IFM’99 pp 375-394 | Cite as

Deductive Reasoning versus Model Checking: Two Formal Approaches for System Development

  • J. N. Reed
  • J. E. Sinclair
  • F. Guigand


We compare and contrast two formal approaches for system development: state-based notation with verification by deductive reasoning, exemplified here by action systems; and event-based notation with verification by model checking, here using CSP/FDR. Our purpose is to identify specific similarities and differences, and strengths and weaknesses of the two approaches by direct comparison on the same application. We examine a small case study of a store-and-forward network specified and refined using the two notations. Our work illustrates that different approaches lead to different developmental strategies and can reveal complementary aspects of a system, indicating that unified techniques may be effective.


Europe Steam Steam Boiler Prefix Tocol 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    ISO Recommendation 8807. Information processing system - open system interconnection - LOTOS - a formal description technique based on temporal ordering of observational behaviour, 1988.Google Scholar
  2. [2]
    ISO 9074. The extended state transition language (Estelle), 1989.Google Scholar
  3. [3]
    Mark Ardis et al. A framework for evaluating specification methods for reactive systems experience report. IEEE Trans, on Soft. Eng., 22(6):378- 389, June 1996.CrossRefGoogle Scholar
  4. [4]
    Michel Allemand et al. editors. Comparing Systems Specification Techniques, Putting into practice methods and tools for information system design, Univ. de Nantes, Prance, March 1998.Google Scholar
  5. [5]
    J.-R. Abrial et al. The steam boiler control specification problem. Scholar
  6. [6]
    J.-R. Abrial et al. The steam boiler control specification problem. In LNCS 1165. Springer Verlag, 1996.Google Scholar
  7. [7]
    J.-R. Abrial.The B-Book. Cambridge University Press, 1996.MATHCrossRefGoogle Scholar
  8. [8]
    R.J.R. Back and R. Kurki-Suonio. Decentralisation of process nets with centralised control. In 2nd ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing, pages 131–142, 1983.Google Scholar
  9. [9]
    M.J. Butler.A CSP Approach to Action Systems. DPhil thesis, University of Oxford, 1992.Google Scholar
  10. [10]
    R. Covington et al. Formal methods specification and verification guidebook for the verification of software and computer systems: planning and technology insertion. Tech. Report NASA-GB-002–95, vol I, NASA, 1995.Google Scholar
  11. [11]
    J. Crow et al. Formal methods specification and analysis guidebook for the verification of software and computer systems. Tech. Report NASA- GB-001–97, vol II, NASA, 1997.Google Scholar
  12. [12]
    Sadie Creese and Joy Reed. Verifying end-to-end protocols using induction with CSP/FDR. (in preparation).Google Scholar
  13. [13]
    E.W. Dijkstra. A Discipline of Programming. Prentice Hall, 1976.MATHGoogle Scholar
  14. [14]
    D. Dill. The Murø verification system. In Rajeev Alur and Thomas A Henzinger, editors, Computer-Aided Verification, CAV96, LNCS 1102, pages 390–393. Springer-Verlag, 1996.Google Scholar
  15. [15]
    J. Davies, D.M. Jackson, G.M. Reed, J.N. Reed, A.W. Roscoe, and S.A. Schneider. Timed CSP: Theory and practice. In Proceedings of REX Workshop, LNCS 600, Nijmegen, 1992. Springer-Verlag.Google Scholar
  16. [16]
    Formal Systems (Europe) Ltd. Failures Divergence Refinement. User Manual and Tutorial, version 2.11. Google Scholar
  17. [17]
    M.J. Gordon. HOL: a machine oriented formulation of higher order logic. Technical Report 68, University of Cambridge Computer Laboratory, 1985.Google Scholar
  18. [18]
    C.A.R. Hoare.Communicating Sequential Processes. Prentice Hall, 1985.MATHGoogle Scholar
  19. [19]
    G. Holzmann and D. Peled. The state of SPIN. In Rajeev Alur and Thomas A Henzinger, editors, Computer-Aided Verification, CAV96, LNCS 1102, pages 385–389. Springer-Verlag, 1996.Google Scholar
  20. [20]
  21. [21]
  22. [22]
    D.M. Jackson. Experiences in embedded scheduling. In Proceedings of Formal Methods Europe, Oxford, 1996.Google Scholar
  23. [23]
    A. Kay and J.N. Reed. A rely and guarantee method for TCSP, a specification and design of a telephone exchange. IEEE Trans. Soft. Eng., 19(6):625–629, June 1993.CrossRefGoogle Scholar
  24. [24]
    C. Lewerentz and T. Lindner, editors. Formal Development of Reactive Systems: Case Study Production Cell. LNCS 891. Springer-Verlag, 1995.MATHGoogle Scholar
  25. [25]
    Zohar Manna. STeP: Deductive-algorithmic verification of reactive and real-time systems. In Rajiv Alur and Thomas A Henzinger, editors, CAV96, LNCS 1102, pages 415–418. Springer-Verlag, 1996.Google Scholar
  26. [26]
    C.C. Morgan. Of wp and CSP. In D. Gries W.H.J. Feijen, A.G.M. van Gasteren and J. Misra, editors, Beauty is our business: a birthday salute to Edsger W. Dijkstra. Springer-Verlag, 1990.Google Scholar
  27. [27]
    C.C. Morgan.Programing from Specifications. International Series in Computer Science. Prentice Hall, second edition, 1994.Google Scholar
  28. [28]
    P.Palangue and F. Paternö, editors. Formal Methods in Human-Computer Interaction. Springer, 1998.Google Scholar
  29. [29]
    J.N. Reed et al. Automated formal analysis of networks: FDR models of arbitrary topologies and flow-control mechanisms. In ETAPS-FASE98 European Joint Conf. on Theory and Practice of Software, Lisbon, 1998.Google Scholar
  30. [30]
    A.W. Roscoe and R.S. Lazic. Using logical relations for automated verification of data-independent CSP. In Oxford Workshop on Automated Formal Methods ENTCS, Oxford, UK, 1996.Google Scholar
  31. [31]
    A.W. Roscoe. The Theory and Practice of Concurrency. Prentice Hall, 1997.Google Scholar
  32. [32]
    S. Raj an et al. An integration of model-checking with automated proof checking. In CAV’95, LNCS 939, pages 84–97. Springer-Verlag, 1995.Google Scholar
  33. [33]
    B. Scattergood.Tools for CSP and Timed CSP. DPhil thesis, University of Oxford, (forthcoming 1998).Google Scholar
  34. [34]
    K. Seidel. Pi bus. In Formal Methods Europe, Barcelona, 1993.Google Scholar
  35. [35]
    J. Sinclair. Action Systems, Determinism, and the Development of Secure Systems. PhD thesis, Open University, 1998.Google Scholar
  36. [36]
    CMU - School of Computer Science Formal Methods -Model Checking.
  37. [37]
    On-the-fly, LTL model checking with SPIN.
  38. [38]
    J.M. Spivey. The Z Notation: A Reference Manual. Prentice Hall, 2nd ed., 1992.Google Scholar
  39. [39]
    J.M. Wing. A study of 12 specifications of the library problem. IEEE Software, pages 66–82, July 1988.Google Scholar
  40. [40]
    J.C.P. Woodcock and C.C. Morgan. Refinement of state-based concurrent systems. In Proc. of VDM Symposium, LNCS 428. Springer-Verlag, 1990.Google Scholar

Copyright information

© Springer-Verlag London Limited 1999

Authors and Affiliations

  • J. N. Reed
    • 1
  • J. E. Sinclair
    • 2
  • F. Guigand
    • 3
  1. 1.Oxford Brookes UniversityOxfordUK
  2. 2.Warwick UniversityCoventryUK
  3. 3.Oxford Brookes UniversityOxfordUK

Personalised recommendations