List of model checking tools explained

This article lists model checking tools and gives an overview of the functionality of each.

Overview of some model checking tools

The following table includes model checkers that have

  1. a web site from which it can be downloaded,
  2. a declared license,
  3. a description published in archived literature, and
  4. a Wikipedia article describing it.

In the below table, the following abbreviations are used:

Name Model Checking Equivalence checking GUI Availability
Plain, Probabilistic, Stochastic, ...Modelling languageProperties languageSupported equivalencesCounter example generation  GUI  Graphical SpecificationCounter example visualizationSoftware licenseProgramming language usedPlatform, OS<--------- Java Pathfinder ------------>
Java PathfinderPlain and timedJavaunknownunknownNoGUIGraphical specunknownNASAJavamacOS, Windows, Linux-->
BLASTCode analysisCMonitor automataOCamlWindows, Unix related
CADPPlain and probabilisticLOTOS, FC2, FSP, LNT AFMC, MCL, XTLSB, WB, BB, OE, STE, WTE, SE, tau*EC, Bourne shell, Tcl/Tk, LOTOS, LNTmacOS, Linux, Solaris, Windows
CPAcheckerCode analysisCMonitor automataJavaAny
DREAMReal-timeC++, Timed automataMonitor automataC++Windows, Unix related
FizzBee Specification LanguagePlain and probabilisticPythonLTLGomacOS, Windows, Linux
Java PathfinderPlain and timedJavaunknownOpen Source AgreementJavamacOS, Windows, Linux
Murφ (Murphi)PlainMurφInvariants, assertionsC++Linux
NuSMVPlainSMV input languageCTL, LTL, PSLCUnix, Windows, macOS
PATPlain, real-time, probabilisticCSP#, timed CSP, probabilistic CSPLTL, assertionsC#Windows, others with Mono
PRISMProbabilisticPEPA, PRISM language, Plain MCCSL, PLTL, PCTLC++, JavaWindows, Linux, macOS
RumurPlainMurφInvariants, assertionsCmacOS, Linux
SPINPlainPromelaLTLC, C++Windows, Unix related
TAPAALReal-timeTimed-Arc Petri Nets, age invariants, inhibitor arcs, transport arcsTCTL subsetC++, JavamacOS, Windows, Linux
TAPAsPlainCCSPCTL, μ-calculusSB, WB, BB, STE, WTE, me, ME, OEJavaWindows, macOS, Unix related
UPPAALReal-timeTimed automata, C subsetTCTL subsetC++, JavamacOS, Windows, Linux
ROMEOReal-timeTime Petri Nets, stopwatch parametric Petri netsTCTL subsetC++, Tcl/TkmacOS, Windows, Linux
TLA+ Model Checker (TLC)PlainTLA+, PlusCalTLAJavamacOS, Windows, Linux

Modelling languages

Communicating sequential processes; formal language for describing patterns of interaction in concurrent systems. FDR2 is a refinement checking tool for CSP, comparing two models for compatibility.

Object-oriented programming language.

Language Of Temporal Ordering Specification (ISO standard 8807); formal specification language based on temporal ordering used for protocol specification in ISO OSI standards.

Guarded commands and an asynchronous, interleaving model of concurrency, with all synchronization and communication done through global variables.

Performance Evaluation Process Algebra; it is a stochastic process algebra designed for modelling computer and communication systems.

Process or Protocol Meta Language; it is a verification modeling language. The language allows for the dynamic creation of concurrent processes to model, for example, distributed systems.

General-purpose specification language based on the Temporal Logic of Actions, originally used for distributed and concurrent systems. The language for the specifications and their properties is the same.

Properties language

Imperative assertion statements.

Computation Tree Logic; a branching-time logic, meaning that its model of time is a tree-like structure in which the future is not determined; there are different paths in the future, any one of which might be an actual path that is realized.

Predicates over a system state.

Linear temporal logic; a modal temporal logic with modalities referring to time.

Probabilistic CTL; an extension of CTL which allows for probabilistic quantification of described properties.

Property specification language

Comparison of model checking tools

Scientific publications

There exists a few papers that systematically compare various model checkers on a common case study. The comparison usually discusses the modelling tradeoffs faced when using the input languages of each model checker, as well as the comparison of performances of the tools when verifying correctness properties. One can mention:

International software competitions

See also

External links

Common benchmarks

Notes and References

  1. [Ernst-Rüdiger Olderog|E.R. Olderog]
  2. Rob van Glabbeek, Frits Vaandrager: Bundle Event Structures and CCSP
  3. Romijn . Judi . Model Checking a HAVi Leader Election Protocol . CWI . SEN-R9915 . Amsterdam . June 1999 . 2018-06-14 . 2019-09-11 . https://web.archive.org/web/20190911021053/http://cadp.inria.fr/case-studies/99-a-havi.html . live .
  4. Dong . Yifei . Du . Xiaoqun . Holzmann . Gerard . Smolka . Scott . Fighting Livelock in the GNU i-Protocol: A Case Study in Explicit-State Model Checking . Software Tool for Technology Transfer . 4 . 4 . 505–528 . 2003.
  5. Bortnik . Elena M. . Trcka . Nikola . Wijs . Anton . Luttik . Bas . van de Mortel-Fronczak . J. M. . Baeten . Jos C. M. . Fokkink . Wan . Rooda . J. E. . Analyzing a chi model of a turntable system using Spin, CADP and Uppaal . Journal of Logical and Algebraic Methods in Programming . 65 . 2 . 51–104 . 2005 . 10.1016/j.jlap.2005.05.001 . 2018-05-25 . 2021-01-27 . https://web.archive.org/web/20210127031416/https://pure.tue.nl/ws/portalfiles/portal/2448829/200423.pdf . live . free .
  6. Mazzanti . Franco . Ferrari . Alessio . 2018 . Ten Diverse Formal Models for a CBTC Automatic Train Supervision System . Proceedings of the 3rd Workshop on Models for Formal Analysis of Real Systems and 6th International Workshop on Verification and Program Transformation (MARS/VPT’18), Thessaloniki, Greece . Electronic Proceedings in Theoretical Computer Science . 268 . 104–149 . 10.4204/EPTCS.268.4 . 1803.10324v1.