Deductive Reasoning versus Model Checking: Two Formal Approaches for System Development
We compare and contrast two formal approaches for system development: state-based notation with verification by deductive reasoning, exemplified here by action systems; and event-based notation with verification by model checking, here using CSP/FDR. Our purpose is to identify specific similarities and differences, and strengths and weaknesses of the two approaches by direct comparison on the same application. We examine a small case study of a store-and-forward network specified and refined using the two notations. Our work illustrates that different approaches lead to different developmental strategies and can reveal complementary aspects of a system, indicating that unified techniques may be effective.
KeywordsAction System Model Check Internal Action Deductive Reasoning Message Type
Unable to display preview. Download preview PDF.
- ISO Recommendation 8807. Information processing system - open system interconnection - LOTOS - a formal description technique based on temporal ordering of observational behaviour, 1988.Google Scholar
- ISO 9074. The extended state transition language (Estelle), 1989.Google Scholar
- Michel Allemand et al. editors. Comparing Systems Specification Techniques, Putting into practice methods and tools for information system design, Univ. de Nantes, Prance, March 1998.Google Scholar
- J.-R. Abrial et al. The steam boiler control specification problem. http://www.informatik.uni-kiel.de/~procos/dag9523/dag9523.html.Google Scholar
- J.-R. Abrial et al. The steam boiler control specification problem. In LNCS 1165. Springer Verlag, 1996.Google Scholar
- R.J.R. Back and R. Kurki-Suonio. Decentralisation of process nets with centralised control. In 2nd ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing, pages 131–142, 1983.Google Scholar
- M.J. Butler.A CSP Approach to Action Systems. DPhil thesis, University of Oxford, 1992.Google Scholar
- R. Covington et al. Formal methods specification and verification guidebook for the verification of software and computer systems: planning and technology insertion. Tech. Report NASA-GB-002–95, vol I, NASA, 1995.Google Scholar
- J. Crow et al. Formal methods specification and analysis guidebook for the verification of software and computer systems. Tech. Report NASA- GB-001–97, vol II, NASA, 1997.Google Scholar
- Sadie Creese and Joy Reed. Verifying end-to-end protocols using induction with CSP/FDR. (in preparation).Google Scholar
- D. Dill. The Murø verification system. In Rajeev Alur and Thomas A Henzinger, editors, Computer-Aided Verification, CAV96, LNCS 1102, pages 390–393. Springer-Verlag, 1996.Google Scholar
- J. Davies, D.M. Jackson, G.M. Reed, J.N. Reed, A.W. Roscoe, and S.A. Schneider. Timed CSP: Theory and practice. In Proceedings of REX Workshop, LNCS 600, Nijmegen, 1992. Springer-Verlag.Google Scholar
- Formal Systems (Europe) Ltd. Failures Divergence Refinement. User Manual and Tutorial, version 2.11. Google Scholar
- M.J. Gordon. HOL: a machine oriented formulation of higher order logic. Technical Report 68, University of Cambridge Computer Laboratory, 1985.Google Scholar
- G. Holzmann and D. Peled. The state of SPIN. In Rajeev Alur and Thomas A Henzinger, editors, Computer-Aided Verification, CAV96, LNCS 1102, pages 385–389. Springer-Verlag, 1996.Google Scholar
- Internet. Estelle specs, ftp://louie.udel.edu/pub/grope/estelle-specs.
- Internet. Lotos bib. http://www.cs.stir.ac.uk/kjt/research/well/bib.html.
- D.M. Jackson. Experiences in embedded scheduling. In Proceedings of Formal Methods Europe, Oxford, 1996.Google Scholar
- Zohar Manna. STeP: Deductive-algorithmic verification of reactive and real-time systems. In Rajiv Alur and Thomas A Henzinger, editors, CAV96, LNCS 1102, pages 415–418. Springer-Verlag, 1996.Google Scholar
- C.C. Morgan. Of wp and CSP. In D. Gries W.H.J. Feijen, A.G.M. van Gasteren and J. Misra, editors, Beauty is our business: a birthday salute to Edsger W. Dijkstra. Springer-Verlag, 1990.Google Scholar
- C.C. Morgan.Programing from Specifications. International Series in Computer Science. Prentice Hall, second edition, 1994.Google Scholar
- P.Palangue and F. Paternö, editors. Formal Methods in Human-Computer Interaction. Springer, 1998.Google Scholar
- J.N. Reed et al. Automated formal analysis of networks: FDR models of arbitrary topologies and flow-control mechanisms. In ETAPS-FASE98 European Joint Conf. on Theory and Practice of Software, Lisbon, 1998.Google Scholar
- A.W. Roscoe and R.S. Lazic. Using logical relations for automated verification of data-independent CSP. In Oxford Workshop on Automated Formal Methods ENTCS, Oxford, UK, 1996.Google Scholar
- A.W. Roscoe. The Theory and Practice of Concurrency. Prentice Hall, 1997.Google Scholar
- S. Raj an et al. An integration of model-checking with automated proof checking. In CAV’95, LNCS 939, pages 84–97. Springer-Verlag, 1995.Google Scholar
- B. Scattergood.Tools for CSP and Timed CSP. DPhil thesis, University of Oxford, (forthcoming 1998).Google Scholar
- K. Seidel. Pi bus. In Formal Methods Europe, Barcelona, 1993.Google Scholar
- J. Sinclair. Action Systems, Determinism, and the Development of Secure Systems. PhD thesis, Open University, 1998.Google Scholar
- CMU - School of Computer Science Formal Methods -Model Checking. http://www.cs.cmu.edu/modelcheck/modck.html.
- On-the-fly, LTL model checking with SPIN. http://netlib.bell-labs.com/netlib/spin/whatispin.html.
- J.M. Spivey. The Z Notation: A Reference Manual. Prentice Hall, 2nd ed., 1992.Google Scholar
- J.M. Wing. A study of 12 specifications of the library problem. IEEE Software, pages 66–82, July 1988.Google Scholar
- J.C.P. Woodcock and C.C. Morgan. Refinement of state-based concurrent systems. In Proc. of VDM Symposium, LNCS 428. Springer-Verlag, 1990.Google Scholar