The Stanford FLASH multiprocessor
ISCA '94 Proceedings of the 21st annual international symposium on Computer architecture
The bakery algorithm: yet another specification and verification
Specification and validation methods
A case study in model checking software systems
Science of Computer Programming - Special issue: on formal specifications: foundations, methods, tools and applications: selected papers from the FMTA '95 conference (29–31 May 1995, Konstancin n. Warsaw, Poland)
Symbolic Model Checking
Model Checking Support for the ASM High-Level Language
TACAS '00 Proceedings of the 6th International Conference on Tools and Algorithms for Construction and Analysis of Systems: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
Automatic Verification of Abstract State Machines
CAV '99 Proceedings of the 11th International Conference on Computer Aided Verification
VIS: A System for Verification and Synthesis
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
ASM2Bogor: An approach for verification of models specified through Asmeta language
Journal of Visual Languages and Computing
| Hi-index | 0.00 |
Gurevich's Abstract State Machines (ASM) constitute a high-level specification language for a wide range of applications. The existing tool support for ASM was extended, in a previous work, to provide computer-aided verification, in particular by model checking. In this paper, we discuss the applicability of the model checking approach in general and describe the steps that are necessary to fit different kinds of ASM models for the model checking process. Along the example of the FLASH cache coherence protocol, we show how model checking can support development and debugging of ASM models. We show the necessary refinement for the message passing behaviour in the protocol and give examples for errors found by model checking the resulting model. We conclude with some general remarks on the existing transformation algorithm.