 1976, CACM.

[33] Andrew Chi-Chih Yao,et al. The complexity of nonuniform random number generation , 1976 .

[34] Edsger W. Dijkstra,et al. A Discipline of Programming , 1976 .

[35] John G. Kemeny,et al. Finite Markov chains , 1960 .

[36] Leslie Lamport,et al. Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[37] Susan S. Owicki. Verifying Concurrent Programs With Shared Data Classes , 1977, Formal Description of Programming Concepts.

[38] Allen Van Gelder,et al. Computer Algorithms: Introduction to Design and Analysis , 1978 .

[39] Colin H. West. An Automated Technique of Communications Protocol Validation , 1978, IEEE Trans. Commun..

[40] David S. Johnson,et al. Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[41] C. A. R. Hoare,et al. Communicating sequential processes , 1978, CACM.

[42] Jeffrey D. Ullman,et al. Introduction to Automata Theory, Languages and Computation , 1979 .

[43] Glenford J. Myers,et al. Art of Software Testing , 1979 .

[44] David Michael Ritchie Park,et al. On the Semantics of Fair Parallelism , 1979, Abstract Software Specifications.

[45] Willem P. de Roever,et al. A Proof System for Communicating Sequential Processes , 1980, ACM Trans. Program. Lang. Syst..

[46] Saharon Shelah,et al. On the Temporal Basis of Fairness. , 1980 .

[47] Leslie Lamport,et al. "Sometime" is sometimes "not never": on the temporal logic of programs , 1980, POPL '80.

[48] Gary L. Peterson,et al. Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[49] Edmund M. Clarke,et al. Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[50] Mordechai Ben-Ari,et al. The temporal logic of branching time , 1981, POPL '81.

[51] Amir Pnueli,et al. Impartiality, Justice and Fairness: The Ethics of Concurrent Termination , 1981, ICALP.

[52] David Park,et al. Concurrency and Automata on Infinite Sequences , 1981, Theoretical Computer Science.

[53] Daniel Lehmann,et al. On the advantages of free choice: a symmetric and fully distributed solution to the dining philosophers problem , 1981, POPL '81.

[54] James Lyle Peterson,et al. Petri net theory and the modeling of systems , 1981 .

[55] S. Hart,et al. Termination of Probabilistic Concurrent Programs. , 1982 .

[56] Joseph Sifakis,et al. Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[57] Robert S. Streett,et al. Propositional Dynamic Logic of Looping and Converse Is Elementarily Decidable , 1982, Inf. Control..

[58] A. Prasad Sistla,et al. The complexity of propositional linear temporal logics , 1982, STOC '82.

[59] Joseph Y. Halpern,et al. Decision procedures and expressiveness in the temporal logic of branching time , 1982, STOC '82.

[60] Nissim Francez,et al. Decomposition of Distributed Programs into Communication-Closed Layers , 1982, Sci. Comput. Program..

[61] D. Kozen. Results on the Propositional µ-Calculus , 1982 .

[62] Pierre Wolper,et al. Specification and synthesis of communicating processes using an extended temporal logic: (preliminary version) , 1982, POPL '82.

[63] Boris Beizer,et al. Software Testing Techniques , 1983 .

[64] Robin Milner,et al. Calculi for Synchrony and Asynchrony , 1983, Theor. Comput. Sci..

[65] Bernard Berthomieu,et al. An Enumerative Approach for Analyzing Time Petri Nets , 1983, IFIP Congress.

[66] Pierre Wolper. Temporal Logic Can Be More Expressive , 1983, Inf. Control..

[67] C. A. R. Hoare,et al. A Theory of Communicating Sequential Processes , 1984, JACM.

[68] Mordechai Ben-Ari. Algorithms for on-the-fly garbage collection , 1984, TOPL.

[69] Rob Gerth. Transition logic: How to reason about temporal properties in a compositional way , 1984, STOC '84.

[70] Barry W. Boehm,et al. Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[71] Andrzej Wlodzimierz Mostowski,et al. Regular expressions for infinite trees and a standard form of automata , 1984, Symposium on Computation Theory.

[72] Jan A. Bergstra,et al. Algebra of Communicating Processes with Abstraction , 1985, Theor. Comput. Sci..

[73] Michael Kaminski. A Classification of omega-Regular Languages , 1985, Theor. Comput. Sci..

[74] Amir Pnueli,et al. The Glory of the Past , 1985, Logic of Programs.

[75] Robin Milner,et al. Algebraic laws for nondeterminism and concurrency , 1985, JACM.

[76] Bowen Alpern,et al. Defining Liveness , 1984, Inf. Process. Lett..

[77] Moshe Y. Vardi. Automatic verification of probabilistic concurrent finite state programs , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[78] Amir Pnueli,et al. Linear and Branching Structures in the Semantics and Logics of Reactive Systems , 1985, ICALP.

[79] Amir Pnueli,et al. Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[80] Edmund M. Clarke,et al. Automatic Verification of Sequential Circuits Using Temporal Logic , 1986, IEEE Transactions on Computers.

[81] Randal E. Bryant,et al. Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[82] Amir Pnueli,et al. Probabilistic Verification by Tableaux , 1986, Logic in Computer Science.

[83] Krzysztof R. Apt,et al. Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[84] Antoni W. Mazurkiewicz,et al. Trace Theory , 1986, Advances in Petri Nets.

[85] Krzysztof R. Apt,et al. Correctness proofs of distributed termination algorithms , 1986, TOPL.

[86] A. P. Sistla,et al. Automatic verification of finite-state concurrent systems using temporal logic specifications , 1986, TOPL.

[87] Micha Sharir,et al. Probabilistic Propositional Temporal Logics , 1986, Inf. Control..

[88] Pierre Wolper,et al. An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[89] Glynn Winskel,et al. Event Structures , 1986, Advances in Petri Nets.

[90] Amir Pnueli,et al. Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends , 1986, Current Trends in Concurrency.

[91] Chin-Laung Lei,et al. Temporal Reasoning Under Generalized Fairness Constraints , 1986, STACS.

[92] Joseph Y. Halpern,et al. “Sometimes” and “not never” revisited: on branching versus linear time temporal logic , 1986, JACM.

[93] Chin-Laung Lei,et al. Modalities for Model Checking: Branching Time Logic Strikes Back , 1987, Sci. Comput. Program..

[94] David Harel,et al. Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[95] Dimitri P. Bertsekas,et al. Dynamic Programming: Deterministic and Stochastic Models , 1987 .

[96] Ludwig Staiger,et al. Research in the Theory of omega-languages , 1987, J. Inf. Process. Cybern..

[97] Fred Kröger,et al. Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[98] Pierre Wolper,et al. The Complementation Problem for Büchi Automata with Appplications to Temporal Logic , 1987, Theor. Comput. Sci..

[99] Tommaso Bolognesi,et al. Tableau methods to describe strong bisimilarity on LOTOS processes involving pure interleaving and enabling , 1994, FORTE.

[100] Robert E. Tarjan,et al. Three Partition Refinement Algorithms , 1987, SIAM J. Comput..

[101] Martin Rem,et al. Trace Theory and Systolic Computations , 1987, PARLE.

[102] Â. È Ê Â Â Û Û Ò Ç ^ R R Ó Ae Ú Ú Ë Ë Â Ê Ì È Â Ê Â. Verifying Temporal Properties without Temporal Logic , 1988 .

[103] Boleslaw K. Szymanski. A simple solution to Lamport's concurrent programming problem with linear wait , 1988, ICS '88.

[104] Thomas Sudkamp,et al. Languages and Machines , 1988 .

[105] Lutz Priese,et al. Fairness , 1988, Bull. EATCS.

[106] Edmund M. Clarke,et al. Expressibility results for linear-time and branching-time logics , 1988, REX Workshop.

[107] Edmund M. Clarke,et al. Characterizing Finite Kripke Structures in Propositional Temporal Logic , 1988, Theor. Comput. Sci..

[108] Martín Abadi,et al. The Existence of Refinement Mappings , 1988, LICS.

[109] Robin Milner,et al. Communication and concurrency , 1989, PHI Series in computer science.

[110] C. H. West,et al. Protocol Validation in Complex Systems , 1989, SIGCOMM.

[111] Marta Kwiatkowska,et al. Survey of fairness notions , 1989 .

[112] Piotr Berman,et al. Asymptotically Optimal Distributed Consensus (Extended Abstract) , 1989, ICALP.

[113] Antti Valmari,et al. Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.

[114] David L. Dill,et al. Timing Assumptions and Verification of Finite-State Concurrent Systems , 1989, Automatic Verification Methods for Finite State Systems.

[115] R. Alur,et al. Automata For Modeling Real-Time Systems , 1990, ICALP.

[116] Frank Dederichs,et al. Safety and Liveness From a Methodological Point of View , 1990, Inf. Process. Lett..

[117] Wolfgang Thomas,et al. Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[118] Rocco De Nicola,et al. Three Logics for Branching Bisimulation (Extended Abstract) , 1990, LICS 1990.

[119] E. Allen Emerson,et al. Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[120] Joseph Sifakis,et al. ATP: an Algebra for Timed Processes , 1990, Programming Concepts and Methods.

[121] Jan Friso Groote,et al. An Efficient Algorithm for Branching Bisimulation and Stuttering Equivalence , 1990, ICALP.

[122] Martin Rem. A personal perspective of Alphern-Schneider characterization of safety and liveness , 1990 .

[123] Harry R. Lewis. A Logic of Concrete Time Intervals (Extended Abstract) , 1990, LICS 1990.

[124] Scott A. Smolka,et al. CCS expressions, finite state processes, and three problems of equivalence , 1983, PODC '83.

[125] Marta Z. Kwiatkowska,et al. A Metric for Traces , 1990, Inf. Process. Lett..

[126] Mihalis Yannakakis,et al. Markov Decision Processes and Regular Events (Extended Abstract) , 1990, ICALP.

[127] Alon Itai,et al. Symmetry breaking in distributed networks , 1990, Inf. Comput..

[128] Nicolas Halbwachs,et al. Minimal Model Generation , 1990, CAV.

[129] J. R. Büchi. On a Decision Method in Restricted Second Order Arithmetic , 1990 .

[130] Rob J. van Glabbeek,et al. The Linear Time-Branching Time Spectrum (Extended Abstract) , 1990, CONCUR.

[131] Michael Yoeli. Formal Verification of Hardware Design , 1990 .

[132] Shared binary decision diagram with attributed edges for efficient Boolean function manipulation , 1990, 27th ACM/IEEE Design Automation Conference.

[133] Patrice Godefroid. Using Partial Orders to Improve Automatic Verification Methods , 1990, CAV.

[134] Antti Valmari,et al. A stubborn attack on state explosion , 1990, Formal Methods Syst. Des..

[135] Wang Yi,et al. CCS + Time = An Interleaving Model for Real Time Systems , 1991, ICALP.

[136] Kim Guldstrand Larsen,et al. Specification and refinement of probabilistic processes , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[137] Gerard J. Holzmann,et al. Design and validation of computer protocols , 1991 .

[138] Randal E. Bryant,et al. On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[139] Dieter Hogrefe,et al. SDL - with applications from protocol specification , 1991, BCS practitioner series.

[140] Samson Abramsky,et al. A Domain Equation for Bisimulation , 1991, Inf. Comput..

[141] Kim G. Larsen,et al. Bisimulation through Probabilistic Testing , 1991, Inf. Comput..

[142] Edmund M. Clarke,et al. Sequential circuit verification using symbolic model checking , 1991, DAC '90.

[143] Hans A. Hansson. Time and probability in formal design of distributed systems , 1991, DoCS.

[144] Zohar Manna,et al. Completing the Temporal Picture , 1991, Theor. Comput. Sci..

[145] Zohar Manna,et al. From Timed to Hybrid Systems , 1991, REX Workshop.

[146] Pierre Wolper,et al. Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[147] D. E. Long,et al. Model checking and abstraction , 1992, POPL '92.

[148] Edmund M. Clarke,et al. Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[149] Lu Tian,et al. On some equivalence relations for probabilistic processes , 1992, Fundamenta Informaticae.

[150] Doron A. Peled,et al. Defining Conditional Independence Using Collapses , 1992, Theor. Comput. Sci..

[151] Seif Haridi,et al. Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[152] Zohar Manna,et al. The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[153] Reinhard Gotzhein,et al. Temporal Logic and Applications-A Tutorial , 1992, Comput. Networks ISDN Syst..

[154] Karlis Cerans,et al. Decidability of Bisimulation Equivalences for Parallel Timer Processes , 1992, CAV.

[155] Pierre Wolper,et al. Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[156] Aarti Gupta,et al. Formal hardware verification methods: A survey , 1992, Formal Methods Syst. Des..

[157] F. Vaandrager. Forward and Backward Simulations Part I : Untimed Systems , 1993 .

[158] Wang Yi,et al. Time Abstracted Bisimiulation: Implicit Specifications and Decidability , 1993, MFPS.

[159] Christos H. Papadimitriou,et al. Computational complexity , 1993 .

[160] Somesh Jha,et al. Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[161] Rance Cleaveland,et al. The concurrency workbench: a semantics-based tool for the verification of concurrent systems , 1993, TOPL.

[162] Edward Y. Chang,et al. The Safety-Progress Classification , 1993 .

[163] H. Peter Gumm. Another Glance at the Alpern-Schneider Characterization of Safety and Liveness in Concurrent Executions , 1993, Inf. Process. Lett..

[164] Shuzo Yajima,et al. The Complexity of the Optimal Variable Ordering Problems of Shared Binary Decision Diagrams , 1993, ISAAC.

[165] Kenneth L. McMillan,et al. Symbolic model checking , 1992 .

[166] Robert K. Brayton,et al. BDD-Based Debugging Of Design Using Language Containment and Fair CTL , 1993, CAV.

[167] Rajeev Alur,et al. Model-Checking in Dense Real-time , 1993, Inf. Comput..

[168] Doron A. Peled,et al. All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[169] Gerard J. Holzmann,et al. Design and Validation of Protocols: A Tutorial , 1993, Comput. Networks ISDN Syst..

[170] Amir Pnueli,et al. Probabilistic Verification , 1993, Information and Computation.

[171] Patrice Godefroid,et al. Refining Dependencies Improves Partial-Order Verification Methods (Extended Abstract) , 1993, CAV.

[172] R. Rudell. Dynamic variable ordering for ordered binary decision diagrams , 1993, Proceedings of 1993 International Conference on Computer Aided Design (ICCAD).

[173] Job Zwiers,et al. Specifiying and Proving Communication Closedness in Protocols , 1993, PSTV.

[174] Rob J. van Glabbeek,et al. The Linear Time - Branching Time Spectrum II , 1993, CONCUR.

[175] Antti Valmari,et al. On-the-Fly Verification with Stubborn Sets , 1993, CAV.

[176] P. Buchholz. Exact and ordinary lumpability in finite Markov chains , 1994, Journal of Applied Probability.

[177] Leslie Lamport,et al. The temporal logic of actions , 1994, TOPL.

[178] William J. Stewart,et al. Introduction to the numerical solution of Markov Chains , 1994 .

[179] Pierre Wolper,et al. Reasoning About Infinite Computations , 1994, Inf. Comput..

[180] Javier Esparza. Model Checking Using Net Unfoldings , 1994, Sci. Comput. Program..

[181] André Arnold,et al. Finite transition systems , 1994 .

[182] Gerard J. Holzmann,et al. An improvement in formal verification , 1994, FORTE.

[183] Martin L. Puterman,et al. Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994 .

[184] Gerard J. Holzmann,et al. The Theory and Practice of A Formal Method: NewCoRe , 1994, IFIP Congress.

[185] Rajeev Alur,et al. A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[186] Thomas A. Henzinger,et al. Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[187] Lars ke Fredlund. The Timing and Probability Workbench: A Tool for Analysing Timed Processes , 1994 .

[188] Doron A. Peled. Combining Partial Order Reductions with On-the-fly Model-Checking , 1994, CAV.

[189] Joseph Sifakis,et al. Using Abstractions for the Verification of Linear Hybrid Systems , 1994, CAV.

[190] Andrew William Roscoe,et al. Model-checking CSP , 1994 .

[191] Richard J Trudeau,et al. Introduction to Graph Theory , 1994 .

[192] Edmund M. Clarke,et al. Another Look at LTL Model Checking , 1994, CAV.

[193] S. Minato. Binary Decision Diagrams and Applications for VLSI CAD , 1995 .

[194] Nancy A. Lynch,et al. Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[195] Clive Fencott. Formal methods for concurrency , 1995 .

[196] Kenneth L. McMillan,et al. A technique of state space search based on unfolding , 1995, Formal Methods Syst. Des..

[197] Adnan Aziz,et al. It Usually Works: The Temporal Logic of Stochastic Systems , 1995, CAV.

[198] Pierre Wolper,et al. Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[199] Joseph Sifakis,et al. Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[200] Andrea Bianco,et al. Model Checking of Probabalistic and Nondeterministic Systems , 1995, FSTTCS.

[201] Wojciech Zielonka,et al. The Book of Traces , 1995 .

[202] Mihalis Yannakakis,et al. The complexity of probabilistic verification , 1995, JACM.

[203] Moshe Y. Vardi. An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[204] Girish Bhat,et al. Efficient on-the-fly model checking for CTL , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[205] Jürgen Dingel,et al. Model Checking for Infinite State Systems Using Data Abstraction, Assumption-Commitment Style reasoning and Theorem Proving , 1995, CAV.

[206] D. Peled,et al. Temporal Logic: Mathematical Foundations and Computational Aspects, Volume 1 , 1995 .

[207] Faron Moller,et al. On the computational complexity of bisimulation , 1995, CSUR.

[208] Edmund M. Clarke,et al. Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[209] Rajeev Motwani,et al. Randomized Algorithms , 1995, SIGA.

[210] Nancy G. Leveson,et al. Safeware: System Safety and Computers , 1995 .

[211] Thomas A. Henzinger,et al. Computing simulations on finite and infinite graphs , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[212] Pedro R. D'Argenio,et al. A Calculus for Timed Automata , 1996, FTRTFT.

[213] Fabio Somenzi,et al. Logic synthesis and verification algorithms , 1996 .

[214] Tiziano Villa,et al. VIS: A System for Verification and Synthesis , 1996, CAV.

[215] A. Sangiovanni-Vincentelli,et al. Verification of electronic systems , 1996, 33rd Design Automation Conference Proceedings, 1996.

[216] Patrice Godefroid,et al. Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[217] Enrico Macii,et al. Markovian analysis of large finite state machines , 1996, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[218] Gavin Lowe,et al. Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[219] J. Ben Atkinson,et al. Modeling and Analysis of Stochastic Systems , 1996 .

[220] Edmund M. Clarke,et al. Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[221] Sergio Yovine,et al. Model Checking Timed Automata , 1996, European Educational Forum: School on Embedded Systems.

[222] Beate Bollig,et al. Improving the Variable Ordering of OBDDs Is NP-Complete , 1996, IEEE Trans. Computers.

[223] Mihalis Yannakakis,et al. On nested depth first search , 1996, The Spin Verification System.

[224] Neil R. Storey,et al. Safety-critical computer systems , 1996 .

[225] H. Iwashita,et al. CTL model checking based on forward state traversal , 1996, ICCAD 1996.

[226] Pierre Wolper,et al. Partial-order methods for model checking: from linear time to branching time , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[227] Rob J. van Glabbeek,et al. Branching time and abstraction in bisimulation semantics , 1996, JACM.

[228] Stavros Tripakis,et al. Analysis of Timed Systems Based on Time-Abstracting Bisimulation , 1996, CAV.

[229] R. K. Shyamasundar,et al. Introduction to algorithms , 1996 .

[230] Luca de Alfaro,et al. Temporal Logics for the Specification of Performance and Reliability , 1997, STACS.

[231] Doron A. Peled,et al. Stutter-Invariant Temporal Properties are Expressible Without the Next-Time Operator , 1997, Inf. Process. Lett..

[232] Wolfgang Thomas,et al. Languages, Automata, and Logic , 1997, Handbook of Formal Languages.

[233] Christel Baier,et al. Symbolic Model Checking for Probabilistic Processes , 1997, ICALP.

[234] Patrice Godefroid,et al. Model checking for programming languages using VeriSoft , 1997, POPL '97.

[235] T. Schlipf,et al. Formal verification made easy , 1997, IBM J. Res. Dev..

[236] Gerard J. Holzmann,et al. The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[237] Ganesh Gopalakrishnan,et al. A new partial order reduction algorithm for concurrent system verification , 1997 .

[238] Scott A. Smolka,et al. Partial-Order Reduction in the Weak Modal Mu-Calculus , 1997, CONCUR.

[239] Sergio Yovine,et al. KRONOS: a verification tool for real-time systems , 1997, International Journal on Software Tools for Technology Transfer.

[240] Ernst-Rüdiger Olderog,et al. Verification of Sequential and Concurrent Programs , 1997, Graduate Texts in Computer Science.

[241] Kedar S. Namjoshi. A Simple Characterization of Stuttering Bisimulation , 1997, FSTTCS.

[242] Orna Grumberg,et al. Abstract interpretation of reactive systems , 1997, TOPL.

[243] Yves Métivier,et al. Partial Commutation and Traces , 1997, Handbook of Formal Languages.

[244] Gerard J. Holzmann,et al. Partial Order Methods in Verification , 1997 .

[245] Kathi Fisler,et al. Bisimulation Minimization in an Automata-Theoretic Verification Framework , 1998, FMCAD.

[246] Luca de Alfaro,et al. How to Specify and Verify the Long-Run Average Behavior of Probabilistic Systems , 1998, LICS.

[247] John E. Savage,et al. Models of computation - exploring the power of computing , 1998 .

[248] Christos H. Papadimitriou,et al. Elements of the Theory of Computation , 1997, SIGA.

[249] Nicolas Halbwachs,et al. Synchronous Programming of Reactive Systems , 1992, CAV.

[250] Christel Baier,et al. On the Verification of Qualitative Properties of Probabilistic Processes under Fairness Constraints , 1998, Inf. Process. Lett..

[251] Peter Liggesmeyer,et al. Qualitätssicherung Software-basierter technischer Systeme – Problembereiche und Lösungsansätze , 1998, Informatik-Spektrum.

[252] David Notkin,et al. Model checking large software specifications , 1996, SIGSOFT '96.

[253] Jan J. M. M. Rutten,et al. On the Foundations of Final Coalgebra Semantics , 1998, Mathematical Structures in Computer Science.

[254] Hasan Ural,et al. An improvement of partial‐order verification , 1998 .

[255] Christel Baier,et al. Model checking for a probabilistic branching time logic with fairness , 1998, Distributed Computing.

[256] Peter Niebert,et al. Partial Order Reductions for Bisimulation Checking , 1998, FSTTCS.

[257] Boudewijn R. Haverkort,et al. Performance of computer communication systems - a model-based approach , 1998 .

[258] Carroll Morgan,et al. pGCL: formal reasoning for random algorithms , 1998 .

[259] Parosh Aziz Abdulla,et al. A General Approach to Partial Order Reductions in Symbolic Verification (Extended Abstract) , 1998, CAV.

[260] Kimmo Varpaaniemi. On Stubborn Sets in the Verification of Linear Time Temporal Properties , 1998, ICATPN.

[261] Frank Wallner,et al. Model Checking LTL Using Net Unforldings , 1998, CAV.

[262] R. P. Kurshan,et al. Computer Aided Verification , 1998, Lecture Notes in Computer Science.

[263] Rolf Drechsler,et al. Binary Decision Diagrams - Theory and Implementation , 1998 .

[264] Prof. Dr. Christoph Meinel,et al. Algorithms and Data Structures in VLSI Design , 1998, Springer Berlin Heidelberg.

[265] Kathi Fisler,et al. Bisimulation and Model Checking , 1999, CHARME.

[266] E. Allen Emerson,et al. The Complexity of Tree Automata and Logics of Programs , 1999, SIAM J. Comput..

[267] L. D. Alfaro. The Verification of Probabilistic Systems Under Memoryless Partial-Information Policies is Hard , 1999 .

[268] Fausto Giunchiglia,et al. Improved Automata Generation for Linear Temporal Logic , 1999, CAV.

[269] Wang Yi,et al. Clock Difference Diagrams , 1998, Nord. J. Comput..

[270] Kousha Etessami,et al. Stutter-Invariant Languages, omega-Automata, and Temporal Logic , 1999, CAV.

[271] R. Ash,et al. Probability and measure theory , 1999 .

[272] Sérgio Vale Aguiar Campos,et al. ProbVerus: Probabilistic Symbolic Model Checking , 1999, ARTS.

[273] K.C.J. Wijbrans,et al. Software Engineering with Formal Methods: The Development of a Storm Surge Barrier Control System -- Seven Myths of Formal Methods Revisited , 1999 .

[274] F. Somenzi. Binary Decision Diagrams , 1999 .

[275] Luca de Alfaro,et al. Computing Minimum and Maximum Reachability Times in Probabilistic Systems , 1999, CONCUR.

[276] Jean-Michel Couvreur,et al. On-the-Fly Verification of Linear Temporal Logic , 1999, World Congress on Formal Methods.

[277] Robin Milner,et al. Communicating and mobile systems - the Pi-calculus , 1999 .

[278] Thomas A. Henzinger,et al. Event-Clock Automata: A Determinizable Class of Timed Automata , 1999, Theor. Comput. Sci..

[279] Moshe Y. Vardi. Probabilistic Linear-Time Model Checking: An Overview of the Automata-Theoretic Approach , 1999, ARTS.

[280] Wojciech Penczek,et al. A partial order approach to branching time logic model checking , 1995, Proceedings Third Israel Symposium on the Theory of Computing and Systems.

[281] Orna Kupferman,et al. Model Checking of Safety Properties , 1999, CAV.

[282] Rob Gerthy. Partial Order Reductions Preserving Simulations , 1999 .

[283] Thomas Kropf,et al. Introduction to Formal Hardware Verification , 1999, Springer Berlin Heidelberg.

[284] Stephan Merz,et al. Model Checking: A Tutorial Overview , 2000, MOVEP.

[285] Kim G. Larsen,et al. Practical verification of embedded software , 2000, Computer.

[286] Kousha Etessami,et al. Optimizing Büchi Automata , 2000, CONCUR.

[287] Christel Baier,et al. Deciding Bisimilarity and Similarity for Probabilistic Processes , 2000, J. Comput. Syst. Sci..

[288] Howard Barringer,et al. Practical CTL* model checking: Should SPIN be extended? , 2000, International Journal on Software Tools for Technology Transfer.

[289] Gerard J. Holzmann,et al. SPIN model checking: an introduction , 2000, International Journal on Software Tools for Technology Transfer.

[290] John Odentrantz,et al. Markov Chains: Gibbs Fields, Monte Carlo Simulation, and Queues , 2000, Technometrics.

[291] Klaus Havelund,et al. Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[292] Orna Grumberg,et al. Simulation Based Minimization , 2000, CADE.

[293] Joseph Sifakis,et al. An Algebraic Framework for Urgency , 2000, Inf. Comput..

[294] Stephan Merz,et al. Model Checking , 2000 .

[295] Fabio Somenzi,et al. Efficient Büchi Automata from LTL Formulae , 2000, CAV.

[296] Kousha Etessami,et al. A note on a question of Peled and Wilke regarding stutter-invariant LTL , 2000, Inf. Process. Lett..

[297] James A. Whittaker,et al. What Is Software Testing? Why Is It So Hard? Practice Tutorial , 2000, IEEE Softw..

[298] Lori A. Clarke,et al. Classifying properties: an alternative to the safety-liveness classification , 2000, SIGSOFT '00/FSE-8.

[299] Jan Friso Groote,et al. State Space Reduction Using Partial tau-Confluence , 2000, MFCS.

[300] Robert K. Brayton,et al. Model-checking continuous-time Markov chains , 2000, TOCL.

[301] Fausto Giunchiglia,et al. NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[302] Jozef Hooman,et al. Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[303] Kousha Etessami,et al. Fair Simulation Relations, Parity Games, and State Space Reduction for Büchi Automata , 2001, ICALP.

[304] Randomization Helps in LTL Model Checking , 2001, PAPM-PROBMIV.

[305] Kim Guldstrand Larsen,et al. Reachability Analysis of Probabilistic Systems , 2001 .

[306] Colin Stirling,et al. Modal and Temporal Properties of Processes , 2001, Texts in Computer Science.

[307] Prakash Panangaden,et al. Measure and probability for concurrency theorists , 2001, Theor. Comput. Sci..

[308] Philippe Schnoebelen,et al. Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[309] Matthew B. Dwyer,et al. Using the Bandera Tool Set to Model-Check Properties of Concurrent Java Software , 2001, CONCUR.

[310] Wang Yi,et al. Probabilistic Extensions of Process Algebras , 2001, Handbook of Process Algebra.

[311] Stavros Tripakis,et al. Analysis of Timed Systems Using Time-Abstracting Bisimulations , 2001, Formal Methods Syst. Des..

[312] Barry W. Boehm,et al. Software Defect Reduction Top 10 List , 2001, Computer.

[313] Rance Cleaveland,et al. Equivalence and Preorder Checking for Finite-State Systems , 2001, Handbook of Process Algebra.

[314] Michael R. Lowry,et al. Formal Analysis of a Space-Craft Controller Using SPIN , 2001, IEEE Trans. Software Eng..

[315] Moshe Y. Vardi. Branching vs. Linear Time: Final Showdown , 2001, TACAS.

[316] Robert K. Brayton,et al. Partial-Order Reduction in Symbolic State-Space Exploration , 2001, Formal Methods Syst. Des..

[317] Rance Cleaveland,et al. Simulation Revisited , 2001, TACAS.

[318] Doron A. Peled,et al. Software Reliability Methods , 2001, Texts in Computer Science.

[319] Stefan Edelkamp,et al. Directed explicit model checking with HSF-SPIN , 2001, SPIN '01.

[320] Paul Gastin,et al. Fast LTL to Büchi Automata Translation , 2001, CAV.

[321] Armin Biere,et al. Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[322] Ilan Beer,et al. On the Effective Deployment of Functional Formal Verification , 2001, Formal Methods Syst. Des..

[323] Panagiotis Manolios,et al. Safety and liveness in branching time , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[324] Andreas Podelski,et al. Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[325] Thomas Wilke,et al. State Space Reductions for Alternating Büchi Automata , 2002, FSTTCS.

[326] Helmut Veith,et al. Tree-like counterexamples in model checking , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[327] Philippe Schnoebelen,et al. Temporal logic with forgettable past , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[328] Rocco De Nicola,et al. An Equational Axiomatization of Bisimulation over Regular Expressions , 2002, J. Log. Comput..

[329] Thomas Wilke,et al. Automata Logics, and Infinite Games , 2002, Lecture Notes in Computer Science.

[330] Doron A. Peled,et al. Combining Software and Hardware Verification Techniques , 2002, Formal Methods Syst. Des..

[331] Abbas Edalat,et al. Bisimulation for Labelled Markov Processes , 2002, Inf. Comput..

[332] Dimitra Giannakopoulou,et al. From States to Transitions: Improving Translation of LTL Formulae to Büchi Automata , 2002, FORTE.

[333] Patrick Cousot,et al. On Abstraction in Software Verification , 2002, CAV.

[334] William H. Press,et al. Numerical recipes in C , 2002 .

[335] Edsger W. Dijkstra,et al. Cooperating sequential processes , 2002 .

[336] Kathi Fisler,et al. Bisimulation Minimization and Symbolic Model Checking , 2002, Formal Methods Syst. Des..

[337] Radha Jagadeesan,et al. Weak Bisimulation is Sound and Complete for PCTL* , 2002, CONCUR.

[338] Xavier Thirioux. Simple and Efficient Translation from LTL Formulas to Buchi Automata , 2002, Electron. Notes Theor. Comput. Sci..

[339] Paul Caspi,et al. Timed regular expressions , 2002, JACM.

[340] Theo C. Ruys,et al. Managing the verification trajectory , 2003, International Journal on Software Tools for Technology Transfer.

[341] Klaus Schneider,et al. Verification of Reactive Systems: Formal Methods and Algorithms , 2003 .

[342] Frits W. Vaandrager,et al. Cost-optimization of the IPv4 zeroconf protocol , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[343] Enrico Tronci,et al. Finite Horizon Analysis of Markov Chains with the Mur-phi Verifier , 2003, CHARME.

[344] Joost-Pieter Katoen,et al. Discrete-Time Rewards Model-Checked , 2003, FORMATS.

[345] William H. Sanders,et al. Optimal state-space lumping in Markov chains , 2003, Inf. Process. Lett..

[346] Patricia Bouyer,et al. Untameable Timed Automata! , 2003, STACS.

[347] Roberto Sebastiani,et al. "More Deterministic" vs. "Smaller" Büchi Automata for Efficient LTL Model Checking , 2003, CHARME.

[348] Prakash Panangaden,et al. Continuous stochastic logic characterizes bisimulation of continuous-time Markov processes , 2003, J. Log. Algebraic Methods Program..

[349] Wang Yi,et al. Timed Automata: Semantics, Algorithms and Tools , 2003, Lectures on Concurrency and Petri Nets.

[350] Panagiotis Manolios,et al. A lattice-theoretic characterization of safety and liveness , 2003, PODC '03.

[351] Holger Hermanns,et al. A tool for model-checking Markov chains , 2003, International Journal on Software Tools for Technology Transfer.

[352] Farn Wang. Efficient Verification of Timed Automata with BDD-Like Data-Structures , 2003, VMCAI.

[353] Radha Jagadeesan,et al. Approximating labelled Markov processes , 2003, Inf. Comput..

[354] Christel Baier,et al. Model-Checking Algorithms for Continuous-Time Markov Chains , 2002, IEEE Trans. Software Eng..

[355] David Anthony Parker,et al. Implementation of symbolic model checking for probabilistic systems , 2003 .

[356] Grégoire Sutre,et al. An Optimal Automata Approach to LTL Model Checking of Probabilistic Systems , 2003, LPAR.

[357] Alexander Schrijver,et al. Combinatorial optimization. Polyhedra and efficiency. , 2003 .

[358] Sasha Rubin,et al. Verifying ω-regular properties of Markov chains , 2004 .

[359] P. D’Argenio,et al. Partial order reduction on concurrent probabilistic programs , 2004, First International Conference on the Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings..

[360] Shin Nakajima,et al. The SPIN Model Checker : Primer and Reference Manual , 2004 .

[361] Kim G. Larsen,et al. A Tutorial on Uppaal , 2004, SFM.

[362] Gordon D. Plotkin,et al. A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[363] Stefan D. Bruda. Preorder Relations , 2004, Model-Based Testing of Reactive Systems.

[364] Girish Keshav Palshikar. Introduction to Model-checking , 2004 .

[365] Gordon D. Plotkin,et al. The origins of structural operational semantics , 2004, J. Log. Algebraic Methods Program..

[366] Joseph Sifakis,et al. Fairness and related properties in transition systems — a temporal logic to deal with fairness , 1983, Acta Informatica.

[367] John Rushby,et al. Formal Methods and the Certification of Critical Systems , 2004 .

[368] Christel Baier,et al. Partial order reduction for probabilistic systems , 2004, First International Conference on the Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings..

[369] Paul Gastin,et al. Minimization of Counterexamples in SPIN , 2004, SPIN.

[370] Marta Z. Kwiatkowska,et al. Probabilistic symbolic model checking with PRISM: a hybrid approach , 2004, International Journal on Software Tools for Technology Transfer.

[371] Heikki Tauriainen,et al. Nested emptiness search for generalized Buchi automata , 2004, Proceedings. Fourth International Conference on Application of Concurrency to System Design, 2004. ACSD 2004..

[372] Frits W. Vaandrager,et al. A theory of normed simulations , 2000, TOCL.

[373] Christel Baier,et al. PROBMELA: a modeling language for communicating probabilistic processes , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[374] Edsger W. Dijkstra,et al. Hierarchical ordering of sequential processes , 1971, Acta Informatica.

[375] Vaughan R. Pratt,et al. Modeling concurrency with partial orders , 1986, International Journal of Parallel Programming.

[376] Bengt Jonsson,et al. A logic for reasoning about time and reliability , 1990, Formal Aspects of Computing.

[377] Daniele Varacca,et al. Defining Fairness , 2005, CONCUR.

[378] Dragan Bosnacki,et al. Improving Spin's Partial-Order Reduction for Breadth-First Search , 2005, SPIN.

[379] Thomas A. Henzinger,et al. A classification of symbolic transition systems , 2000, TOCL.

[380] Lawrence H. Landweber,et al. Decision problems forω-automata , 1969, Mathematical systems theory.

[381] Javier Esparza,et al. A Note on On-the-Fly Verification Algorithms , 2005, TACAS.

[382] Denis Poitrenaud,et al. On-the-Fly Emptiness Checks for Generalized Büchi Automata , 2005, SPIN.

[383] Bowen Alpern,et al. Recognizing safety and liveness , 2005, Distributed Computing.

[384] Marta Kwiatkowska. Modelling and verification of probabilistic systems , 2005 .

[385] Jaco Geldenhuys,et al. More efficient on-the-fly LTL verification with Tarjan's algorithm , 2005, Theor. Comput. Sci..

[386] Christel Baier,et al. Comparative branching-time semantics for Markov chains , 2005, Inf. Comput..

[387] Joost Engelfriet,et al. Branching processes of Petri nets , 1991, Acta Informatica.

[388] Stephan Merz,et al. Truly On-The-Fly LTL Model Checking , 2005, TACAS.

[389] A. Prasad Sistla,et al. Safety, liveness and fairness in temporal logic , 1994, Formal Aspects of Computing.

[390] C. Baier,et al. Experiments with Deterministic ω-Automata for Formulas of Linear Temporal Logic , 2005 .

[391] Doron A. Peled,et al. Verification of distributed programs using representative interleaving sequences , 1992, Distributed Computing.

[392] Joost-Pieter Katoen,et al. A Markov reward model checker , 2005, Second International Conference on the Quantitative Evaluation of Systems (QEST'05).

[393] Kim G. Larsen,et al. On using priced timed automata to achieve optimal scheduling , 2006, Formal Methods Syst. Des..

[394] Philippe Schnoebelen,et al. A general approach to comparing infinite-state systems with their finite-state specifications , 2006, Theor. Comput. Sci..

[395] Dana Fisman,et al. A Practical Introduction to PSL , 2006, Series on Integrated Circuits and Systems.

[396] Christel Baier,et al. LiQuor: A tool for Qualitative and Quantitative Linear Time analysis of Reactive Systems , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[397] E. Kindler. Safety and Liveness Properties: A Survey , 2007 .

[398] Valentin Goranko,et al. Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[399] Joost-Pieter Katoen,et al. Bisimulation Minimisation Mostly Speeds Up Probabilistic Model Checking , 2007, TACAS.

[400] Myron Hlynka,et al. Queueing Networks and Markov Chains (Modeling and Performance Evaluation With Computer Science Applications) , 2007, Technometrics.

[401] Joost-Pieter Katoen,et al. Counterexamples in Probabilistic Model Checking , 2007, TACAS.

[402] Stephan Merz,et al. Modeling and verification of real-time systems : formalisms and software tools , 2008 .

[403] Joost-Pieter Katoen,et al. Design and analysis of dynamic leader election protocols in broadcast networks , 1993, Distributed Computing.

[404] Samuel D. Johnson. Branching programs and binary decision diagrams: theory and applications by Ingo Wegener society for industrial and applied mathematics, 2000 408 pages , 2010, SIGA.

[405] Theodore M. Booth. Demonstrating hazards in sequential relay circuits , 1963, SWCT.