SPIN Model Checking and Software Verification

ion of Communication Channels in Promela: A Case Study . . . . . . 187 Elena Fersman and Bengt Jonsson (Uppsala University)

[1]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[2]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[3]  Giorgio De Michelis,et al.  Concurrency versus interleaving: an instructuve example , 1987, Bull. EATCS.

[4]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[5]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[6]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[7]  John Penix,et al.  Using predicate abstraction to reduce object-oriented programs for model checking , 2000, FMSP '00.

[8]  Tomás E. Uribe,et al.  Generating Finite-State Abstractions of Reactive Systems Using Decision Procedures , 1998, CAV.

[9]  Arend Rensink,et al.  On Syntactic and Semantic Action Refinement , 1994, TACS.

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  Flemming Nielson,et al.  Control Flow Analysis for the pi-calculus , 1998, CONCUR.

[12]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[13]  Martin C. Rinard,et al.  Compositional pointer and escape analysis for Java programs , 1999, OOPSLA '99.

[14]  Klaus Havelund,et al.  Applying Model Checking in Java Verification , 1999, SPIN.

[15]  Pierre Wolper,et al.  A direct symbolic approach to model checking pushdown systems , 1997, INFINITY.

[16]  Rance Cleaveland,et al.  The concurrency workbench: a semantics-based tool for the verification of concurrent systems , 1993, TOPL.

[17]  Thierry Cattel Modeling and Verification of SC++ Applications , 1998, TACAS.

[18]  Olivier Danvy,et al.  Partial evaluation: Principles and perspectives , 1993 .

[19]  Claudio Demartini,et al.  dSPIN: A Dynamic Extension of SPIN , 1999, SPIN.

[20]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[21]  Rajeev Alur,et al.  Model checking of hierarchical state machines , 1998, TOPL.

[22]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[23]  Edward Y. Chang,et al.  STeP: The Stanford Temporal Prover , 1995, TAPSOFT.

[24]  Bernhard Steffen,et al.  Compositional Minimization of Finite State Systems , 1990, CAV.

[25]  Joseph Sifakis,et al.  Safety for Branching Time Semantics , 1991, ICALP.

[26]  Mads Dam,et al.  CTL* and ECTL* as Fragments of the Modal µ-Calculus , 1992, CAAP.

[27]  Pierre Wolper,et al.  A partial approach to model checking , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[28]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[29]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[30]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[31]  John H. Reppy,et al.  Higher-Order Concurrency , 1992 .

[32]  Kenneth L. McMillan,et al.  A Compositional Rule for Hardware Design Refinement , 1997, CAV.

[33]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[34]  Robert S. Hanmer,et al.  Systematic software testing using VeriSoft — An analysis of the 4ESS™ heart-beat monitor , 1998, Bell Labs Technical Journal.

[35]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[36]  Bernhard Steffen,et al.  Model Checking for Context-Free Processes , 1992, CONCUR.

[37]  Ursula Goltz,et al.  Equivalence Notions for Concurrent Systems and Refinement of Actions (Extended Abstract) , 1989, MFCS.

[38]  Z. Manna,et al.  Integrating decision procedures for temporal verification , 1998 .

[39]  James C. Corbett,et al.  A Formal Study of Slicing for Multi-threaded Programs with JVM Concurrency Primitives , 1999, SAS.

[40]  Flemming Nielson,et al.  Static Analysis of Processes for No and Read-Up nad No Write-Down , 1999, FoSSaCS.

[41]  Gerard J. Holzmann,et al.  The State of SPIN , 1996, CAV.

[42]  Gerard J. Holzmann,et al.  Designing executable abstractions , 1998, FMSP '98.

[43]  Alain Kerbrat,et al.  CADP - A Protocol Validation and Verification Toolbox , 1996, CAV.

[44]  Gerard J. Holzmann,et al.  An Analysis of Bitstate Hashing , 1995, Formal Methods Syst. Des..

[45]  P. Pandurang Nayak,et al.  Remote Agent: To Boldly Go Where No AI System Has Gone Before , 1998, Artif. Intell..

[46]  David L. Dill,et al.  Java model checking , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[47]  David Grove,et al.  Effective interprocedural optimization of object-oriented languages , 1998 .

[48]  Brian W. Kernighan,et al.  The C Programming Language , 1978 .

[49]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[50]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[51]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[52]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[53]  RAJEEV ALUR,et al.  Modular Refinement of Hierarchic Reactive Machines 1 , 2000 .

[54]  Andrew S. Tanenbaum,et al.  Computer networks, third edition , 1996 .

[55]  James C. Corbett,et al.  Using shape analysis to reduce finite-state models of concurrent Java programs , 2000, TSEM.

[56]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[57]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[58]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[59]  Benjamin Goldberg,et al.  Partial-evaluation techniques for concurrent programs , 1997 .

[60]  Philip Winterbottom,et al.  The PathStar access server: Facilitating carrier-scale packet telephony , 1998, Bell Labs Technical Journal.

[61]  Michael R. Lowry,et al.  Formal Analysis of a Space-Craft Controller Using SPIN , 2001, IEEE Trans. Software Eng..

[62]  David L. Dill,et al.  The Murphi Verification System , 1996, CAV.

[63]  Akinori Yonezawa,et al.  Static Analysis of Communication for Asynchronous Concurrent Programming Languages , 1995, SAS.

[64]  Susanne Graf,et al.  Verification of a Distributed Cache Memory by Using Abstractions , 1994, CAV.

[65]  Gerard J. Holzmann,et al.  SOFTWARE TESTING, VERIFICATION AND RELIABILITY , 2022 .

[66]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[67]  Norman Ramsey,et al.  Literate programming simplified , 1994, IEEE Software.

[68]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[69]  A. Alles,et al.  ATM Internetworking , 1995 .

[70]  Natarajan Shankar,et al.  Experiments in Theorem Proving and Model Checking for Protocol Verification , 1996, FME.

[71]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[72]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[73]  Bernd Finkbeiner,et al.  Deductive Verification of Modular Systems , 1997, COMPOS.

[74]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[75]  J.-C. Gregoire State space compression in Spin with GETSs , 1996 .

[76]  Pierre Wolper,et al.  Expressing interesting properties of programs in propositional temporal logic , 1986, POPL '86.

[77]  Andrew Lyons,et al.  UML for Real-Time Overview , 1998 .

[78]  Janne Halme,et al.  PROD Reference Manual , 1995 .

[79]  Louise E. Moser,et al.  A graphical interval logic for specifying concurrent systems , 1994, TSEM.

[80]  James C. Corbett,et al.  Constructing compact models of concurrent Java programs , 1998, ISSTA '98.

[81]  Claudio Demartini,et al.  A deadlock detection tool for concurrent Java programs , 1999, Softw. Pract. Exp..

[82]  Suresh Jagannathan,et al.  Locality Abstractions for Parallel and Distributed Computing , 1994, Theory and Practice of Parallel Programming.

[83]  Bengt Jonsson,et al.  Deciding Bisimulation Equivalences for a Class of Non-Finite-State Programs , 1989, STACS.

[84]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[85]  Edsger W. Dijkstra,et al.  Co-operating sequential processes , 1968 .

[86]  Somesh Jha,et al.  An Improved Algorithm for the Evaluation of Fixpoint Expressions , 1994, Theor. Comput. Sci..

[87]  W. Visser,et al.  Second Generation of a Java Model Checker , 2000 .

[88]  Gerard J. Holzmann,et al.  Automating software feature verification , 2000, Bell Labs Technical Journal.

[89]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[90]  Flemming Nielson,et al.  Static and Dynamic Processor Allocation for Higher-Order Concurrent Languages , 1994 .

[91]  D. Belsnes Single-Message Communication , 1976, IEEE Trans. Commun..

[92]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[93]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[94]  Flemming Nielson,et al.  Communication Analysis for Concurrent ML , 1997 .

[95]  Nicolas Halbwachs,et al.  Minimal State Graph Generation , 1992, Sci. Comput. Program..

[96]  Scott D. Stoller,et al.  Model-checking multi-threaded distributed Java programs , 2000, International Journal on Software Tools for Technology Transfer.

[97]  Chin-Laung Lei,et al.  Efficient Model Checking in Fragments of the Propositional Mu-Calculus (Extended Abstract) , 1986, LICS.

[98]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[99]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[100]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[101]  Hassen Saïdi,et al.  Abstraction of parameterized networks , 1997, INFINITY.

[102]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[103]  Scott Meyers,et al.  Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition) , 1991 .

[104]  Z. Manna,et al.  Tools and rules for the practicing verifier , 1990 .

[105]  Derek L. Bruening Systematic testing of multithreaded Java programs , 1999 .

[106]  Antti Valmari,et al.  The State Explosion Problem , 1996, Petri Nets.

[107]  Flemming Nielson,et al.  Infinitary control flow analysis: a collecting semantics for closure analysis , 1997, POPL '97.

[108]  Tadao Murata,et al.  An Application of Petri Net Reduction for Ada Tasking Deadlock Analysis , 1996, IEEE Trans. Parallel Distributed Syst..

[109]  Matthew B. Dwyer,et al.  Slicing Software for Model Construction , 2000, High. Order Symb. Comput..

[110]  Yassine Lakhnech,et al.  Computing Abstractions of Infinite State Systems Compositionally and Automatically , 1998, CAV.

[111]  Somesh Jha,et al.  Exploiting Symmetry In Temporal Logic Model Checking , 1993, CAV.

[112]  Sriram K. Rajamani,et al.  Boolean Programs: A Model and Process for Software Analysis , 2000 .

[113]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[114]  John H. Reppy,et al.  Concurrent programming in ML , 1999 .

[115]  Parosh Aziz Abdulla,et al.  General decidability theorems for infinite-state systems , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[116]  Patrick Cousot,et al.  Temporal abstract interpretation , 2000, POPL '00.

[117]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[118]  Kurt Jensen,et al.  Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Vol. 2, Analysis Methods , 1992 .

[119]  Christopher Colby Analyzing the communication topology of concurrent programs , 1995, PEPM '95.

[120]  David Walker,et al.  Local Model Checking in the Modal mu-Calculus , 1991, Theor. Comput. Sci..

[121]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[122]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[123]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[124]  Pierre Wolper,et al.  Synthesis of Communicating Processes from Temporal Logic Specifications , 1981, TOPL.

[125]  Flemming Nielson,et al.  Systematic realisation of control flow analyses for CML , 1997, ICFP '97.

[126]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[127]  Henny B. Sipma,et al.  Visual Abstractions for Temporal Verification , 1999, AMAST.

[128]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[129]  Keith A. Bartlett,et al.  A note on reliable full-duplex transmission over half-duplex links , 1969, Commun. ACM.

[130]  Michaela Huhn,et al.  Action Refinement and Property Inheritance in Systems of Sequential Agents , 1996, CONCUR.

[131]  Gerard J. Holzmann,et al.  Validating SDL Specifications: an Experiment , 1989, PSTV.

[132]  Matthew B. Dwyer,et al.  Filter-based model checking of partial systems , 1998, SIGSOFT '98/FSE-6.

[133]  Flemming Nielson,et al.  Behaviour Analysis and Safety Conditions: A Case Study in CML , 1998, FASE.

[134]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[135]  John Penix,et al.  Formal Analysis of the Remote Agent Before and After Flight , 2000 .

[136]  Arend Rensink,et al.  Action Refinement , 1999, Handbook of Process Algebra.

[137]  John H. Reppy An Operational Semantics of First-class Synchronous Operations , 1991 .

[138]  Flemming Nielson,et al.  Higher-order concurrent programs with finite communication topology (extended abstract) , 1994, POPL '94.

[139]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[140]  Parosh Aziz Abdulla,et al.  Verifying programs with unreliable channels , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[141]  César Muñoz,et al.  An Overview of SAL , 2000 .

[142]  Radu Iosif,et al.  Modeling and Validation of Java Multithreading Applications using SPIN , 1998 .

[143]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[144]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[145]  Flemming Nielson,et al.  Constraints for Polymorphic Behaviours of Concurrent ML , 1994, CCL.

[146]  Shing-Chi Cheung,et al.  Context constraints for compositional reachability analysis , 1996, TSEM.

[147]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[148]  Nicolas Mercouroff,et al.  An Algorithm for Analyzing Communicating Processes , 1991, MFPS.

[149]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[150]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[151]  Robert S. Hanmer,et al.  Model checking without a model: an analysis of the heart-beat monitor of a telephone switch using VeriSoft , 1998, ISSTA '98.

[152]  Robin Milner,et al.  A semantics for ML concurrency primitives , 1992, POPL '92.

[153]  Hardi Hungar,et al.  Local Model Checking for Parallel Compositions of Context-Free Processes , 1994, CONCUR.

[154]  Corina S. Pasareanu,et al.  Translating Ada Programs for Model Checking : A , 1998 .

[155]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[156]  Robert E. Tarjan,et al.  Three Partition Refinement Algorithms , 1987, SIAM J. Comput..

[157]  Bernhard Steffen,et al.  The Interprocedural Coincidence Theorem , 1992, CC.

[158]  Matthieu Martel,et al.  Self-applicable partial evaluation for the pi-calculus , 1997, PEPM.

[159]  Martín Abadi,et al.  Types for Safe Locking , 1999, ESOP.

[160]  Colin Stirling,et al.  Local model checking games (extended abstract) , 1995 .

[161]  Gerard J. Holzmann,et al.  The Engineering of a Model Checker: The Gnu i-Protocol Case Study Revisited , 1999, SPIN.

[162]  Colin Stirling,et al.  Modal and Temporal Logics for Processes , 1996, Banff Higher Order Workshop.