The Model Checker SPIN

SPIN is an efficient verification system for models of distributed software systems. It has been used to detect design errors in applications ranging from high-level descriptions of distributed algorithms to detailed code for controlling telephone exchanges. The paper gives an overview of the design and structure of the verifier, reviews its theoretical foundation, and gives an overview of significant practical applications.

[1]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[2]  Yaacov Choueka,et al.  Theories of Automata on omega-Tapes: A Simplified Approach , 1974, J. Comput. Syst. Sci..

[3]  C. H. West,et al.  General technique for communications protocol validation , 1978 .

[4]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[5]  Andrew S. Tanenbaum,et al.  Computer Networks, Second Edition , 1981 .

[6]  Danny Dolev,et al.  An O(n log n) Unidirectional Distributed Algorithm for Extrema Finding in a Circle , 1982, J. Algorithms.

[7]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[8]  A. J. Herbert The Cambridge Distributed Computing System , 1983, Advanced Course: Local Area Networks.

[9]  G. J. Holzmann,et al.  Tracing protocols , 1985, AT&T Technical Journal.

[10]  Pierre Wolper,et al.  Expressing interesting properties of programs in propositional temporal logic , 1986, POPL '86.

[11]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[12]  Gerard J. Holzmann,et al.  Automated Protocol Validation in Argos: Assertion Proving and Scatter Searching , 1987, IEEE Transactions on Software Engineering.

[13]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[14]  Gerard J. Holzmann,et al.  An improved protocol reachability analysis technique , 1988, Softw. Pract. Exp..

[15]  Michel Raynal,et al.  Distributed algorithms and protocols , 1988 .

[16]  Wolfgang Thomas,et al.  Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[17]  Carl A. Gunter,et al.  In handbook of theoretical computer science , 1990 .

[18]  Gerard J. Holzmann Algorithms for automated protocol verification , 1990, AT&T Technical Journal.

[19]  Lawrence M. Ruane Process Synchronization in the UTS Kernel , 1990, Comput. Syst..

[20]  Gerard J. Holzmann,et al.  Process Sleep and Wakeup on a Shared-memory Multiprocessor , 1991 .

[21]  John A. Chaves,et al.  Formal Methods at AT&T - An Industrial Usage Report , 1991, FORTE.

[22]  E. Clarke,et al.  Symbolic Model Checking : IO * ’ States and Beyond * , 1992 .

[23]  Gerard J. Holzmann,et al.  Protocol design: redefining the state of the art , 1992, IEEE Software.

[24]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[25]  Alfred C. Weaver,et al.  Xtp: The Xpress Transfer Protocol , 1992 .

[26]  Gerard J. Holzmann,et al.  Coverage Preserving Reduction Strategies for Reachability Analysis , 1992, PSTV.

[27]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[28]  John O'Leary,et al.  Codesign of communication protocols , 1993, Computer.

[29]  Gerard J. Holzmann,et al.  Design and Validation of Protocols: A Tutorial , 1993, Comput. Networks ISDN Syst..

[30]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[31]  Thierry Cattel,et al.  Modelization and verification of a multiprocessor realtime OS kernel , 1994, FORTE.

[32]  Gerard J. Holzmann,et al.  An improvement in formal verification , 1994, FORTE.

[33]  Gerard J. Holzmann,et al.  The Theory and Practice of A Formal Method: NewCoRe , 1994, IFIP Congress.

[34]  Gerard J. Holzmann,et al.  An analysis of bistate hashing , 1995, Protocol Specification, Testing and Verification.

[35]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[36]  Ganesh Gopalakrishnan,et al.  Explicit-enumeration based verification made memory-efficient , 1995, Proceedings of ASP-DAC'95/CHDL'95/VLSI'95 with EDA Technofair.

[37]  Mark G. Staskauskas Tales from the Front: Industrial Experience with Formal Validation , 1995 .

[38]  A. Joesang Security Protocol Verification Using SPIN , 1995 .

[39]  Patrice Godefroid,et al.  Model Checking in Practice: An Analysis of the ACCESS.bus Protocol using SPIN , 1996, FME.

[40]  Arne Skou,et al.  Modelling and analysis of a collision avoidance protocol using Spin and Uppaal , 1996, The Spin Verification System.

[41]  Doron A. Peled,et al.  Formal Verification of a Partial-Order Reduction Technique for Model Checking , 1996, TACAS.

[42]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[43]  P. H. J. van Eijk Verifying Relay Circuits using State Machines , 1996 .

[44]  J.-C. Gregoire State space compression in Spin with GETSs , 1996 .

[45]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[46]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[47]  Orna Grumberg,et al.  Verification of Temporal Properties , 1993, J. Log. Comput..

[48]  Patrice Godefroid,et al.  Symbolic Protocol Verification with Queue BDDs , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[49]  Anjali Agarwal,et al.  A unified approach to fault-tolerance in communication protocols based on recovery procedures , 1996, TNET.

[50]  James C. Corbett,et al.  Evaluating Deadlock Detection Methods for Concurrent Software , 1996, IEEE Trans. Software Eng..

[51]  Elie Najm,et al.  Reactive EFSMs - Reactive Promela/RSPIN , 1996, TACAS.

[52]  Mihalis Yannakakis,et al.  On nested depth first search , 1996, The Spin Verification System.

[53]  J. Huisman The Netherlands , 1996, The Lancet.

[54]  Stavros Tripakis,et al.  Extending Promela and Spin for Real Time , 1996, TACAS.

[55]  Pim Kars The application of Promela and Spin in the BOS project , 1996, The Spin Verification System.

[56]  P. R. d' Argenio,et al.  Modelling and Verifying a Bounded Retransmission Protocol , 1996, FME 1996.

[57]  Thierry Cattel Using concurrency and formal methods for the design of safe process control , 1996, Software Engineering for Parallel and Distributed Systems.

[58]  Ian Gorton,et al.  Formal Validation of a High Performance Error Control Protocol Using SPIN , 1996, Softw. Pract. Exp..

[59]  Jay Lepreau,et al.  Formal methods: a practical tool for OS implementors , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[60]  Gerard J. Holzmann,et al.  Designing bug-free protocols with SPIN , 1997, Comput. Commun..

[61]  Tadashi Nakatani,et al.  Verification of Group Address Registration Protocol using PROMELA and SPIN , 1997 .

[62]  Anindya Basu,et al.  A Language-Based Approach to Protocol Construction , 1998 .

[63]  Michael J. Ferguson Formalization and Validation of the Radio Link Protocol (RLP1) , 1997, Comput. Networks ISDN Syst..

[64]  Doron A. Peled On Projective and Separable Properties , 1997, Theor. Comput. Sci..

[65]  Constance L. Heitmeyer,et al.  Verifying SCR Requirements Specifications Using State Exploration , 1997 .

[66]  A. Serhrouchni,et al.  Protocol Design : From Specification to Implementation , 1998 .

[67]  Fausto Giunchiglia,et al.  Model Checking Safety Critical Software with SPIN: An Application to a Railway Interlocking System , 1998, SAFECOMP.