Getting the point : obtaining and understanding fixpoints in model checking

• A submitted manuscript is the author's version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers.

[1]  Chin-Laung Lei,et al.  Efficient Model Checking in Fragments of the Propositional Mu-Calculus (Extended Abstract) , 1986, LICS.

[2]  Tom Staijen,et al.  Graph-based Specification and Verification for Aspect-Oriented Languages , 2010 .

[3]  A. Morali,et al.  IT architecture-based confidentiality risk assessment in networks of organizations , 2011 .

[4]  Radu Mateescu,et al.  Efficient Diagnostic Generation for Boolean Equation Systems , 2000, TACAS.

[5]  Robert McNaughton,et al.  Infinite Games Played on Finite Graphs , 1993, Ann. Pure Appl. Logic.

[6]  Karina R. Olmos Joffré Strategies for Context Sensitive Program Transformation , 2009 .

[7]  Kamal Gupta,et al.  Towards a Combination of Heterogeneous Deductive Tools for System Verification , 2005 .

[8]  Jeroen Keiren,et al.  Improved Static Analysis of Parameterised Boolean Equation Systems using Control Flow Reconstruction , 2013, ArXiv.

[9]  Mohammed G. Khatib MEMS-Based Storage Devices : Integration in Energy-Constrained Mobile Systems , 2009 .

[10]  Maria Spichkova,et al.  FlexRay und FTCom: Formale Spezifikation in Focus , 2006 .

[11]  Jeroen Keiren,et al.  Bisimulation Minimisations for Boolean Equation Systems , 2009, Haifa Verification Conference.

[12]  van der,et al.  Domain specific languages and their type systems , 2014 .

[13]  Michel A. Reniers,et al.  Structural Analysis of Boolean Equation Systems , 2010, TOCL.

[14]  Uri Zwick,et al.  A deterministic subexponential algorithm for solving parity games , 2006, SODA '06.

[15]  Marcin Jurdziński,et al.  Deciding the Winner in Parity Games is in UP \cap co-Up , 1998, Inf. Process. Lett..

[16]  Adrianus Johannus Paulus Jeckmans Cryptographically-Enhanced Privacy for Recommender Systems , 2014 .

[17]  Lacramioara Astefanoaei,et al.  An executable theory of multi-agent systems refinement , 2011 .

[18]  van Mpwj Michiel Osch Automated model-based testing of hybrid systems , 2009 .

[19]  Tim K. Cocx,et al.  Algorithmic tools for data-oriented law enforcement , 2009 .

[20]  Sartaj Sahni,et al.  Computationally Related Problems , 1974, SIAM J. Comput..

[21]  Rance Cleaveland,et al.  Fast Generic Model-Checking for Data-Based Systems , 2005, FORTE.

[22]  N Neda Noroozi,et al.  Improving input-output conformance testing theories , 2014 .

[23]  Oliver Friedmann,et al.  A Solver for Modal Fixpoint Logics , 2010, Electron. Notes Theor. Comput. Sci..

[24]  Jan Friso Groote,et al.  Verification of Temporal Properties of Processes in a Setting with Data , 1998, AMAST.

[25]  Sonja Georgievska,et al.  Probability and hiding in concurrent processes , 2011 .

[26]  Hossein Rahmani,et al.  Analysis of protein-protein interaction networks by means of annotated graph mining algorithms , 2012 .

[27]  Thomas Bäck,et al.  Mixed-integer evolution strategies for parameter optimization and their applications to medical image analysis , 2005 .

[28]  D. Costa Formal models for component connectors , 2010 .

[29]  Tim A. C. Willemse,et al.  Consistent Consequence for Boolean Equation Systems , 2012, SOFSEM.

[30]  W. Kuijper Compositional Synthesis of Safety Controllers , 2012 .

[31]  T. V. Bui,et al.  A software architecture for body area sensor networks : flexibility and trustworthiness , 2015 .

[32]  Wieslaw Zielonka,et al.  Infinite Games on Finitely Coloured Graphs with Applications to Automata on Infinite Trees , 1998, Theor. Comput. Sci..

[33]  Pim Vullers,et al.  Efficient implementations of attribute-based credentials on smart cards , 2014 .

[34]  Christel Baier,et al.  Principles of model checking , 2008 .

[35]  Jan Friso Groote,et al.  Parameterised boolean equation systems , 2005, Theor. Comput. Sci..

[36]  Igor Walukiewicz,et al.  Games for synthesis of controllers with partial observation , 2003, Theor. Comput. Sci..

[37]  Jan Obdrzálek,et al.  Clique-Width and Parity Games , 2007, CSL.

[38]  K. Tsirogiannis,et al.  Analysis of flow and visibility on triangulated terrains , 2011 .

[39]  Fides Aarts,et al.  Tomte : bridging the gap between active learning and real-world systems , 2014 .

[40]  Erich Grädel Model Checking Games , 2002, Electron. Notes Theor. Comput. Sci..

[41]  Simona Orzan,et al.  Invariants for Parameterised Boolean Equation Systems , 2008, Theor. Comput. Sci..

[42]  Sjoerd Cranen,et al.  Stuttering Mostly Speeds Up Solving Parity Games , 2011, NASA Formal Methods.

[43]  David Janin,et al.  A contribution to formal methods : games, logic and automata. (Contribution aux fondements des méthodes formelles : jeux, logique et automates) , 2005 .

[44]  M. J. de Mol,et al.  Reasoning about functional programs : Sparkle, a proof assistant for Clean , 2009 .

[45]  van Mj Muck Weerdenburg,et al.  Efficient rewriting techniques , 2009 .

[46]  Rjm Rolf Theunissen Supervisory control in health care systems , 2015 .

[47]  Jan Friso Groote,et al.  Model-checking processes with data , 2005, Sci. Comput. Program..

[48]  Sebastiaan Gijsbert Marinus Cornelissen,et al.  Evaluating Dynamic Analysis Techniques for Program Comprehension , 2009 .

[49]  Bo Zhang Specifying and Verifying Timing Properties of a Time-triggered Protocol for In-vehicle Communication , 2008, 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing.

[50]  L. Lensink,et al.  Applying formal methods in software development , 2013 .

[51]  H. Hansen Coalgebraic Modelling : Applications in Automata theory and Modal logic , 2009 .

[52]  José Proença,et al.  Synchronous Coordination of Distributed Components , 2011 .

[53]  D. E. Nadales Agut,et al.  A Compositional Interchange Format for Hybrid Systems: Design and Implementation , 2012 .

[54]  Sjoerd Cranen,et al.  A Cure for Stuttering Parity Games , 2012, ICTAC.

[55]  Marijn Paul Schraagen,et al.  Aspects of record linkage , 2014 .

[56]  Manfred Broy,et al.  On the correctness of upper layers of automotive systems , 2008, Formal Aspects of Computing.

[57]  Rocco De Nicola,et al.  Action versus State based Logics for Transition Systems , 1990, Semantics of Systems of Concurrent Processes.

[58]  de A. Bruin,et al.  Service-oriented discovery of knowledge : foundations, implementations and applications , 2010 .

[59]  Rob J. van Glabbeek,et al.  Branching time and abstraction in bisimulation semantics , 1996, JACM.

[60]  Christian Kissig,et al.  Complementation of Coalgebra Automata , 2009, CALCO.

[61]  Mjm Marcel Roeloffzen Kinetic data structures in the black-box model , 2013 .

[62]  Damiano Bolzoni,et al.  Revisiting Anomaly-based Network Intrusion Detection Systems , 2009 .

[63]  Bas Basten,et al.  Ambiguity Detection for Programming Language Grammars , 2011 .

[64]  B. Lijnse,et al.  TOP to the rescue. Task-oriented programming for incident response applications , 2005 .

[65]  Young-Joo Moon,et al.  Stochastic models for quality of service of component connectors , 2011 .

[66]  Arthur I. Baars,et al.  Embedded Compilers , 2009 .

[67]  Adriaan Middelkoop,et al.  Inference of Program Properties with Attribute Grammars, Revisited , 2012 .

[68]  Orna Kupferman,et al.  On the Complexity of Parity Word Automata , 2001, FoSSaCS.

[69]  Jan Friso Groote,et al.  Modeling and Analysis of Communicating Systems , 2014 .

[70]  Mark Timmer,et al.  Efficient modelling, generation and analysis of Markov automata , 2013 .

[71]  Bn Bogdan Vasilescu Social aspects of collaboration in online software communities , 2014 .

[72]  Nancy A. Lynch,et al.  A new fault-tolerant algorithm for clock synchronization , 1984, PODC '84.

[73]  Jan Friso Groote,et al.  An Efficient Algorithm for Branching Bisimulation and Stuttering Equivalence , 1990, ICALP.

[74]  Jja Jeroen Keiren,et al.  Advanced reduction techniques for model checking , 2013 .

[75]  Anuj Dawar,et al.  The Descriptive Complexity of Parity Games , 2008, CSL.

[76]  Anja Guzzi,et al.  Supporting Developers' Teamwork from within the IDE , 2015 .

[77]  Werner Heijstek,et al.  Architecture design in global and model-centric software development , 2012 .

[78]  Joost Winter,et al.  Coalgebraic Characterizations of Automata-Theoretic Classes , 2014 .

[79]  Jeroen Keiren,et al.  Liveness Analysis for Parameterised Boolean Equation Systems , 2014, ATVA.

[80]  Jan Friso Groote,et al.  A Sub-quadratic Algorithm for Conjunctive and Disjunctive Boolean Equation Systems , 2005, ICTAC.

[81]  Twan Basten,et al.  Branching Bisimilarity is an Equivalence Indeed! , 1996, Inf. Process. Lett..

[82]  Carsten Fritz,et al.  Simulation-based simplification of omega-automata , 2013 .

[83]  Rance Cleaveland,et al.  Generic tools for verifying concurrent systems , 2002, Sci. Comput. Program..

[84]  Rob J. van Glabbeek,et al.  The Linear Time - Branching Time Spectrum II , 1993, CONCUR.

[85]  Radu Mateescu,et al.  Vérification des propriétés temporelles des programmes parallèles , 1998 .

[86]  Cor-Paul Bezemer,et al.  Performance Optimization of Multi-Tenant Software Systems , 2014 .

[87]  Ronald Middelkoop,et al.  Capturing and exploiting abstract views of states in OO verification , 2011 .

[88]  Dina Hadžiosmanović,et al.  The process matters: cyber security in industrial control systems , 2014 .

[89]  Colin Stirling,et al.  Modal Mu-Calculi , 2001 .

[90]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[91]  M. S. Greiler,et al.  Test Suite Comprehension for Modular and Dynamic Systems , 2013 .

[92]  Valentin Goranko,et al.  Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[93]  G. Kant,et al.  Practical Improvements to Parity Game Solving , 2013 .

[94]  Gergely Alpár,et al.  Attribute-based identity management : [bridging the cryptographic design of ABCs with the real world] , 2015 .

[95]  A. J. van der Ploeg,et al.  Efficient abstractions for visualization and interaction , 2015 .

[96]  J. van den Bos,et al.  Gathering evidence: Model-driven software engineering in automated digital forensics , 2014 .

[97]  B. J. Arnoldus,et al.  An illumination of the template enigma : software code generation with templates , 2011 .

[98]  David Park,et al.  Concurrency and Automata on Infinite Sequences , 1981, Theoretical Computer Science.

[99]  Mads Dam,et al.  CTL* and ECTL* as Fragments of the Modal µ-Calculus , 1992, CAAP.

[100]  Li Tan,et al.  Evidence-based verification , 2002 .

[101]  Oliver Friedmann,et al.  Solving Parity Games in Practice , 2009, ATVA.

[102]  Manfred Broy,et al.  Specification and development of interactive systems: focus on streams, interfaces, and refinement , 2001 .

[103]  Minh Tri Ngo,et al.  Qualitative and Quantitative Information Flow Analysis for Multi-threaded Programs , 2014 .

[104]  Fpm Frank Stappers Bridging formal models : an engineering perspective , 2012 .

[105]  van Mf Marcel Amstel,et al.  Assessing and improving the quality of model transformations , 2012 .

[106]  Bo Zhang On the Formal Verification of the FlexRay Communication Protocol , 2006 .

[107]  Tim A. C. Willemse,et al.  Instantiation for Parameterised Boolean Equation Systems , 2008, ICTAC.

[108]  Sjoerd Cranen Model Checking the FlexRay Startup Phase , 2012, FMICS.

[109]  Marcin Czenko,et al.  TuLiP : reshaping trust management , 2009 .

[110]  Somayeh Malakuti Khah Olun Abadi Event composition model: achieving naturalness in runtime enforcement , 2011 .

[111]  Farhad Arbab,et al.  Model Checking of Component Connectors , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[112]  Jos C. M. Baeten,et al.  A brief history of process algebra , 2005, Theor. Comput. Sci..

[113]  Yiannis N. Moschovakis,et al.  Elementary induction on abstract structures , 1974 .

[114]  Gerhard de Koning Gans,et al.  Outsmarting smart cards , 2013 .

[115]  Jaco van de Pol,et al.  Generating and Solving Symbolic Parity Games , 2014, GRAPHITE.

[116]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[117]  Maria Spichkova,et al.  Towards Modularized Verification of Distributed Time-Triggered Systems , 2006, FM.

[118]  E. Emerson,et al.  Tree Automata, Mu-Calculus and Determinacy (Extended Abstract) , 1991, FOCS 1991.

[119]  Maria Spichkova UPCOMING AUTOMOTIVE STANDARDS FOR FAULT-TOLERANT COMMUNICATION: FLEXRAY AND OSEKTIME FTCOM. , 2006 .

[120]  A. Arnold,et al.  Rudiments of μ-calculus , 2001 .

[121]  Oliver Friedmann,et al.  Guarded Transformation for the Modal mu-Calculus , 2013, ArXiv.

[122]  A. Rodriguez Yakushev,et al.  Towards Getting Generic Programming Ready for Prime Time , 2009 .

[123]  Alfons Laarman,et al.  Scalable multi-core model checking , 2014 .

[124]  Hugo Jonker,et al.  Security matters : privacy in voting and fairness in digital exchange , 2009 .

[125]  Oscar H. Ibarra,et al.  On spiking neural P systems , 2006, Natural Computing.

[126]  Marcin Jurdzinski,et al.  Small Progress Measures for Solving Parity Games , 2000, STACS.

[127]  Erik P. de Vink,et al.  An Overview of the mCRL2 Toolset and Its Recent Advances , 2013, TACAS.

[128]  Jan Friso Groote,et al.  Parameterised Boolean Equation Systems (Extended Abstract) , 2004, CONCUR.

[129]  Henri Korver,et al.  Computing Distinguishing Formulas for Branching Bisimulation , 1991, CAV.

[130]  Seyyed Hamed Hashemi,et al.  Studies on verification of wireless sensor networks and abstraction learning for system inference , 2008 .

[131]  Jaco van de Pol,et al.  Equivalence Checking for Infinite Systems Using Parameterized Boolean Equation Systems , 2007, CONCUR.

[132]  A. W. Roscoe,et al.  FDR3 - A Modern Refinement Checker for CSP , 2014, TACAS.

[133]  J. K. Berendsen,et al.  Abstraction, prices and probability in model checking timed automata , 2010 .

[134]  Marcin Jurdzinski,et al.  A Discrete Strategy Improvement Algorithm for Solving Parity Games , 2000, CAV.

[135]  David Janin,et al.  Automata, tableaus and a reduction theorem for fixpoint calculi in arbitrary complete lattices , 1997, Proceedings of Twelfth Annual IEEE Symposium on Logic in Computer Science.

[136]  Kab Kevin Verbeek Algorithms for cartographic visualization , 2012 .

[137]  Christian Krause,et al.  Reconfigurable Component Connectors , 2011 .

[138]  Kedar S. Namjoshi A Simple Characterization of Stuttering Bisimulation , 1997, FSTTCS.

[139]  Aah Ammar Osaiweran Formal development of control software in the medical systems domain , 2012 .

[140]  Jaco van de Pol,et al.  A Multi-Core Solver for Parity Games , 2008, Electron. Notes Theor. Comput. Sci..

[141]  Scw Bas Ploeger,et al.  Improved verification methods for concurrent systems , 2009 .

[142]  Hasan Sözer,et al.  Architecting Fault-Tolerant Software Systems , 2009 .

[143]  M. D. Berg,et al.  Optimal Geometric Data Structures , 2007 .

[144]  Michiel Helvensteijn,et al.  Abstract delta modeling : software product lines and beyond , 2014 .

[145]  Henrik Reif Andersen Model Checking and Boolean Graphs , 1992, ESOP.

[146]  Rance Cleaveland,et al.  Evidence-Based Model Checking , 2002, CAV.

[147]  Wouter Meulemans,et al.  Similarity measures and algorithms for cartographic schematization , 2014 .

[148]  Damián Barsotti,et al.  Verification of clock synchronization algorithms: experiments on a combination of deductive tools , 2007, Formal Aspects of Computing.

[149]  C. J. Boogerd,et al.  Focusing Automatic Code Inspections , 2010 .

[150]  Tim A. C. Willemse,et al.  Zielonka's Recursive Algorithm: dull, weak and solitaire games and tighter bounds , 2013, GandALF.

[151]  Edmund M. Clarke,et al.  The Birth of Model Checking , 2008, 25 Years of Model Checking.

[152]  J. Kwisthout,et al.  The Computational Complexity of Probabilistic Networks , 2009 .

[153]  Lionel Mamane,et al.  Interactive mathematical documents: creation and presentation , 2004 .

[154]  Stephan Merz,et al.  Model Checking , 2000 .

[155]  Z Zvezdan Protic,et al.  Configuration management for models : generic methods for model comparison and model co-evolution , 2011 .

[156]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[157]  Huimin Lin,et al.  Symbolic Transition Graph with Assignment , 1996, CONCUR.

[158]  Miguel E. Andrés,et al.  Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems , 2011, ArXiv.

[159]  Petru Eles,et al.  Timing analysis of the FlexRay communication protocol , 2006, 18th Euromicro Conference on Real-Time Systems (ECRTS'06).

[160]  Wolfgang Thomas Computation tree logic and regular omega-languages , 1988, REX Workshop.

[161]  Trajce Dimkov,et al.  Alignment of organizational security policies: Theory and Practice , 2012 .

[162]  M Muhammad Atif,et al.  Formal modeling and verification of distributed failure detectors , 2011 .

[163]  Georgeta Igna,et al.  Performance analysis of real-time task systems using timed automata , 2013 .

[164]  van den,et al.  Composition and synchronization of real-time components upon one processor , 2013 .

[165]  van Pja Paul Tilburg From computability to executability : a process-theoretic view on automata theory , 2011 .

[166]  Robin Milner,et al.  A Calculus of Communicating Systems , 1980, Lecture Notes in Computer Science.

[167]  Rance Cleaveland,et al.  On Automatically Explaining Bisimulation Inequivalence , 1990, CAV.

[168]  Angelika Mader,et al.  Verification of modal properties using Boolean equation systems , 1997 .

[169]  Thomas Wilke,et al.  Simulation Relations for Alternating Parity Automata and Parity Games , 2006, Developments in Language Theory.

[170]  J. van den Berg,et al.  Reasoning about Java programs in PVS using JML , 2009 .

[171]  Frank W. Takes Algorithms for analyzing and mining real-world graphs , 2014 .

[172]  John Businge,et al.  Co-evolution of the Eclipse SDK Framework and Its Third-Party Plug-Ins , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[173]  Emmanuele Zambon,et al.  Towards optimal IT availability planning: methods and tools , 2011 .

[174]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[175]  Eduardo Zambon,et al.  Abstract Graph Transformation - Theory and Practice , 2013 .

[176]  Sjoerd Cranen,et al.  Abstraction in Fixpoint Logic , 2015, ACM Trans. Comput. Log..

[177]  Sven Schewe Solving Parity Games in Big Steps , 2007, FSTTCS.

[178]  Saeed Sedghi,et al.  Towards Provably Secure Efficiently Searchable Encryption , 2012 .

[179]  Yanjing Wang,et al.  Epistemic Modelling and Protocol Dynamics , 2010 .

[180]  Dhp Dirk Gerrits Pushing and pulling : computing push plans for disk-shaped robots, and dynamic labelings for moving points , 2013 .

[181]  Helmut Veith,et al.  Tree-like counterexamples in model checking , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[182]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[183]  Michael Huth,et al.  Logic in computer science - modelling and reasoning about systems , 2000 .

[184]  Bart Vermeulen,et al.  Startup error detection and containment to improve the robustness of hybrid FlexRay networks , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[185]  Radu Mateescu,et al.  CADP 2010: A Toolbox for the Construction and Analysis of Distributed Processes , 2011, TACAS.

[186]  Jiří Novák,et al.  VERIFICATION OF FLEXRAY START-UP MECHANISM BY TIMED AUTOMATA , 2010 .

[187]  Leonid Libkin,et al.  Elements of Finite Model Theory , 2004, Texts in Theoretical Computer Science.

[188]  Rocco De Nicola,et al.  Three logics for branching bisimulation , 1995, JACM.

[189]  Perdita Stevens,et al.  Practical Model-Checking Using Games , 1998, TACAS.

[190]  Tingting Han,et al.  Diagnosis, Synthesis and Analysis of Probabilistic Models , 2009, Ausgezeichnete Informatikdissertationen.

[191]  Stephan Kreutzer,et al.  DAG-Width and Parity Games , 2006, STACS.

[192]  Elisa Costante,et al.  Privacy throughout the data cycle , 2015 .

[193]  Rob van Glabbeek,et al.  Handbook of Process Algebra , 2001 .

[194]  R.S.S. O'Connor,et al.  Incompleteness & completeness : formalizing logic and analysis in type theory , 2005 .

[195]  Marcel Verhoef,et al.  Modeling and validating distributed embedded real-time control systems , 2009 .

[196]  Hendrik Michaël van der Bijl,et al.  On changing models in model-based testing , 2011 .

[197]  Simona Orzan,et al.  Static Analysis Techniques for Parameterised Boolean Equation Systems , 2009, TACAS.

[198]  Robert E. Tarjan,et al.  Three Partition Refinement Algorithms , 1987, SIAM J. Comput..

[199]  Ljp Luc Engelen From napkin sketches to reliable software , 2012 .

[200]  Mari Antonius Cornelis Dekker,et al.  Flexible Access Control for Dynamic Collaborative Environments , 2009 .

[201]  Mohammad Mahdi Jaghoori,et al.  Time At Your Service: Schedulability Analysis of Real-Time and Distributed Services , 2010 .

[202]  E. Allen Emerson,et al.  Model Checking and the Mu-calculus , 1996, Descriptive Complexity and Finite Models.

[203]  Edmund M. Clarke,et al.  Characterizing Finite Kripke Structures in Propositional Temporal Logic , 1988, Theor. Comput. Sci..

[204]  Maria Spichkova FlexRay: Verifikation of the FOCUS Specification in Isabelle/HOL. A Case Study , 2006 .

[205]  Jan Friso Groote,et al.  A linear translation from CTL* to the first-order modal μ -calculus , 2011, Theor. Comput. Sci..

[206]  R. Bakhshi Gossiping Models : Formal Analysis of Epidemic Protocols , 2011 .

[207]  Tim K. Cocx,et al.  Metrics and visualisation for crime analysis and genomics , 2005 .

[208]  Bas Luttik,et al.  Proof Graphs for Parameterised Boolean Equation Systems , 2013, CONCUR.

[209]  Martin R. Neuhäußer,et al.  Model checking nondeterministic and randomly timed systems , 2010 .