During the last two decades we modelled the behaviour of a large number of systems. We noted that different styles of modelling had quite an effect on the size of the state spaces of the modelled system. The differences were so substantial that some specification styles led to far too many states to verify the correctness of the model, whereas with other styles the number of states was so small that verification was a straightforward activity. In this article we summarise our experience by providing seven specification guidelines. For each guideline we provide an application from the realm of traffic light controllers for which we provide a ‘bad’ model with a large state space, and a ‘good’ model with a small state space.
|Name||Computer science reports|