Model-Driven Software Verification

  • Gerard J. Holzmann
  • Rajeev Joshi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2989)


In the classic approach to logic model checking, software verification requires a manually constructed artifact (the model) to be written in the language that is accepted by the model checker. The construction of such a model typically requires good knowledge of both the application being verified and of the capabilities of the model checker that is used for the verification. Inadequate knowledge of the model checker can limit the scope of verification that can be performed; inadequate knowledge of the application can undermine the validity of the verification experiment itself.

In this paper we explore a different approach to software verification. With this approach, a software application can be included, without substantial change, into a verification test-harness and then verified directly, while preserving the ability to apply data abstraction techniques. Only the test-harness is written in the language of the model checker. The test-harness is used to drive the application through all its relevant states, while logical properties on its execution are checked by the model checker. To allow the model checker to track state, and avoid duplicate work, the test-harness includes definitions of all data objects in the application that contain state information.

The main objective of this paper is to introduce a powerful extension of the SPIN model checker that allows the user to directly define data abstractions in the logic verification of application level programs.


Model Checker Spin Model Data Abstraction Software Verification Mars Exploration Rover 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bosnacki, D.: Enhancing state space reduction techniques for model checking. Ph.D Thesis, Eindhoven Univ. of Technology, The Netherlands (2001)Google Scholar
  2. 2.
    Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
  3. 3.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J.C., et al.: Bandera: Extracting finite state models from Java source code. In: Proc. 22nd Int. Conf. on Softw. Eng., Limerick, Ireland, June 2000, pp. 439–448. ACM Press, New York (2000)Google Scholar
  4. 4.
    Emerson, E.A., Jutla, C.S., Sistla, A.P.: On Model-Checking for Fragments of mu-Calculus. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 385–396. Springer, Heidelberg (1993)Google Scholar
  5. 5.
    Gluck, P.R., Holzmann, G.J.: Using Spin Model Checking for Flight Software Verification. In: Proc. 2002 Aerospace Conference, March 2002, IEEE, Big Sky (2002)Google Scholar
  6. 6.
    Godefroid, P., Chandra, S., Palm, C.: Software model checking in practice: an industrial case study. In: Proc. 22nd Int. Conf. on Softw. Eng., Orlando, Fl, May 2002, pp. 431–441. ACM Press, New York (2002)Google Scholar
  7. 7.
    Havelund, K., Pressburger, T.: Model checking Java programs using Java Pathfinder. Int. Journal on Software Tools for Technology Transfer 2(4), 366–381 (2000)MATHCrossRefGoogle Scholar
  8. 8.
    Holzmann, G.J.: Logic Verification of ANSI-C Code with Spin. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)Google Scholar
  10. 10.
    Holzmann, G.J., Smith, M.H.: An automated verification method for distributed systems software based on model extraction. IEEE Trans. on Software Engineering 28(4), 364–377 (2002)CrossRefGoogle Scholar
  11. 11.
    Lamport, L.: Specifying Systems: the TLA+ language and tools for hardware and software engineers. Addison-Wesley, Reading (2002)Google Scholar
  12. 12.
    Musuvathi, M., Park, D.Y.W., Chou, A., Engler, D.R., Dill, D.L.: CMC: A pragmatic approach to model checking real code. In: Proc. Fifth Symposium on Operating Systems Design and Implementation (December 2002)Google Scholar
  13. 13.
    Park, D.: Concurrency and automata on infinite sequences. In: 5th GI-Conference on Theoretical Computer Science, pp. 167–183. Springer, Heidelberg (1981)Google Scholar
  14. 14.
  15. 15.

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Gerard J. Holzmann
    • 1
  • Rajeev Joshi
    • 1
  1. 1.JPL Laboratory for Reliable SoftwareCalifornia Institute of TechnologyPasadenaUSA

Personalised recommendations