Academia.eduAcademia.edu

Outline

Title
Abstract
Analyzing the Results
Data-Dependent Systems
Example 2.34. Alternating Bit Protocol (Revisited)
Base Case (N
Communication Protocol (Fairness)
Informal Description of the Protocol
Introduction
Example 7.108. Alternating Bit Protocol
Example 7.131. Alternating Bit Protocol
Related Approaches. The Concept of Sleep Sets
Example 10.2. A Simple Communication Protocol
Theorem 10.56. Dra-Based Analysis of Markov Chains
Example 10.70. Zeroconf Protocol
Example 10.78. Zeroconf Protocol
Qualitative Analysis for Min Reachability Problems
Summary
Questions
References

Principles of model checking

Profile image of Joost-Pieter KatoenJoost-Pieter Katoen

2008

Abstract

All rights reserved. No part of this book may be reproduced in any form by any electronic of mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.

Related papers

The hidden models of model checking
Michael Whalen

Software & Systems Modeling, 2012

In the past, applying formal analysis, such as model checking, to industrial problems required a team of formal methods experts and a great deal of effort. Model checking has become popular, because model checkers have evolved to allow domain-experts, who lack model checking expertise, to analyze their systems. What made this shift possible and what roles did models play in this? That is the main question we consider here. We survey approaches that transform domain-specific input models into alternative forms that are invisible to the user and which are amenable to model checking using existing techniques-we refer to these as hidden models. We observe that keeping these models hidden from the user is in fact paramount to the success of the domain-specific model checker. We illustrate the value of hidden models by surveying successful examples of their use in different areas of model checking (hardware and software) and how a lack of suitable models hamper a new area (biological systems).

View PDFchevron_right
Model-Based Verification: Analysis Guidelines
John Hudak

2001

This technical note provides guidance for the analysis activity that occurs during the interpretation of results produced by model-checking tools. In the model-checking analysis activity, the main question is, "Does the system behave correctly?" To answer this question, a model and a set of expected properties are used as input to a model checker. The expected output is a confirmation or refutation of the specified expected properties. In most cases, if the model checker does not confirm the property, it provides a counterexample.

View PDFchevron_right
On checking model checkers
Gerard Holzmann

Lecture Notes in Computer Science, 1998

It has become good practice to expect authors of new model checking algorithms to provide not only rigorous evidence of the algorithms correctness, but also evidence of their practical signi cance. Though the rules for determining what is and what is not a good proof of correctness are clear, no comparable rules are usually enforced for determining the soundness of the data that is used to support the claim for practical signi cance. We consider here how w e can ag the more common types of omission.

View PDFchevron_right
Model checking software: on some new waves and some evergreens
Dragan Bošnački

2010

This paper introduces a special section of the STTT journal containing a selection of papers that were presented at the 13th International Workshop Model Checking Software SPIN 2007. We give a brief overview of the field of software model checking with emphasis on topics that are covered by the selected papers. In our focus are some emerging trends like multi-core model checking together with new high-quality model checking tools, as well as subjects that remain challenging virtually since the establishing of the discipline, like partial-order reduction and abstraction.

View PDFchevron_right
Model-Based Verification: Guidelines for Generating Expected Properties
John Hudak
View PDFchevron_right
Model-Based Verification: An Engineering Practice
John Hudak

Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder. Internal use. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and "No Warranty" statements are included with all reproductions and derivative works.

View PDFchevron_right
DOI 10.1007/s10270-012-0281-9 EXPERT’S VOICE The hidden models of model checking
Michael Whalen

2016

In the past, applying formal analysis, such as model checking, to industrial problems required a team of formal methods experts and a great deal of effort. Model checking has become popular, because model checkers have evolved to allow domain-experts, who lack model check-ing expertise, to analyze their systems. What made this shift possible and what roles did models play in this? That is the main question we consider here. We survey approaches that transform domain-specific input models into alternative forms that are invisible to the user and which are amenable to model checking using existing techniques—we refer to these as hidden models. We observe that keeping these mod-els hidden from the user is in fact paramount to the success of the domain-specific model checker. We illustrate the value of hidden models by surveying successful examples of their use in different areas of model checking (hardware and soft-ware) and how a lack of suitable models hamper a new area (biological s...

View PDFchevron_right
Grand Challenge: Model Check Software
Nishant Sinha

Vissas, 2005

Model checking has been successfully employed for verification of industrial hardware systems. Recently, model checking techniques have also enjoyed limited success in verifying software systems, viz., device drivers. However, there are several hurdles which must be overcome before model checking can be used to handle industrial-scale software systems. This article reviews some of the prominent model checking techniques being used for verification of software and summarizes the existing challenges in the field.

View PDFchevron_right
Termination Criteria for Bounded Model Checking: Extensions and Comparison
Mohammad Awedh

Electronic Notes in Theoretical Computer Science, 2006

Increasing attention has been paid recently to criteria that allow one to conclude that a structure models a linear-time property from the knowledge that no counterexamples exist up to a certain length. These termination criteria effectively turn Bounded Model Checking into a full-fledged verification technique and sometimes result in considerable time savings. In [M. Awedh and F. Somenzi. Proving more properties with bounded model checking. In R. Alur and D. Peled, editors, Sixteenth Conference on Computer Aided Verification (CAV'04), pages 96–108. Springer-Verlag, Berlin, July 2004. LNCS 3114] we presented a criterion based on the translation of the linear-time specification into a Büchi automaton. BMC can be terminated if no fair cycle is found up to a given length, and one can prove that no fair cycle exists beyond that length. The maximum length for which counterexamples are explicitly checked is called the termination length; it obviously depends on the model, the property, and the termination criterion. In this paper we improve the criterion of [M. Awedh and F. Somenzi. Proving more properties with bounded model checking. In R. Alur and D. Peled, editors, Sixteenth Conference on Computer Aided Verification (CAV'04), pages 96–108. Springer-Verlag, Berlin, July 2004. LNCS 3114] by adding a check that often substantially reduces termination length. Our previous work employed translation to a non-generalized Büchi automaton. Though a well-known technique converts a generalized automaton into that form by composing it with a counter, it has the undesirable effect of considerably lengthening the cycles in the graph to be searched. We propose several alternatives to that approach and compare them experimentally. The translation to automata can be accomplished in more than one way, and in this paper we contrast two of them: one based on the algorithms of [F. Somenzi and R. Bloem. Efficient Büchi automata from LTL formulae. In E. A. Emerson and A. P. Sistla, editors, Twelfth Conference on Computer Aided Verification (CAV'00), pages 248–263. Springer-Verlag, Berlin, July 2000. LNCS 1855], and one based on the notion of tight automaton of [E. Clarke, O. Grumberg, and K. Hamaguchi. Another look at LTL model checking. In D. L. Dill, editor, Sixth Conference on Computer Aided Verification (CAV'94), pages 415–427. Springer-Verlag, Berlin, 1994. LNCS 818]. The latter yields shorter counterexamples, but the former often leads to earlier termination. In addition, it can help in identifying safety properties, for which termination checks are much more efficient than for the general case. We finally present results on comparing techniques based on cycle detection to the technique of [V. Schuppan and A. Biere. Efficient reduction of finite state model checking to reachability analysis. Software Tools for Technology Transfer, 5(2–3):185–204, Mar. 2004], which converts liveness properties into safety properties by augmentation of the model.

View PDFchevron_right
MCC’2017 – The Seventh Model Checking Contest
Fabrice Kordon

Transactions on Petri Nets and Other Models of Concurrency XIII, 2018

Created in 2011, the Model Checking Contest (MCC) is an annual competition dedicated to provide a fair evaluation of software tools that verify concurrent systems using state-space exploration techniques and model checking. This article presents the principles and results of the 2017 edition of the MCC, which took place along with the Petri Net and ACSD joint conferences in Zaragoza, Spain. 1 Goals and Scope of the Model Checking Contest The Model Checking Contest (MCC) is part of the growing trend of scientific contests, among which one can also mention: the SAT 1 and the SMT 2 competitions, the Hardware Model Checking Competition 3 , the Rigorous Examination of Reactive Systems challenge 4 , the Timing Analysis Contest 5 , and the Competition on Software Verification 6. The overall goal of these contests is to identify the theoretical approaches that

View PDFchevron_right

References (443)

  1. C's. (c) Change your automaton from part (a) such that between any two successive A's an odd number of symbols from the set { B, C } may occur.
  2. Same exercise as in (c), except that now an odd number of B's and an odd number of C's must occur between any two successive A symbols.
  3. Exercise 4.11. Depict an NBA for the language described by the ω-regular expression (AB + C) * ((AA + B)C) ω + (A * C) ω .
  4. Prove that for any PCTL formula there exists an equivalent PCTL formula in PNF. Exercise 10.11. Let M be a finite Markov chain over AP, s a state of M and a, b ∈ AP: Show that s |= P =1 (a U b) iff s |= ∀( (∃(a U b)) W b ).
  5. Exercise 10.12. Provide deterministic Rabin automata for the following LTL formulae: (a → ♦b), ¬ (a → ♦b), and a U ( b).
  6. Exercise 10.13. Let A 1 and A 2 be DRA over the same alphabet. Define the DRA A = A 1 ∪A 2 such that L ω (A) = L ω (A 1 ) ∪ L ω (A 2 )
  7. and size(A) = O poly(size(A 1 ), size(A 2 )) .
  8. Exercise 10.14. Consider the Markov chain M in Figure 10.22 (page 899), and let the labeling be given by L(s 2 ) = L(s 3 ) = L(s 4 ) = { a } and L(s) = ∅ for the remaining states. Question: Compute the probability Pr M (ϕ) for the LTL formula ϕ = ♦ a. (Hint: Construct a DRA A for ϕ and perform a quantitative analysis in M ⊗ A.)
  9. Exercise 10.15. Prove the following statement. For finite Markov chain M = (S, P, ι init , AP, L) and ω-regular property P over AP such that Pr M (P ) > 0, there exists a finite path fragment π = s 0 s 1 . . . s n in M with ι init (s 0 ) > 0 such that almost all paths in the cylinder set Cyl( π) fulfill
  10. P , i.e., Pr M {π ∈ Cyl( π) | trace(π) ∈ P } = P( π).
  11. Exercise 10.16. Show that there is no PCTL formula that is equivalent to the PCTL * formula P 0.5 ( a) where a is an atomic proposition. Exercise 10.17. Consider the Markov chain M, which is given by Bibliography
  12. M. Abadi and L. Lamport. The existence of refinement mappings. Theoretical Computer Science, 82(2):253-284, 1991.
  13. Y. Abarbanel-Vinov and N. Aizenbud-Reshef and I. Beer and C. Eis- ner and D. Geist and T. Heyman and I. Reuveni and E. Rippel and I. Shitsevalov and Y. Wolfsthal and T. Yatzkar-Haham. On the effective deployment of functional formal verification. Formal Methods in System Design, 19:35-44, 2001.
  14. P. A. Abdulla and B. Jonsson and M. Kindahl and D. Peled. A general approach to partial order reductions in symbolic verification (extended abstract). In 10th International Conference on Computer Aided Verification (CAV), volume 1427 of Lecture Notes in Computer Science, pages 379-390. Springer-Verlag, 1998.
  15. S. Abramsky. A domain equation for bisimulation. Information and Computation, 92(2):161-218, 1991.
  16. B. Alpern and F. Schneider. Defining liveness. Information Processing Letters, 21(4):181-185, 1985.
  17. B. Alpern and F. Schneider. Recognizing safety and liveness. Distributed Com- puting, 2(3):117-126, 1987.
  18. B. Alpern and F. Schneider. Verifying temporal properties without temporal logic. ACM Transactions on Programming Languages and Systems, 11(1):147-167, 1989.
  19. R. Alur and R. K. Brayton and T. Henzinger and S. Qadeer and S. K. Rajamani. Partial order reduction in symbolic state-space exploration. Formal Methods in System Design, 18(2):97-116, 2001.
  20. R. Alur and C. Courcoubetis and D. Dill. Model-checking in dense real time. Information and Computation, 104(2):2-34, 1993. 931
  21. R. Alur and D. Dill. Automata for modeling real-time systems. In 17th Inter- national Colloquium on Automata, Languages and Programming (ICALP), volume 443 of Lecture Notes in Computer Science, pages 322-335. Springer-Verlag, 1990.
  22. R. Alur and D. Dill. A theory of timed automata. Theoretical Computer Science, 126(2):183-235, 1994.
  23. R. Alur and D. Dill. Automata-theoretic verification of real-time systems. In C. Heitmeyer and D. Mandrioli, editors, Formal Methods for Real-Time Computing, pages 55-82. John Wiley & Sons, 1996.
  24. R. Alur and L. Fix and T. A. Henzinger. Event-clock automata: a determiniz- able class of timed automata. Theoretical Computer Science, 211(1-2):253-273, 1999.
  25. S. Andova and H. Hermanns and J.-P. Katoen. Discrete-time rewards model checked. In 1st International Workshop on Formal Modeling and Analysis of Timed Systems (FORMATS), volume 2791 of Lecture Notes in Computer Science, pages 88-104. Springer-Verlag, 2003.
  26. K. R. Apt. Correctness proofs of distributed termination algorithms. ACM Trans- actions on Programming Languages and Systems, 8(3):388-405, 1986.
  27. K. R. Apt and N. Francez and W.-P. de Roever. A proof system for commu- nicating sequential processes. ACM Transactions on Programming Languages and Systems, 2(3):359-385, 1980.
  28. K. R. Apt and D. Kozen. Limits for the automatic verification of finite-state concurrent systems. Information Processing Letters, 22(6):307-309, 1986.
  29. K. R. Apt and E.-R. Olderog. Verification of Sequential and Concurrent Pro- grams. Springer-Verlag, 1997.
  30. A. Arnold. Finite Transition Systems. Prentice-Hall, 1994.
  31. E. Asarin and P. Caspi and O. Maler. Timed regular expressions. Journal of the ACM, 49(2):172-206, 2002.
  32. R. B. Ash and C. A. Doléans-Dade. Probability and Measure Theory. Academic Press, 2000.
  33. A. Aziz and K. Sanwal and V. Singhal and R. K. Brayton. Model-checking continous-time Markov chains. ACM Transactions on Computer Logic, 1(1):162- 170, 2000.
  34. A. Aziz and V. Singhal and F. Balarin and R. K. Brayton and A. L. Sangiovanni-Vincentelli. It usually works: The temporal logic of stochastic systems. In 7th International Conference on Computer Aided Verification (CAV), volume 939 of Lecture Notes in Computer Science, pages 155-165. Springer-Verlag, 1995.
  35. S. Baase and A. van Gelder. Computer Algorithms: Introduction to Design and Analysis. Addison-Wesley, 2000.
  36. C. Baier and F. Ciesinski and M. Größer. Probmela: a modeling language for communicating probabilistic systems. In 2nd ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE), pages 57-66. IEEE Computer Society Press, 2004.
  37. C. Baier and E. Clarke and V. Hartonas-Garmhausen and M. Kwiatkowska and M. Ryan. Symbolic model checking for probabilistic pro- cesses. In 24th International Colloqium on Automata, Languages and Program- ming (ICALP), volume 1256 of Lecture Notes in Computer Science, pages 430-440.
  38. C. Baier and B. Engelen and M. E. Majster-Cederbaum. Deciding bisim- ilarity and similarity for probabilistic processes. Journal of Computer and System Sciences, 60(1):187-231, 2000.
  39. C. Baier and M. Größer and F. Ciesinski. Partial order reduction for prob- abilistic systems. In 1st International Conference on Quantitative Evaluation of Systems (QEST), pages 230-239. IEEE Computer Society Press, 2004.
  40. C. Baier and B. R. Haverkort and H. Hermanns and J.-P. Katoen. Model checking algorithms for continuous time Markov chains. IEEE Transactions on Software Engineering, 29(6):524-541, 2003.
  41. C. Baier and J.-P. Katoen and H. Hermanns and V. Wolf. Compara- tive branching time semantics for Markov chains. Information and Computation, 200(2):149-214, 2005.
  42. C. Baier and M. Kwiatkowska. Model checking for a probabilistic branching time logic with fairness. Distributed Computing, 11(3):125-155, 1998.
  43. C. Baier and M. Kwiatkowska. On the verification of qualitative properties of probabilistic processes under fairness constraints. Information Processing Letters, 66(2):71-79, 1998.
  44. T. Ball and A. Podelski and S. Rajamani. Boolean and Cartesian abstrac- tion for model checking C programs. In 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 2031 of Lecture Notes in Computer Science, pages 268-283. Springer-Verlag, 2001.
  45. K. A. Bartlett and R. A. Scantlebury and P. T. Wilkinson. A note on reliable full duplex transmission over half duplex links. Communications of the ACM, 12(5):260-261, 1969.
  46. G. Behrmann and A. David and K. G. Larsen. A tutorial on Uppaal. In For- mal Methods for the Design of Real-Time Systems, International School on Formal Methods for the Design of Computer, Communication and Software Systems, volume 3185 of Lecture Notes in Computer Science, pages 200-236. Springer-Verlag, 2004.
  47. B. Beizer. Software Testing Techniques. Van Nostrand Reinhold, 1990.
  48. F. Belina and D. Hogrefe and A. Sarma. SDL with Applications from Protocol Specification. Prentice-Hall, 1991.
  49. R. Bellman. A Markovian decision process. Journal of Mathematics and Mechan- ics, 38:679-684, 1957.
  50. R. Bellman. Markovian decision processes. Journal of Mathematics and Mechanics, 38:716-719, 1957.
  51. R. Bellman. On a routing problem. Quarterly of Applied Mathematics, 16(1):87- 90, 1958.
  52. M. Ben-Ari. Algorithms for on-the-fly garbage collection. ACM Transactions on Programming Languages and Systems, 6(3):333-344, 1984.
  53. M. Ben-Ari and Z. Manna and A. Pnueli. The temporal logic of branching time. Acta Informatica, 20:207-226, 1983.
  54. J. Bengtsson and W. Yi. Timed automata: semantics, algorithms and tools. In Lectures on Concurrency and Petri Nets, volume 3098 of Lecture Notes in Computer Science, pages 87-124. Springer-Verlag, 2003.
  55. B. Bérard and M. Bidoit and A. Finkel and F. Laroussinie and A. Petit and L. Petrucci and Ph. Schnoebelen. Systems and Software Verification: Model-Checking Techniques and Tools. Springer-Verlag, 2001.
  56. J. A. Bergstra and J. W. Klop. Algebra of communicating processes with abstraction. Theoretical Computer Science, 37:77-121, 1985.
  57. J. A. Bergstra and A. Ponse and S. A. Smolka (editors). Handbook of Process Algebra. Elsevier Publishers B.V., 2001.
  58. P. Berman and J. A. Garay. Asymptotically optimal distributed consensus (extended abstract). In Automata, Languages and Programming (ICALP), volume 372 of Lecture Notes in Computer Science, pages 80-94. Springer-Verlag, 1989.
  59. B. Berthomieu and M. Menasche. An enumerative approach for analyzing time Petri nets. In IFIP 9th World Computer Congress, pages 41-46. North Holland, 1983.
  60. D. P. Bertsekas. Dynamic Programming: Deterministic and Stochastic Models. Prentice-Hall, 1987.
  61. G. Bhat and R. Cleaveland and O. Grumberg. Efficient on-the-fly model checking for CTL * . In 10th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 388-397. IEEE Computer Society Press, 1995.
  62. A. Bianco and L. de Alfaro. Model checking of probabilistic and nondetermin- istic systems. In 15th International Conference on Foundations of Software Tech- nology and Theoretical Computer Science (FSTTCS), volume 1026 of Lecture Notes in Computer Science, pages 499-513. Springer-Verlag, 1995.
  63. B. W. Boehm. Software Engineering Economics. Prentice-Hall, 1981.
  64. B. W. Boehm and V. R. Basili. Software defect reduction top 10 list. IEEE Computer, 34(1):135-137, 2001.
  65. H. Bohnenkamp and P. van der Stok and H. Hermanns and F.W. Vaan- drager. Cost optimisation of the ipv4 zeroconf protocol. In International Confer- ence on Dependable Systems and Networks (DSN), pages 626-638. IEEE Computer Society Press, 2003.
  66. G. Bolch and S. Greiner and H. de Meer and K. S. Trivedi. Queueing Net- works and Markov Chains: Modeling and Performance Evaluation with Computer Science Applications. John Wiley & Sons, 2006.
  67. B. Bollig and I. Wegener. Improving the variable ordering of OBDDs is NP- complete. IEEE Transactions on Computers, 45(9):993-1002, 1996.
  68. T. Bolognesi and E. Brinksma. Introduction to the ISO specification language LOTOS. Computer Networks and ISDN Systems, 14(1):25-59, 1987.
  69. S. Bornot and J. Sifakis. An algebraic framework for urgency. Information and Computation, 163(1):172-202, 2000.
  70. D. Bosnacki and G. Holzmann. Improving SPIN's partial-order reduction for breadth-first search. In 12th International SPIN Workshop on Model Checking of Software, volume 3639 of Lecture Notes in Computer Science, pages 91-105.
  71. A. Bouajjani and J.-C. Fernandez and N. Halbwachs. Minimal model gen- eration. In 2nd International Workshop on Computer-Aided Verification (CAV), volume 531 of Lecture Notes in Computer Science, pages 197-203. Springer-Verlag, 1990.
  72. P. Bouyer. Untameable timed automata! In 20th Annual Symposium on The- oretical Aspects of Computer Science (STACS), volume 2607 of Lecture Notes in Computer Science, pages 620-631. Springer-Verlag, 2003.
  73. R. K. Brayton and G. D. Hachtel and A. L. Sangiovanni-Vincentelli and F. Somenzi and A. Aziz and S.-T. Cheng and S. A. Edwards and S. P. Khatri and Y. Kukimoto and A. Pardo and S. Qadeer and R. K. Ranjan and S. Sarwary and T. R. Shiple and G. Swamy and T. Villa. VIS: a system for verification and synthesis. In 8th International Conference on Computer Aided Verification (CAV), volume 1102 of Lecture Notes in Computer Science, pages 428-432. Springer-Verlag, 1996.
  74. P. Bremaud. Markov Chains, Gibbs Fields, Monte Carlo Simulation and Queues. Springer-Verlag, 1999.
  75. L. Brim and I. Černá and M. Nečesal. Randomization helps in LTL model checking. In 1st Joint International Workshop on Process Algebra and Probabilistic Methods, Performance Modeling and Verification (PAPM-PROBMIV), volume 2165 of Lecture Notes in Computer Science, pages 105-119. Springer-Verlag, 2001.
  76. S. D. Brookes and C. A. R. Hoare and A. W. Roscoe. A theory of commu- nicating sequential processes. Journal of the ACM, 31(3):560-599, 1984.
  77. M. C. Browne and E. M. Clarke and D. L. Dill and B. Mishra. Auto- matic verification of sequential circuits using temporal logic. IEEE Transactions on Computers, 35(12):1035-1044, 1986.
  78. M. C. Browne and E. M. Clarke and O. Grumberg. Characterizing finite Kripke structures in propositional temporal logic. Theoretical Computer Science, 59(1-2):115-131, 1988.
  79. S. D. Bruda. Preorder relations. In M. Broy, B. Jonsson, J.-P. Katoen, M. Leucker, and A. Pretschner, editors, Model-Based Testing of Reactive Systems, volume 3472 of Lecture Notes in Computer Science, chapter 5, pages 115-148. Springer-Verlag, 2005.
  80. J. Brunekreef and J.-P. Katoen and R. Koymans and S. Mauw. Design and analysis of dynamic leader election protocols in broadcast networks. Distributed Computing, 9(4):157-171, 1996.
  81. R. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, 35(8):677-691, 1986.
  82. R. Bryant. On the complexity of VLSI implementations and graph representations of boolean functions with application to integer multiplication. IEEE Transactions on Computers, 40(2):205-213, 1991.
  83. P. Buchholz. Exact and ordinary lumpability in Markov chains. Journal of Applied Probability, 31:59-75, 1994.
  84. J. R. Büchi. On a decision method in restricted second order arithmetic. In International Congress on Logic, Methodology and Philosophy of Science, pages 1- 11. Stanford University Press, 1962.
  85. J. Burch and E. Clarke and K. L. McMillan and D. L. Dill and L. Hwang. Symbolic model checking 10 20 states and beyond. Information and Com- putation, 98(2):142-170, 1992.
  86. J. Burch and E. M. Clarke and K. L. McMillan and D. L. Dill. Sequential circuit verification using symbolic model checking. In 27th ACM/IEEE Conference on Design Automation (DAC), pages 46-51. IEEE Computer Society Press, 1990.
  87. D. Bustan and O. Grumberg. Simulation-based minimization. ACM Transac- tions on Computational Logic, 4(2):181-206, 2003.
  88. D. Bustan and S. Rubin and M. Y. Vardi. Verifying ω-regular properties of Markov chains. In 16th International Conference on Computer Aided Verification (CAV), volume 3114 of Lecture Notes in Computer Science, pages 189-201. Springer- Verlag, 2004.
  89. K. Cerans. Decidability of bisimulation equivalences for parallel timer processes. In 4th International Workshop on Computer Aided Verification (CAV), volume 663 of Lecture Notes in Computer Science, pages 302-315. Springer-Verlag, 1992.
  90. W. Chan and R. J. Anderson and P. Beame and S. Burns and F. Modugno and D. Notkin and J. D. Reese. Model checking large software specifications. IEEE Transactions on Software Engineering, 24(7):498-520, 1998.
  91. E. Chang and Z. Manna and A. Pnueli. The safety-progress classification. In F. L. Bauer, W. Brauer, and H. Schwichtenberg, editors, Logic and Algebra of Specification, volume 94 of NATO ASI Series F: Computer and Systems Sciences, pages 143-202. Springer-Verlag, 1992.
  92. Y. Choueka. Theories of automata on ω-tapes. Journal of Computer and System Sciences, 8:117-141, 1974.
  93. F. Ciesinski and C. Baier. LiQuor: a tool for qualititative and quantitative linear time analysis of reactive systems. In 3rd Conference on Quantitative Evaluation of Systems (QEST), pages 131-132. IEEE Computer Society Press, 2006.
  94. A. Cimatti and E. M. Clarke and F. Giunchiglia and M. Roveri. NuSMV: a new symbolic model checker. International Journal on Software Tools for Technology Transfer, 2(4):410-425, 2000.
  95. E. M. Clarke and A. Biere and R. Raimi and Y. Zhu. Bounded model checking using satisfiability solving. Formal Methods in System Design, 19(1):7-34, 2001.
  96. E. M. Clarke and I. A. Draghicescu. Expressibility results for linear time and branching time logics. In J. W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Linear Time, Branching Time, and Partial Order in Logics and Model for Concurrency, volume 354 of Lecture Notes in Computer Science, pages 428-437.
  97. E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Logic of Programs, volume 131 of Lecture Notes in Computer Science, pages 52-71. Springer-Verlag, 1981.
  98. E. M. Clarke and E. A. Emerson and A. P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans- actions on Programming Languages and Systems, 8(2):244-263, 1986.
  99. E. M. Clarke and O. Grumberg and K. Hamaguchi. Another look at LTL model checking. In 6th International Conference on Computer Aided Verification (CAV), volume 818 of Lecture Notes in Computer Science, pages 415-427. Springer- Verlag, 1994.
  100. E. M. Clarke and O. Grumberg and H. Hiraishi and S. Jha and D. E. Long and K. L. McMillan and L. A. Ness. Verification of the Futurebus+ cache coherence protocol. In 11th International Symposium on Computer Hard- ware Description Languages and their Applications, pages 5-20. Kluwer Academic Publishers, 1993.
  101. E. M. Clarke and O. Grumberg and D. E. Long. Model checking and abstrac- tion. ACM Transactions on Programming Languages and Systems, 16(5):1512-1542, 1994.
  102. E. M. Clarke and O. Grumberg and K. L. McMillan and X. Zhao. Effi- cient generation of counterexamples and witnesses in symbolic model checking. In 32nd ACM/IEEE Conference on Design Automation (DAC), pages 427-432. IEEE Computer Society Press, 1995.
  103. E. M. Clarke and O. Grumberg and D. Peled. Model Checking. MIT Press, 1999.
  104. E. M. Clarke and S. Jha and Y. Lu and H. Veith. Tree-like counterexamples in model checking. In 17th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 19-29. IEEE Computer Society Press, 2002.
  105. E. M. Clarke and R. Kurshan. Computer-aided verification. IEEE Spectrum, 33(6):61-67, 1996.
  106. E. M. Clarke and H. Schlingloff. Model checking. In A. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning (Volume II), chapter 24, pages 1635-1790. Elsevier Publishers B.V., 2000.
  107. E. M. Clarke and J. Wing. Formal methods: state of the art and future direc- tions. ACM Computing Surveys, 28(4):626-643, 1996.
  108. R. Cleaveland and J. Parrow and B. Steffen. The concurrency workbench: a semantics-based tool for the verification of concurrent systems. ACM Transactions on Programming Languages and Systems, 15(1):36-72, 1993.
  109. R. Cleaveland and O. Sokolsky. Equivalence and preorder checking for finite- state systems. In J. Bergstra, A. Ponse, and S.A. Smolka, editors, Handbook of Process Algebra, chapter 6, pages 391-424. Elsevier Publishers B.V., 2001.
  110. S. Cook. The complexity of theorem-proving procedures. In 3rd Annual ACM Symposium on Theory of Computing, pages 151-158. ACM Press, 1971.
  111. T. H. Cormen and C. E. Leiserson and R. L. Rivest and C. Stein. Intro- duction to Algorithms. MIT Press, 2001.
  112. F. Corradini and R. De Nicola and A. Labella. An equational axiomati- zation of bisimulation over regular expressions. Journal of Logic and Computation, 12(2):301-320, 2002.
  113. C. Courcoubetis and M. Y. Vardi and P. Wolper and M. Yannakakis. Memory-efficient algorithms for the verification of temporal properties. Formal Methods in System Design, 1(2-3):275-288, 1992.
  114. C. Courcoubetis and M. Yannakakis. Markov decision processes and reg- ular events (extended abstract). In 17th International Colloquium on Automata, Languages and Programming (ICALP), volume 443 of Lecture Notes in Computer Science, pages 336-349. Springer-Verlag, 1990.
  115. C. Courcoubetis and M. Yannakakis. The complexity of probabilistic verifica- tion. Journal of the ACM, 42(4):857-907, 1995.
  116. P. Cousot and R. Cousot. On abstraction in software verification. In 14th International Conference on Computer Aided Verification (CAV), volume 2404 of Lecture Notes in Computer Science, pages 37-56. Springer-Verlag, 2002.
  117. J.-M. Couvreur. On-the-fly verification of linear temporal logic. In World Congress on Formal Methods (FM), volume 1708 of Lecture Notes in Computer Science, pages 253-271. Springer-Verlag, 1999.
  118. J.-M. Couvreur and A. Duret-Lutz and D. Poitrenaud. On-the-fly empti- ness checks for generalized Büchi automata. In 12th International SPIN Workshop on Model Checking of Software, volume 3639 of Lecture Notes in Computer Science, pages 143-158. Springer-Verlag, 2005.
  119. J.-M. Couvreur and N. Saheb and G. Sutre. An optimal automata approach to LTL model checking of probabilistic systems. In 10th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR), volume 2850 of Lecture Notes in Computer Science, pages 361-375. Springer-Verlag, 2003.
  120. D. Dams and R. Gerth and O. Grumberg. Abstract interpretation of reactive systems. ACM Transactions on Programming Languages and Systems, 19(2):253- 291, 1997.
  121. M. Daniele and F. Giunchiglia and M. Y. Vardi. Improved automata genera- tion for linear temporal logic. In 11th International Conference on Computer Aided Verification (CAV), volume 1633 of Lecture Notes in Computer Science, pages 249- 260. Springer-Verlag, 1999.
  122. P. R. D'Argenio and E. Brinksma. A calculus for timed automata. In 4th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems (FTRTFT), volume 1135 of Lecture Notes in Computer Science, pages 110- 129. Springer-Verlag, 1996.
  123. P. R. D'Argenio and B. Jeannet and H. Jensen and K. Larsen. Reacha- bility analysis of probabilistic systems by successive renements. In Proc. 1st Joint Int. Workshop Process Algebra and Probabilistic Methods, Performance Modeling and Verification (PAPM-PROBMIV), volume 2399 of Lecture Notes in Computer Science, pages 39-56, 2001.
  124. P. R. D'Argenio and P. Niebert. Partial order reduction on concurrent prob- abilistic programs. In 1st International Conference on Quantitative Evaluation of Systems (QEST), pages 240-249. IEEE Computer Society Press, 2004.
  125. L. de Alfaro. Temporal logics for the specification of performance and reliability. In 14th Annual Symposium on Theoretical Aspects of Computer Science (STACS), volume 1200 of Lecture Notes in Computer Science, pages 165-176. Springer-Verlag, 1997.
  126. L. de Alfaro. Formal Verification of Probabilistic Systems. PhD thesis, Stanford University, Department of Computer Science, 1998.
  127. L. de Alfaro. How to specify and verify the long-run average behavior of prob- abilistic systems. In Thirteenth Annual IEEE Symposium on Logic in Computer Science (LICS), pages 454-465. IEEE Computer Society Press, 1998.
  128. L. de Alfaro. Computing minimum and maximum reachability times in proba- bilistic systems. In 10th Conference on Concurrency Theory (CONCUR), volume 1664 of Lecture Notes in Computer Science, pages 66-81. Springer-Verlag, 1999.
  129. W.-P. de Roever and F. S. de Boer and U. Hannemann and J. Hooman and Y. Lakhnech and M. Poel and J. Zwiers. Concurrency Verification: Introduction to Compositional and Noncompositional Methods. Number 54 in Cam- bridge Tracts in Theoretical Computer Science. Cambridge University Press, 2001.
  130. F. Dederichs and R. Weber. Safety and liveness from a methodological point of view. Information Processing Letters, 36(1):25-30, 1990.
  131. S. Derisavi and H. Hermanns and W. H. Sanders. Optimal state-space lump- ing in Markov chains. Information Processing Letters, 87(6):309-315, 2003.
  132. J. Desharnais and A. Edalat and P. Panangaden. Bisimulation for labelled Markov processes. Information and Computation, 179(2):163-193, 2002.
  133. J. Desharnais and V. Gupta and R. Jagadeesan and P. Panangaden. Weak bisimulation is sound and complete for PCTL * . In Thirteenth International Confer- ence on Concurrency Theory (CONCUR), volume 2421 of Lecture Notes in Com- puter Science, pages 355-370. Springer-Verlag, 2002.
  134. J. Desharnais and V. Gupta and R. Jagadeesan and P. Panangaden. Ap- proximating labelled Markov processes. Information and Computation, 184(1):160- 200, 2003.
  135. J. Desharnais and P. Panangaden. Continuous stochastic logic characterizes bisimulation of continuous-time Markov processes. Journal of Algebraic and Logic Programming, 56(1-2):99-115, 2003.
  136. V. Diekert and Y. Métivier. Partial commutation and traces. In G. Rozenberg and A. Salomaa, editors, Handbook of Formal Languages, volume 3, pages 457-533.
  137. E. W. Dijkstra. Solutions of a problem in concurrent programming control. Com- munications of the ACM, 8(9):569, 1965.
  138. E. W. Dijkstra. Cooperating sequential processes. In F. Genuys, editor, Program- ming Languages, pages 43-112. Academic Press, 1968.
  139. E. W. Dijkstra. Hierarchical ordering of sequential processes. Acta Informatica, 1:115-138, 1971.
  140. E. W. Dijkstra. Information streams sharing a finite buffer. Information Process- ing Letters, 1(5):179-180, 1972.
  141. E. W. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.
  142. D. L. Dill. Timing assumptions and verification of finite-state concurrent systems. In International Workshop on Automatic Verification Methods for Finite-State Sys- tems, volume 407 of Lecture Notes in Computer Science, pages 197-212. Springer- Verlag, 1989.
  143. D. L. Dill. The Murϕ verifier. In 8th International Conference on Computer Aided Verification (CAV), volume 1102 of Lecture Notes in Computer Science, pages 390- 393. Springer-Verlag, 1996.
  144. J. Dingel and T. Filkorn. Model checking for infinite state systems using data abstraction, assumption commitment style reasoning and theorem proving. In 7th International Conference on Computer Aided Verification (CAV), volume 939 of Lecture Notes in Computer Science, pages 54-69. Springer-Verlag, 1995.
  145. R. Drechsler and B. Becker. Binary Decision Diagrams: Theory and Imple- mentation. Kluwer Academic Publishers, 1998.
  146. S. Edelkamp and A. Lluch Lafuente and S. Leue. Directed explicit model checking with HSF-SPIN. In 8th International SPIN Workshop on Model Checking of Software, volume 2057 of Lecture Notes in Computer Science, pages 57-79. Springer- Verlag, 2001.
  147. C. Eisner and D. Fisman. A Practical Introduction to PSL. Series on Integrated Circuits and Systems. Springer, 2006.
  148. T. Elrad and N. Francez. Decomposition of distributed programs into communication-closed layers. Science of Computer Programming, 2(3):155-173, 1982.
  149. E. A. Emerson. Temporal and modal logic. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, vol B: Formal Models and Semantics. Elsevier Publishers B.V., 1990.
  150. E. A. Emerson and J. Y. Halpern. Decision procedures and expressiveness in the temporal logic of branching time. Journal of Computer and System Sciences, 30(1):1-24, 1985.
  151. E. A. Emerson and J. Y. Halpern. "Sometimes" and "not never" revisited: on branching versus linear time temporal logic. Journal of the ACM, 33(1):151-178, 1986.
  152. E. A. Emerson and C. S. Jutla. The complexity of tree automata and logics of programs (extended abstract). In 29th Annual Symposium on Foundations of Computer Science (FOCS), pages 328-337. IEEE Computer Society Press, 1988.
  153. E. A. Emerson and C.-L. Lei. Temporal reasoning under generalized fairness constraints. In 3rd Annual Symposium on Theoretical Aspects of Computer Science (STACS), volume 210 of Lecture Notes in Computer Science, pages 21-36. Springer- Verlag, 1986.
  154. E. A. Emerson and C.-L. Lei. Modalities for model checking: branching time logic strikes back. Science of Computer Programming, 8(3):275-306, 1987.
  155. J. Engelfriet. Branching processes of Petri nets. Acta Informatica, 28(6):575-591, 1991.
  156. J. Esparza. Model checking using net unfoldings. Science of Computer Program- ming, 23(2-3):151-195, 1994.
  157. K. Etessami. Stutter-invariant languages, omega-automata, and temporal logic. In 11th International Conference on Computer Aided Verification (CAV), volume 1633 of Lecture Notes in Computer Science, pages 236-248. Springer-Verlag, 1999.
  158. K. Etessami. A note on a question of Peled and Wilke regarding stutter-invariant LTL. Information Processing Letters, 75(6):261-263, 2000.
  159. K. Etessami and G. Holzmann. Optimizing Büchi automata. In 11th Inter- national Conference on Concurrency Theory (CONCUR), volume 1877 of Lecture Notes in Computer Science, pages 153-165. Springer-Verlag, 2000.
  160. K. Etessami and T. Wilke and R. Schuller. Fair simulation relations, parity games, and state space reduction for Büchi automata. SIAM Journal of Computing, 34(5):1159-1175, 2005.
  161. W. Feller. An Introduction to Probability Theory and Its Applications, volumes 1 and 2. John Wiley & Sons, 2001.
  162. C. Fencott. Formal Methods for Concurrency. Thomson Computer Press, 1995.
  163. K. Fisler and M. Y. Vardi. Bisimulation minimization in an automata-theoretic verification framework. In 2nd International Conference on Formal Methods in Computer-Aided Design (FMCAD), volume 1522 of Lecture Notes in Computer Sci- ence, pages 115-132. Springer-Verlag, 1998.
  164. K. Fisler and M. Y. Vardi. Bisimulation and model checking. In 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Ver- ification Methods (CHARME), volume 1703 of Lecture Notes in Computer Science, pages 338-341. Springer-Verlag, 1999.
  165. K. Fisler and M. Y. Vardi. Bisimulation minimization and symbolic model checking. Formal Methods in System Design, 21(1):39-78, 2002.
  166. N. Francez. Fairness. Springer-Verlag, 1986.
  167. L.-A. Fredlund. The timing and probability workbench: a tool for analysing timed processes. Technical Report 49, Uppsala University, 1994.
  168. C. Fritz and T. Wilke. State space reductions for alternating Büchi automata. In 22th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), volume 2556 of Lecture Notes in Computer Science, pages 157- 168. Springer-Verlag, 2002.
  169. D. Gabbay and I. Hodkinson and M. Reynolds. Temporal Logic: Mathematical Foundations and Computational Aspects, volume 1. Oxford University Press, 1994.
  170. D. Gabbay and A. Pnueli and S. Shelah and J. Stavi. On the temporal basis of fairness. In 7th Symposium on Principles of Programming Languages (POPL), pages 163-173. ACM Press, 1980.
  171. M. Garey and D. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company, 1979.
  172. P. Gastin and P. Moro and M. Zeitoun. Minimization of counterexamples in SPIN. In 11th International SPIN Workshop on Model Checking of Software, volume 2989 of Lecture Notes in Computer Science, pages 92-108. Springer-Verlag, 2004.
  173. P. Gastin and D. Oddoux. Fast LTL to Büchi automata translation. In Thir- teenth International Conference on Computer Aided Verification (CAV), volume 2102 of Lecture Notes in Computer Science, pages 53-65. Springer-Verlag, 2001.
  174. J. Geldenhuys and A. Valmari. More efficient on-the-fly LTL verification with Tarjan's algorithm. Theoretical Computer Science, 345(1):60-82, 2005.
  175. R. Gerth. Transition logic: how to reason about temporal properties in a compo- sitional way. In 16th Annual ACM Symposium on Theory of Computing (STOC), pages 39-50. ACM Press, 1984.
  176. R. Gerth and R. Kuiper and D. Peled and W. Penczek. A partial order approach to branching time logic model checking. In 3rd Israel Symposium on the Theory of Computing Systems (ISTCS), pages 130-139. IEEE Computer Society Press, 1995.
  177. R. Gerth and D. Peled and M. Y. Vardi and P. Wolper. Simple on-the-fly automatic verification of linear temporal logic. In Protocol Specification Testing and Verification, pages 3-18.
  178. Chapman & Hall, 1995.
  179. D. Giannakopoulou and F. Lerda. From states to transitions: improving trans- lation of LTL formulae to Büchi automata. In 22nd IFIP International Conference on Formal Techniques for Networked and Distributed Systems, volume 2529 of Lec- ture Notes in Computer Science, pages 308-326. Springer-Verlag, 2002.
  180. P. Godefroid. Using partial orders to improve automatic verification methods. In 2nd International Workshop on Computer Aided Verification (CAV), volume 531 of Lecture Notes in Computer Science, pages 176-185. Springer-Verlag, 1990.
  181. P. Godefroid. Partial Order Methods for the Verification of Concurrent Systems: An Approach to the State Explosion Problem, volume 1032 of Lecture Notes in Com- puter Science. Springer-Verlag, 1996.
  182. P. Godefroid. Model checking for programming languages using Verisoft. In 24th Annual Symposium on Principles of Programming Languages (POPL), pages 174-186. ACM Press, 1997.
  183. P. Godefroid and D. Pirottin. Refining dependencies improves partial-order verification methods. In 5nd International Workshop on Computer Aided Verifi- cation (CAV), volume 697 of Lecture Notes in Computer Science, pages 438-449.
  184. P. Godefroid and P. Wolper. Using partial orders for the efficient verification of deadlock freedom and safety properties. Formal Methods in Systems Design, 2(2):149-164, 1993.
  185. R. Gotzhein. Temporal logic and applications: a tutorial. Computer Networks and ISDN Systems, 24(3):203-218, 1992.
  186. E. Grädel and W. Thomas and T. Wilke (editors). Automata Logics, and Infinite Games: A Guide to Current Research, volume 2500 of Lecture Notes in Computer Science. Springer-Verlag, 2002.
  187. W. D. Griffioen and F. Vaandrager. A theory of normed simulations. ACM Transactions on Computational Logic, 5(4):577-610, 2004.
  188. J. F. Groote and F. Vaandrager. An efficient algorithm for branching bisim- ulation and stuttering equivalence. In 17th International Colloquium on Automata, Languages and Programming (ICALP), volume 443 of Lecture Notes in Computer Science, pages 531-540. Springer-Verlag, 1990.
  189. J. F. Groote and J. van de Pol. State space reduction using partial tau- confluence. In 25th International Symposium on Mathematical Foundations of Com- puter Science (MFCS), volume 1893 of Lecture Notes in Computer Science, pages 383-393. Springer-Verlag, 2000.
  190. H. Gumm. Another glance at the Alpern-Schneider characterization of safety and liveness in concurrent executions. Information Processing Letters, 47(6):291-294, 1993.
  191. A. Gupta. Formal hardware verification methods: a survey. Formal Methods in System Design, 1(2-3):151-238, 1992.
  192. G. Hachtel and F. Somenzi. Logic Synthesis and Verification Algorithms. Kluwer Academic Publishers, 1996.
  193. G. D. Hachtel and E. Macii and A. Pardo and F. Somenzi. Markovian analysis of large finite-state machines. IEEE Transactions on CAD of Integrated Circuits and Systems, 15(12):1479-1493, 1996.
  194. J. Hajek. Automatically verified data transfer protocols. In 4th International Conference on Computer Communication (ICCC), pages 749-756. IEEE Computer Society Press, 1978.
  195. N. Halbwachs. Synchronous Programming of Reactive Systems. Kluwer Academic Publishers, 1992.
  196. M. Hammer and A. Knapp and S. Merz. Truly on-the-fly LTL model checking. In 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 3440 of Lecture Notes in Computer Science, pages 191-205. Springer-Verlag, 2005.
  197. T. Han and J.-P. Katoen. Counterexamples in probabilistic model checking. In Thirteenth International Conference on Tools and Algorithms for the Construc- tion and Analysis of Systems (TACAS), volume 4424 of Lecture Notes in Computer Science, pages 72-86. Springer-Verlag, 2007.
  198. H. Hansson. Time and Probability in Formal Design of Distributed Systems. Series in Real-Time Safety Critical Systems. Elsevier Publishers B.V., 1994.
  199. H. Hansson and B. Jonsson. A logic for reasoning about time and reliability. Formal Aspects of Computing, 6(5):512-535, 1994.
  200. F. Harary. Graph Theory. Addison-Wesley, 1969.
  201. D. Harel. Statecharts: a visual formalism for complex systems. Science of Com- puter Programming, 8(3):231-274, 1987.
  202. S. Hart and M. Sharir. Probabilistic propositional temporal logics. Information and Control, 70(2-3):97-155, 1986.
  203. S. Hart and M. Sharir and A. Pnueli. Termination of probabilistic concurrent programs. ACM Transactions on Programming Languages and Systems, 5(3):356- 380, 1983.
  204. V. Hartonas-Garmhausen and S. Campos and E. M. Clarke. ProbVerus: probabilistic symbolic model checking. In 5th International AMAST Workshop on Formal Methods for Real-Time and Probabilistic Systems (ARTS), volume 1601 of Lecture Notes in Computer Science, pages 96-110. Springer-Verlag, 1999.
  205. J. Hatcliff and M. Dwyer. Using the Bandera tool set to model-check properties of concurrent Java software. In 12th International Conference on Concurrency The- ory (CONCUR), volume 2154 of Lecture Notes in Computer Science, pages 39-58.
  206. K. Havelund and M. Lowry and J. Penix. Formal analysis of a space-craft controller using SPIN. IEEE Transactions on Software Engineering, 27(8):749-765, 2001.
  207. K. Havelund and T. Pressburger. Model checking Java programs using Java Pathfinder. International Journal on Software Tools for Technology Transfer, 2(4):366-381, 2000.
  208. B. R. Haverkort. Performance of Computer Communication Systems: A Model- Based Approach. John Wiley & Sons, 1998.
  209. M. Hennessy and R. Milner. Algebraic laws for nondeterminism and concur- rency. Journal of the ACM, 32(1):137-161, 1985.
  210. M. R. Henzinger and T. A. Henzinger and P. W. Kopke. Computing simu- lations on finite and infinite graphs. In 36th Annual Symposium on Foundations of Computer Science (FOCS), pages 453-462. IEEE Computer Society Press, 1995.
  211. T. Henzinger and R. Majumdar and J.-F. Raskin. A classification of symbolic transition systems. ACM Transactions on Computational Logic, 6(1):1-32, 2005.
  212. T. A. Henzinger and X. Nicollin and J. Sifakis and S. Yovine. Symbolic model checking for real-time systems. Information and Computation, 111(2):193- 244, 1994.
  213. H. Hermanns and J.-P. Katoen and J. Meyer-Kayser and M. Siegle. A tool for model-checking Markov chains. International Journal on Software Tools for Technology Transfer, 4(2):153-172, 2003.
  214. C. A. R. Hoare. Communicating sequential processes. Communications of the ACM, 21(8):666-677, 1978.
  215. C. A. R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1985.
  216. R. Hojati and R. K. Brayton and R. P. Kurshan. BDD-based debugging of designs using language containment and fair CTL. In 5th International Conference on Computer Aided Verification (CAV), volume 697 of Lecture Notes in Computer Science, pages 41-58. Springer-Verlag, 1993.
  217. G. J. Holzmann. Design and Validation of Computer Protocols. Prentice-Hall, 1990.
  218. G. J. Holzmann. Design and validation of protocols: a tutorial. Computer Net- works and ISDN Systems, 25(9):981-1017, 1993.
  219. G. J. Holzmann. The theory and practice of a formal method: NewCoRe. In IFIP World Congress, pages 35-44. North Holland, 1994.
  220. G. J. Holzmann. The model checker SPIN. IEEE Transactions on Software En- gineering, 23(5):279-295, 1997.
  221. G. J. Holzmann. The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, 2003.
  222. G. J. Holzmann and E. Najm and A. Serhrouchini. SPIN model checking: an introduction. International Journal on Software Tools for Technology Transfer, 2(4):321-327, 2000.
  223. G. J. Holzmann and D. Peled. An improvement in formal verification. In 7th IFIP WG6.1 International Conference on Formal Description Techniques (FORTE), pages 197-211.
  224. Chapman & Hall, 1994.
  225. G. J. Holzmann and D. Peled and M. Yannakakis. On nested depth-first search. In 2nd International SPIN workshop on Model Checking of Software, pages 23-32. AMS Press, 1996.
  226. J. E. Hopcroft. An n log n algorithm for minimizing the states in a finite au- tomaton. In Z. Kohavi, editor, The Theory of Machines and Computations, pages 189-196. Academic Press, 1971.
  227. J. E. Hopcroft and R. Motwani and J. Ullman. Introduction to Automata Theory, Languages and Computation. Addison-Wesley, 2001.
  228. R. A. Howard. Dynamic Programming and Markov Processes. MIT Press, 1960.
  229. R. A. Howard. Dynamic Probabilistic Systems, volume 2: Semi-Markov and De- cision Processes. John Wiley & Sons, 1972.
  230. D. A. Huffman. The synthesis of sequential switching circuits. Journal of the Franklin Institute, 257(3-4):161-190, 275-303, 1954.
  231. M. Huhn and P. Niebert and H. Wehrheim. Partial order reductions for bisim- ulation checking. In 18th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), volume 1530 of Lecture Notes in Com- puter Science, pages 271-282. Springer-Verlag, 1998.
  232. M. Huth and M. D. Ryan. Logic in Computer Science -Modelling and Reasoning about Systems. Cambridge University Press, 1999.
  233. T. Huynh and L. Tian. On some equivalence relations for probabilistic processes. Fundamenta Informaticae, 17(3):211-234, 1992.
  234. H. Hyman. Comments on a problem in concurrent programming control. Commu- nications of the ACM, 9(1):45, 1966.
  235. ISO/ITU-T. Formal Methods in Conformance Testing. International Standard, 1996.
  236. A. Itai and M. Rodeh. Symmetry breaking in distributed networks. Information and Computation, 88(1):60-87, 1990.
  237. H. Iwashita and T. Nakata and F. Hirose. CTL model checking based on forward state traversal. In International Conference on Computer-Aided Design (ICCAD), pages 82-87. IEEE Computer Society Press, 1996.
  238. W. Janssen and J. Zwiers. Specifying and proving communication closedness in protocols. In Thirteenth IFIP WG6.1 International Symposium on Protocol Specifi- cation, Testing and Verification, pages 323-339. North Holland, 1993.
  239. B. Jeannet and P. R. D'Argenio and K. G. Larsen. RAPTURE: a tool for verifying Markov decision processes. In Tools Day, International Conference on Concurrency Theory (CONCUR), 2002.
  240. B. Jonsson and K. G. Larsen. Specification and refinement of probabilistic processes. In 6th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 266-277. IEEE Computer Society Press, 1991.
  241. B. Jonsson and W. Yi and K. G. Larsen. Probabilistic extensions of process algebras. In J. Bergstra, A. Ponse, and S.A. Smolka, editors, Handbook of Process Algebra, chapter 11, pages 685-711. Elsevier Publishers B.V., 2001.
  242. M. Kaminski. A classification of omega-regular languages. Theoretical Computer Science, 36:217-229, 1985.
  243. J. A. W. Kamp. Tense Logic and the Theory of Linear Order. PhD thesis, Univer- sity of California, Los Angeles, 1968.
  244. P. Kanellakis and S. Smolka. CCS expressions, finite state processes, and three problems of equivalence. Information and Computation, 86(1):43-68, 1990.
  245. J.-P. Katoen and T. Kemna and I. S. Zapreev and D. N. Jansen. Bisim- ulation minimisation mostly speeds up probabilistic model checking. In Thirteenth International Conference on Tools and Algorithms for the Construction and Analy- sis of Systems (TACAS), volume 4424 of Lecture Notes in Computer Science, pages 87-102. Springer-Verlag, 2007.
  246. J.-P. Katoen and M. Khattri and I. S. Zapreev. A Markov reward model checker. In 2nd International Conference on Quantitative Evaluation of Systems (QEST), pages 243-244. IEEE Computer Society Press, 2005.
  247. S. Katz and D. Peled. Defining conditional independence using collapses. Theo- retical Computer Science, 101(2):337-359, 1992.
  248. S. Katz and D. Peled. Verification of distributed programs using representative interleaving sequences. Distributed Computing, 6(2):107-120, 1992.
  249. R. M. Keller. Formal verification of parallel programs. Communications of the ACM, 19(7):371-384, 1976.
  250. J. Kemeny and J. Snell. Finite Markov Chains. D. Van Nostrand, 1960.
  251. J. Kemeny and J. Snell. Denumerable Markov Chains. D. Van Nostrand, 1976.
  252. E. Kindler. Safety and liveness properties: a survey. Bulletin of the European Association for Theoretical Computer Science, 53:268-272, 1994.
  253. S. C. Kleene. Representation of events in nerve nets and finite automata. In C. Shannon and J. McCarthy, editors, Automata Studies, pages 3-42. Princeton University Press, 1956.
  254. J. Klein and C. Baier. Experiments with deterministic ω-automata for formulas of linear temporal logic. Theoretical Computer Science, 363(2):182-195, 2006.
  255. D. E. Knuth and A. C. Yao. The complexity of nonuniform random number generation. In J.E. Traub, editor, Algorithms and Complexity: New Directions and Recent Results, pages 357-428. Academic Press, New York, 1976.
  256. D. Kozen. Results on the propositional μ-calculus. Theoretical Computer Science, 27:333-354, 1983.
  257. S. A. Kripke. Semantical considerations on modal logic. Acta Philosophica Fennica, 16:83-94, 1963.
  258. F. Kröger. Temporal Logic of Programs, volume 8 of Springer Monographs on Theoretical Computer Science. Springer-Verlag, 1987.
  259. T. Kropf. Introduction to Formal Hardware Verification. Springer-Verlag, 1999.
  260. A. Kucera and P. Schnoebelen. A general approach to comparing infinite- state systems with their finite-state specifications. Theoretical Computer Science, 358(2-3):315-333, 2006.
  261. V. Kulkarni. Modeling and Analysis of Stochastic Systems. Chapman & Hall, 1995.
  262. O. Kupferman and M.Y. Vardi. Model checking of safety properties. Formal Methods in System Design, 19(3):291-314, 2001.
  263. R. Kurshan. Computer-aided Verification of Coordinating Processes: The Automata-Theoretic Approach. Princeton University Press, 1994.
  264. R. Kurshan and V. Levin and M. Minea and D. Peled and H. Yenigün. Combining software and hardware verification techniques. Formal Methods in System Design, 21(3):251-280, 2002.
  265. M. Kwiatkowska. Survey of fairness notions. Information and Software Technol- ogy, 31(7):371-386, 1989.
  266. M. Kwiatkowska. A metric for traces. Information Processing Letters, 35(3):129- 135, 1990.
  267. M. Kwiatkowska and G. Norman and D. Parker. Modelling and verification of probabilistic systems. In P. Panangaden and F. van Breugel, editors, Part 2 of Mathematical Techniques for Analyzing Concurrent and Probabilistic Systems, volume 23 of CRM Monograph Series. AMS Press, 2004.
  268. M. Kwiatkowska and G. Norman and D. Parker. Probabilistic symbolic model checking with PRISM: A hybrid approach. International Journal on Software Tools for Technology Transfer, 6(2):128-142, 2004.
  269. L. Lamport. A new solution of Dijkstra's concurrent programming problem. Com- munications of the ACM, 17(8):453-455, 1974.
  270. L. Lamport. Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering, 3(2):125-143, 1977.
  271. L. Lamport. Time, clocks and the ordering of events in distributed systems. Com- munication of the ACM, 21(7):558-565, 1978.
  272. L. Lamport. "Sometime" is sometimes "not never" -on the temporal logic of pro- grams. In 7th Annual Symposium on Principles of Programming Languages (POPL), pages 174-185. ACM Press, 1980.
  273. L. Lamport. The temporal logic of actions. ACM Transactions on Programming Languages and Systems, 16(3):872-923, 1994.
  274. L. H. Landweber. Decision problems for omega-automata. Mathematical Systems Theory, 3(4):376-384, 1969.
  275. F. Laroussinie and N. Markay and Ph. Schnoebelen. Temporal logic with forgettable past. In 17th IEEE Symposium on Logic in Computer Science (LICS), pages 383-392. IEEE Computer Society Press, 2002.
  276. K. G. Larsen and J. Pearson and C. Weise and W. Yi. Clock difference diagrams. Nordic Journal of Computing, 6(3):271-298, 1999.
  277. K. G. Larsen and A. Skou. Bisimulation through probabilistic testing. Informa- tion and Computation, 94(1):1-28, 1991.
  278. K. G. Larsen and W. Yi. Time-abstracted bisimulation: implicit specification and decidability. In 9th International Conference on the Mathematical Foundations of Programming Semantics (MFPS), volume 802 of Lecture Notes in Computer Science, pages 160-176. Springer-Verlag, 1993.
  279. D. Lee and M. Yannakakis. Online minimization of transition systems. In 24th Annual ACM Symposium on Theory of Computing (STOC), pages 264-274. ACM Press, 1992.
  280. D. Lehmann and A. Pnueli and J. Stavi. Impartiality, justice and fairness: the ethics of concurrent termination. In 8th Colloquium on Automata, Languages and Programming (ICALP), volume 115 of Lecture Notes in Computer Science, pages 264-277. Springer-Verlag, 1981.
  281. D. Lehmann and M. Rabin. On the advantages of free choice: a symmetric and fully distributed solution to the dining philosophers problem. In 8th ACM Symposium on Principles of Programming Languages (POPL), pages 133-138. ACM Press, 1981.
  282. N. Leveson. Safeware: System Safety and Computers. ACM Press, 1995.
  283. C. Lewis. Implication and the algebra of logic. Mind, N. S., 12(84):522-531, 1912.
  284. H. R. Lewis. A logic of concrete time intervals (extended abstract). In 5th An- nual IEEE Symposium on Logic in Computer Science (LICS), pages 380-389. IEEE Computer Society Press, 1990.
  285. H. R. Lewis and C. H. Papadimitriou. Elements of the Theory of Computation. Prentice-Hall, 1997.
  286. O. Lichtenstein and A. Pnueli. Checking that finite-state concurrent programs satisfy their linear specification. In 12th Annual ACM Symposium on Principles of Programming Languages (POPL), pages 97-107. ACM Press, 1985.
  287. O. Lichtenstein and A. Pnueli and L. Zuck. The glory of the past. In Conference on Logic of Programs, volume 193 of Lecture Notes in Computer Science, pages 196-218. Springer-Verlag, 1985.
  288. P. Liggesmeyer and M. Rothfelder and M. Rettelbach and T. Ack- ermann. Qualitätssicherung Software-basierter technischer Systeme. Informatik Spektrum, 21(5):249-258, 1998.
  289. R. Lipton. Reduction: a method of proving properties of parallel programs. Com- munications of the ACM, 18(12):717-721, 1975.
  290. C. Loiseaux and S. Graf and J. Sifakis and A. Bouajjani and S. Bensalem. Property preserving abstractions for the verification of concurrent systems. Formal Methods in System Design, 6(1):11-44, 1995.
  291. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software Concepts and Tools, 17(3):93-102, 1996.
  292. N. Lynch and F. Vaandrager. Forward and backward simulations -part I: untimed systems. Information and Computation, 121(2):214-233, 1993.
  293. N. A. Lynch. Distributed Algorithms. Morgan Kaufmann Publishers, 1996.
  294. O. Maler and Z. Manna and A. Pnueli. From timed to hybrid systems. In Real-Time: Theory in Practice, REX Workshop, volume 600 of Lecture Notes in Computer Science, pages 447-484. Springer-Verlag, 1992.
  295. Z. Manna and A. Pnueli. Completing the temporal picture. Theoretical Computer Science, 83(1):97-130, 1991.
  296. Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Sys- tems: Specification. Springer-Verlag, 1992.
  297. Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Sys- tems: Safety. Springer-Verlag, 1995.
  298. P. Manolios and R. Trefler. Safety and liveness in branching time. In 16th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 366-372. IEEE Computer Society Press, 2001.
  299. P. Manolios and R. J. Trefler. A lattice-theoretic characterization of safety and liveness. In 22nd Annual Symposium on Principles of Distributed Computing (PODC), pages 325-333. IEEE Computer Society Press, 2003.
  300. A. Mazurkiewicz. Trace theory. In Advances in Petri Nets, volume 255 of Lecture Notes in Computer Science, pages 279-324. Springer-Verlag, 1987.
  301. K. L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993.
  302. K. L. McMillan. A technique of state space search based on unfoldings. Formal Methods in System Design, 6(1):45-65, 1995.
  303. R. McNaughton. Testing and generating infinite sequences by a finite automaton. Information and Control, 9(5):521-530, 1966.
  304. G. H. Mealy. A method for synthesizing sequential circuits. Bell System Technical Journal, 34:1045-1079, 1955.
  305. C. Meinel and T. Theobald. Algorithms and Data Structures in VLSI Design. Springer-Verlag, 1998.
  306. S. Merz. Model checking: a tutorial. In F. Cassez, C. Jard, B. Rozoy, and M.D. Ryan, editors, Modelling and Verification of Parallel Processes, volume 2067 of Lec- ture Notes in Computer Science, pages 3-38. Springer-Verlag, 2001.
  307. S. Merz and N. Navet (editors). Modeling and Verification of Real-Time Sys- tems: Formalisms and Software Tools. ISTE Ltd, 2008.
  308. R. Milner. An algebraic definition of simulation between programs. In 2nd Interna- tional Joint Conference on Artificial Intelligence, pages 481-489. William Kaufmann, 1971.
  309. R. Milner. A Calculus of Communicating Systems, volume 92 of Lecture Notes in Computer Science. Springer-Verlag, 1980.
  310. R. Milner. Calculi for synchrony and asynchrony. Theoretical Computer Science, 25(3):267-310, 1983.
  311. R. Milner. Communication and Concurrency. Prentice-Hall, 1989.
  312. R. Milner. Communicating and Mobile Systems: The Pi-Calculus. Cambridge University Press, 1999.
  313. S. Minato. Binary Decision Diagrams and Applications for VLSI CAD. Kluwer Academic Publishers, 1996.
  314. S. Minato and N. Ishiura and S. Yajima. Shared binary decision diagram with attributed edges for efficient boolean function manipulation. In 27th ACM/IEEE Conference on Design Automation (DAC), pages 52-57. ACM Press, 1991.
  315. F. Moller and S. A. Smolka. On the computational complexity of bisimulation. ACM Computing Surveys, 27(2):287-289, 1995.
  316. E. F. Moore. Gedanken-experiments on sequential machines. Automata Studies, 34:129-153, 1956.
  317. C. Morgan and A. McIver. pGCL: Formal reasoning for random algorithms. South African Computer Journal, 22:14-27, 1999.
  318. A. W. Mostowski. Regular expressions for infinite trees and a standard form of automata. In 5th Symposium on Computational Theory, volume 208 of Lecture Notes in Computer Science, pages 157-168. Springer-Verlag, 1984.
  319. R. Motwani and P. Raghavan. Randomized Algorithms. Cambridge University Press, 1995.
  320. D. E. Muller. Infinite sequences and finite machines. In 4th IEEE Symposium on Switching Circuit Theory and Logical Design, pages 3-16. IEEE, 1963.
  321. G. J. Myers. The Art of Software Testing. John Wiley & Sons, 1979.
  322. J. Myhill. Finite automata and the representation of events. Technical Report WADD TR-57-624, Wright Patterson Air Force Base, OH, 1957.
  323. R. Nalumasu and G. Gopalakrishnan. A new partial order reduction algorithm for concurrent systems. In Thirteenth IFIP International Conference on Hardware Description Languages and their Applications (CHDL), pages 305-314. Chapman & Hall, 1997.
  324. K. S. Namjoshi. A simple characterization of stuttering bisimulation. In 17th Conference on Foundations of Software Technology and Theoretical Computer Sci- ence (FSTTCS), volume 1346 of Lecture Notes in Computer Science, pages 284-296.
  325. G. Naumovich and L. A. Clarke. Classifying properties: an alternative to the safety-liveness classification. ACM SIGSOFT Software Engineering Notes, 25(6):159-168, 2000.
  326. A. Nerode. Linear automaton transformations. In Proceedings of the American Mathematical Society, volume 9, pages 541-544, 1958.
  327. R. De Nicola and F. Vaandrager. Three logics for branching bisimulation (extended abstract). In 5th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 118-129. IEEE Computer Society Press, Springer-Verlag, 1990.
  328. X. Nicollin and J.-L. Richier and J. Sifakis and J. Voiron. ATP: an algebra for timed processes. In IFIP TC2 Working Conference on Programming Concepts and Methods, pages 402-427. North Holland, 1990.
  329. A. Olivero and J. Sifakis and S. Yovine. Using abstractions for the verifica- tion of linear hybrid systems. In 6th International Conference on Computer Aided Verification (CAV), volume 818 of Lecture Notes in Computer Science, pages 81-94.
  330. S. Owicki. Verifying concurrent programs with shared data classes. In IFIP Work- ing Conference on Formal Description of Programming Concepts, pages 279-298. North Holland, 1978.
  331. R. Paige and R. E. Tarjan. Three partition refinement algorithms. SIAM Journal on Computing, 16(6):973-989, 1987.
  332. P. Panangaden. Measure and probability for concurrency theorists. Theoretical Computer Science, 253(2):287-309, 2001.
  333. C. Papadimitriou. Computational Complexity. Addison-Wesley, 1994.
  334. D. Park. On the semantics of fair parallelism. In Abstract Software Specification, volume 86 of Lecture Notes in Computer Science, pages 504-526. Springer-Verlag, 1979.
  335. D. Park. Concurrency and automata on infinite sequences. In 5th GI-Conference on Theoretical Computer Science, volume 104 of Lecture Notes in Computer Science, pages 167-183. Springer-Verlag, 1981.
  336. D. Parker. Implementation of Symbolic Model Checking for Probabilistic Systems. PhD thesis, University of Birmingham, UK, 2002.
  337. D. Peled. All from one, one for all: On model checking using representatives. In 5th International Conference on Computer Aided Verification (CAV), volume 697 of Lecture Notes in Computer Science, pages 409-423. Springer-Verlag, 1993.
  338. D. Peled. Combining partial order reductions with on-the-fly model checking. Formal Methods in System Design, 8(1):39-64, 1996.
  339. D. Peled. Partial order reduction: Linear and branching temporal logics and process algebras. In Partial Order Methods in Verification [328], pages 79-88.
  340. D. Peled. Software Reliability Methods. Springer-Verlag, 2001.
  341. D. Peled and V. Pratt and G. J. Holzmann (editors). Partial Order Methods in Verification, volume 29 (10) of DIMACS Series in Discrete Mathematics and Theoretical Computer Science. AMS Press, 1997.
  342. D. Peled and T. Wilke. Stutter-invariant temporal properties are expressible without the next-time operator. Information Processing Letters, 63(5):243-246, 1997.
  343. W. Penczek and R. Gerth and R. Kuiper and M. Szreter. Partial order reductions preserving simulations. In 8th Workshop on Concurrency, Specification and Programming (CS&P), pages 153-172. Warsaw University Press, 1999.
  344. G. Della Penna and B. Intrigila and I. Melatti and E. Tronci and M. Venturini Zilli. Finite horizon analysis of Markov chains with the Murphi verifier. Journal on Software Tools and Technology Transfer, 8(4-5):397-409, 2006.
  345. G. L. Peterson. Myths about the mutual exclusion problem. Information Pro- cessing Letters, 12(3):15-116, 1981.
  346. J. L. Peterson. Petri Net Theory and the Modeling of Systems. Prentice-Hall, 1981.
  347. G. D. Plotkin. A structural approach to operational semantics. Technical Report DAIMI FN-19, Aarhus University, 1981.
  348. G. D. Plotkin. The origins of structural operational semantics. Journal of Logic and Algebraic Programming, 60-61:3-15, 2005.
  349. G. D. Plotkin. A structural approach to operational semantics. Journal of Logic and Algebraic Programming, 60-61:17-139, 2005.
  350. A. Pnueli. The temporal logic of programs. In 18th IEEE Symposium on Foun- dations of Computer Science (FOCS), pages 46-67. IEEE Computer Society Press, 1977.
  351. A. Pnueli. Linear and branching structures in the semantics and logics of reactive systems. In 12th International Colloquium on Automata, Languages and Program- ming (ICALP), volume 194 of Lecture Notes in Computer Science, pages 15-32.
  352. A. Pnueli. Applications of temporal logic to the specification and verification of reactive systems: a survey of current trends. In Advanced School on Current Trends in Concurrency Theorey, volume 244 of Lecture Notes in Computer Science, pages 510-584. Springer-Verlag, 1986.
  353. A. Pnueli and L. Zuck. Probabilistic verification by tableaux. In 1st Annual Symposium on Logic in Computer Science (LICS), pages 322-331. IEEE Computer Society Press, 1986.
  354. A. Pnueli and L. Zuck. Probabilistic verification. Information and Computation, 103(1):1-29, 1993.
  355. H. Pospesel. Introduction to Logic: Propositional Logic. Prentice-Hall, 1979.
  356. V. Pratt. Modelling concurrency with partial orders. International Journal of Parallel Programming, 15(1):33-71, 1986.
  357. W. Press and S. A. Teukolsky and W. T. Vetterling and B. P. Flannery. Numerical Recipes in C++. The Art of Scientific Computing. Cambridge University Press, 2002.
  358. A. Prior. Time and Modality. Oxford University Press, 1957.
  359. M. Puterman. Markov Decision Processes: Discrete Stochastic Dynamic Program- ming. John Wiley & Sons, 1994.
  360. J.-P. Queille and J. Sifakis. Specification and verification of concurrent systems in CESAR. In 5th International Symposium on Programming, volume 137 of Lecture Notes in Computer Science, pages 337-351. Springer-Verlag, 1982.
  361. J.-P. Queille and J. Sifakis. Fairness and related properties in transition sys- tems. a temporal logic to deal with fairness. Acta Informatica, 19(3):195-220, 1983.
  362. M. O. Rabin. Probabilistic algorithms. In J. F. Traub, editor, Algorithms and Complexity: New Directions and Recent Results, pages 21-39. Academic Press, 1976.
  363. M. O. Rabin and D. Scott. Finite automata and their decision problems. IBM Journal of Research and Development, 3(2):114-125, 1959.
  364. M.O. Rabin. Decidability of second order theories and automata on infinite trees. Transactions of the AMS, 141:1-35, 1969.
  365. Y. Ramakrishna and S. Smolka. Partial-order reduction in the weak modal mu-calculus. In 8th International Conference on Concurrency Theory (CONCUR), volume 1243 of Lecture Notes in Computer Science, pages 5-24. Springer-Verlag, 1997.
  366. J. I. Rasmussen and K. G. Larsen and K. Subramani. On using priced timed automata to achieve optimal scheduling. Formal Methods in System Design, 29(1):97-114, 2006.
  367. M. Rem. Trace theory and systolic computations. In Parallel Architectures and Languages Europe (PARLE), volume 1, volume 258 of Lecture Notes in Computer Science, pages 14-33. Springer-Verlag, 1987.
  368. M. Rem. A personal perspective of the Alpern-Schneider characterization of safety and liveness. In W. H. J. Feijen, A. J. M. van Gasteren, D. Gries, and J. Misra, edi- tors, Beauty is Our Business: A Birthday Salute to Edsger W. Dijkstra, chapter 43, pages 365-372. Springer-Verlag, 1990.
  369. A. W. Roscoe. Model-checking CSP. In A. W. Roscoe, editor, A Classical Mind: Essays in Honour of C. A. R. Hoare, pages 353-378. Prentice-Hall, 1994.
  370. G. Rozenberg and V. Diekert. The Book of Traces. World Scientific Publishing Co., Inc., 1995.
  371. R. Rudell. Dynamic variable ordering for ordered binary decision diagrams. In International Conference on Computer-Aided Design (ICCAD), pages 42-47. IEEE Computer Society Press, 1993.
  372. J. Rushby. Formal methods and the certification of critical systems. Technical Report SRI-CSL-93-7, SRI International, 1993. (also issued as Formal Methods and Digital System Validation, NASA CR 4551).
  373. T. C. Ruys and E. Brinksma. Managing the verification trajectory. International Journal on Software Tools for Technology Transfer, 4(2):246-259, 2003.
  374. S. Safra. On the complexity of ω-automata. In 29th Annual Symposium on Foun- dations of Computer Science (FOCS), pages 319-327. IEEE Computer Society Press, 1988.
  375. A. L. Sangiovanni-Vincentelli and P. C. McGeer and A. Saldanha. Ver- ification of electronic systems. In 33rd Annual Conference on Design Automation (DAC), pages 106-111. ACM Press, 1996.
  376. J. E. Savage. Models of Computation: Exploring the Power of Computing. Addison- Wesley, 1998.
  377. T. Schlipf and T. Buechner and R. Fritz and M. Helms and J. Koehl. Formal verification made easy. IBM Journal of Research and Development, 41(4- 5):567-576, 1997.
  378. K. Schneider. Verification of Reactive Systems: Formal Methods and Algorithms. Springer-Verlag, 2004.
  379. S. Schneider. Specifying Real-Time Systems in Timed CSP. Prentice-Hall, 2000.
  380. A. Schrijver. Combinatorial Optimization: Polyhedra and Efficiency. Springer, 2003.
  381. S. Schwoon and J. Esparza. A note on on-the-fly verification algorithms. In 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 3440 of Lecture Notes in Computer Science, pages 174-190. Springer-Verlag, 2005.
  382. R. Sebastiani and S. Tonetta. "More deterministic" vs. "smaller" Büchi au- tomata for efficient LTL model checking. In 12th Advanced Research Working Con- ference on Correct Hardware Design and Verification Methods (CHARME), volume 2860 of Lecture Notes in Computer Science, pages 126-140. Springer-Verlag, 2003.
  383. R. Segala and N. Lynch. Probabilistic simulations for probabilistic processes. Nordic Journal of Computing, 2(2):250-273, 1995.
  384. A. P. Sistla. Safety, liveness and fairness in temporal logic. Formal Aspects of Computing, 6(5):495-512, 1994.
  385. A. P. Sistla and E. M. Clarke. The complexity of propositional linear temporal logic. Journal of the ACM, 32(3):733-749, 1985.
  386. A. P. Sistla and M. Y. Vardi and P. Wolper. The complementation prob- lem for Büchi automata with applications to temporal logic. Theoretical Computer Science, 49:217-237, 1987.
  387. F. Somenzi. Binary decision diagrams. In M. Broy and R. Steinbruggen, editors, Calculational System Design, volume 173 of NATO Science Series F: Computer and Systems Sciences, pages 303-366. IOS Press, 1999.
  388. F. Somenzi and R. Bloem. Efficient Büchi automata from LTL formulae. In 12th International Conference on Computer Aided Verification (CAV), volume 1855 of Lecture Notes in Computer Science, pages 248-263. Springer-Verlag, 2000.
  389. L. Staiger. Research in the theory of omega-languages. Elektronische Informa- tionsverarbeitung und Kybernetik, 23(8-9):415-439, 1987.
  390. J. Staunstrup and H. R. Andersen and H. Hulgaard and J. Lind-Nielsen and K. G. Larsen and G. Behrmann and K. Kristoffersen and A. Skou and H. Leerberg and N. B. Theilgaard. Practical verification of embedded software. IEEE Computer, 33(5):68-75, 2000.
  391. W. J. Stewart. Introduction to the Numerical Solution of Markov Chains. Prince- ton University Press, 1994.
  392. C. Stirling. Modal and Temporal Properties of Processes. Texts in Computer Science. Springer-Verlag, New York, 2001.
  393. F. A. Stomp and W.-P. de Roever. A principle for sequential reasoning about distributed algorithms. Formal Aspects of Computing, 6(6):716-737, 1994.
  394. N. Storey. Safety-Critical Computer Systems. Addison-Wesley, 1996.
  395. R. S. Streett. Propositional dynamic logic of looping and converse is elementarily decidable. Information and Control, 54(1-2):121-141, 1982.
  396. T. A. Sudkamp. Languages and Machines, 3rd edition. Addison-Wesley, 2005.
  397. B.K. Szymanski. A simple solution to Lamport's concurrent programming problem with linear wait. In International Conference on Supercomputing Systems, pages 621-626, 1988.
  398. L. Tan and R. Cleaveland. Simulation revisited. In 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 2031 of Lecture Notes in Computer Science, pages 480-495. Springer-Verlag, 2001.
  399. S. Tani and K. Hamaguchi and S. Yajima. The complexity of the optimal variable ordering problems of shared binary decision diagrams. In 4th International Symposium on Algorithms and Computation, volume 762 of Lecture Notes in Com- puter Science, pages 389-398. Springer-Verlag, 1993.
  400. R. Tarjan. Depth-first search and linear graph algorithms. SIAM Journal on Computing, 1(2):146-160, 1972.
  401. H. Tauriainen. Nested emptiness search for generalized Büchi automata. Re- search Report A79, Helsinki University of Technology, Laboratory for Theoretical Computer Science, 2003.
  402. X. Thirioux. Simple and efficient translation from LTL formulas to Büchi au- tomata. Electronic Notes in Theoretical Computer Science, 66(2), 2002.
  403. W. Thomas. Automata on infinite objects. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, volume B: Formal Models and Semantics, chapter 4, pages 133-191. Elsevier Publishers B.V., 1990.
  404. W. Thomas. Languages, automata, and logic. In G. Rozenberg and A. Salomaa, editors, Handbook of Formal Languages, volume 3, pages 389-455. Springer-Verlag, 1997.
  405. B. A. Trakhtenbrot. Finite automata and the logic of one-place predicates. Siberian Mathematical Journal, 3:103-131, 1962.
  406. G. J. Tretmans and K. Wijbrans and M. Chaudron. Software engineering with formal methods: the development of a storm surge barrier control system. Formal Methods in System Design, 19(2):195-215, 2001.
  407. S. Tripakis and S. Yovine. Analysis of timed systems based on time-abstracting bisimulations. In 8th International Conference on Computer Aided Verification (CAV), volume 1102 of Lecture Notes in Computer Science, pages 232-243. Springer- Verlag, 1996.
  408. S. Tripakis and S. Yovine. Analysis of timed systems using time-abstracting bisimulations. Formal Methods in System Design, 18(1):25-68, 2001.
  409. R. Trudeau. Introduction to Graph Theory. Dover Publications Inc., 1994.
  410. D. Turi and J. J. M. M. Rutten. On the foundations of final coalgebra semantics. Mathematical Structures in Computer Science, 8(5):481-540, 1998.
  411. A. Valmari. Stubborn sets for reduced state space generation. In 10th International Conference on Applications and Theory of Petri Nets (ICATPN), volume 483 of Lecture Notes in Computer Science, pages 491-515. Springer-Verlag, 1989.
  412. A. Valmari. A stubborn attack on state explosion. Formal Methods in System Design, 1(4):297-322, 1992.
  413. A. Valmari. On-the-fly verification with stubborn sets. In 5th International Con- ference on Computer Aided Verification (CAV), volume 697 of Lecture Notes in Computer Science, pages 397-408. Springer-Verlag, 1993.
  414. A. Valmari. Stubborn set methods for process algebras. In Partial Order Methods in Verification [328], pages 213-231.
  415. H. van der Schoot and H. Ural. An improvement of partial order verification. Software Testing, Verification and Reliability, 8(2):83-102, 1998.
  416. J.L.A. van der Snepscheut. Trace Theory and VLSI Design, volume 200 of Lecture Notes in Computer Science. Springer-Verlag, 1985.
  417. R. J. van Glabbeek. The linear time -branching time spectrum (extended ab- stract). In 1st International Conference on Concurrency Theory (CONCUR), volume 458 of Lecture Notes in Computer Science, pages 278-297. Springer-Verlag, 1990.
  418. R. J. van Glabbeek. The linear time -branching time spectrum II. In 4th In- ternational Conference on Concurrency Theory (CONCUR), volume 715 of Lecture Notes in Computer Science, pages 66-81. Springer-Verlag, 1993.
  419. R. J. van Glabbeek and W. P. Weijland. Branching time and abstraction in bisimulation semantics. Journal of the ACM, 43(3):555-600, 1996.
  420. M. Y. Vardi. Automatic verification of probabilistic concurrent finite-state pro- grams. In 26th IEEE Symposium on Foundations of Computer Science (FOCS), pages 327-338. IEEE Computer Society Press, 1985.
  421. M. Y. Vardi. An automata-theoretic approach to linear temporal logic. In 8th Banff Higher Order Workshop Conference on Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science, pages 238- 266. Springer-Verlag, 1996.
  422. M. Y. Vardi. Probabilistic linear-time model checking: An overview of the automata-theoretic approach. In 5th International AMAST Workshop on Formal Methods for Real-Time and Probabilistic Systems (ARTS), volume 1601, pages 265- 276. Springer-Verlag, 1999.
  423. M. Y. Vardi. Branching versus linear time: Final showdown. In 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 2031 of Lecture Notes in Computer Science, pages 1-22. Springer- Verlag, 2001.
  424. M. Y. Vardi and P. Wolper. An automata-theoretic approach to automatic program verification (preliminary report). In 1st Annual Symposium on Logic in Computer Science (LICS), pages 332-344. IEEE Computer Society Press, 1986.
  425. M. Y. Vardi and P. Wolper. Reasoning about infinite computations. Information and Computation, 115(1):1-37, 1994.
  426. K. Varpaaniemi. On stubborn sets in the verification of linear time temporal properties. In 19th International Conference on Application and Theory of Petri Nets (ICATPN), volume 1420 of Lecture Notes in Computer Science, pages 124- 143. Springer-Verlag, 1998.
  427. W. Visser and H. Barringer. Practical CTL * model checking: should SPIN be extended? International Journal on Software Tools for Technology Transfer, 2(4):350-365, 2000.
  428. H. Völzer and D. Varacca and E. Kindler. Defining fairness. In 16th Inter- national Conference on Concurrency Theory (CONCUR), volume 3653 of Lecture Notes in Computer Science, pages 458-472. Springer-Verlag, 2005.
  429. F. Wallner. Model checking LTL using net unfoldings. In 10th International Conference on Computer Aided Verification (CAV), volume 1427 of Lecture Notes in Computer Science, pages 207-218. Springer-Verlag, 1998.
  430. F. Wang. Efficient verification of timed automata with BDD-like data structures. Journal on Software Tools and Technology Transfer, 6(1):77-97, 2004.
  431. I. Wegener. Branching Programs and Binary Decision Diagrams: Theory and Applications. SIAM Monographs on Discrete Mathematics and Applications. Society for Industrial and Applied Mathematics, 2000.
  432. C. H. West. An automated technique for communications protocol validation. IEEE Transactions on Communications, 26(8):1271-1275, 1978.
  433. C. H. West. Protocol validation in complex systems. In Symposium on Commu- nications Architectures and Protocols, pages 303-312. ACM Press, 1989.
  434. J. A. Whittaker. What is software testing? Why is it so hard? IEEE Software, 17(1):70-79, 2000.
  435. B. Willems and P. Wolper. Partial-order methods for model checking: from linear time to branching time. In 11th IEEE Symposium on Logic in Computer Science (LICS), page 294. IEEE Computer Society Press, 1996.
  436. G. Winskel. Event structures. In Petri Nets: Central Models and Their Properties, Advances in Petri Nets, volume 255 of Lecture Notes in Computer Science, pages 325-392. Springer-Verlag, 1986.
  437. P. Wolper. Specification and synthesis of communicating processes using an ex- tended temporal logic. In 9th Symposium on Principles of Programming Languages (POPL), pages 20-33. ACM Press, 1982.
  438. P. Wolper. Temporal logic can be more expressive. Information and Control, 56(1-2):72-99, 1983.
  439. P. Wolper. An introduction to model checking. Position statement for panel discussion at the Software Quality workshop, 1995.
  440. W. Yi. CCS + time = an interleaving model for real-time systems. In 18th Inter- national Colloquium on Automata, Languages and Programming (ICALP), volume 510 of Lecture Notes in Computer Science, pages 217-228. Springer-Verlag, 1991.
  441. M. Yoeli. Formal Verification of Hardware Design. IEEE Computer Society Press, 1990.
  442. S. Yovine. KRONOS: A verification tool for real-time systems. International Journal on Software Tools for Technology Transfer, 1(1-2):123-133, 1997.
  443. S. Yovine. Model checking timed automata. In G. Rozenberg and F. Vaandrager, editors, Lectures on Embedded Systems, volume 1494 of Lecture Notes in Computer Science, pages 114-152. Springer-Verlag, 1998.

Related papers

Model checking: recent improvements and applications
Dragan Bošnački

International Journal on Software Tools for Technology Transfer

Model checking (Baier and Katoen in Principles of model checking, MIT Press, Cambridge, 2008; Clarke et al. in Model checking, MIT Press, Cambridge, 2001) is an automatic technique to formally verify that a given specification of a concurrent system meets given functional properties. Its use has been demonstrated many times over the years. Key characteristics that make the method so appealing are its level of automaticity, its ability to determine the absence of errors in the system (contrary to testing techniques) and the fact that it produces counterexamples when errors are detected, that clearly demonstrate not only that an error is present, but also how the error can be produced. The main drawback of model checking is its limited scalability, and for this reason, research on reducing the computational effort has received much attention over the last decades. Besides the verification of qualitative functional properties, the model checking technique can also be applied for other types of analyses, such as planning and the verification of quantitative properties. We briefly discuss several contributions in the model checking field that address both its scalability and its applicability to perform planning and quantitative analysis. In particular, we introduce six papers selected from the 23rd International SPIN Symposium on Model Checking Software (SPIN 2016).

View PDFchevron_right
Principles of Model Checking PrinciplesofModelChecking
Darren Wang
View PDFchevron_right
Concepts, algorithms, and tools for model checking
Joost-Pieter Katoen

1999

In daily life we are more and more confronted with information technology, either explicitly (by using PCs, Internet, Personal Digital Assistants, etc.) or implicitly by using devices like TVs, electric razors, mobile phones, cars, public transportation and so forth. In 1995 it has been estimated that people are in contact with about 25\ information processing devices" per day.

View PDFchevron_right
New Challenges in Model Checking
Gerard Holzmann

Lecture Notes in Computer Science, 2008

In the last 25 years, the notion of performing software verification with logic model checking techniques has evolved from intellectual curiosity to accepted technology with significant potential for broad practical application. In this paper we look back at the main steps in this evolution and illustrate how the challenges have changed over the years, as we sharpened our theories and tools. Next we discuss a typical challenge in software verification that we face todayand that perhaps we can look back on in another 25 years as having inspired the next logical step towards a broader integration of model checking into the software development process.

View PDFchevron_right
Overview of concepts for model checking
Eilif Hjelseth

CIB-W078 Conference in Cairo, 2010

This paper presents an overview of concepts for model checking. This have resulted in a description of four different concepts based on the intention for checking. The four concepts are: a) Validating systems, b) Guiding systems, c) Adaptive systems and d) Content based checking. By use of an ontological approach we propose a four level taxonomy of model checking 1) Intention, 2) Result, 3) Rule set and 4) Type of products. Model checking should be regarded as a knowledge system for support of the design process.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved