Model-Driven Software Verification
In the classic approach to logic model checking, software verification requires a manually constructed artifact (the model) to be written in the language that is accepted by the model checker. The construction of such a model typically requires good knowledge of both the application being verified and of the capabilities of the model checker that is used for the verification. Inadequate knowledge of the model checker can limit the scope of verification that can be performed; inadequate knowledge of the application can undermine the validity of the verification experiment itself.
In this paper we explore a different approach to software verification. With this approach, a software application can be included, without substantial change, into a verification test-harness and then verified directly, while preserving the ability to apply data abstraction techniques. Only the test-harness is written in the language of the model checker. The test-harness is used to drive the application through all its relevant states, while logical properties on its execution are checked by the model checker. To allow the model checker to track state, and avoid duplicate work, the test-harness includes definitions of all data objects in the application that contain state information.
The main objective of this paper is to introduce a powerful extension of the SPIN model checker that allows the user to directly define data abstractions in the logic verification of application level programs.
KeywordsModel Checker Spin Model Data Abstraction Software Verification Mars Exploration Rover
Unable to display preview. Download preview PDF.
- 1.Bosnacki, D.: Enhancing state space reduction techniques for model checking. Ph.D Thesis, Eindhoven Univ. of Technology, The Netherlands (2001)Google Scholar
- 2.Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
- 3.Corbett, J.C., Dwyer, M.B., Hatcliff, J.C., et al.: Bandera: Extracting finite state models from Java source code. In: Proc. 22nd Int. Conf. on Softw. Eng., Limerick, Ireland, June 2000, pp. 439–448. ACM Press, New York (2000)Google Scholar
- 4.Emerson, E.A., Jutla, C.S., Sistla, A.P.: On Model-Checking for Fragments of mu-Calculus. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 385–396. Springer, Heidelberg (1993)Google Scholar
- 5.Gluck, P.R., Holzmann, G.J.: Using Spin Model Checking for Flight Software Verification. In: Proc. 2002 Aerospace Conference, March 2002, IEEE, Big Sky (2002)Google Scholar
- 6.Godefroid, P., Chandra, S., Palm, C.: Software model checking in practice: an industrial case study. In: Proc. 22nd Int. Conf. on Softw. Eng., Orlando, Fl, May 2002, pp. 431–441. ACM Press, New York (2002)Google Scholar
- 9.Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)Google Scholar
- 11.Lamport, L.: Specifying Systems: the TLA+ language and tools for hardware and software engineers. Addison-Wesley, Reading (2002)Google Scholar
- 12.Musuvathi, M., Park, D.Y.W., Chou, A., Engler, D.R., Dill, D.L.: CMC: A pragmatic approach to model checking real code. In: Proc. Fifth Symposium on Operating Systems Design and Implementation (December 2002)Google Scholar
- 13.Park, D.: Concurrency and automata on infinite sequences. In: 5th GI-Conference on Theoretical Computer Science, pp. 167–183. Springer, Heidelberg (1981)Google Scholar