Abstract—SPIN is an efficient verification system for models of distributed software systems. It has been used to detect design errors in applications ranging from high-level descriptions of distributed algorithms to detailed code for controlling telephone exchanges. This paper gives an overview of the design and structure of the verifier, reviews its theoretical foundation, and gives an overview of significant practical applications. Index Terms—Formal methods, program verification, design verification, model checking, distributed systems, concurrency.

. The development of provably error-free concurrent systems is still a challenge of system engineering. Modelling and analysis of concurrent systems by means of Petri nets is one of the wellknown approaches using formal methods. To evaluate the reached practicability degree of available methods and tools to at least medium-sized systems, the authors demonstrate the step-wise development and validation of the control software of a reactive system [13]. Strong emphasis has been laid on automation of the analyses to be done. This paper provides a brief outline of the authors' work, stressing especially analysis experience. Keywords: Parallel software/system engineering, static analysis, Petri nets, reactive system, reliability. 1 Introduction The development of provably error-free concurrent systems is still a challenge of system engineering. Modelling and analysis of concurrent systems by means of Petri nets is one of the well-known approaches using formal methods. To evaluate the rea...

. The development of provably error-free concurrent systems is still a challenge of system engineering. Modelling and analysis of concurrent systems by means of Petri nets is one of the well-known approaches using formal methods. To evaluate the reached practicability degree of available methods and tools to at least medium-sized systems, we demonstrate the step-wise development and validation of the control software of a reactive system. The validation of qualitative properties comprises two steps. At first, context checking of general semantic properties is done by a suitable combination of static and dynamic analysis techniques of Petri net theory. Afterwards, verification of well-defined special semantic properties, especially safety properties, given by a separate specification of the required functionality, is performed by model checking. Strong emphasis has been laid on automation of the analyses to be done. This paper provides a brief outline of the authors' work which is descr...

This work describes an algorithm of automata construction for LTL safety properties, suitable for bounded model check ing. Existing automata construction methods are tailored to BDD-based symbolic model checking. The novelty of our approach is that we construct deterministic automata, unlike the standard approach, which constructs nondeterministic automata. We show that the proposed method has significant advantages for bounded model checking over traditional methods.

Model checking techniques suffer from the state space explosion problem: as the size of the system being verified increases, the total state space of the system increases exponentially. Some of the methods that have been devised to tackle this problem are partial order reduction, symmetry reduction, hash compaction, selective state caching, etc. One approach to the problem that has gained interest in recent years is the parallelization of model checking algorithms. A random walk on the state space has some nice properties, the most important of which is the fact that it lends itself to being parallelized in a natural way. Random walk is a low overhead and a partial search method. Breadth first search, on the other hand, is a high overhead and a full search technique. In this article, we propose various heuristic algorithms that combine random walks on the state space with bounded breadth first search in a parallel context. These algorithms are in the process of being incorporated into a distributed memory model checker.