Abstract
Although it is most often applied to finite state models, in recent years, symbolic model checking has been extended to infinite state models using symbolic representations that encode infinite sets. This paper investigates the application of an infinite state symbolic model checker called Action Language Verifier (ALV) to formal requirements specifications of safety-critical systems represented in the SCR (Software Cost Reduction) tabular notation. After reviewing the SCR method and tools, the Action Language for representing state machine models, and the ALV infinite state model checker, the paper presents experimental results of formally analyzing two SCR specifications using ALV. The application of ALV to verify or falsify (by generating counterexample behaviors) the state and transition invariants of SCR specifications and to check Disjointness and Coverage properties is described. The results of formal analysis with ALV are then compared with the results of formal analysis using techniques that have been integrated into the SCR toolset. Based on the experimental results, strengths and weaknesses of infinite state model checking with respect to other formal analysis approaches such as explicit and finite state model checking and theorem proving are discussed.
Similar content being viewed by others
References
Alur R, Dill D (1994) Automata for modeling real-time systems. Theor Comput Sci (TCS) 126:183–236
Action Language Verifier (ALV). Available at http://www.cs.ucsb.edu/~bultan/composite/
Archer M, Heitmeyer C, Riccobene E (2002) Proving invariants of I/O automata with TAME. Autom Softw Eng 9:201–232
Bartzis C, Bultan T (2002) Automata-based representations for arithmetic constraints in automated verification. In: Champarnaud J, Maurel D (eds) Proceedings of the seventh international conference on implementation and application of automata (CIAA 2002). Lecture notes in computer science, vol 2608. Springer, Berlin, pp 282–288
Bartzis C, Bultan T (2003) Construction of efficient BDDs for bounded arithmetic constraints. In: Garavel H, Hatcliff J (eds) Proceedings of the ninth international conference on tools and algorithms for the construction and analysis of systems (TACAS 2003). Lecture notes in computer science, vol 2619. Springer, Berlin, pp 394–408
Bartzis C, Bultan T (2003) Efficient image computation in infinite state model checking. In: Warren J, Hunt A, Somenzi F (eds) Proceedings of the 15th international conference on computer aided verification (CAV 2003). Lecture notes in computer science, vol 2725. Springer, Berlin, pp 249–261
Bartzis C, Bultan T (2003) Efficient symbolic representations for arithmetic constraints in verification. Int J Found Comput Sci (IJFCS) 14(4):605–624
Bartzis C, Bultan T (2004) Widening arithmetic automata. In: Alur R, Peled D (eds) Proceedings of the 16th international conference on computer aided verification (CAV 2004). Lecture notes in computer science, vol 3114. Springer, Berlin, pp 321–333
Bartzis C, Bultan T (2006) Efficient bdds for bounded arithmetic constraints. Int J Softw Tools Technol Transf (STTT) 8(1):26–36
Bharadwaj R, Heitmeyer C (1997) Verifying SCR requirements specifications using state exploration. In: Proceedings of first ACM SIGPLAN workshop on automatic analysis of software, January 1997
Bharadwaj R, Heitmeyer C (1999) Model checking complete requirements specifications using abstraction. Autom Softw Eng 6(1):37–68
Bharadwaj R, Sims S (2000) Salsa: combining constraint solvers with BDDs for automatic invariant checking. In: Graf S, Schwartzbach M (eds) Proc 6th int conf on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science, vol 1785. Springer, Berlin, pp 378–394
Boudet A, Comon H (1996) Diophantine equations, presburger arithmetic and finite automata. In: Kirchner H (ed) Proceedings of the 21st international colloquium on trees in algebra and programming—CAAP’96. Lecture notes in computer science, vol 1059. Springer, Berlin, pp 30–43
Bultan T (2000) Action language: A specification language for model checking reactive systems. In: Proc ICSE 2000, June 2000, pp 335–344
Bultan T, Gerber R, League C (1998) Verifying systems with integer constraints and boolean predicates: a composite approach. In: Proceedings of the 1998 ACM SIGSOFT international symposium on software testing and analysis (ISSTA 1998), March 1998, pp 113–123
Bultan T, Gerber R, League C (2000) Composite model checking: verification with type-specific symbolic representations. ACM Trans Softw Eng Method (TOSEM) 9(1):3–50
Bultan T, Gerber R, Pugh W (1997) Symbolic model checking of infinite state systems using Presburger arithmetic. In: Grumberg O (ed) Proceedings of the 9th international conference on computer aided verification (CAV 1997). Lecture notes in computer science, vol 1254. Springer, Berlin, pp 400–411
Bultan T, Gerber R, Pugh W (1999) Model-checking concurrent systems with unbounded integer variables: symbolic representations, approximations, and experimental results. ACM Trans Program Lang Syst (TOPLAS) 21(4):747–789
Bultan T, Yavuz-Kahveci T (2001) Action language verifier. In: Proc of ASE 2001, November 2001, pp 382–386
Clarke E, Grumberg O, Peled DA (1999) Model checking. The MIT Press, Cambridge
Courtois PJ, Parnas DL (1993) Documentation for safety critical software. In: Proc 15th int conf on software engineering, May 1993, pp 315–323
Delzanno G, Podelski A (2001) Constraint-based deductive model checking. J Softw Tools Technol Transf 3(3):250–270
Fast Acceleration of Symbolic Transition systems (FAST). Available at http://www.lsv.ens-cachan.fr/fast/
Halbwachs N, Proy YE, Roumanoff P (1997) Verification of real-time systems using linear relation analysis. Form Methods Syst Des 11(2):157–185
Heitmeyer C, Archer M, Bharadwaj R, Jeffords R (2005) Tools for contructing requirements specifications: the SCR toolset at the age of ten. Int J Softw Syst Eng 20(1):19–35
Heitmeyer C, Jeffords R (2007) Applying a formal requirements method to three NASA systems: lessons learned. In: Proc 2007 IEEE aerospace conf
Heitmeyer C, Kirby J, Labaw B, Archer M, Bharadwaj R (1998) Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Trans Softw Eng 24(11):927–948
Heitmeyer CL, Jeffords RD, Labaw BG (1996) Automated consistency checking of requirements specifications. ACM Trans Softw Eng Method 5(3):231–261
Henriksen JG, Jensen J, Jorgensen M, Klarlund N, Paige R, Rauhe T, Sandholm A (1995) Mona: Monadic second-order logic in practice. In: Proc TACAS 1995
Henzinger TA, Ho P, Wong-Toi H (1997) Hytech: a model checker for hybrid systems. Softw Tools Technol Transf 1:110–122
Holzmann GJ (1997) The model checker SPIN. IEEE Trans Softw Eng 23(5):279–295
Jeffords R, Heitmeyer C (1998) Automatic generation of state invariants from requirements specifications. In: Proc 6th ACM SIGSOFT int symp on foundations of software engineering (FSE ’98), November 1998
Jeffords R, Heitmeyer C (2001) An algorithm for strengthening state invariants generated from requirements specifications. In: Proc 5th IEEE international symposium on requirements engineering (RE ’01), August 2001
Larsen KG, Pettersson P, Yi W (1997) Uppaal in a nutshell. Int J Softw Tools Technol Transf (STTT) 1(1–2):134–152
The Liège Automata-based Symbolic Handler (LASH). Available at http://www.montefiore.ulg.ac.be/~boigelot/research/lash/
LEarning to VERify properties (LEVER). Available at http://www.cs.uiuc.edu/homes/vardhan/lever.html
Leveson N, Heimdahl M, Hildreth H, Reese J (1994) Requirements specifications of process-control systems. IEEE Trans Softw Eng 20(9)
The Omega project. Available at http://www.cs.umd.edu/projects/omega/
Owre S, Rushby J, Shankar N, von Henke F (1995) Formal verification for fault-tolerant architectures: prolegomena to the design of PVS. IEEE Trans Softw Eng 21(2):107–125
Parnas DL, Madey J (1995) Functional documentation for computer systems. Sci Comput Program 25(1):41–61
Wolper P, Boigelot B (1995) An automata-theoretic approach to Presburger arithmetic constraints. In: Proceedings of the static analysis symposium, September 1995
Wolper P, Boigelot B (2000) On the construction of automata from linear arithmetic constraints. In: Graf S, Schwartzbach M (eds) Proceedings of the 6th international conference on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science. Springer, Berlin, pp 1–19
Yavuz-Kahveci T (2004) Specification and automated verification of concurrent software systems. PhD thesis, University of California, Santa Barbara
Yavuz-Kahveci T, Bartzis C, Bultan T (2005) Action language verifier, extended. In: Proc 17th int conf on computer aided verification (CAV 2005)
Yavuz-Kahveci T, Bultan T (2003) A symbolic manipulator for automated verification of reactive systems with heterogeneous data types. STTT 5(1):15–33
Yavuz-Kahveci T, Tuncer M, Bultan T (2001) A library for composite symbolic representations. In: Margaria T, Yi W (eds) Proceedings of the 7th international conference on tools and algorithms for the construction and analysis of systems (TACAS 2001). Lecture notes in computer science, vol 2031. Springer, Berlin, pp 335–344
Author information
Authors and Affiliations
Corresponding author
Additional information
This is an extended version of a paper published in the Proceedings of the Fourth ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2006).
The major part of this effort was performed while Tevfik Bultan was visiting the Naval Research Laboratory on sabbatical leave from the University of California, Santa Barbara. His research is supported in part by NSF grants CCF-0341365 and CCF-0614002.
Constance Heitmeyer’s research is supported by the Office of Naval Research.
Rights and permissions
About this article
Cite this article
Bultan, T., Heitmeyer, C. Applying infinite state model checking and other analysis techniques to tabular requirements specifications of safety-critical systems. Des Autom Embed Syst 12, 97–137 (2008). https://doi.org/10.1007/s10617-008-9014-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10617-008-9014-2