Skip to main content
Log in

Applying infinite state model checking and other analysis techniques to tabular requirements specifications of safety-critical systems

  • MEMOCODE 2006
  • Published:
Design Automation for Embedded Systems Aims and scope Submit manuscript

Abstract

Although it is most often applied to finite state models, in recent years, symbolic model checking has been extended to infinite state models using symbolic representations that encode infinite sets. This paper investigates the application of an infinite state symbolic model checker called Action Language Verifier (ALV) to formal requirements specifications of safety-critical systems represented in the SCR (Software Cost Reduction) tabular notation. After reviewing the SCR method and tools, the Action Language for representing state machine models, and the ALV infinite state model checker, the paper presents experimental results of formally analyzing two SCR specifications using ALV. The application of ALV to verify or falsify (by generating counterexample behaviors) the state and transition invariants of SCR specifications and to check Disjointness and Coverage properties is described. The results of formal analysis with ALV are then compared with the results of formal analysis using techniques that have been integrated into the SCR toolset. Based on the experimental results, strengths and weaknesses of infinite state model checking with respect to other formal analysis approaches such as explicit and finite state model checking and theorem proving are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Alur R, Dill D (1994) Automata for modeling real-time systems. Theor Comput Sci (TCS) 126:183–236

    Article  MATH  MathSciNet  Google Scholar 

  2. Action Language Verifier (ALV). Available at http://www.cs.ucsb.edu/~bultan/composite/

  3. Archer M, Heitmeyer C, Riccobene E (2002) Proving invariants of I/O automata with TAME. Autom Softw Eng 9:201–232

    Article  MATH  Google Scholar 

  4. Bartzis C, Bultan T (2002) Automata-based representations for arithmetic constraints in automated verification. In: Champarnaud J, Maurel D (eds) Proceedings of the seventh international conference on implementation and application of automata (CIAA 2002). Lecture notes in computer science, vol 2608. Springer, Berlin, pp 282–288

    Google Scholar 

  5. Bartzis C, Bultan T (2003) Construction of efficient BDDs for bounded arithmetic constraints. In: Garavel H, Hatcliff J (eds) Proceedings of the ninth international conference on tools and algorithms for the construction and analysis of systems (TACAS 2003). Lecture notes in computer science, vol 2619. Springer, Berlin, pp 394–408

    Google Scholar 

  6. Bartzis C, Bultan T (2003) Efficient image computation in infinite state model checking. In: Warren J, Hunt A, Somenzi F (eds) Proceedings of the 15th international conference on computer aided verification (CAV 2003). Lecture notes in computer science, vol 2725. Springer, Berlin, pp 249–261

    Google Scholar 

  7. Bartzis C, Bultan T (2003) Efficient symbolic representations for arithmetic constraints in verification. Int J Found Comput Sci (IJFCS) 14(4):605–624

    Article  MATH  MathSciNet  Google Scholar 

  8. Bartzis C, Bultan T (2004) Widening arithmetic automata. In: Alur R, Peled D (eds) Proceedings of the 16th international conference on computer aided verification (CAV 2004). Lecture notes in computer science, vol 3114. Springer, Berlin, pp 321–333

    Google Scholar 

  9. Bartzis C, Bultan T (2006) Efficient bdds for bounded arithmetic constraints. Int J Softw Tools Technol Transf (STTT) 8(1):26–36

    Article  Google Scholar 

  10. Bharadwaj R, Heitmeyer C (1997) Verifying SCR requirements specifications using state exploration. In: Proceedings of first ACM SIGPLAN workshop on automatic analysis of software, January 1997

  11. Bharadwaj R, Heitmeyer C (1999) Model checking complete requirements specifications using abstraction. Autom Softw Eng 6(1):37–68

    Article  Google Scholar 

  12. Bharadwaj R, Sims S (2000) Salsa: combining constraint solvers with BDDs for automatic invariant checking. In: Graf S, Schwartzbach M (eds) Proc 6th int conf on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science, vol 1785. Springer, Berlin, pp 378–394

    Chapter  Google Scholar 

  13. Boudet A, Comon H (1996) Diophantine equations, presburger arithmetic and finite automata. In: Kirchner H (ed) Proceedings of the 21st international colloquium on trees in algebra and programming—CAAP’96. Lecture notes in computer science, vol 1059. Springer, Berlin, pp 30–43

    Google Scholar 

  14. Bultan T (2000) Action language: A specification language for model checking reactive systems. In: Proc ICSE 2000, June 2000, pp 335–344

  15. Bultan T, Gerber R, League C (1998) Verifying systems with integer constraints and boolean predicates: a composite approach. In: Proceedings of the 1998 ACM SIGSOFT international symposium on software testing and analysis (ISSTA 1998), March 1998, pp 113–123

  16. Bultan T, Gerber R, League C (2000) Composite model checking: verification with type-specific symbolic representations. ACM Trans Softw Eng Method (TOSEM) 9(1):3–50

    Article  Google Scholar 

  17. Bultan T, Gerber R, Pugh W (1997) Symbolic model checking of infinite state systems using Presburger arithmetic. In: Grumberg O (ed) Proceedings of the 9th international conference on computer aided verification (CAV 1997). Lecture notes in computer science, vol 1254. Springer, Berlin, pp 400–411

    Google Scholar 

  18. Bultan T, Gerber R, Pugh W (1999) Model-checking concurrent systems with unbounded integer variables: symbolic representations, approximations, and experimental results. ACM Trans Program Lang Syst (TOPLAS) 21(4):747–789

    Article  Google Scholar 

  19. Bultan T, Yavuz-Kahveci T (2001) Action language verifier. In: Proc of ASE 2001, November 2001, pp 382–386

  20. Clarke E, Grumberg O, Peled DA (1999) Model checking. The MIT Press, Cambridge

    Google Scholar 

  21. Courtois PJ, Parnas DL (1993) Documentation for safety critical software. In: Proc 15th int conf on software engineering, May 1993, pp 315–323

  22. Delzanno G, Podelski A (2001) Constraint-based deductive model checking. J Softw Tools Technol Transf 3(3):250–270

    MATH  Google Scholar 

  23. Fast Acceleration of Symbolic Transition systems (FAST). Available at http://www.lsv.ens-cachan.fr/fast/

  24. Halbwachs N, Proy YE, Roumanoff P (1997) Verification of real-time systems using linear relation analysis. Form Methods Syst Des 11(2):157–185

    Article  Google Scholar 

  25. Heitmeyer C, Archer M, Bharadwaj R, Jeffords R (2005) Tools for contructing requirements specifications: the SCR toolset at the age of ten. Int J Softw Syst Eng 20(1):19–35

    Google Scholar 

  26. Heitmeyer C, Jeffords R (2007) Applying a formal requirements method to three NASA systems: lessons learned. In: Proc 2007 IEEE aerospace conf

  27. Heitmeyer C, Kirby J, Labaw B, Archer M, Bharadwaj R (1998) Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Trans Softw Eng 24(11):927–948

    Article  Google Scholar 

  28. Heitmeyer CL, Jeffords RD, Labaw BG (1996) Automated consistency checking of requirements specifications. ACM Trans Softw Eng Method 5(3):231–261

    Article  Google Scholar 

  29. Henriksen JG, Jensen J, Jorgensen M, Klarlund N, Paige R, Rauhe T, Sandholm A (1995) Mona: Monadic second-order logic in practice. In: Proc TACAS 1995

  30. Henzinger TA, Ho P, Wong-Toi H (1997) Hytech: a model checker for hybrid systems. Softw Tools Technol Transf 1:110–122

    Article  MATH  Google Scholar 

  31. Holzmann GJ (1997) The model checker SPIN. IEEE Trans Softw Eng 23(5):279–295

    Article  MathSciNet  Google Scholar 

  32. Jeffords R, Heitmeyer C (1998) Automatic generation of state invariants from requirements specifications. In: Proc 6th ACM SIGSOFT int symp on foundations of software engineering (FSE ’98), November 1998

  33. Jeffords R, Heitmeyer C (2001) An algorithm for strengthening state invariants generated from requirements specifications. In: Proc 5th IEEE international symposium on requirements engineering (RE ’01), August 2001

  34. Larsen KG, Pettersson P, Yi W (1997) Uppaal in a nutshell. Int J Softw Tools Technol Transf (STTT) 1(1–2):134–152

    Article  MATH  Google Scholar 

  35. The Liège Automata-based Symbolic Handler (LASH). Available at http://www.montefiore.ulg.ac.be/~boigelot/research/lash/

  36. LEarning to VERify properties (LEVER). Available at http://www.cs.uiuc.edu/homes/vardhan/lever.html

  37. Leveson N, Heimdahl M, Hildreth H, Reese J (1994) Requirements specifications of process-control systems. IEEE Trans Softw Eng 20(9)

  38. The Omega project. Available at http://www.cs.umd.edu/projects/omega/

  39. Owre S, Rushby J, Shankar N, von Henke F (1995) Formal verification for fault-tolerant architectures: prolegomena to the design of PVS. IEEE Trans Softw Eng 21(2):107–125

    Article  Google Scholar 

  40. Parnas DL, Madey J (1995) Functional documentation for computer systems. Sci Comput Program 25(1):41–61

    Article  Google Scholar 

  41. Wolper P, Boigelot B (1995) An automata-theoretic approach to Presburger arithmetic constraints. In: Proceedings of the static analysis symposium, September 1995

  42. Wolper P, Boigelot B (2000) On the construction of automata from linear arithmetic constraints. In: Graf S, Schwartzbach M (eds) Proceedings of the 6th international conference on tools and algorithms for the construction and analysis of systems. Lecture notes in computer science. Springer, Berlin, pp 1–19

    Chapter  Google Scholar 

  43. Yavuz-Kahveci T (2004) Specification and automated verification of concurrent software systems. PhD thesis, University of California, Santa Barbara

  44. Yavuz-Kahveci T, Bartzis C, Bultan T (2005) Action language verifier, extended. In: Proc 17th int conf on computer aided verification (CAV 2005)

  45. Yavuz-Kahveci T, Bultan T (2003) A symbolic manipulator for automated verification of reactive systems with heterogeneous data types. STTT 5(1):15–33

    Google Scholar 

  46. Yavuz-Kahveci T, Tuncer M, Bultan T (2001) A library for composite symbolic representations. In: Margaria T, Yi W (eds) Proceedings of the 7th international conference on tools and algorithms for the construction and analysis of systems (TACAS 2001). Lecture notes in computer science, vol 2031. Springer, Berlin, pp 335–344

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Tevfik Bultan.

Additional information

This is an extended version of a paper published in the Proceedings of the Fourth ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2006).

The major part of this effort was performed while Tevfik Bultan was visiting the Naval Research Laboratory on sabbatical leave from the University of California, Santa Barbara. His research is supported in part by NSF grants CCF-0341365 and CCF-0614002.

Constance Heitmeyer’s research is supported by the Office of Naval Research.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bultan, T., Heitmeyer, C. Applying infinite state model checking and other analysis techniques to tabular requirements specifications of safety-critical systems. Des Autom Embed Syst 12, 97–137 (2008). https://doi.org/10.1007/s10617-008-9014-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10617-008-9014-2

Keywords

Navigation