SpinJa is a model checker for promela, implemented in Java. SpinJa is designed to behave similarly to Spin, but to be more easily extendible and reusable. Despite the fact that SpinJa uses a lay-ered object-oriented design and is written in Java, SpinJa's performance is reasonable: benchmark experiments have shown that, in exhaustive mode, SpinJa is about(More)
This paper concerns the transfer of les via a lossy communication channel. It formally speciies this le transfer service in a property-oriented way and investigates|using two diierent techniques|whether a given bounded retransmission protocol conforms to this service. This protocol is based on the well-known alternating bit protocol but allows for a bounded(More)
Since the introduction of the rst version of the model checker Spin in 1991, many papers have been written on improvements to the tool and on industrial applications of the tool. Less attention has been given to the pragmatic use of Spin. This paper presents several techniques to optimise both the modelling and veriication activities when using Spin.
MoonWalker is a software model checker for cil bytecode programs, which is able to detect deadlocks and assertion violations in cil assemblies, better known as Microsoft .NET programs. The design of MoonWalker is inspired by the Java PathFinder (jpf), a model checker for Java programs. The performance of MoonWalker is on par with jpf. This paper presents(More)