The role of model checking in software engineering

Model checking is a formal verification technique. It takes an exhaustively strategy to check hardware circuits and network protocols against desired properties. Having been developed for more than three decades, model checking is now playing an important role in software engineering for verifying rather complicated software artifacts.This paper surveys the role of model checking in software engineering. In particular, we searched for the related literatures published at reputed conferences, symposiums, workshops, and journals, and took a survey of (1) various model checking techniques that can be adapted to software development and their implementations, and (2) the use of model checking at different stages of a software development life cycle. We observed that model checking is useful for software debugging, constraint solving, and malware detection, and it can help verify different types of software systems, such as object- and aspect-oriented systems, service-oriented applications, web-based applications, and GUI applications including safety- and mission-critical systems.The survey is expected to help human engineers understand the role of model checking in software engineering, and as well decide which model checking technique(s) and/or tool(s) are applicable for developing, analyzing and verifying a practical software system. For researchers, the survey also points out how model checking has been adapted to their research topics on software engineering and its challenges.

[1]  Salvatore La Torre,et al.  Lazy-CSeq: A Context-Bounded Model Checking Tool for Multi-threaded C-Programs , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[2]  Yvon Savaria,et al.  Early Analysis of Soft Error Effects for Aerospace Applications Using Probabilistic Model Checking , 2013, FTSCS.

[3]  Rik Eshuis,et al.  Symbolic model checking of UML activity diagrams , 2006, TSEM.

[4]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[5]  David S. Rosenblum,et al.  Asymptotic Perturbation Bounds for Probabilistic Model Checking with Empirically Determined Probability Parameters , 2016 .

[6]  Tayssir Touili,et al.  PoMMaDe: pushdown model-checking for malware detection , 2013, ESEC/FSE 2013.

[7]  Bernhard Steffen,et al.  Data Flow Analysis as Model Checking , 1990, TACS.

[8]  Beverly A. Sanders,et al.  JRF-E: using model checking to give advice on eliminating memory model-related bugs , 2010, Automated Software Engineering.

[9]  Zhendong Su,et al.  Combining Symbolic Execution and Model Checking for Data Flow Testing , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[10]  Chao Wang,et al.  Efficient state space exploration: Interleaving stateless and state-based model checking , 2010, 2010 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[11]  Cyrille Artho,et al.  Modular Software Model Checking for Distributed Systems , 2014, IEEE Transactions on Software Engineering.

[12]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[13]  Baruch Sterin,et al.  Symbolic Model Checking of Product-Line Requirements Using SAT-Based Methods , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[14]  Lubos Brim,et al.  Cluster-Based I/O-Efficient LTL Model Checking , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[15]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[16]  María-del-Mar Gallardo,et al.  Using Model Checking to Generate Test Cases for Android Applications , 2015, MBT.

[17]  Jens Palsberg,et al.  A type system equivalent to a model checker , 2008, TOPL.

[18]  Gerard J. Holzmann,et al.  From code to models , 2001, Proceedings Second International Conference on Application of Concurrency to System Design.

[19]  David A. Schmidt,et al.  Program Analysis as Model Checking of Abstract Interpretations , 1998, SAS.

[20]  Karsten Loer,et al.  Towards usable and relevant model checking techniques for the analysis of dependable interactive systems , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[21]  George Candea,et al.  Cloud9: a software testing service , 2010, OPSR.

[22]  Nancy A. Day,et al.  Using model checking to analyze static properties of declarative models , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[23]  Zhen Zhang,et al.  Compositional Model Checking of Concurrent Systems , 2015, IEEE Transactions on Computers.

[24]  Cyrille Artho,et al.  Cache-Based Model Checking of Networked Applications: From Linear to Branching Time , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[25]  Igor Santos,et al.  A Survey on Static Analysis and Model Checking , 2014, SOCO-CISIS-ICEUTE.

[26]  Matteo Pradella,et al.  Refining Real-Time System Specifications through Bounded Model- and Satisfiability-Checking , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[27]  Tevfik Bultan,et al.  Eliminating navigation errors in web applications via model checking and runtime enforcement of navigation state machines , 2010, ASE '10.

[28]  Pierre-Yves Schobbens,et al.  Simulation-based abstractions for software product-line model checking , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[29]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[30]  Carlo Ghezzi,et al.  Adaptive REST applications via model inference and probabilistic model checking , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[31]  Alex Groce,et al.  Model checking Java programs using structural heuristics , 2002, ISSTA '02.

[32]  Enrico Vicario,et al.  Probabilistic Model Checking of Regenerative Concurrent Systems , 2016, IEEE Transactions on Software Engineering.

[33]  Fabiana Gomes Marinho A proposal for consistency checking in dynamic software product line models using OCL , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[34]  Cyrille Artho,et al.  Software model checking for distributed systems with selector-based, non-blocking communication , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[35]  Sofia Cassel,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 2012 .

[36]  Jitka Crhová Distributed modular model checking , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[37]  George S. Avrunin,et al.  Using model checking with symbolic execution to verify parallel numerical programs , 2006, ISSTA '06.

[38]  Richard F. Paige,et al.  Metamodel-based model conformance and multiview consistency checking , 2007, TSEM.

[39]  Xiang Fu,et al.  Model checking XML manipulating software , 2004, ISSTA '04.

[40]  Jun Sun,et al.  USMMC: a self-contained model checker for UML state machines , 2013, ESEC/FSE 2013.

[41]  Fokion Zervoudakis,et al.  Cascading verification: an integrated method for domain-specific model checking , 2013, ESEC/FSE 2013.

[42]  Alan Huang Maximally Stateless Model Checking for Concurrent Bugs under Relaxed Memory Models , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[43]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[44]  Moonzoo Kim,et al.  Hybrid Statistical Model Checking Technique for Reliable Safety Critical Systems , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[45]  Yu Yang,et al.  Parallel and distributed model checking in Eddy , 2006, International Journal on Software Tools for Technology Transfer.

[46]  Jun Sun,et al.  Analyzing multi-agent systems with probabilistic model checking approach , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[47]  Sami Evangelista,et al.  Dynamic Delayed Duplicate Detection for External Memory Model Checking , 2008, SPIN.

[48]  Denis Lugiez,et al.  Dynamic Bounds and Transition Merging for Local First Search , 2002, SPIN.

[49]  Eric Mercer,et al.  A context-sensitive structural heuristic for guided search model checking , 2005, ASE '05.

[50]  Samik Basu,et al.  Model checking the Java metalocking algorithm , 2007, TSEM.

[51]  Hasan Amjad Verification of AMBA Using a Combination of Model Checking and Theorem Proving , 2006, Electron. Notes Theor. Comput. Sci..

[52]  Dalal Alrajeh,et al.  Elaborating Requirements Using Model Checking and Inductive Learning , 2013, IEEE Transactions on Software Engineering.

[53]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[54]  Jürgen Dingel,et al.  Experience applying the SPIN model checker to an industrial telecommunications system , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[55]  Zhenhua Duan,et al.  Making CEGAR More Efficient in Software Model Checking , 2014, IEEE Transactions on Software Engineering.

[56]  Jaco Geldenhuys,et al.  State Caching Reconsidered , 2004, SPIN.

[57]  Joost-Pieter Katoen,et al.  Counterexample Generation in Probabilistic Model Checking , 2009, IEEE Transactions on Software Engineering.

[58]  Andrew Hinton,et al.  PRISM: A Tool for Automatic Verification of Probabilistic Systems , 2006, TACAS.

[59]  Roberto Giacobazzi,et al.  Incompleteness, Counterexamples, and Refinements in Abstract Model-Checking , 2001, SAS.

[60]  Theo C. Ruys,et al.  Incremental Hashing for Spin , 2008, SPIN.

[61]  Malte Helmert,et al.  The Causal Graph Revisited for Directed Model Checking , 2009, SAS.

[62]  Arnd Hartmanns,et al.  Sound statistical model checking for MDP using partial order and confluence reduction , 2014, International Journal on Software Tools for Technology Transfer.

[63]  Petra Hofstedt,et al.  Bounded model checking of Contiki applications , 2012, 2012 IEEE 15th International Symposium on Design and Diagnostics of Electronic Circuits & Systems (DDECS).

[64]  Pao-Ann Hsiung,et al.  Accelerating Coverage Estimation Through Partial Model Checking , 2014, IEEE Transactions on Computers.

[65]  Lubos Brim,et al.  Revisiting Resistance Speeds Up I/O-Efficient LTL Model Checking , 2008, TACAS.

[66]  S. Ramesh,et al.  Model Checking of Statechart Models: Survey and Research Directions , 2004, ArXiv.

[67]  Rupak Majumdar,et al.  Model Checking Database Applications , 2013, TACAS.

[68]  Matthew B. Dwyer,et al.  Domain-specific Model Checking Using The Bogor Framework , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[69]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[70]  Chuck Yoo,et al.  Comments on 'The Model Checker SPIN' , 2001, IEEE Trans. Software Eng..

[71]  Grigory Fedyukovich,et al.  Symbolic Detection of Assertion Dependencies for Bounded Model Checking , 2015, FASE.

[72]  M. Ganai,et al.  Efficient SAT-based unbounded symbolic model checking using circuit cofactoring , 2004, ICCAD 2004.

[73]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[74]  Fei Xie,et al.  Translating Software Designs for Model Checking , 2004, FASE.

[75]  Christopher D. Thompson-Walsh,et al.  \chiChek: A Model Checker for Multi-Valued Reasoning , 2003, ICSE.

[76]  Gerard J. Holzmann,et al.  State Compression in SPIN: Recursive Indexing and Compression Training Runs , 2002 .

[77]  Hao Wang,et al.  A Model Slicing Method for Workflow Verification , 2013, Electron. Notes Theor. Comput. Sci..

[78]  Antti Valmari,et al.  A stubborn attack on state explosion , 1990, Formal Methods Syst. Des..

[79]  Beverly A. Sanders,et al.  Precise Data Race Detection in a Relaxed Memory Model Using Heuristic-Based Model Checking , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[80]  James C. Browne,et al.  Model Checking Software via Abstraction of Loop Transitions , 2003, FASE.

[81]  Ernesto Pimentel,et al.  Refinement of LTL Formulas for Abstract Model Checking , 2002, SAS.

[82]  Laure Gonnord,et al.  Using Bounded Model Checking to Focus Fixpoint Iterations , 2011, SAS.

[83]  A. Prasad Sistla,et al.  Symmetry and Reduced Symmetry in Model Checking , 2001, CAV.

[84]  Alexander Egyed,et al.  Flexible and scalable consistency checking on product line variability models , 2010, ASE.

[85]  Mehrdad Sabetzadeh,et al.  Global consistency checking of distributed models with TReMer+ , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[86]  Fei Xie,et al.  ObjectCheck: A Model Checking Tool for Executable Object-Oriented Software System Designs , 2002, FASE.

[87]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[88]  Giordano Tamburrelli,et al.  Reliability of Run-Time Quality-of-Service Evaluation Using Parametric Model Checking , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[89]  Xiaoyu Song,et al.  Integrating Evolutionary Computation with Abstraction Refinement for Model Checking , 2010, IEEE Transactions on Computers.

[90]  Dimitra Giannakopoulou,et al.  Fluent model checking for event-based systems , 2003, ESEC/FSE-11.

[91]  Moonzoo Kim,et al.  Unit Testing of Flash Memory Device Driver through a SAT-Based Model Checker , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[92]  Richard Gerber,et al.  Model-checking concurrent systems with unbounded integer variables: symbolic representations, approximations, and experimental results , 1999, TOPL.

[93]  Matthew B. Dwyer,et al.  Adapting side effects analysis for modular program model checking , 2003, ESEC/FSE-11.

[94]  Pierre-Yves Schobbens,et al.  Model checking lots of systems: efficient verification of temporal properties in software product lines , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[95]  C.-H. Luke Ong,et al.  A type-directed abstraction refinement approach to higher-order model checking , 2014, POPL.

[96]  Gordon Fraser,et al.  Testing with model checkers: a survey , 2009 .

[97]  Jeff Huang,et al.  Stateless model checking concurrent programs with maximal causality reduction , 2015, PLDI.

[98]  Pierre-Yves Schobbens,et al.  Symbolic model checking of software product lines , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[99]  Christel Baier,et al.  Principles of model checking , 2008 .

[100]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[101]  Brian Demsky,et al.  A Practical Approach for Model Checking C/C++11 Code , 2016, TOPL.

[102]  Lin Gui,et al.  Combining model checking and testing with an application to reliability prediction and distribution , 2013, ISSTA.

[103]  Bernhard Josko,et al.  Preliminary Results of a Case Study: Model Checking for Advanced Automotive Applications , 2005, FM.

[104]  Fei Xie,et al.  Integrated State Space Reduction for Model Checking Executable Object-Oriented Software System Designs , 2002, FASE.

[105]  Jianguo Chen,et al.  Combining Model Checking and Testing for Software Analysis , 2008, 2008 International Conference on Computer Science and Software Engineering.

[106]  Chang Liu,et al.  Software Library Usage Pattern Extraction Using a Software Model Checker , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[107]  A. Prasad Sistla,et al.  SMC: a symmetry-based model checker for verification of safety and liveness properties , 2000, TSEM.

[108]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[109]  Francesco M. Donini,et al.  Design Verification of Web Applications Using Symbolic Model Checking , 2005, ICWE.

[110]  Mats Per Erik Heimdahl,et al.  Deviation analysis through model checking , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[111]  Yvon Savaria,et al.  Towards an accurate reliability, availability and maintainability analysis approach for satellite systems based on probabilistic model checking , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[112]  Jun Sun,et al.  Build your own model checker in one month , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[113]  Alfons Laarman,et al.  Parallel Recursive State Compression for Free , 2011, SPIN.

[114]  Dirk Beyer,et al.  Explicit-State Software Model Checking Based on CEGAR and Interpolation , 2013, FASE.

[115]  Carsten Sinz,et al.  Reducing False Positives by Combining Abstract Interpretation and Bounded Model Checking , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[116]  Dominic Letarte Model checking graph representation of precise boolean inter-procedural flow analysis , 2010, ASE '10.

[117]  Tevfik Bultan,et al.  Action Language: a specification language for model checking reactive systems , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[118]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[119]  Gernot Heiser,et al.  Sequoll: A framework for model checking binaries , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[120]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[121]  David Notkin,et al.  Optimizing Symbolic Model Checking for Statecharts , 2001, IEEE Trans. Software Eng..

[122]  Lubos Brim,et al.  Parallel breadth-first search LTL model-checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[123]  Lucas C. Cordeiro,et al.  SMT-based bounded model checking for multi-threaded software in embedded systems , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[124]  Dragan Bosnacki,et al.  Survey on Directed Model Checking , 2009, MoChArt.

[125]  Masahiro Jibiki,et al.  Coverage Estimation in Model Checking with Bitstate Hashing , 2013, IEEE Transactions on Software Engineering.

[126]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[127]  Tanakorn Leesatapornwongsa,et al.  SAMC: a fast model checker for finding heisenbugs in distributed systems (demo) , 2015, ISSTA.

[128]  Parosh Aziz Abdulla,et al.  A Survey of Regular Model Checking , 2004, CONCUR.

[129]  Amir Pnueli,et al.  Model checking and abstraction to the aid of parameterized systems (a survey) , 2004, Comput. Lang. Syst. Struct..

[130]  Hardi Hungar Combining Model Checking and Theorem Proving to Verify Parallel Processes , 1993, CAV.

[131]  Stefania Gnesi,et al.  A Model Checking Approach for Verifying COWS Specifications , 2008, FASE.

[132]  Paolo Zuliani,et al.  Statistical model checking for biological applications , 2014, International Journal on Software Tools for Technology Transfer.

[133]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[134]  Orna Grumberg,et al.  Modular Model Checking of Software , 1998, TACAS.

[135]  Oksana Tkachuk,et al.  Combining environment generation and slicing for modular software model checking , 2007, ASE '07.

[136]  Dragan Bosnacki,et al.  The Design of a Multicore Extension of the SPIN Model Checker , 2007, IEEE Transactions on Software Engineering.

[137]  Zhenhua Duan,et al.  Detecting spurious counterexamples efficiently in abstract model checking , 2011, 2013 35th International Conference on Software Engineering (ICSE).

[138]  Muffy Calder,et al.  Optimising Communication Structure for Model Checking , 2003, FASE.

[139]  Yunja Choi,et al.  Safety Analysis of Trampoline OS Using Model Checking: An Experience Report , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[140]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[141]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[142]  Cesare Tinelli SMT-Based Model Checking , 2012, NASA Formal Methods.

[143]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[144]  Cacm Staff,et al.  BufferBloat , 2011, Communications of the ACM.

[145]  Daniel Kroening,et al.  Model checking concurrent linux device drivers , 2007, ASE.

[146]  May Haydar,et al.  Properties and scopes in web model checking , 2005, ASE.

[147]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[148]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[149]  Jun Sun,et al.  Fair Model Checking with Process Counter Abstraction , 2009, FM.

[150]  Peter Sanders,et al.  Semi-external LTL Model Checking , 2008, CAV.

[151]  Mateusz Ujma,et al.  JPF-AWT: Model checking GUI applications , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[152]  Dominic Letarte Conversion of fast inter-procedural static analysis to model checking , 2010, 2010 IEEE International Conference on Software Maintenance.

[153]  Marsha Chechik,et al.  A buffer overflow benchmark for software model checkers , 2007, ASE.

[154]  Sami Evangelista,et al.  Combining the Sweep-Line Method with the Use of an External-Memory Priority Queue , 2012, SPIN.

[155]  Patrick Lam,et al.  SATCheck: SAT-directed stateless model checking for SC and TSO , 2015, OOPSLA.

[156]  Marsha Chechik,et al.  PtYasm: Software Model Checking with Proof Templates , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[157]  Cyrille Artho,et al.  Accurate Centralization for Applying Model Checking on Networked Applications , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[158]  Tomás E. Uribe Combinations of Model Checking and Theorem Proving , 2000, FroCoS.

[159]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[160]  Klaus Pohl,et al.  Model Checking of Domain Artifacts in Product Line Engineering , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[161]  Yu Yang,et al.  Distributed Dynamic Partial Order Reduction Based Verification of Threaded Software , 2007, SPIN.

[162]  Alexander Egyed,et al.  UML/Analyzer: A Tool for the Instant Consistency Checking of UML Models , 2007, 29th International Conference on Software Engineering (ICSE'07).

[163]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[164]  Lucas C. Cordeiro,et al.  Verifying multi-threaded software using smt-based context-bounded model checking , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[165]  Cyrille Artho,et al.  Model checking distributed systems by combining caching and process checkpointing , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[166]  Yunja Choi,et al.  Combination model checking: approach and a case study , 2004 .

[167]  Pierre-Yves Schobbens,et al.  Beyond Boolean product-line model checking: Dealing with feature attributes and multi-features , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[168]  David Notkin,et al.  Decoupling synchronization from local control for efficient symbolic model checking of statecharts , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[169]  Ahmed Bouajjani,et al.  Abstract Regular Tree Model Checking of Complex Dynamic Data Structures , 2006, SAS.

[170]  Thomas A. Henzinger,et al.  jMocha: a model checking tool that exploits design structure , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[171]  Pao-Ann Hsiung,et al.  Model Checking Safety-Critical Systems Using Safecharts , 2007, IEEE Transactions on Computers.

[172]  Haibo Yu,et al.  Tuning parallel symbolic execution engine for better performance , 2016, Frontiers of Computer Science.

[173]  Cyrille Jégourel,et al.  Command-based importance sampling for statistical model checking , 2016, Theor. Comput. Sci..

[174]  Gregg Rothermel,et al.  Regression model checking , 2009, 2009 IEEE International Conference on Software Maintenance.

[175]  Francesca Levi,et al.  A symbolic semantics for abstract model checking , 1998, Sci. Comput. Program..

[176]  Ji Wang,et al.  Symbolic Model Checking of ETL: Symbolic Model Checking of ETL , 2009 .

[177]  Christel Baier,et al.  Advances in Symbolic Probabilistic Model Checking with PRISM , 2016, TACAS.

[178]  Helmut Veith,et al.  25 Years of Model Checking - History, Achievements, Perspectives , 2008, 25 Years of Model Checking.

[179]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[180]  Sagar Chaki,et al.  Types as models: model checking message-passing programs , 2002, POPL '02.

[181]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[182]  Antonella Santone,et al.  Heuristic Search + Local Model Checking in Selective mu-Calculus , 2003, IEEE Trans. Software Eng..

[183]  Bernd Fischer,et al.  SMT-Based Bounded Model Checking for Embedded ANSI-C Software , 2012, IEEE Transactions on Software Engineering.

[184]  Zhe Chen,et al.  Nevertrace Claims for Model Checking , 2010, SPIN.

[185]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[186]  Gerard J. Holzmann,et al.  An Automated Verification Method for Distributed Systems Software Based on Model Extraction , 2002, IEEE Trans. Software Eng..

[187]  Jocelyn Simmonds,et al.  A tool for automatic UML model consistency checking , 2005, ASE '05.

[188]  Jan Peleska,et al.  Model-Based Scenario Testing and Model Checking with Applications in the Railway Domain , 2014 .

[189]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[190]  Marsha Chechik,et al.  Multi-valued symbolic model-checking , 2003, TSEM.

[191]  Axel Legay,et al.  TransDPOR: A Novel Dynamic Partial-Order Reduction Technique for Testing Actor Programs , 2012, FMOODS/FORTE.

[192]  Christel Baier,et al.  Probabilistic Model Checking and Non-standard Multi-objective Reasoning , 2014, FASE.

[193]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[194]  K. Suzanne Barber,et al.  Providing early feedback in the development cycle through automated application of model checking to software architectures , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[195]  Carsten Sinz,et al.  The bounded model checker LLBMC , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[196]  Zhe Dang,et al.  Three approximation techniques for ASTRAL symbolic model checking of infinite state real-time systems , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[197]  Francesco Ranzato,et al.  Making Abstract Model Checking Strongly Preserving , 2002, SAS.

[198]  Parosh Aziz Abdulla,et al.  Optimal dynamic partial order reduction , 2014, POPL.

[199]  Farn Wang,et al.  Symbolic model checking for event-driven real-time systems , 1997, TOPL.

[200]  Keqin Li,et al.  Model-Checking Driven Security Testing of Web-Based Applications , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[201]  Robert B. France,et al.  An Approach to Checking Consistency between UML Class Model and Its Java Implementation , 2016, IEEE Transactions on Software Engineering.

[202]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[203]  Lubos Brim,et al.  Using Assumptions to Distribute CTL Model Checking , 2002, Electron. Notes Theor. Comput. Sci..

[204]  Mehrdad Sabetzadeh,et al.  Consistency Checking of Conceptual Models via Model Merging , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[205]  Masataka Nishi Towards bounded model checking using nonlinear programming solver , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[206]  Lubos Brim,et al.  I/O Efficient Accepting Cycle Detection , 2007, CAV.

[207]  Jun Sun,et al.  A model checking framework for hierarchical systems , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[208]  Gerard J. Holzmann,et al.  Model-Driven Software Verification , 2004, SPIN.

[209]  Rance Cleaveland,et al.  Optimality in Abstractions of Model Checking , 1995, SAS.

[210]  Henrik Reif Andersen,et al.  Partial model checking of modal equations: A survey , 1999, International Journal on Software Tools for Technology Transfer.

[211]  Naoki Kobayashi,et al.  Predicate abstraction and CEGAR for higher-order model checking , 2011, PLDI '11.

[212]  Chandrasekhar Boyapati,et al.  Efficient modular glass box software model checking , 2010, OOPSLA.

[213]  Chandrasekhar Boyapati,et al.  Efficient software model checking of soundness of type systems , 2008, OOPSLA.

[214]  Gerard J. Holzmann,et al.  Automating software feature verification , 2000, Bell Labs Technical Journal.

[215]  Dimitar Dimitrov,et al.  Stateless model checking of event-driven applications , 2015, OOPSLA.

[216]  Satish Chandra,et al.  Software model checking in practice: an industrial case study , 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002.

[217]  Moonzoo Kim,et al.  A Comparative Study of Software Model Checkers as Unit Testing Tools: An Industrial Case Study , 2011, IEEE Transactions on Software Engineering.

[218]  Dawn Xiaodong Song,et al.  BLITZ: Compositional bounded model checking for real-world programs , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[219]  Huaikou Miao,et al.  Test Generation for Web Applications Using Model-Checking , 2010, 2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[220]  Gerard J. Holzmann,et al.  Logic Verification of ANSI-C Code with SPIN , 2000, SPIN.

[221]  D. T. Lee,et al.  Verifying Web applications using bounded model checking , 2004, International Conference on Dependable Systems and Networks, 2004.

[222]  Robert P. Goldman,et al.  Applications of model checking at Honeywell Laboratories , 2001, SPIN '01.

[223]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[224]  David Notkin,et al.  Improving efficiency of symbolic model checking for state-based system requirements , 1998, ISSTA '98.

[225]  Jürgen Dingel,et al.  Verifying Protocol Conformance Using Software Model Checking for the Model-Driven Development of Embedded Systems , 2013, IEEE Transactions on Software Engineering.

[226]  Milan Ceska,et al.  On Parallel Software Verification Using Boolean Equation Systems , 2012, SPIN.

[227]  Radu Iosif Exploiting heap symmetries in explicit-state model checking of software , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[228]  Lucas Cordeiro,et al.  ESBMC : A Bounded Model Checking Tool to Verify Qt Applications , 2016 .

[229]  Klaus Havelund,et al.  Java PathFinder, A Translator from Java to Promela , 1999, SPIN.

[230]  Peter-Michael Seidel A Case for Multi-level Combination of Theorem Proving and Model Checking Tools , 2014, 2014 15th International Microprocessor Test and Verification Workshop.

[231]  Axel Legay,et al.  Statistical Model Checking in BioLab: Applications to the Automated Analysis of T-Cell Receptor Signaling Pathway , 2008, CMSB.

[232]  David L. Dill,et al.  Java model checking , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[233]  Fei Xie,et al.  Model checking for an executable subset of UML , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[234]  Tayssir Touili,et al.  PuMoC: a CTL model-checker for sequential programs , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[235]  Gerard J. Holzmann,et al.  Parallelizing the Spin Model Checker , 2012, SPIN.

[236]  Murali Rangarajan,et al.  Analysis of Distributed Spin Applied to Industrial-Scale Models , 2004, SPIN.

[237]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[238]  George S. Avrunin,et al.  Combining symbolic execution with model checking to verify parallel numerical programs , 2008, TSEM.

[239]  Javier Tuya,et al.  Modular Model Checking of Software Specifications with Simultaneous Environment Generation , 2004, ATVA.

[240]  Ion Petre,et al.  Complexity of model checking for reaction systems , 2016, Theor. Comput. Sci..

[241]  Jin Song Dong,et al.  HighSpec: a tool for building and checking OZTA models , 2006, ICSE '06.

[242]  Myla Archer,et al.  Using Abstraction and Model Checking to Detect Safety Violations in Requirements Specifications , 1998, IEEE Trans. Software Eng..

[243]  A. Prasad Sistla,et al.  Utilizing symmetry when model-checking under fairness assumptions: an automata-theoretic approach , 1997, TOPL.

[244]  Alessandro Cimatti,et al.  Industrial Applications of Model Checking , 2000, MOVEP.

[245]  Jun Sun,et al.  PAT 3: An Extensible Architecture for Building Multi-domain Model Checkers , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[246]  Chandrasekhar Boyapati,et al.  Efficient software model checking of data structure properties , 2006, OOPSLA '06.

[247]  Mordechai Ben-Ari,et al.  A primer on model checking , 2010, INROADS.

[248]  Marco Pistore,et al.  Model checking early requirements specifications in Tropos , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[249]  Eric Mercer,et al.  On-the-Fly Dynamic Dead Variable Analysis , 2007, SPIN.

[250]  H. Amjad,et al.  Combining model checking and theorem proving , 2004 .

[251]  Nima Kaveh,et al.  Model checking distributed objects design , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[252]  Michael Wooldridge,et al.  Model Checking for Multiagent Systems: the Mable Language and its Applications , 2006, Int. J. Artif. Intell. Tools.

[253]  Henry Muccini,et al.  Automated check of architectural models consistency using SPIN , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[254]  Matthew B. Dwyer,et al.  Analyzing interaction orderings with model checking , 2004 .

[255]  Francesco M. Donini,et al.  A Model Checking-based Method for Verifying Web Application Design , 2006, Electron. Notes Theor. Comput. Sci..

[256]  Georg Weissenbacher,et al.  Incremental bounded software model checking , 2014, SPIN.

[257]  strong,et al.  An I/O Efficient Model Checking Algorithm for Large-Scale Systems , 2015 .

[258]  Tomohiro Yoneda,et al.  Modular Model Checking of Large Asynchronous Designs with Efficient Abstraction Refinement , 2010, IEEE Transactions on Computers.

[259]  Madan Musuvathi,et al.  Fair stateless model checking , 2008, PLDI '08.

[260]  Matthew B. Dwyer,et al.  Model checking graphical user interfaces using abstractions , 1997, ESEC '97/FSE-5.

[261]  Alessandro Armando,et al.  The eureka tool for software model checking , 2007, ASE '07.

[262]  Thomas Schwentick,et al.  The Model Checking Problem for Prefix Classes of Second-Order Logic: A Survey , 2010, Fields of Logic and Computation.

[263]  Augusto Sampaio,et al.  Model-Checking CSP-Z , 1998, FASE.

[264]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[265]  Felix Sheng-Ho Chang,et al.  Symbolic model checking of declarative relational models , 2006, ICSE.

[266]  Mats Per Erik Heimdahl,et al.  Model checking software requirement specifications using domain reduction abstraction , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[267]  Insup Lee,et al.  Data flow testing as model checking , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[268]  Peter Dybjer,et al.  Verifying Haskell programs by combining testing, model checking and interactive theorem proving , 2004, Inf. Softw. Technol..

[269]  Chao Wang,et al.  Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique , 2009, CAV.

[270]  Shin Nakajima Model-Checking Behavioral Specification of BPEL Applications , 2006, Electron. Notes Theor. Comput. Sci..

[271]  Dragan Bosnacki,et al.  Multi-Core Model Checking with SPIN , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[272]  Stefan Kowalewski,et al.  Counterexample-Guided Abstraction Refinement for PLCs , 2010, SSV.

[273]  Lucas C. Cordeiro,et al.  ESBMCQtOM: A Bounded Model Checking Tool to Verify Qt Applications , 2016, SPIN.

[274]  Willem Visser,et al.  Combining static analysis and model checking for software analysis , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[275]  Frank Tip,et al.  Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking , 2010, IEEE Transactions on Software Engineering.

[276]  Angelo Gargantini,et al.  Using model checking to generate tests from requirements specifications , 1999, ESEC/FSE-7.

[277]  Hiroshi Watanabe,et al.  Model checking class specifications for Web applications , 2005, 12th Asia-Pacific Software Engineering Conference (APSEC'05).

[278]  Andreas Podelski Model Checking as Constraint Solving , 2000, SAS.

[279]  Kathi Fisler,et al.  Foundations of incremental aspect model-checking , 2007, TSEM.

[280]  Alessandro Armando,et al.  SATMC: A SAT-Based Model Checker for Security-Critical Systems , 2014, TACAS.

[281]  Rong Zhou,et al.  Parallel Model Checking Using Abstraction , 2012, SPIN.

[282]  Samik Basu,et al.  A bounded statistical approach for model checking of unbounded until properties , 2010, ASE.

[283]  Stephan Merz,et al.  Model Checking: A Tutorial Overview , 2000, MOVEP.

[284]  Sanjai Rayadurgam,et al.  Automatic abstraction for model checking software systems with interrelated numeric constraints , 2001, ESEC/FSE-9.

[285]  Luca Aceto,et al.  Decision Support for Mobile Cloud Computing Applications via Model Checking , 2015, 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering.