Protocol Veriication with Heuristic Search

We present an approach to reconcile explicit state model checking and heuristic directed search. We provide experimental evidence that the model checking problem for concurrent systems, such as communications protocols, can be solved more eeciently, since nding a state violating a property can be understood as a directed search problem. In our work we combine the expressive power and implementation eeciency of the SPIN model checker with the HSF heuristic search workbench, yielding the HSF-SPIN tool that we have implemented. We start oo from the A* algorithm and some of its derivatives and deene heuristics for various system properties that guide the search so that it nds error states faster. In this paper we focus on safety properties and provide heuristics for invariant and assertion violation and deadlock detection. We provide experimental results for applying HSF-SPIN to two toy protocols and one real world protocol, the CORBA GIOP protocol.