Detecting Design Flaws in UML State Charts for Embedded Software

  • Janees Elamkulam
  • Ziv Glazberg
  • Ishai Rabinovitz
  • Gururaja Kowlali
  • Satish Chandra Gupta
  • Sandeep Kohli
  • Sai Dattathrani
  • Claudio Paniagua Macia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4383)


Embedded systems are used in various critical devices and correct functioning of these devices is crucial. For non-trivial devices, exhaustive testing is costly, time consuming and probably impossible. A complementary approach is to perform static model checking to verify certain design correctness properties. Though static model checking techniques are widely used for hardware circuit verification, the goal of model checking software systems remains elusive. However embedded systems fall in the category of concurrent reactive systems and can be expressed through communicating state machines. Behavior of concurrent reactive systems is more similar to hardware than general software. So far, this similarity has not been exploited sufficiently.

IBM® Rational® Rose® RealTime (RoseRT) is widely used for designing concurrent reactive systems and supports UML State Charts. IBM RuleBase is an effective tool for hardware model checking. In this paper, we describe our experiments of using RuleBase for static model checking RoseRT models. Our tool automatically converts RoseRT models to the input for RuleBase, allows user to specify constraints graphically using a variation of sequence diagrams, and presents model checking results (counterexamples) as sequence diagrams consisting of states and events in the original UML model. The model checking step is seamlessly integrated with RoseRT. Prior knowledge of model checking or formal methods is not expected, and familiarity of UML sequence diagram is exploited to make temporal constraint specification and counterexample presentation more accessible. This approach brings the benefits of model checking to embedded system developers with little cost of learning.


State Machine Model Check Sequence Diagram Idle State State Chart 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alur, R., Yannakakis, M.: Model checking of hierarchical state machines. ACM Transactions on Programming Languages and Systems 23(3), 273–303 (2001), CrossRefGoogle Scholar
  2. 2.
    Barner, S., Glazberg, Z., Rabinovitz, I.: Wolf - bug hunter for concurrent software using formal methods. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 153–157. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Beato, M.E., et al.: UML automatic verification tool with formal methods. Electronic Notes in Theoretical Computer Science 127(4), 3–16 (2005), CrossRefGoogle Scholar
  4. 4.
    Beer, I., et al.: RuleBase: an industry-oriented formal verification tool. In: Proc. of the 33rd Design Automation Conference, pp. 655–660 (1996),
  5. 5.
    Bellini, P., Mattonlini, R., Nesi, P.: Temporal logics for real-time system specification. ACM Computing Surveys 32(1), 12–42 (2000), CrossRefGoogle Scholar
  6. 6.
    Beyer, D., et al.: An Eclipse plug-in for model checking. In: Proc. of 12th International Workshop on Program Comprehension (IWPC2004), pp. 251–255. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  7. 7.
    Bienmüller, T., Damm, W., Wittke, H.: The STATEMATE verification environment – making it real. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 561–567. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Booch, G., Rumbaugh, J.E., Jacobson, I.: Unified Modeling Language User Guide. Addison-Wesley, Reading (1999)CrossRefGoogle Scholar
  9. 9.
    Brand, D., Zafiropulo, P.: On communicating finite-state machines. Journal of the Association for Computing Machinery 30(2), 323–342 (1983), MATHMathSciNetGoogle Scholar
  10. 10.
    Brayton, R.K., et al.: VIS: a system for verification and synthesis. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 428–432. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Chan, W., et al.: Model checking large software specifications. IEEE Transactions on Software Engineering 24(7), 498–520 (1998)CrossRefGoogle Scholar
  12. 12.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. on Programming Languages and Systems 8(2), 244–263 (1986), MATHCrossRefGoogle Scholar
  13. 13.
    Clarke, E.M., Grumberg, O., Long, D.E.: Model checking and abstraction. ACM Trans. on Programming Languages and Systems 16(5), 1512–1542 (1994), CrossRefGoogle Scholar
  14. 14.
    Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  15. 15.
    Darvas, A., Majzik, I., Benyo, B.: Verification of UML statechart models of embedded systems. In: Proc. of 5th IEEE Design and Diagnostics of Electronic Circuits and Systems Workshop, pp. 70–77. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  16. 16.
    Flake, S., Müller, W.: A UML profile for real-time constraints with the OCL. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) «UML» 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools. LNCS, vol. 2460, pp. 179–195. Springer, Heidelberg (2002)Google Scholar
  17. 17.
    Flake, S., Müller, W.: Formal semantics of static and temporal state-oriented OCL constraints. Software and System Modeling 2(3), 164–186 (2003)CrossRefGoogle Scholar
  18. 18.
    Gnesi, S., Latella, D., Massink, M.: Model checking UML statechart diagrams using JACK. In: Proc. of 4th IEEE International Symposium on High-Assurance Systems Engineering, pp. 46–55. IEEE Computer Society Press, Los Alamitos (1999)CrossRefGoogle Scholar
  19. 19.
    Harel, D.: Statecharts: A visual formalism for complex systems. Science of Computer Programming 8(3), 231–274 (1987)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Harel, D., Naamad, A.: The STATEMATE semantics of statecharts. ACM Transactions on Software Engineering and Methodology 5(4), 293–333 (1996), CrossRefGoogle Scholar
  21. 21.
    Harel, D., Marelly, R.: Come, Let’s Play: Scenario-Based Programming Using LSCs and the Play-Engine. Springer, Heidelberg (2003)Google Scholar
  22. 22.
    Heitmeyer, C.L., Jeffords, R.D., Labaw, B.G.: A benchmark for comparing different approaches for specifying and verifying real-time systems. In: Proc. of the 10th IEEE workshop on Real-time operating systems and software, pp. 122–129. IEEE Computer Society Press, Los Alamitos (1993)Google Scholar
  23. 23.
    Henzinger, T.A., et al.: Software verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) Model Checking Software. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Holzmann, G.J.: The Spin Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)Google Scholar
  25. 25.
  26. 26.
    IEEE: PSL – IEEE Standard for Property Specification Language. IEEE P1850,
  27. 27.
    Jahanian, F., Mok, A.K.: Modechart: A specification language for real-time systems. IEEE Transactions on Software Engineering 20(12), 933–947 (1994)CrossRefGoogle Scholar
  28. 28.
    Kent, S.: Constraint diagrams: visualizing invariants in object-oriented models. In: Proc. of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications (OOPSLA97), pp. 327–341. ACM Press, New York (1997), doi:10.1145/263698.263756CrossRefGoogle Scholar
  29. 29.
    Knapp, A., Merz, S., Rauh, C.: Model checking – timed UML state machines and collaborations. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 395–416. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. 30.
    Kwon, G.: Rewrite rules and operational semantics for model checking UML statecharts. In: Evans, A., Kent, S., Selic, B. (eds.) UML 2000. LNCS, vol. 1939, pp. 528–540. Springer, Heidelberg (2000)Google Scholar
  31. 31.
    Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. International Journal on Software Tools for Technology Transfer 1(1-2), 134–152 (1997)MATHCrossRefGoogle Scholar
  32. 32.
    Latella, D., Majzik, I., Massink, M.: Automatic verification of a behavioural subset of UML statechart diagrams using the SPIN model-checker. Formal Aspects of Computer Science 11(6), 637–664 (1999)MATHCrossRefGoogle Scholar
  33. 33.
    Latella, D., Majzik, I., Massink, M.: Towards a formal operational semantics of UML statechart diagrams. In: Proc. of 2rd International Conference on Formal Methods for Open Object-Based Distributed Systems, vol. 139, Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  34. 34.
    Lilius, J., Paltor, I.: vUML: a tool for verifying UML models. In: Proc. of 14th IEEE International Conference on Automated Software Engineering, pp. 255–258. IEEE Computer Society Press, Los Alamitos (1999)CrossRefGoogle Scholar
  35. 35.
    McMillan, K.L.: Symbolic Model Checking. Kluwer Academic Publishers, Dordrecht (1993)MATHGoogle Scholar
  36. 36.
    Mikk, E., et al.: Implementing statecharts in PROMELA/SPIN. In: Proc. of 2nd Workshop on Industrial-Strength Formal Specification Techniques, pp. 90–101. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  37. 37.
    Moser, L.E., et al.: A graphical environment for the design of concurrent real-time systems. ACM Transactions on Software Engineering and Methodology 6(1), 31–79 (1997), doi:10.1145/237432.237438CrossRefMathSciNetGoogle Scholar
  38. 38.
    Object Management Group: UML 2.0 OCL Final Adopted Specification. OMG Document ptc/03-10-14 (2003),
  39. 39.
    Paltor, I., Lilius, J.: Formalising UML state machines for model checking. In: France, R.B., Rumpe, B. (eds.) «UML» ’99 - The Unified Modeling Language. Beyond the Standard. LNCS, vol. 1723, pp. 430–445. Springer, Heidelberg (1999)Google Scholar
  40. 40.
    Seshia, S.A., et al.: A translation of statecharts to Esterel. In: Woodcock, J.C.P., Davies, J., Wing, J.M. (eds.) FM 1999. LNCS, vol. 1709, pp. 983–1007. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  41. 41.
    Shen, W., Compton, K.J., Huggins, J.: A toolset for supporting UML static and dynamic model checking. In: Proc. of 16th IEEE International Conference on Automated Software Engineering, pp. 315–318. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  42. 42.
    Wasowski, A.: Flattening statecharts without explosions. In: Proc. of the 2004 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems, pp. 257–266. ACM Press, New York (2004)CrossRefGoogle Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Janees Elamkulam
    • 1
  • Ziv Glazberg
    • 2
  • Ishai Rabinovitz
    • 3
  • Gururaja Kowlali
    • 1
  • Satish Chandra Gupta
    • 1
  • Sandeep Kohli
    • 1
  • Sai Dattathrani
    • 1
  • Claudio Paniagua Macia
    • 4
  1. 1.IBM, BangaloreIndia
  2. 2.IBM Research Lab, HaifaIsrael
  3. 3.Mellanox Inc.Israel
  4. 4.IBM BarcelonaSpain

Personalised recommendations