The SPIN Model Checker : Primer and Reference Manual (Hardcover)
暫譯: SPIN 模型檢查器：入門與參考手冊 (精裝版)

Summary

Master SPIN, the breakthrough tool for improving software reliability

SPIN is the world's most popular, and arguably one of the world's most powerful, tools for detecting software defects in concurrent system designs. Literally thousands of people have used SPIN since it was first introduced almost fifteen years ago. The tool has been applied to everything from the verification of complex call processing software that is used in telephone exchanges, to the validation of intricate control software for interplanetary spacecraft.

This is the most comprehensive reference guide to SPIN, written by the principal designer of the tool. It covers the tool's specification language and theoretical foundation, and gives detailed advice on methods for tackling the most complex software verification problems.

• Sum Design and verify both abstract and detailed verification models of complex systems software
• Sum Develop a solid understanding of the theory behind logic model checking
• Sum Become an expert user of the SPIN command line interface, the Xspin graphical user interface, and the TimeLine editing tool
• Sum Learn the basic theory of omega automata, linear temporal logic, depth-first and breadth-first search, search optimization, and model extraction from source code

The SPIN software was awarded the prestigious Software System Award by the Association for Computing Machinery (ACM), which previously recognized systems such as UNIX, SmallTalk, TCP/IP, Tcl/Tk, and the World Wide Web.

Table of Contents

Preface.

INTRODUCTION.

1. Finding Bugs in Concurrent Systems.

 

Circular Blocking. Deadly Embrace. Mismatched Assumptions. Fundamental Problems of Concurrency. Observability and Controllability.

 

2. Building Verification Models.

 

Introducing PROMELA. Some Examples. Biographical Notes.

 

3. An Overview of PROMELA.

 

Processes. Data Objects. Message Channels. Channel Poll Operations. Sorted Send and Random Receive. Rendezvous Communication. Rules for Executability. Control Flow. Finding out More.

 

4. Defining Correctness Claims.

 

Basic Types of Claims. Assertions. Meta-Labels. Fair Cycles. Never Claims. The Link with LTL. Trace Assertions. Predefined Variables and Functions. Path Quantification. Finding out More.

 

5. Using Design Abstraction.

 

What Makes a Good Design Abstraction? Data and Control. The Smallest Sufficient Model. Avoiding Redundancy. Counters, Sinks, Sources, and Filters. Simple Refutation Models. Examples. Controlling Complexity. A Formal Basis for Reduction.

 

FOUNDATION.

6. Automata and Logic.

 

Omega Acceptance. The Stutter Extension Rule. Finite States. Infinite Runs. Other Types of Acceptance. Temporal Logic. Recurrence and Stability. Valuation Sequences. Stutter. Invariance. Fairness. From Logic to Automata. Omega-Regular Properties. Other Logics. Bibliographic Notes.

 

7. PROMELASemantics.

 

Transition Relation. Operational Model. Semantics Engine. Interpreting PROMELA Models. Three Examples. Verification. The Never Claim.

 

8. Search Algorithms.

 

Depth-First Search. Checking Safety Properties. Depth-Limited Search. Trade-Offs. Breath-First Search. Checking Liveness Properties. Adding Fairness. The SPIN Implementation. Complexity Revisited. Bibliographic Notes.

 

9. Search Optimization.

 

Partial Order Reduction. Visibility. Statement Merging. State Compression. Collapse Compression. The Minimized Automaton Representation. Bitstate Hashing. Bloom Filters. Hash-Compact. Bibliographic Notes.

 

10. Notes on Model Extraction.

 

The Role of Abstraction. From ANSI-C to PROMELA. Embedded Assertions. A Framework for Abstraction. Soundness and Completeness. Selective Data Hiding. Bolder Abstractions. Dealing with False Negatives. Thorny Issues with Embedded C Code. The Model Extraction Process. The Halting Problem Revisited. Bibliographic Notes.

 

PRACTICE.

11. Using SPIN.

 

SPIN Structure. Roadmap. Random Simulation. Interactive Simulation. Generating and Compiling a Verifier. Tuning a Verification Run, the Number of Reachable States. Search Depth. Cycle Detection. Inspecting Error Traces. Internal State Numbers. Special Cases. Disabling Partial Order Reduction. Boosting Performance. Separate Compilation. Lowering Verification Complexity.

 

12. Notes on XSPIN.

 

Starting a Session with XSPIN. Menus. Syntax Checking. Property- Based Slicing. Simulation Parameters. Verification Parameters. The LTL Property Manager. The Automaton View Option.

 

13. The TimeLine Editor.

 

An Example. Types of Events. Defining Events. Matching a Timeline. Automata Definitions. Variations on a Theme. Constraints. Timelines with One Event. Timelines with Multiple Events. The Link with LTL. Bibliographic Notes.

 

14. A Verification Model of a Telephone Switch.

 

General Approach. Keeping it Simple. Managing Complexity. Subscriber Model. Switch Model. Remote Switches. Adding Features. Three-Way Calling.

 

15. Sample SPINModels.

 

The Sieve of Eratosthenes. Process Scheduling. A Client-Server Model. A Square-Root Server. Adding Interaction. Adding Assertions. A Comment Filter.

 

REFERENCE MATERIAL.

16. PROMELA Language Reference.

 

Grammar Rules. Special Cases. PROMELA Manual Pages. Meta Terms. Declarators. Control Flow Constructors. Basic Statements. Predefined Functions and Operators. Omissions.

 

17. Embedded C Code.

 

Example. Data References. Execution. Issues to Consider. Deferring File Inclusion. Manual Pages for Embedded C Code.

 

18. Overview of SPINOptions.

 

Compile-Time Options. Simulation. Syntax-Checking. Postscript Generation. Model Checker Generation. LTL Conversion. Miscellaneous Options.

 

19. Overview of PANOptions.

 

PAN Compile-Time Options. Tuning Partial Order Reduction. Increasing Speed. Decreasing Memory Use. Debugging PAN Verifiers. Experimental Options. PAN Run-Time Options. PAN Output Format.

 

LITERATURE.

APPENDICES.

A: Automata Products.

 

Asynchronous and Synchronous Products. Defining Atomic Sequences and Rendezvous. Expanded Asynchronous Products. Büchi Acceptance. Non-Progress. Deadlock.

 

B: The Great Debates.

 

Branching vs Linear Time. Symbolic vs Explicit. Breadth-First vs Depth-First. Tarjan vs Nested. Events vs States. Realtime vs Timeless. Probability vs Possibility. Asynchronous vs Synchronous. Interleaving vs True Concurrency. Open vs Closed Systems.

 

C: Exercises with SPIN.

D: Downloading SPIN.

Tables and Figures.

Index.