We describe: (1) the internal structures of FDR, the refinement model checker for Hoare’s Communicating Sequential Processes (CSP); and (2) an application-programming interface (API) that allows users to interact more closely with FDR and to have finer-grain control over its behaviour and data structures. This API makes it possible to create optimised CSP code to perform refinement checks that are more space or time efficient, enabling the analysis of more complex and data-intensive specifications. The API can be used either by those constructing CSP models or by tools that automatically generate CSP code. We present examples of using our tool, including handling advanced FDR features such as transparent functions, which compress state spaces before checking. We also show how to transform FDR’s graph format into a graph notation such as JGraph, enabling visualisation of labelled transition systems of CSP specifications.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Armstrong P (2007) Interacting with the CSP compiler. Oxford University Press, Oxford
Bicarregui J, Hoare C, Woodcock J (2006) The verified software repository: a step towards the verifying compiler. FACJ 18(2):143–151
Cabral G, Sampaio A (2006) Formal specification generation from requirement documents. In: Brazilian symposium in formal methods, SBMF.
Cleaveland R, Hennessy M (1993) Testing equivalence as a bisimulation equivalence. FACJ 5(1):1–20. Springer, Heidelberg
Clarke E, Wing J (1996) Formal methods—state of the art and future directions. ACM Comput Surv 28(4):626–643
Freitas L (2005) Model Checking Circus. PhD Thesis, University of York
Freitas L (2007) FDR Explorer v0.4. http://www.cs.york.ac.uk/~leo
Freitas L, Cavalcanti A, Woodcock J (2006) Taking our own medicine: applying the refinement calculus to the development of a model checker. Formal Methods and Software Engineering (8th ICFEM), LNCS 4260, pp 697–716
Freitas L, Woodcock J, Cavalcanti A (2006) State-rich model checking. Innov Softw Eng NASA J 2(1):49–64
Goldsmith M, Moffat N, Roscoe B, Whitworth T, Zakiuddin I (2003) Watchdog transformations for property-oriented model-checking. In: Proceedings of the 12st international FME symposium, Pisa, Italy. LNCS 2805, pp 600–616. Springer, Heidelberg
Goldsmith M (2004) Operational semantics for fun and profit. In: The first 25 years of communicating sequential processes, London, UK. LNCS 3525, pp 265–274. Springer, Heidelberg
Goldsmith M (2005) FDR2 user’s manual, version 2.82, Formal Systems (Europe) Ltd
JGraph user’s manual (2006) http://www.jgraph.com/pub/jgraphmanual.pdf
Lawrence J (2004) Practical application of CSP and FDR to software design. In: Abdallah AE, Jones C, Sanders J (eds) 25 years of CSP, FACJ
Lowe G (1997) Casper user manual. Oxford University, London
Martin J, Duddart Y (2000) Parallel algorithms for deadlock and livelock analysis of concurrent systems. In: Welch P, Bakkers A (eds) Communicating process architectures. IOS Press, pp 1–14
Martin J (1996) The design and construction of deadlock-free concurrent systems. PhD Thesis, University of Buckingham
McCune W (1992) Experiments with discimination-tree indexing and path indexiing for term retrieval. J Autom Reason 9(2):147–167
Roscoe B, Gardiner P, Goldsmith M, Hulance J, Jackson D, Scattergood J (1995) Hierarchical compression for model checking CSP or how to check 1020 dining philosophers for deadlock. First TACAS in LNCS Springer, 1019(1)
Roscoe B (1995) Model checking CSP in a classical mind: essays in honour of C. A. R. Hoare. In: International series in computer science, Chap. 21. Prentice-Hall, Englewood Cliffs, pp 353–378
Roscoe B (1997) The theory and practice of concurrency International Series in CS. Prentice-Hall, Englewood Cliffs
Ryan P, Schneider S, Roscoe B, Goldsmith M, Lowe G (2001) Modelling and analysis of security protocols. Addison Wesley, Reading
Scattergood J (1998) The semantics and implementation of machine readable CSP. PhD Thesis, Oxford University, The Queen’s College
Srivatanakul T (2005) Security analysis with deviational techniques. PhD Thesis, University of York
Tcl/Tk: Tool command language, 2006. http://www.tcl.tk/
The test sequence generator TGV. http://www-verimag.imag.fr/~async/TGV
Valmari A (1990) A stubborn attack on state explosion. In: Proceedings of 2nd international conference in computer-aided verification. LNCS 531. Springer, Heidelberg, pp 156–165
Woodcock J, Davies J (1996) Using Z: Specification, refinement, and proof. International series in computer science. Prentice-Hall, Englewood Cliffs
B. K. Aichernig, E. A. Boiten, M. J. Butler, J. Derrick, L. Groves and C. B. Jones
About this article
Cite this article
Freitas, L., Woodcock, J. FDR Explorer. Form Asp Comp 21, 133–154 (2009). https://doi.org/10.1007/s00165-008-0074-7
- Model checking
- Labelled transition systems