Abstract
The computer-aided resuscitation algorithm, or CARA, is part of a US Army-developed automated infusion device for treating blood loss experienced by combatants injured on the battlefield. CARA is responsible for automatically stabilizing a patient’s blood pressure by infusing blood as needed based on blood pressure data the CARA system collects. The control part of the system is implemented in software, which is extremely safety critical and thus must perform correctly .
This paper describes a case study in which a verification tool, the Concurrency Workbench of the New Century (CWB-NC), is used to analyze a model of the CARA system. The huge state space of CARA makes it problematic to conduct traditional “push-button” automatic verification such as model checking. Instead, we develop a technique called unit verification, which entails taking small units of a system, putting them in a “verification harness” that exercises relevant executions appropriately within the unit, and then model checking these more tractable units. For systems like CARA whose requirements are localized to individual system components or interactions between small numbers of components, unit verification offers a means of coping with huge state spaces.
Similar content being viewed by others
References
Alpern B, Schneider F (1987) Recognizing safety and liveness. Distrib Comput 2(3):117–126
Baeten JCM, Weijland WP (1990) Process algebra. Cambridge tracts in theoretical computer science, vol 18. Cambridge University Press, Cambridge, UK
Bolognesi T, Brinksma E (1987) Introduction to the ISO specification language LOTOS. Comput Netw ISDN Sys 14:25–59
Cheung SC, Kramer J (1996) Checking subsystem safety properties in compositional reachability analysis. In: Proceedings of the 18th international conference on software engineering, Berlin, March 1996, pp 144–154
Cheung SC, Giannakopoulou D, Kramer J (1997) Verification of liveness properties using compositional reachability analysis. In: Proceedings of ESEC/FSE, Zurich, Switzerland, January 1997, pp 227–243
Clarke EM, Grumberg O, Peled DA (2000) Model checking. MIT Press, Cambridge, MA
Cleaveland R, Sims S (1996) The NCSU Concurrency Workbench. In: Alur R, Henzinger T (eds) Proceedings of the conference on computer aided verification (CAV ’96), New Brunswick, NJ, July 1996. Lecture notes in computer science, vol 1102. Springer, Berlin Heidelberg New York, pp 394–397
Cleaveland R, Sims S (2002) Generic tools for verifying concurrent systems. Sci Comput Programm 42(1):39–47
Cleaveland R, Parrow J, Steffen B (1993) The Concurrency Workbench: a semantics-based tool for the verification of finite-state systems. ACM Trans Programm Lang Sys 15(1):36–72
Cleaveland R, Madelaine E, Sims S (1995) A front-end generator for verification tools. In: Brinksma E, Cleaveland R, Larsen KG, Steffen B (eds) Proceedings of the conference on tools and algorithms for the construction and analysis of systems (TACAS ’95), Aarhus, Denmark, May 1995. Lecture notes in computer science, vol 1019. Springer, Berlin Heidelberg New York, pp 153–173
Elseaidy W, Cleaveland R, Baugh Jr JW (1997) Modeling and verifying active structural control systems. Sci Comput Programm 29(1–2):99–122
Fernandez J-C (1989/1990) An implementation of an efficient algorithm for bisimulation equivalence. Sci Comput Programm 13:219–236
Hennessy MCB (1988) Algebraic theory of processes. MIT Press, Cambridge, MA
Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, London
Kanellakis P, Smolka SA (1990) CCS expressions, finite state processes, and three problems of equivalence. Inf Comput 86(1):43–68
Kozen D (1983) Results on the propositional μ-calculus. Theor Comput Sci 27(3):333–354
Kupferman O, Vardi MY, Wolper P (2000) An automata-theoretic approach to branching-time model checking. J Assoc Comput Mach 47(2):312–360
Linger R (1994) Cleanroom process model. IEEE Softw 11(2):50–58
Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems. Springer, Berlin Heidelberg New York
Manna Z and the STEP team (1995) Step: the Stanford temporal prover (educational release), user’s manual. Technical report STAN-CS-TR-95-1562, Stanford, CA
Milner R (1989) Communication and concurrency. Prentice-Hall, London
Moller F, Tofts C (1990) A temporal calculus of communicating systems. In: Proceedings of CONCUR’90, The Netherlands, August 1990, pp 401–415
Paige R, Tarjan RE (1987) Three partition refinement algorithms. SIAM J Comput 16(6):973–989
Pettersson P, Larsen KG, Yi W (1997) Uppaal in a nutshell. Int J Softw Tools Technol Transfer 1(1+2):134–152
Plotkin GD (1981) A structural approach to operational semantics. Technical Report DAIMI-FN-19, Computer Science Department, Aarhus University, Aarhus, Denmark
Pnueli A (1977) The temporal logic of programs. In: Proceedings of the 18th annual symposium on foundations of computer science, Providence, RI, October/November 1977. IEEE Press, New York, pp 46–57
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ray, A., Cleaveland, R. Unit verification: the CARA experience. STTT 5, 351–369 (2004). https://doi.org/10.1007/s10009-003-0134-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-003-0134-5