Experiences with the Application of Symbolic Model Checking to the Analysis of Software Specifications
Symbolic model checking is a powerful formal-verification technique which has been used to analyze many hardware systems. In this paper we present our experiences in applying symbolic model checking to software specifications of reactive systems. We have conducted two in depth case studies: one, using the specification of TCAS II (Trafic Alert and Collision Avoidance System II), and the other using a model of an aircraft electrical system. Based on these case studies, we have gained significant experience in how model checking can be used in to analyze software specifications, and have also overcome a number of performance bottlenecks to make the analysis tractable.
The emphasis of this paper is the uses of model checking in the analysis of specifications. We will discuss the types of properties which we were able to evaluate in our case studies. These include specific errors we were able to identify, as well as general properties we were able to establish for the systems. We will also discuss, in more general terms, the potential uses of symbolic model checking in the development process of software specifications.
KeywordsFormal methods formal verification symbolic model checking binary decision diagrams software specification finite state representations
Unable to display preview. Download preview PDF.
- 6.W. Chan, R. J. Anderson, P. Beame, D. H. Jones, D. Notkin, and W. E. Warner. Decoupling synchronization from logic for efficient symbolic model checking of statecharts. In Proceedings of the 1999 International Conference on Software Engineering: ICSE 99, Los Angeles, USA, May 1999. To appear.Google Scholar
- 7.W. Chan, R. J. Anderson, P. Beame, and D. Notkin. Combining constraint solving and symbolic model checking for a class of systems with non-linear constraints. In O. Grumberg, editor, Computer Aided Verification, 9th International Conference, CAV’97 Proceedings, volume 1254 of Lecture Notes in Computer Science, pages 316–327, Haifa, Israel, June 1997. Springer-Verlag.Google Scholar
- 8.W. Chan, R. J. Anderson, P. Beame, and D. Notkin. Improving efficiency of symbolic model checking for state-based system requirements. In M. Young, editor, ISSTA 98: Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 102–112, Clearwater Beach, Florida, USA, March 1998. Published as Software Engineering Notes, 23(2).Google Scholar
- 10.J. Crow and B. L. Di Vito. Formalizing space shuttle software requirements. In Proceedings of the ACM SIGSOFT Workshop on Formal Methods in Software Practice, pages 40–48, January 1996.Google Scholar
- 13.D. Harel, A. Pnueli, J. P. Schmidt, and R. Sherman. On the formal semantics of statecharts (extended abstract). In Proceedings: Symposium on Logic in Computer Science, pages 54–64, Ithaca, New York, USA, June 1987. IEEE.Google Scholar
- 14.J. Helbig and P. Kelb. An OBDD-representation of statecharts. In Proceedings: The European Design and Test Conference. EDAC, The European Conference on Design Automation. ETC, European Test Conference. EUROASIC, The European Event in ASIC Design, pages 142–149, Paris, France, February/March 1994. IEEE.Google Scholar
- 16.K. L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993.Google Scholar
- 17.C._R. Nobe and W. E. Warner. Lessons learned from a trial application of requirements modeling using statecharts. In Proceedings of the 2nd International Conference on Requirements Engineering, pages 86–93, Colorado Springs, USA, April 1996. IEEE.Google Scholar
- 18.A. Pnueli and M. Shalev. What is in a step: On the semantics of statecharts. In T. Ito and A. R. Meyer, editors, Theoretical Aspects of Computer Software, International Conference TACS’91, volume 526 of Lecture Notes in Computer Science, pages 244–264, Sendai, Japan, September 1991. Springer-Verlag.Google Scholar