% Generated by IEEEtran.bst, version: 1.12 (2007/01/11) \begin{thebibliography}{10} \providecommand{\url}[1]{#1} \csname url@samestyle\endcsname \providecommand{\newblock}{\relax} \providecommand{\bibinfo}[2]{#2} \providecommand{\BIBentrySTDinterwordspacing}{\spaceskip=0pt\relax} \providecommand{\BIBentryALTinterwordstretchfactor}{4} \providecommand{\BIBentryALTinterwordspacing}{\spaceskip=\fontdimen2\font plus \BIBentryALTinterwordstretchfactor\fontdimen3\font minus \fontdimen4\font\relax} \providecommand{\BIBforeignlanguage}[2]{{% \expandafter\ifx\csname l@#1\endcsname\relax \typeout{** WARNING: IEEEtran.bst: No hyphenation pattern has been}% \typeout{** loaded for the language `#1'. Using the pattern for}% \typeout{** the default language instead.}% \else \language=\csname l@#1\endcsname \fi #2}} \providecommand{\BIBdecl}{\relax} \BIBdecl \bibitem{cobleigh01} J.~{C}obleigh, L.~{C}larke, and L.~{O}sterweil, ``{T}he {R}ight {A}lgorithm at the {R}ight {T}ime: {C}omparing {D}ata {F}low {A}nalysis {A}lgorithms for {F}inite-{S}tate {V}erification,'' in \emph{{P}roc. {I}nternational {C}onference on {S}oftware {E}ngineering}, 2001. \bibitem{owen07} D.~{O}wen, ``{C}ombining {C}omplementary {F}ormal {V}erification {S}trategies to {I}mprove {P}erformance and {A}ccuracy,'' Ph.D. dissertation, {W}est {V}irginia {U}niversity, 2007. \bibitem{owen02a} ------, ``{R}andom {S}earch of {AND}-{OR} {G}raphs {R}epresenting {F}inite--{S}tate {M}odels,'' Master's thesis, {W}est {V}irginia {U}niversity, 2002. \bibitem{menzies02} T.~{M}enzies, D.~{O}wen, and B.~{C}ukic, ``{S}aturation {E}ffects in {T}esting of {F}ormal {M}odels,'' in \emph{{P}roc. {I}nternational {S}ymposium on {S}oftware {R}eliability {E}ngineering}, 2002. \bibitem{owen02c} D.~{O}wen, B.~{C}ukic, and T.~{M}enzies, ``{A}n {A}lternative to {M}odel {C}hecking: {V}erification by {R}andom {S}earch of {AND}-{OR} {G}raphs {R}epresenting {F}inite-{S}tate {M}odels,'' in \emph{{P}roc. {I}nternational {S}ymposium on {H}igh-{A}ssurance {S}ystems {E}ngineering}, 2002. \bibitem{owen02b} D.~{O}wen, T.~{M}enzies, and B.~{C}ukic, ``{W}hat {M}akes {F}inite-{S}tate {M}odels {M}ore (or less) {T}estable?'' in \emph{{P}roc. {I}nternational {C}onference on {A}utomated {S}oftware {E}ngineering}, 2002. \bibitem{owen03a} D.~{O}wen and T.~{M}enzies, ``{L}urch: a {L}ightweight {A}lternative to {M}odel {C}hecking,'' in \emph{{P}roc. {I}nternational {C}onference of {S}oftware {E}ngineering and {K}nowledge {E}ngineering}, 2003. \bibitem{holzmann03} G.~{H}olzmann, \emph{{T}he {SPIN} {M}odel {C}hecker}.\hskip 1em plus 0.5em minus 0.4em\relax {A}ddison-{W}esley, 2003. \bibitem{mcmillan00} K.~{M}cMillan, ``{T}he {SMV} {S}ystem,'' 2000, available at \url{www.kenmcmil.com/tutorial.ps}. \bibitem{owen03b} D.~{O}wen, T.~{M}enzies, M.~{H}eimdahl, and J.~{G}ao, ``{O}n the {A}dvantages of {A}pproximate vs. {C}omplete {V}erification: {B}igger {M}odels, {F}aster, {L}ess {M}emory, {U}sually {A}ccurate,'' in \emph{{P}roc. {IEEE} / {NASA} {S}oftware {E}ngineering {W}orkshop}, 2003. \bibitem{owen06} D.~{O}wen, D.~{D}esovski, and B.~{C}ukic, ``{E}ffectively {C}ombining {S}oftware {V}erification {S}trategies: {U}nderstanding {D}ifferent {A}ssumptions,'' in \emph{{P}roc. {I}nternational {S}ymposium on {S}oftware {R}eliability {E}ngineering}, 2006. \bibitem{heitmeyer05} C.~{H}eitmeyer, M.~{A}rcher, R.~{B}haradwaj, and R.~{J}effords, ``{T}ools for {C}onstructing {R}equirements {S}pecifications: {T}he {SCR} {T}oolset at the {A}ge of {T}en,'' \emph{{C}omputer {S}ystems {S}cience and {E}ngineering}, vol.~20, no.~1, 2005. \bibitem{huth00} M.~{H}uth and M.~{R}yan, \emph{{L}ogic in {C}omputer {S}cience: {M}odelling and {R}easoning {A}bout {S}ystems}.\hskip 1em plus 0.5em minus 0.4em\relax {C}ambridge {U}niversity {P}ress, 2000. \bibitem{holzmann97} G.~{H}olzmann, ``{T}he {M}odel {C}hecker {SPIN},'' \emph{{IEEE} {T}ransactions on {S}oftware {E}ngineering}, vol.~23, no.~5, 1997. \bibitem{clarke99} E.~{C}larke, O.~{G}rumberg, and D.~{P}eled, \emph{{M}odel {C}hecking}.\hskip 1em plus 0.5em minus 0.4em\relax {MIT} {P}ress, 1999. \bibitem{cimatti00} A.~{C}imatti, E.~{C}larke, F.~{G}iunchiglia, and M.~{R}overi, ``{N}u{SMV}: {A} {N}ew {S}ymbolic {M}odel {C}hecker,'' \emph{{I}nternational {J}ournal on {S}oftware {T}ools for {T}echnology {T}ransfer}, vol.~2, no.~4, 2000. \bibitem{havelund00} K.~{H}avelund, M.~{L}owry, J.~{P}enix, W.~{V}isser, and J.~{W}hite, ``{F}ormal {A}nalysis of the {R}emote {A}gent {B}efore and {A}fter {F}light,'' in \emph{{P}roc. {NASA} {L}angley {F}ormal {M}ethods {W}orkshop}, 2000. \bibitem{gluck02} P.~{G}l{\"{u}}ck and G.~{H}olzmann, ``{U}sing {SPIN} {M}odel {C}hecking for {F}light {S}oftware {V}erification,'' in \emph{{P}roc. {IEEE} {A}erospace {C}onference}, 2002. \bibitem{holzmann04} G.~{H}olzmann and R.~{J}oshi, ``{M}odel-{D}riven {S}oftware {V}erification,'' in \emph{{P}roc. {I}nternational {SPIN} {W}orkshop on {M}odel {C}hecking of {S}oftware}, 2004. \bibitem{ball01} T.~{B}all and S.~{R}ajamani, ``{A}utomatically {V}alidating {T}emporal {S}afety {P}roperties of {I}nterfaces,'' \emph{{L}ecture {N}otes in {C}omputer {S}cience}, vol. 2057, 2001. \bibitem{holzmann90} G.~{H}olzmann, \emph{{D}esign and {V}alidation of {C}omputer {P}rotocols}.\hskip 1em plus 0.5em minus 0.4em\relax {P}rentice {H}all, 1990. \bibitem{holzmann87} ------, ``{A}utomated {P}rotocal {V}alidation in {A}rgos: {A}ssertion {P}roving and {S}catter {S}earching,'' \emph{{IEEE} {T}ransactions on {S}oftware {E}ngineering}, vol.~13, no.~6, 1987. \bibitem{biere99} A.~{B}iere, A.~{C}imatti, E.~{C}larke, and Y.~{Z}hu, ``{S}ymbolic {M}odel {C}hecking {W}ithout {BDD}s,'' \emph{{L}ecture {N}otes in {C}omputer {S}cience}, vol. 1579, 1999. \bibitem{groce02} A.~{G}roce and W.~{V}isser, ``{H}euristic {M}odel {C}hecking for {J}ava {P}rograms,'' in \emph{{P}roc. {I}nternational {SPIN} {W}orkshop on {M}odel {C}hecking of {S}oftware}, 2002. \bibitem{dong03} Y.~{D}ong, X.~{D}u, G.~{H}olzmann, and S.~{S}molka, ``{F}ighting {L}ivelock in the {GNU} i-{P}rotocol: a {C}ase {S}tudy in {E}xplicit-{S}tate {M}odel {C}hecking,'' \emph{{I}nternational {J}ournal on {S}oftware {T}ools for {T}echnology {T}ransfer}, vol.~4, no.~4, 2003. \bibitem{gargantini99} A.~{G}argantini and C.~{H}eitmeyer, ``{U}sing {M}odel {C}hecking to {G}enerate {T}ests from {R}equirements {S}pecifications,'' in \emph{{P}roc. {J}oint {E}uropean {S}oftware {E}ngineering {C}onference and {ACM} {S}igsoft {I}nternational {S}ymposium on {F}oundations of {S}oftware {E}ngineering}, 1999. \bibitem{heimdahl03} M.~{H}eimdahl, S.~{R}ayadurgam, W.~{V}isser, G.~{D}evaraj, and J.~{G}ao, ``{A}uto-{G}enerating {T}est {S}equences {U}sing {M}odel {C}heckers: {A} {C}ase {S}tudy,'' in \emph{{P}roc. {I}nternational {W}orkshop on {F}ormal {A}pproaches to {T}esting of {S}oftware}, 2003. \bibitem{savage97} S.~{S}avage, M.~{B}urrows, G.~{N}elson, P.~{S}obalvarro, and T.~{A}nderson, ``{E}raser: {A} {D}ynamic {D}ata {R}ace {D}etector for {M}ultithreaded {P}rograms,'' \emph{{ACM} {T}ransactions on {C}omputer {S}ystems}, vol.~15, no.~4, 1997. \bibitem{godefroid97} P.~{G}odefroid, ``{M}odel {C}hecking for {P}rogramming {L}anguages {U}sing {V}erisoft,'' in \emph{{P}roc. {S}ymposium on {P}rinciples of {P}rogramming {L}anguages}, 1997. \bibitem{sims01} S.~{S}ims, R.~{C}leaveland, K.~{B}utts, and S.~{R}anville, ``{A}utomated {V}alidation of {S}oftware {M}odels,'' in \emph{{P}roc. {I}nternational {C}onference on {A}utomated {S}oftware {E}ngineering}, 2001. \bibitem{corbett96} J.~{C}orbett, ``{E}valuating {D}eadlock {D}etection {M}ethods for {C}oncurrent {S}oftware,'' \emph{{IEEE} {T}ransactions on {S}oftware {E}ngineering}, vol.~22, no.~3, 1996. \bibitem{bharadwaj99} R.~{B}haradwaj and C.~{H}eitmeyer, ``{M}odel {C}hecking {C}omplete {R}equirements {S}pecifications {U}sing {A}bstraction,'' \emph{{A}utomated {S}oftware {E}ngineering}, vol.~6, no.~1, 1999. \bibitem{west89} C.~{W}est, ``{P}rotocol {V}alidation in {C}omplex {S}ystems,'' \emph{{ACM} {SIGCOMM} {C}omputer {C}ommunication {R}eview}, vol.~19, no.~4, 1989. \bibitem{chockler06} H.~{C}hockler, O.~{K}upferman, and M.~{V}ardi, ``{C}overage {M}etrics for {T}emporal {L}ogic {M}odel {C}hecking,'' \emph{{F}ormal {M}ethods in {S}ystem {D}esign}, vol.~28, 2006. \bibitem{bharadwaj00} R.~{B}haradwaj and S.~{S}ims, ``{C}ombining {C}onstraint {S}olvers with {BDD}s for {A}utomatic {I}nvariant {C}hecking,'' in \emph{{P}roc. {T}ools and {A}lgorithms for the {C}onstruction and {A}nalysis of {S}ystems}, 2000. \bibitem{archer02} M.~{A}rcher, C.~{H}eitmeyer, and E.~{R}iccobene, ``{P}roving {I}nvariants of {I}/{O} {A}utomata with {TAME},'' \emph{{A}utomated {S}oftware {E}ngineering}, vol.~9, no.~3, 2002. \bibitem{cimatti02} A.~{C}imatti, E.~{C}larke, E.~{G}iunchiglia, F.~{G}iunchiglia, M.~{P}istore, M.~{R}overi, R.~{S}ebastiani, and A.~{T}acchella, ``{NuSMV2}: {A}n {O}pen-{S}ource {T}ool for {S}ymbolic {M}odel {C}hecking,'' in \emph{{P}roc. {I}nternational {C}onference on {C}omputer-{A}ided {V}erification}, 2004. \bibitem{nsa03} ``{R}equirements {S}pecification for {P}ersonnel {A}ccess {C}ontrol {S}ystem. {N}ational {S}ecurity {A}gency,'' 2003. \bibitem{widmaier00} J.~{Widmaier}, C.~{S}midts, and X.~{H}uang, ``{P}roducing {M}ore {R}eliable {S}oftware: {M}ature {S}oftware {E}ngineering {P}rocess vs. {S}tate-of-the-{A}rt {T}echnology?'' in \emph{{P}roc. {I}nternational {C}onference on {S}oftware {E}ngineering}, 2000. \bibitem{desovski06} D.~{D}esovski, ``{A} {C}omponent-{B}ased {A}pproach to {V}erification and {V}alidation of {F}ormal {S}oftware {M}odels,'' Ph.D. dissertation, {W}est {V}irginia {U}niversity, 2006. \bibitem{offutt96} A.~{O}ffutt, A.~{L}ee, G.~{R}othermel, R.~{U}ntch, and C.~{Z}apf, ``{A}n {E}xperimental {D}etermination of {S}ufficient {M}utant {O}perators,'' \emph{{ACM} {T}ransactions of {S}oftware {E}ngineering {M}ethodology}, vol.~5, no.~2, 1996. \bibitem{andrews06} J.~{A}ndrews, L.~{B}riand, Y.~{L}abiche, and A.~{N}amin, ``{U}sing {M}utation {A}nalysis for {A}ssessing and {C}omparing {T}esting {C}overage {C}riteria,'' \emph{{IEEE} {T}ransactions on {S}oftware {E}ngineering}, vol.~32, no.~8, 2006. \end{thebibliography}