2The bulk of the contribution of the first author to this work was done when he was on leave from UCLA and doing a summer job at Bell Laboratories.

ion of Model Checking Rachel Cardell-Oliver and Chris Southon Department of Computer Science University of Essex October 1995 Abstract This paper presents a new approach to the verification of temporal requirements for real-time systems which combines the benefits of abstraction in theorem proving and automation in model checking. Previous work combining these paradigms has provided a uniform interface to two different methods whereas here model checking is represented by proof rules and procedures within the theorem proving paradigm. Logical expressions are used to represent (possibly infinite) classes of states. Logical deduction and an operational semantics are used to evaluate the possible behaviours of specifications. Sound inductive proof rules evaluate the truth of temporal propositions over these behaviours. The theory has been embedded in the HOL system providing a tool for automatic verification which has been tested on a number of examples. 1 Introduction One way to ma...

MDG Model Checking and submitted in partial fulfilment of the requirements for the degree of Master of Applied Science complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: Dr. M. Reza Soleymani Dr. Otmane Ait Mohamed Dr. Patrice Chalin Dr. Sofi`ene Tahar Approved by Chair of the ECE Department

Reliable Multicast Protocol (RMP) is a communication protocol that provides an atomic, totally ordered, reliable multicast service on top of unreliable IP multicasting. In this report, we develop formal models for RMP using existing automated verification systems, and perform validation on the formal RMP specifications. The validation analysis helped identify some minor specification and design problems. We also use the formal models of RMP to generate a test suite for conformance testing of the implementation. Throughout the process of RMP development, we follow an iterative, interactive approach that emphasizes concurrent and parallel progress of implementation and verification processes. Through this approach, we incorporate formal techniques into our development process, promote a common understanding for the protocol, increase the reliability of our software, and maintain high fidelity between the specifications of RMP and its implementation. Introduction 2 Chapter 1 Introducti...

Abstract — Fault-injection (FI) based techniques for dependability assessment of distributed protocols face certain limitations in providing state-space coverage and also incur high operational cost. This is primarily due to lack of complete knowledge of fault-distribution at the protocol level which in turn limits the use of statistical approaches in deriving and estimating the number of test cases to inject. In practice, formal techniques have effectively being used in proving the correctness of dependable distributed protocols, and these techniques traditionally have not been directly associated with experimental validation techniques such as FI-based testing. There exists a gap between these two well-established approaches, viz. formal verification and FI-based validation techniques. If there exists an approach which utilizing a rich set of information pertaining to the protocol operation generated through formal verification process can provide guided-support to perform FI-based validation, then the overall effectiveness of such validation techniques can be greatly improved. With this viewpoint, in this paper, we propose a methodology which utilizes the theorem-proving technique as an underlying formal-engine, and is composed of two novel structured and graphical representation schemes (interactive userinterfaces) for (a) capturing/visualizing information generated over the formal verification process, (b) facilitating interactive analysis through the chosen formal-engine (specifically, any theorem-proving tool) and database, and (c) user-guided identification of influential parameters, those eventually used for generating test cases for FI-based testing. A case study of an on-line diagnosis protocol is used to illustrate and establish the viability of the proposed methodology.