The use of model checkers to solve discrete optimisation problems is appealing. A model checker can first be used to verify that the model of the problem is correct. Subsequently, the same model can be used to find an optimal solution for the problem. This paper describes how to apply the new Promela primitives of Spin 4.0 to search effectively for the… (More)
SpinJa is a model checker for promela, implemented in Java. SpinJa is designed to behave similarly to Spin, but to be more easily extendible and reusable. Despite the fact that SpinJa uses a lay-ered object-oriented design and is written in Java, SpinJa's performance is reasonable: benchmark experiments have shown that, in exhaustive mode, SpinJa is about… (More)
Spin  is a model checker for the verification of distributed systems software. The tool is freely distributed, and often described as one of the most widely used verification systems. The Advanced Spin Tu-torial is a sequel to  and is targeted towards intermediate to advanced Spin users.
This paper concerns the transfer of les via a lossy communication channel. It formally speciies this le transfer service in a property-oriented way and investigates|using two diierent techniques|whether a given bounded retransmission protocol conforms to this service. This protocol is based on the well-known alternating bit protocol but allows for a bounded… (More)
This paper concerns the transfer of les via a lossy communication channel. It formally speciies this le transfer service in a property-oriented way and investigates|using two diierent techniques| whether a given bounded retransmission protocol conforms to this service. This protocol is based on the well-known alternating bit protocol but allows for a… (More)
Since the introduction of the rst version of the model checker Spin in 1991, many papers have been written on improvements to the tool and on industrial applications of the tool. Less attention has been given to the pragmatic use of Spin. This paper presents several techniques to optimise both the modelling and veriication activities when using Spin.
M-health systems are safety critical systems intended for use by the public and are therefore characterized by especially strict requirements relating to safety, security, correctness, reliability, adaptability and user friendliness. This position paper proposes a methodology which realizes the MDA approach by utilizing formal methods to support… (More)
MoonWalker is a software model checker for cil bytecode programs, which is able to detect deadlocks and assertion violations in cil assemblies, better known as Microsoft .NET programs. The design of MoonWalker is inspired by the Java PathFinder (jpf), a model checker for Java programs. The performance of MoonWalker is on par with jpf. This paper presents… (More)