The SPIN Model Checker : Primer and Reference Manual (Hardcover)

Summary

Master SPIN, the breakthrough tool for improving software reliability

SPIN is the world's most popular, and arguably one of the world's most powerful, tools for detecting software defects in concurrent system designs. Literally thousands of people have used SPIN since it was first introduced almost fifteen years ago. The tool has been applied to everything from the verification of complex call processing software that is used in telephone exchanges, to the validation of intricate control software for interplanetary spacecraft.

This is the most comprehensive reference guide to SPIN, written by the principal designer of the tool. It covers the tool's specification language and theoretical foundation, and gives detailed advice on methods for tackling the most complex software verification problems.

• Sum Design and verify both abstract and detailed verification models of complex systems software
• Sum Develop a solid understanding of the theory behind logic model checking
• Sum Become an expert user of the SPIN command line interface, the Xspin graphical user interface, and the TimeLine editing tool
• Sum Learn the basic theory of omega automata, linear temporal logic, depth-first and breadth-first search, search optimization, and model extraction from source code

The SPIN software was awarded the prestigious Software System Award by the Association for Computing Machinery (ACM), which previously recognized systems such as UNIX, SmallTalk, TCP/IP, Tcl/Tk, and the World Wide Web.

Table of Contents

Preface.

INTRODUCTION.

1. Finding Bugs in Concurrent Systems.

 

Circular Blocking. Deadly Embrace. Mismatched Assumptions. Fundamental Problems of Concurrency. Observability and Controllability.

 

2. Building Verification Models.

 

Introducing PROMELA. Some Examples. Biographical Notes.

 

3. An Overview of PROMELA.

 

Processes. Data Objects. Message Channels. Channel Poll Operations. Sorted Send and Random Receive. Rendezvous Communication. Rules for Executability. Control Flow. Finding out More.

 

4. Defining Correctness Claims.

 

Basic Types of Claims. Assertions. Meta-Labels. Fair Cycles. Never Claims. The Link with LTL. Trace Assertions. Predefined Variables and Functions. Path Quantification. Finding out More.

 

5. Using Design Abstraction.

 

What Makes a Good Design Abstraction? Data and Control. The Smallest Sufficient Model. Avoiding Redundancy. Counters, Sinks, Sources, and Filters. Simple Refutation Models. Examples. Controlling Complexity. A Formal Basis for Reduction.

 

FOUNDATION.

6. Automata and Logic.

 

Omega Acceptance. The Stutter Extension Rule. Finite States. Infinite Runs. Other Types of Acceptance. Temporal Logic. Recurrence and Stability. Valuation Sequences. Stutter. Invariance. Fairness. From Logic to Automata. Omega-Regular Properties. Other Logics. Bibliographic Notes.

 

7. PROMELASemantics.

 

Transition Relation. Operational Model. Semantics Engine. Interpreting PROMELA Models. Three Examples. Verification. The Never Claim.

 

8. Search Algorithms.

 

Depth-First Search. Checking Safety Properties. Depth-Limited Search. Trade-Offs. Breath-First Search. Checking Liveness Properties. Adding Fairness. The SPIN Implementation. Complexity Revisited. Bibliographic Notes.

 

9. Search Optimization.

 

Partial Order Reduction. Visibility. Statement Merging. State Compression. Collapse Compression. The Minimized Automaton Representation. Bitstate Hashing. Bloom Filters. Hash-Compact. Bibliographic Notes.

 

10. Notes on Model Extraction.

 

The Role of Abstraction. From ANSI-C to PROMELA. Embedded Assertions. A Framework for Abstraction. Soundness and Completeness. Selective Data Hiding. Bolder Abstractions. Dealing with False Negatives. Thorny Issues with Embedded C Code. The Model Extraction Process. The Halting Problem Revisited. Bibliographic Notes.

 

PRACTICE.

11. Using SPIN.

 

SPIN Structure. Roadmap. Random Simulation. Interactive Simulation. Generating and Compiling a Verifier. Tuning a Verification Run, the Number of Reachable States. Search Depth. Cycle Detection. Inspecting Error Traces. Internal State Numbers. Special Cases. Disabling Partial Order Reduction. Boosting Performance. Separate Compilation. Lowering Verification Complexity.

 

12. Notes on XSPIN.

 

Starting a Session with XSPIN. Menus. Syntax Checking. Property- Based Slicing. Simulation Parameters. Verification Parameters. The LTL Property Manager. The Automaton View Option.

 

13. The TimeLine Editor.

 

An Example. Types of Events. Defining Events. Matching a Timeline. Automata Definitions. Variations on a Theme. Constraints. Timelines with One Event. Timelines with Multiple Events. The Link with LTL. Bibliographic Notes.

 

14. A Verification Model of a Telephone Switch.

 

General Approach. Keeping it Simple. Managing Complexity. Subscriber Model. Switch Model. Remote Switches. Adding Features. Three-Way Calling.

 

15. Sample SPINModels.

 

The Sieve of Eratosthenes. Process Scheduling. A Client-Server Model. A Square-Root Server. Adding Interaction. Adding Assertions. A Comment Filter.

 

REFERENCE MATERIAL.

16. PROMELA Language Reference.

 

Grammar Rules. Special Cases. PROMELA Manual Pages. Meta Terms. Declarators. Control Flow Constructors. Basic Statements. Predefined Functions and Operators. Omissions.

 

17. Embedded C Code.

 

Example. Data References. Execution. Issues to Consider. Deferring File Inclusion. Manual Pages for Embedded C Code.

 

18. Overview of SPINOptions.

 

Compile-Time Options. Simulation. Syntax-Checking. Postscript Generation. Model Checker Generation. LTL Conversion. Miscellaneous Options.

 

19. Overview of PANOptions.

 

PAN Compile-Time Options. Tuning Partial Order Reduction. Increasing Speed. Decreasing Memory Use. Debugging PAN Verifiers. Experimental Options. PAN Run-Time Options. PAN Output Format.

 

LITERATURE.

APPENDICES.

A: Automata Products.

 

Asynchronous and Synchronous Products. Defining Atomic Sequences and Rendezvous. Expanded Asynchronous Products. Büchi Acceptance. Non-Progress. Deadlock.

 

B: The Great Debates.

 

Branching vs Linear Time. Symbolic vs Explicit. Breadth-First vs Depth-First. Tarjan vs Nested. Events vs States. Realtime vs Timeless. Probability vs Possibility. Asynchronous vs Synchronous. Interleaving vs True Concurrency. Open vs Closed Systems.

 

C: Exercises with SPIN.

D: Downloading SPIN.

Tables and Figures.

Index.

摘要

SPIN是改善軟體可靠性的突破性工具。它是世界上最受歡迎的、也是最強大的工具之一，用於檢測並行系統設計中的軟體缺陷。自從它首次推出近15年以來，成千上萬的人使用了SPIN。這個工具已經應用於從驗證電話交換中使用的複雜呼叫處理軟體，到驗證星際太空船的複雜控制軟體。這是SPIN最全面的參考指南，由該工具的主要設計師撰寫。它涵蓋了該工具的規範語言和理論基礎，並提供了解決最複雜軟體驗證問題的詳細建議。

- 設計和驗證複雜系統軟體的抽象和詳細驗證模型
- 深入了解邏輯模型檢查背後的理論
- 成為SPIN命令行界面、Xspin圖形界面和TimeLine編輯工具的專家用戶
- 學習歐米茄自動機、線性時間邏輯、深度優先和廣度優先搜索、搜索優化以及從源代碼中提取模型的基本理論

SPIN軟體曾獲得計算機協會（ACM）頒發的著名軟體系統獎，該獎曾經獎勵過UNIX、SmallTalk、TCP/IP、Tcl/Tk和World Wide Web等系統。

目錄

- 前言
- 簡介
- 1. 在並行系統中尋找錯誤
- 2. 構建驗證模型
- 3. PROMELA概述
- 4. 定義正確性要求
- 5. 使用設計抽象
- 基礎
- 6. 自動機和邏輯