IFM’99 pp 375-394 | Cite as

Deductive Reasoning versus Model Checking: Two Formal Approaches for System Development

  • J. N. Reed
  • J. E. Sinclair
  • F. Guigand


We compare and contrast two formal approaches for system development: state-based notation with verification by deductive reasoning, exemplified here by action systems; and event-based notation with verification by model checking, here using CSP/FDR. Our purpose is to identify specific similarities and differences, and strengths and weaknesses of the two approaches by direct comparison on the same application. We examine a small case study of a store-and-forward network specified and refined using the two notations. Our work illustrates that different approaches lead to different developmental strategies and can reveal complementary aspects of a system, indicating that unified techniques may be effective.


Action System Model Check Internal Action Deductive Reasoning Message Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    ISO Recommendation 8807. Information processing system - open system interconnection - LOTOS - a formal description technique based on temporal ordering of observational behaviour, 1988.Google Scholar
  2. [2]
    ISO 9074. The extended state transition language (Estelle), 1989.Google Scholar
  3. [3]
    Mark Ardis et al. A framework for evaluating specification methods for reactive systems experience report. IEEE Trans, on Soft. Eng., 22(6):378- 389, June 1996.CrossRefGoogle Scholar
  4. [4]
    Michel Allemand et al. editors. Comparing Systems Specification Techniques, Putting into practice methods and tools for information system design, Univ. de Nantes, Prance, March 1998.Google Scholar
  5. [5]
    J.-R. Abrial et al. The steam boiler control specification problem. Scholar
  6. [6]
    J.-R. Abrial et al. The steam boiler control specification problem. In LNCS 1165. Springer Verlag, 1996.Google Scholar
  7. [7]
    J.-R. Abrial.The B-Book. Cambridge University Press, 1996.MATHCrossRefGoogle Scholar
  8. [8]
    R.J.R. Back and R. Kurki-Suonio. Decentralisation of process nets with centralised control. In 2nd ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing, pages 131–142, 1983.Google Scholar
  9. [9]
    M.J. Butler.A CSP Approach to Action Systems. DPhil thesis, University of Oxford, 1992.Google Scholar
  10. [10]
    R. Covington et al. Formal methods specification and verification guidebook for the verification of software and computer systems: planning and technology insertion. Tech. Report NASA-GB-002–95, vol I, NASA, 1995.Google Scholar
  11. [11]
    J. Crow et al. Formal methods specification and analysis guidebook for the verification of software and computer systems. Tech. Report NASA- GB-001–97, vol II, NASA, 1997.Google Scholar
  12. [12]
    Sadie Creese and Joy Reed. Verifying end-to-end protocols using induction with CSP/FDR. (in preparation).Google Scholar
  13. [13]
    E.W. Dijkstra. A Discipline of Programming. Prentice Hall, 1976.MATHGoogle Scholar
  14. [14]
    D. Dill. The Murø verification system. In Rajeev Alur and Thomas A Henzinger, editors, Computer-Aided Verification, CAV96, LNCS 1102, pages 390–393. Springer-Verlag, 1996.Google Scholar
  15. [15]
    J. Davies, D.M. Jackson, G.M. Reed, J.N. Reed, A.W. Roscoe, and S.A. Schneider. Timed CSP: Theory and practice. In Proceedings of REX Workshop, LNCS 600, Nijmegen, 1992. Springer-Verlag.Google Scholar
  16. [16]
    Formal Systems (Europe) Ltd. Failures Divergence Refinement. User Manual and Tutorial, version 2.11. Google Scholar
  17. [17]
    M.J. Gordon. HOL: a machine oriented formulation of higher order logic. Technical Report 68, University of Cambridge Computer Laboratory, 1985.Google Scholar
  18. [18]
    C.A.R. Hoare.Communicating Sequential Processes. Prentice Hall, 1985.MATHGoogle Scholar
  19. [19]
    G. Holzmann and D. Peled. The state of SPIN. In Rajeev Alur and Thomas A Henzinger, editors, Computer-Aided Verification, CAV96, LNCS 1102, pages 385–389. Springer-Verlag, 1996.Google Scholar
  20. [20]
  21. [21]
  22. [22]
    D.M. Jackson. Experiences in embedded scheduling. In Proceedings of Formal Methods Europe, Oxford, 1996.Google Scholar
  23. [23]
    A. Kay and J.N. Reed. A rely and guarantee method for TCSP, a specification and design of a telephone exchange. IEEE Trans. Soft. Eng., 19(6):625–629, June 1993.CrossRefGoogle Scholar
  24. [24]
    C. Lewerentz and T. Lindner, editors. Formal Development of Reactive Systems: Case Study Production Cell. LNCS 891. Springer-Verlag, 1995.MATHGoogle Scholar
  25. [25]
    Zohar Manna. STeP: Deductive-algorithmic verification of reactive and real-time systems. In Rajiv Alur and Thomas A Henzinger, editors, CAV96, LNCS 1102, pages 415–418. Springer-Verlag, 1996.Google Scholar
  26. [26]
    C.C. Morgan. Of wp and CSP. In D. Gries W.H.J. Feijen, A.G.M. van Gasteren and J. Misra, editors, Beauty is our business: a birthday salute to Edsger W. Dijkstra. Springer-Verlag, 1990.Google Scholar
  27. [27]
    C.C. Morgan.Programing from Specifications. International Series in Computer Science. Prentice Hall, second edition, 1994.Google Scholar
  28. [28]
    P.Palangue and F. Paternö, editors. Formal Methods in Human-Computer Interaction. Springer, 1998.Google Scholar
  29. [29]
    J.N. Reed et al. Automated formal analysis of networks: FDR models of arbitrary topologies and flow-control mechanisms. In ETAPS-FASE98 European Joint Conf. on Theory and Practice of Software, Lisbon, 1998.Google Scholar
  30. [30]
    A.W. Roscoe and R.S. Lazic. Using logical relations for automated verification of data-independent CSP. In Oxford Workshop on Automated Formal Methods ENTCS, Oxford, UK, 1996.Google Scholar
  31. [31]
    A.W. Roscoe. The Theory and Practice of Concurrency. Prentice Hall, 1997.Google Scholar
  32. [32]
    S. Raj an et al. An integration of model-checking with automated proof checking. In CAV’95, LNCS 939, pages 84–97. Springer-Verlag, 1995.Google Scholar
  33. [33]
    B. Scattergood.Tools for CSP and Timed CSP. DPhil thesis, University of Oxford, (forthcoming 1998).Google Scholar
  34. [34]
    K. Seidel. Pi bus. In Formal Methods Europe, Barcelona, 1993.Google Scholar
  35. [35]
    J. Sinclair. Action Systems, Determinism, and the Development of Secure Systems. PhD thesis, Open University, 1998.Google Scholar
  36. [36]
    CMU - School of Computer Science Formal Methods -Model Checking.
  37. [37]
    On-the-fly, LTL model checking with SPIN.
  38. [38]
    J.M. Spivey. The Z Notation: A Reference Manual. Prentice Hall, 2nd ed., 1992.Google Scholar
  39. [39]
    J.M. Wing. A study of 12 specifications of the library problem. IEEE Software, pages 66–82, July 1988.Google Scholar
  40. [40]
    J.C.P. Woodcock and C.C. Morgan. Refinement of state-based concurrent systems. In Proc. of VDM Symposium, LNCS 428. Springer-Verlag, 1990.Google Scholar

Copyright information

© Springer-Verlag London Limited 1999

Authors and Affiliations

  • J. N. Reed
    • 1
  • J. E. Sinclair
    • 2
  • F. Guigand
    • 3
  1. 1.Oxford Brookes UniversityOxfordUK
  2. 2.Warwick UniversityCoventryUK
  3. 3.Oxford Brookes UniversityOxfordUK

Personalised recommendations