Skip to main content

FDR Explorer


We describe: (1) the internal structures of FDR, the refinement model checker for Hoare’s Communicating Sequential Processes (CSP); and (2) an application-programming interface (API) that allows users to interact more closely with FDR and to have finer-grain control over its behaviour and data structures. This API makes it possible to create optimised CSP code to perform refinement checks that are more space or time efficient, enabling the analysis of more complex and data-intensive specifications. The API can be used either by those constructing CSP models or by tools that automatically generate CSP code. We present examples of using our tool, including handling advanced FDR features such as transparent functions, which compress state spaces before checking. We also show how to transform FDR’s graph format into a graph notation such as JGraph, enabling visualisation of labelled transition systems of CSP specifications.

This is a preview of subscription content, access via your institution.


  1. Arm07

    Armstrong P (2007) Interacting with the CSP compiler. Oxford University Press, Oxford

    Google Scholar 

  2. BHW06

    Bicarregui J, Hoare C, Woodcock J (2006) The verified software repository: a step towards the verifying compiler. FACJ 18(2):143–151

    MATH  Google Scholar 

  3. CaS06

    Cabral G, Sampaio A (2006) Formal specification generation from requirement documents. In: Brazilian symposium in formal methods, SBMF.

  4. ClH93

    Cleaveland R, Hennessy M (1993) Testing equivalence as a bisimulation equivalence. FACJ 5(1):1–20. Springer, Heidelberg

    Google Scholar 

  5. ClW96

    Clarke E, Wing J (1996) Formal methods—state of the art and future directions. ACM Comput Surv 28(4):626–643

    Article  Google Scholar 

  6. Fre05

    Freitas L (2005) Model Checking Circus. PhD Thesis, University of York

  7. Fre07

    Freitas L (2007) FDR Explorer v0.4.

  8. FCW06

    Freitas L, Cavalcanti A, Woodcock J (2006) Taking our own medicine: applying the refinement calculus to the development of a model checker. Formal Methods and Software Engineering (8th ICFEM), LNCS 4260, pp 697–716

  9. FWC06

    Freitas L, Woodcock J, Cavalcanti A (2006) State-rich model checking. Innov Softw Eng NASA J 2(1):49–64

    Article  Google Scholar 

  10. GMR03

    Goldsmith M, Moffat N, Roscoe B, Whitworth T, Zakiuddin I (2003) Watchdog transformations for property-oriented model-checking. In: Proceedings of the 12st international FME symposium, Pisa, Italy. LNCS 2805, pp 600–616. Springer, Heidelberg

  11. Gol04

    Goldsmith M (2004) Operational semantics for fun and profit. In: The first 25 years of communicating sequential processes, London, UK. LNCS 3525, pp 265–274. Springer, Heidelberg

  12. Gol05

    Goldsmith M (2005) FDR2 user’s manual, version 2.82, Formal Systems (Europe) Ltd

  13. JGRAPH

    JGraph user’s manual (2006)

  14. Law04

    Lawrence J (2004) Practical application of CSP and FDR to software design. In: Abdallah AE, Jones C, Sanders J (eds) 25 years of CSP, FACJ

  15. Low97

    Lowe G (1997) Casper user manual. Oxford University, London

    Google Scholar 

  16. MaH00

    Martin J, Duddart Y (2000) Parallel algorithms for deadlock and livelock analysis of concurrent systems. In: Welch P, Bakkers A (eds) Communicating process architectures. IOS Press, pp 1–14

  17. Mar96

    Martin J (1996) The design and construction of deadlock-free concurrent systems. PhD Thesis, University of Buckingham

  18. McC92

    McCune W (1992) Experiments with discimination-tree indexing and path indexiing for term retrieval. J Autom Reason 9(2):147–167

    MATH  Article  MathSciNet  Google Scholar 

  19. RGG95

    Roscoe B, Gardiner P, Goldsmith M, Hulance J, Jackson D, Scattergood J (1995) Hierarchical compression for model checking CSP or how to check 1020 dining philosophers for deadlock. First TACAS in LNCS Springer, 1019(1)

  20. Ros94

    Roscoe B (1995) Model checking CSP in a classical mind: essays in honour of C. A. R. Hoare. In: International series in computer science, Chap. 21. Prentice-Hall, Englewood Cliffs, pp 353–378

  21. Ros97

    Roscoe B (1997) The theory and practice of concurrency International Series in CS. Prentice-Hall, Englewood Cliffs

    Google Scholar 

  22. RSR01

    Ryan P, Schneider S, Roscoe B, Goldsmith M, Lowe G (2001) Modelling and analysis of security protocols. Addison Wesley, Reading

    Book  Google Scholar 

  23. Sca98

    Scattergood J (1998) The semantics and implementation of machine readable CSP. PhD Thesis, Oxford University, The Queen’s College

  24. Sri05

    Srivatanakul T (2005) Security analysis with deviational techniques. PhD Thesis, University of York

  25. TCLTK

    Tcl/Tk: Tool command language, 2006.

  26. TGV

    The test sequence generator TGV.

  27. Val90

    Valmari A (1990) A stubborn attack on state explosion. In: Proceedings of 2nd international conference in computer-aided verification. LNCS 531. Springer, Heidelberg, pp 156–165

  28. WoD96

    Woodcock J, Davies J (1996) Using Z: Specification, refinement, and proof. International series in computer science. Prentice-Hall, Englewood Cliffs

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Leo Freitas.

Additional information

B. K. Aichernig, E. A. Boiten, M. J. Butler, J. Derrick, L. Groves and C. B. Jones

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Freitas, L., Woodcock, J. FDR Explorer. Form Asp Comp 21, 133–154 (2009).

Download citation


  • Refinement
  • Model checking
  • CSP
  • FDR
  • Labelled transition systems
  • Automata