Common LISP: the language (2nd ed.)
Common LISP: the language (2nd ed.)
Design and validation of computer protocols
Design and validation of computer protocols
Constructing compact models of concurrent Java programs
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Experiments in Theorem Proving and Model Checking for Protocol Verification
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Computing Abstractions of Infinite State Systems Compositionally and Automatically
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
InVeST: A Tool for the Verification of Invariants
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
PVS: Combining Specification, Proof Checking, and Model Checking
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Java PathFinder, A Translator from Java to Promela
Proceedings of the 5th and 6th International SPIN Workshops on Theoretical and Practical Aspects of SPIN Model Checking
Synthesizing Monitors for Safety Properties
TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Monitoring Programs Using Rewriting
Proceedings of the 16th IEEE international conference on Automated software engineering
Rewriting-Based Techniques for Runtime Verification
Automated Software Engineering
Improved on-the-fly verification with testers
Nordic Journal of Computing
Component Verification with Automatically Generated Assumptions
Automated Software Engineering
Verifying Multi-agent Programs by Model Checking
Autonomous Agents and Multi-Agent Systems
Formal modelling and analysis of mission-critical software in military avionics systems
SCS '06 Proceedings of the eleventh Australian workshop on Safety critical systems and software - Volume 69
Original papers: Model-checking for adventure videogames
Information and Software Technology
Automated Testing of Planning Models
Model Checking and Artificial Intelligence
An experience in embedded control software verification
ETFA'09 Proceedings of the 14th IEEE international conference on Emerging technologies & factory automation
Type inference and strong static type checking for Promela
Science of Computer Programming
Model-checking Erlang: a comparison between EtomCRL2 and McErlang
TAIC PART'10 Proceedings of the 5th international academic and industrial conference on Testing - practice and research techniques
Compositional model checking of software product lines using variation point obligations
Automated Software Engineering
A self-updating model for analysing system reconfigurability
Engineering Applications of Artificial Intelligence
Verifying χ models of industrial systems with SPIN
ICFEM'06 Proceedings of the 8th international conference on Formal Methods and Software Engineering
A formal description of SECIMOS operating system
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Communications of the ACM
| Hi-index | 0.02 |
This paper documents an application of the finite state model checker Spin to formally analyze a multithreaded plan execution module. The plan execution module is one component of NASA's New Millennium Remote Agent, an artificial intelligence-based space-craft control system architecture which launched in October of 1998 as part of the Deep Space 1 mission. The bottom layer of the plan execution module architecture is a domain specific language, named Esl (Executive Support Language), implemented as an extension to multithreaded Common Lisp. Esl supports the construction of reactive control mechanisms for autonomous robots and space-craft. For this case study, we translated the Esl services for managing interacting parallel goal-and-event driven processes into the Promela input language of Spin. A total of five previously undiscovered concurrency errors were identified within the implementation of Esl. According to the Remote Agent programming team, the effort has had a major impact, locating errors that would not have been located otherwise and, in one case, identifying a major design flaw. In fact, in a different part of the system, a concurrency bug identical to one discovered by this study escaped testing and caused a deadlock during an in-flight experiment 96 million kilometers from earth. The work additionally motivated the introduction of procedural abstraction in terms of inline procedures into Spin.