Alternating simulation and IOCO

ICTSS 2010


We propose a symbolic framework called guarded labeled assignment systems or GLASs and show how GLASs can be used as a foundation for symbolic analysis of various aspects of formal specification languages. We define a notion of i/o-refinement over GLASs as an alternating simulation relation and provide formal proofs that relate i/o-refinement to ioco. We show that non-i/o-refinement reduces to a reachability problem and provide a translation from bounded non-i/o-refinement or bounded non-ioco to checking first-order assertions.


Conformance testing Open system verification Satisfiability modulo theories Symbolic analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial J.-R.: The B-Book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)MATHCrossRefGoogle Scholar
  2. 2.
    Abrial J.-R., Hallerstede S.: Refinement, decomposition and instantiation of discrete models: application to Event-B. Fundam. Inform. 77(1–2), 1–28 (2007)MathSciNetMATHGoogle Scholar
  3. 3.
    Aichernig, B., Brandl, H., Krenn, W.: Qualitative action systems. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM’09. LNCS, vol. 5885, pp. 206–225. Springer, Berlin-Heidelberg (2009)Google Scholar
  4. 4.
    Alur, R., Henzinger, T.A., Kupferman, O., Vardi, M.: Alternating refinement relations. In: CONCUR’98. LNCS, vol. 1466, pp. 163–178. Springer, Berlin (1998)Google Scholar
  5. 5.
  6. 6.
    Back R.J.R., Sere K.: Stepwise refinement of parallel algorithms. Sci. Comput. Program. 13, 133–180 (1990)MathSciNetMATHCrossRefGoogle Scholar
  7. 7.
    Barrett, C., Sebastiani, R., Seshia, S.A., Tinelli C.: Satisfiability modulo theories. Frontiers in Artificial Intelligence and Applications, chap. 26, vol. 185, pp 825–885. IOS Press, February 2009Google Scholar
  8. 8.
    Bjørner, D., Henson, M. (eds): Logics of Specification Languages. Springer, Berlin (2008)Google Scholar
  9. 9.
    Bjørner, N., Dutertre, B., de Moura, L.: Accelerating lemma learning using joins—DPPL(Join). In: Proceedings of Short Papers at LPAR’08 (2008)Google Scholar
  10. 10.
    Blass, A., Gurevich, Y., Nachmanson, L., Veanes, M.: Play to test. Technical report MSR-TR-2005-04, Microsoft Research, January 2005. Short version appears in FATES (2005)Google Scholar
  11. 11.
    Boiten, E., Derrick, J.: IO-refinement in Z. In: 3rd Northern Formal Methods Workshop (1998)Google Scholar
  12. 12.
    Brandl, H., Weiglhofer, M., Aichernig, B.K.: Automated conformance verification of hybrid systems. In: QSIC 2010: The 10th International Conference on Quality Software, pp. 3–12. IEEE Computer Society (2010)Google Scholar
  13. 13.
    Brinksma, E., Tretmans, J.: Testing transition systems: an annotated bibliography. In: MOVEP’2k. LNCS, vol. 2067, pp. 187–193. Springer, Berlin (2001)Google Scholar
  14. 14.
    Bryant, R.E., German, S.M., Velev, M.N.: Exploiting positive equality in a logic of equality with uninterpreted functions. In: Conference on Computer Aided Verification (CAV’99). LNCS, vol. 1633, pp. 470–482. Springer, Berlin (1999)Google Scholar
  15. 15.
    Burch, J.R., Dill, D.L.: Automatic verification of pipelined microprocessor control. In: Dill, D.L. Conference on Computer-Aided Verification (CAV’94). LNCS, vol. 818, pp. 68–80. Springer, (1994)Google Scholar
  16. 16.
    Butler M.: Decomposition structures for Event-B. In: Leuschel, M., Wehrheim, H. (eds) IFM’09. LNCS, vol. 5423, pp. 20–38. Springer, Berlin (2009)Google Scholar
  17. 17.
    CACM Staff: Microsoft’s protocol documentation program: interoperability testing at scale, a discussion with Nico Kicillof, Wolfgang Grieskamp, and Bob Binder. Commun. ACM 54(7), 51–57 (2011)Google Scholar
  18. 18.
    de Alfaro, L.: Game models for open systems. In: Dershowitz, N. (ed.) Verification: Theory and Practice. LNCS, vol. 2772, pp. 269–289. Springer, BerlinGoogle Scholar
  19. 19.
    de Alfaro, L., Henzinger, T.A.: Interface automata. In: ESEC/FSE, pp. 109–120. ACM, New York (2001)Google Scholar
  20. 20.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Tools and Algorithms for the Construction and Analysis of Systems, (TACAS’08). LNCS. Springer, Berlin (2008)Google Scholar
  21. 21.
    de Moura L., Bjørner N.: Satisfiability modulo theories: introduction and applications. Commun. ACM 54, 69–77 (2011)CrossRefGoogle Scholar
  22. 22.
    de Moura, L., Rueß, H., Sorea, M.: Lazy theorem proving for bounded model checking over infinite domains. In: Proceedings of the 18th International Conference on Automated Deduction (CADE’02). LNCS, vol. 2392, pp. 438–455. Springer, Berlin (2002)Google Scholar
  23. 23.
    Dijkstra E.W., Scholten C.S.: Predicate Calculus and Program Semantics. Springer, New York (1990)MATHGoogle Scholar
  24. 24.
    Frantzen L., Tretmans J., Willemse T.: A symbolic framework for model-based testing. In: Havelund, K., Núñez, M., Rosu, G., Wolff, B. (eds) FATES/RV 2006. LNCS, vol. 4262, pp. 40–54. Springer, Berlin (2006)Google Scholar
  25. 25.
    Franzen, L., Tretmans, J., Willemse, T.: Test generation based on symbolic specifications. In: Grabowski, J., Nielsen, B. (eds.) Proceedings of the Workshop on Formal Approaches to Software Testing (FATES 2004), pp. 3–17, Linz, Austria, September 2004. LNCS (to appear)Google Scholar
  26. 26.
    Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: Network and Distributed System Security Symposium (2008)Google Scholar
  27. 27.
    Gurevich Y., Rossman B., Schulte W.: Semantic essence of AsmL. Theor. Comput. Sci. 343(3), 370–412 (2005)MathSciNetMATHCrossRefGoogle Scholar
  28. 28.
    He J., Hoare T.: CSP is a retract of CCS. In: Dunne, S., Stoddart, W. (eds) UTP’2006. LNCS, vol. 4010, pp. 38–62. Springer, Berlin (2006)Google Scholar
  29. 29.
    He J., Hoare T.: CSP is a retract of CCS. Theor. Comput. Sci. 411, 1311–1337 (2010)MathSciNetMATHCrossRefGoogle Scholar
  30. 30.
    Jackson D.: Software Abstractions. MIT Press, New York (2006)Google Scholar
  31. 31.
    Jacky J., Veanes M., Campbell C., Schulte W.: Model-Based Software Testing and Analysis with C#. Cambridge University Press, Cambridge (2008)Google Scholar
  32. 32.
    Keller R.: Formal verification of parallel programs. Commun. ACM. 19, 371–384 (1976)MATHCrossRefGoogle Scholar
  33. 33.
    Kumar R., Garg V.K., Marcus S.I.: A predicate transformer approach to control of discrete event systems. IEEE Trans. Autom. Control 38(2), 232–247 (1993)MathSciNetMATHCrossRefGoogle Scholar
  34. 34.
    Lynch, N., Tuttle, M.: Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Distributed Computing, pp. 137–151. ACM Press (1987)Google Scholar
  35. 35.
    Poppleton, M.: The composition of Event-B models. In: Börger, E., Butler, M.J., Bowen, J.P., Boca, P. International Conference on ASM, B and Z (ABZ’08). LNCS, vol. 5238, pp. 209–222. Springer, Berlin (2008)Google Scholar
  36. 36.
    Rönkkö M., Ravn A.P., Sere K.: Hybrid action systems. Theor. Comput. Sci. 290(1), 937–973 (2003)MATHCrossRefGoogle Scholar
  37. 37.
  38. 38.
    Tillmann, N., Schulte, W.: Parameterized unit tests. In: ESEC/FSE-13: Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 253–262. ACM, New York (2005)Google Scholar
  39. 39.
    Tretmans J.: Model based testing with labelled transition systems. In: Hierons, R., Bowen, J., Harman, M. (eds) Formal Methods and Testing. LNCS, vol. 4949, pp. 1–38. Springer, Berlin (2008)CrossRefGoogle Scholar
  40. 40.
    Tretmans, J., Belinfante, A.: Automatic testing with formal methods. In: EuroSTAR’99: 7th European Int. Conference on Software Testing, Analysis & Review, Barcelona, Spain, November 8–12, 1999. EuroStar Conferences, Galway, IrelandGoogle Scholar
  41. 41.
    van der Bij, M., Rensink, A., Tretmans, J.: Compositional testing with ioco. In: Petrenko, A., Ulrich, A. (eds.) Formal Approaches to Software Testing: Third International Workshop, FATES 2003. LNCS, vol. 2931, pp. 86–100. Springer, Berlin (2004)Google Scholar
  42. 42.
    Veanes, M., Bjørner, N.: Input-output model programs. In: ICTAC’09. LNCS, vol. 5684, pp. 322–335. Springer, Berlin (2009)Google Scholar
  43. 43.
    Veanes M., Bjørner N.: Symbolic bounded conformance checking of model programs. In: Pnueli, A., Virbitskaite, I., Voronkov, A. (eds) Perspectives of System Informatics (PSI’09). LNCS, vol. 5947, pp. 388–400. Springer, Berlin (2009)Google Scholar
  44. 44.
    Veanes, M., Bjørner, N.: Alternating simulation and IOCO. In: Petrenko, A., Simão, A., Maldonado, J.(eds.) ICTSS’2010. LNCS, vol. 6435, pp. 47–62, Springer, BerlinGoogle Scholar
  45. 45.
    Veanes M., Bjørner N., Gurevich Y., Schulte W.: Symbolic Bounded Model Checking of Abstract State Machines. Int. J. Softw. Inform. 3(2–3), 149–170 (2009)Google Scholar
  46. 46.
    Veanes, M., Bjørner, N., Raschke, A.: An SMT approach to bounded reachability analysis of model programs. In: FORTE’08. LNCS, vol. 5048, pp. 53–68. Springer, Berlin (2008)Google Scholar
  47. 47.
    Veanes M., Jacky J.: Composing model programs for analysis. J. Logic Algebraic Program. 79(7), 467–482 (2010)MathSciNetMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations