research-article

Model Checking Large Software Specifications

Authors:

Richard J. Anderson,

Francesmary Modugno,

Jon D. ReeseAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 24, Issue 7

Pages 498 - 520

https://doi.org/10.1109/32.708566

Published: 01 July 1998 Publication History

Abstract

In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effectively applied to large software specifications. To investigate this, we translated a portion of the state-based system requirements specification of Traffic Alert and Collision Avoidance System II (TCAS II) into input to a symbolic model checker (SMV). We successfully used the symbolic model checker to analyze a number of properties of the system. We report on our experiences, describing our approach to translating the specification to the SMV language, explaining our methods for achieving acceptable performance, and giving a summary of the properties analyzed. Based on our experiences, we discuss the possibility of using model checking to aid specification development by iteratively applying the technique early in the development cycle. We consider the paper to be a data point for optimism about the potential for more widespread application of model checking to software systems.

References

[1]

T. Alspaugh S. Faulk K. Britton R. Parker D. Parnas and J. Shore, "Software Requirements for the A-7E Aircraft," technical report, Naval Research Laboratory, Mar. 1988.

[2]

R. Alur C. Courcoubetis and D.L. Dill, "Model-Checking for Real-Time Systems," Proc. Fifth Ann. Symp. Logic Computer Science, pp. 414-425, Philadelphia, IEEE, June 1990.

[3]

R. Alur C. Courcoubetis T.A. Henzinger N. Halbwachs P.-H. Ho X. Nicollini A. Olivero J. Sifakis and S. Yovine, "The Algorithmic Analysis of Hybrid Systems," Theoretical Computer Science, vol. 138, pp. 3-34, 1995.

Digital Library

[4]

R. Alur and T.A. Henzinger, eds. Computer Aided Verification. Proc. Eighth Int'l Conf., CAV'96, Lecture Notes in Computer Science 1102. New Brunswick, N.J.: Springer-Verlag, July/Aug. 1996.

Digital Library

[5]

R.J. Anderson P. Beame S. Burns W. Chan F. Modugno D. Notkin and J.D. Reese, "Model Checking Large Software Specifications," D. Garlan, ed., Proc. Fourth ACM SIGSOFT Symp. Foundations of Software Eng., pp. 156-166, San Francisco, Oct. 1996. Also published as Software Engineering Notes, vol. 21, no. 6, Nov. 1996.

Digital Library

[6]

G. Berry and G. Gonthier, "The ESTEREL Synchronous Programming Language: Design, Semantics, Implementation," Science of Computer Programming, vol. 19, no. 2, pp. 87-152, Nov. 1992.

Digital Library

[7]

R. Bharadwaj and C. Heitmeyer, "Verifying SCR Requirements Specifications Using State Exploration," Proc. First ACM SIGPLAN Workshop Automatic Analysis of Software, Paris, France, Jan. 1997.

[8]

B.W. Boehm, Software Engineering Economics. Prentice Hall, 1981.

Digital Library

[9]

B. Boigelot and P. Godefroid, "Symbolic Verification of Communication Protocols with Infinite State Spaces Using QDDs," Alur and Henzinger {4}, pp. 1-12.

Digital Library

[10]

R.E. Bryant, "Graph-Based Algorithms for Boolean Function Manipulation," IEEE Trans. Computers, vol. 35, no. 6, pp. 677-691, Aug. 1986.

Digital Library

[11]

R.E. Bryant, "On the Complexity of VLSI Implementations and Graph Representation of Boolean Functions with Applications to Integer Multiplication," IEEE Trans. Computers, vol. 40, no. 2, pp. 205-213, Feb. 1991.

Digital Library

[12]

R.E. Bryant and Y.-A. Chen, "Verification of Arithmetic Functions with Binary Moment Diagrams," Technical Report CMU-CS-94-160, School of Computer Science, Carnegie Mellon Univ., June 1994.

Digital Library

[13]

R.E. Bryant and Y.-A. Chen, "Verification of Arithmetic Circuits with Binary Moment Diagrams," Proc. 32nd ACM/IEEE Design Automation Conf., pp. 535-541, San Francisco, ACM/IEEE, June 1995.

Digital Library

[14]

T. Bultan R. Gerber and W. Pugh, "Symbolic Model Checking of Infinite State Programs Using Presburger Arithmetic," Grumberg {30}, pp. 400-411.

Digital Library

[15]

J.R. Burch E.M. Clarke D.E. Long K.L. McMillan and D.L. Dill, "Symbolic Model Checking for Sequential Circuit Verification," IEEE Trans. Computer-Aided Design of Integrated Circuits, vol. 13, no. 4, pp. 401-424, Apr. 1994.

Digital Library

[16]

J.R. Burch E.M. Clarke K.L. McMillan D.L. Dill and L.J. Hwang, "Symbolic Model Checking: 10<sup>20</sup> States and Beyond," Information and Computation, vol. 98, no. 2, pp. 142-170, June 1992.

Digital Library

[17]

W. Chan R.J. Anderson P. Beame and D. Notkin, "Combining Constraint Solving and Symbolic Model Checking for a Class of Systems with Non-Linear Constraints," Grumberg {30}, pp. 316-327.

Digital Library

[18]

W. Chan R.J. Anderson P. Beame and D. Notkin, "Improving Efficiency of Symbolic Model Checking for State-Based System Requirements," M. Young, ed., ISSTA'98: Proc. ACM SIGSOFT Int'l Symp. Software Testing and Analysis, pp. 102-112, Clearwater Beach, Fla., Mar. 1998. Also published as Software Engineering Notes, vol. 23, no. 2, Mar. 1998.

Digital Library

[19]

E.M. Clarke E.A. Emerson and A.P. Sistla, "Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications," ACM Trans. Programming Languages and Systems, vol. 8, no. 2, pp. 244-263, Apr. 1986.

Digital Library

[20]

E.M. Clarke R. Enders T. Filkorn and S. Jha, "Exploiting Symmetry in Temporal Logic Model Checking," Formal Methods in System Design, vol. 9, nos. 1 /2, pp. 77-104, Aug. 1996.

Digital Library

[21]

E.M. Clarke M. Khaira and X. Zhao, "Word Level Model Checking—Avoiding the Pentium FDIV Error," Proc. 33rd Design Automation Conf., pp. 645-648, Las Vegas, ACM/IEEE, June 1996.

Digital Library

[22]

R.J. Cleaveland J. Parrow and B. Steffen, "The Concurrency Workbench: A Semantics-Based Verification Tool for the Verification of Concurrent Systems," ACM Trans. Programming Languages and Systems, vol. 15, no. 1, pp. 36-72, Jan. 1993.

Digital Library

[23]

J.C. Corbett, "Evaluating Deadlock Detection Methods for Concurrent Software," IEEE Trans. Software Engineering, vol. 22, no. 3, Mar. 1996.

Digital Library

[24]

J. Crow and B.L. Di Vito, "Formalizing Space Shuttle Software Requirements," Proc. ACM SIGSOFT Workshop Formal Methods in Software Practice, pp. 40-48, Jan. 1996.

[25]

W. Damm H. Hungar P. Kelb and R. Schlör, "Statecharts: Using Graphical Specification Languages and Symbolic Model Checking in the Verification of a Production Cell," C. Lewerentz and T. Lindner, eds., Formal Development of Reactive Systems: Case Study Production Cell, Lecture Notes in Computer Science 891, pp. 131-149. Springer-Verlag, 1995.

Digital Library

[26]

D.L. Dill, "The Murφ Verification System," Alur and Henzinger {4}, pp. 390-393.

Digital Library

[27]

M.B. Dwyer G.S. Avrunin and J.C. Corbet, "Property Specification Patterns for Finite-State Verification," M. Ardis, ed., Proc. FMSP'98: The Second Workshop Formal Methods in Software Practice, pp. 7-15, Clearwater Beach, Fla., Mar. 1998.

Digital Library

[28]

Federal Aviation Administration, U.S. Dept. of Transportation, Introduction to TCAS II, Mar. 1990.

[29]

D. Garlan R. Allen and J. Ockerbloom, "Architectural Mismatch: Why Reuse is So Hard," IEEE Software, vol. 12, no. 6, pp. 17-26, Nov. 1995.

Digital Library

[30]

Computer Aided Verification, Proc. Ninth Int'l Conf., CAV'97, Lecture Notes in Computer Science 1,254, O. Grumberg, ed., Haifa, Israel. Springer-Verlag, June 1997.

[31]

D. Harel, "Statecharts: A Visual Formalism for Complex Systems," Science of Computer Programming, vol. 8, no. 3, pp. 231-274, June 1987.

Digital Library

[32]

D. Harel and A. Naamad, "The STATEMATE Semantics of Statecharts," ACM Trans. Software Eng. and Methodology, vol. 5, no. 4, pp. 293-333, Oct. 1996.

Digital Library

[33]

M.P.E. Heimdahl and B.J. Czerny, "Using PVS to Analyze Hierarchical State-Based Requirements for Completeness and Consistency," Proc. IEEE High Assurance Systems Eng. Workshop, Niagara Falls, Canada, Oct. 1996.

Digital Library

[34]

M.P.E. Heimdahl and N.G. Leveson, "Completeness and Consistency in Hierarchical State-Based Requirements," IEEE Trans. Software Eng., vol. 22, no. 6, pp. 363-377, June 1996.

Digital Library

[35]

J. Helbig and P. Kelb, "An OBDD-Representation of Statecharts," Proc.: The European Design and Test Conf. EDAC, The European Conf. Design Automation. ETC, European Test Conf. EUROASIC, The European Event in ASIC Design, pp. 142-149, Paris, France, IEEE, Feb./Mar. 1994.

[36]

K. Heninger, "Specifying Software Requirements for Complex Systems: New Techniques and Their Applications," IEEE Trans. Software Eng., vol. 6, no. 1, pp. 2-12, Jan. 1980.

Digital Library

[37]

M.R. Henzinger T.A. Henzinger and P.W. Kopke, "Computing Simulations on Finite and Infinite Graphs," Proc.: 36th Ann. Symp. Foundations of Computer Science, pp. 453-462, Milwaukee, Wisconsin, IEEE, Oct. 1995.

Digital Library

[38]

T.A. Henzinger P.-H. Ho and H. Wong-Toi, "HyTech: A Model Checker for Hybrid Systems," Grumberg {30}, pp. 460-463.

Digital Library

[39]

D. Jackson, "Abstract Model Checking of Infinite Specifications," M. Naftalin, T. Denvir, and M. Bertran, eds., FME'94: Industrial Benefit of Formal Methods, Proc. Second Int'l Symp. Formal Methods Europe, Lecture Notes in Computer Science 873, pp. 519-531, Barcelona, Spain. Springer-Verlag, Oct. 1994.

Digital Library

[40]

D. Jackson and C.A. Damon, "Elements of Style: Analyzing a Software Design Feature with a Counterexample Detector," IEEE Trans. Software Eng., vol. 22, no. 7, pp. 484-95, July 1996.

Digital Library

[41]

M.S. Jaffe N.G. Leveson M.P.E. Heimdahl and B.E. Melhart, "Software Requirements Analysis for Real-Time Process-Control Systems," IEEE Trans. Software Eng., vol. 17, no. 3, pp. 241-258, Mar. 1991.

Digital Library

[42]

O. Kupferman and M.Y. Vardi, "Module Checking," Alur and Henzinger {4}, pp. 75-86.

Digital Library

[43]

N.G. Leveson, Safeware: System Safety and Computers. Addison Wesley Longman, 1995.

[44]

N.G. Leveson M.P.E. Heimdahl H. Hildreth and J.D. Reese, "Requirements Specification for Process-Control Systems," IEEE Trans. Software Eng., vol. 20, no. 9, Sept. 1994.

Digital Library

[45]

K.L. McMillan, Symbolic Model Checking. Kluwer, 1993.

Digital Library

[46]

K.L. McMillan, "Fitting Formal Methods into the Design Cycle," Proc. 31st ACM/IEEE Design Automation Conf., pp. 314-319, San Diego, June 1994.

Digital Library

[47]

R. Milner, "An Algebraic Definition of Simulation Between Programs," Proc. Second Int'l Joint Conf. Artificial Intelligence, pp. 481-489, Sept. 1971.

[48]

S. Owre S. Rajan J.M. Rushby N. Shankar and M. Srivas, "PVS: Combining Specification, Proof Checking, and Model Checking," Alur and Henzinger {4}, pp. 411-414.

Digital Library

[49]

A. Pnueli and M. Shalev, "What is in a Step: On the Semantics of Statecharts," Proc. Int'l Conf. Theoretical Aspects of Computer Software, pp. 245-264. Springer-Verlag, Sept. 1991.

Digital Library

[50]

R. Pugliese and E. Tronci, "Automatic Verification of a Hydro- electric Power Plant," M.-C. Gaudel and J. Woodcock, eds., FME'96: Industrial Benefit and Advances in Formal Methods, Proc. Third Int'l Symp. Formal Methods Europe, Lecture Notes in Computer Science 1051, pp. 425-444, Oxford, U.K.: Springer-Verlag, Mar. 1996.

Digital Library

[51]

J.D. Reese and N.G. Leveson, "Software Deviation Analysis: A 'Safeware Technique'," Proc. Int'l Conf. Software Eng., pp. 250-260, Boston, May 1997.

Digital Library

[52]

E.M. Sentovich, "A Brief Study of BDD Package Performance," M. Srivas and A. Camilleri, eds., Formal Methods in Computer-Aided Design: First Int'l Conf., FMCAD'96 Proc., pp. 389-403, Palo Alto, Calif., Springer-Verlag, Nov. 1996.

Digital Library

[53]

T. Sreemani and J.M. Atlee, "Feasibility of Model Checking Software Requirements: A Case Study," COMPASS'96, Proc. 11th Ann. Conf. Computer Assurance, pp. 77-88, Gaithersburg, Md., IEEE, June 1996.

[54]

J.S. Thathachar, "On the Limitations of Ordered Representations of Functions," A. Hu and M. Vardi, eds., Proc. Computer Aided Verification, 10th Int'l Conf., CAV'98, Lecture Notes in Computer Science, pp. 232-243, Vancouver, Canada, Springer-Verlag, June/July 1998.

Digital Library

[55]

J.M. Wing and M. Vaziri-Farahani, "A Case Study in Model Checking Software Systems," Science of Computer Programming, vol. 28, nos. 2 /3, pp. 273-299, Apr. 1997.

Digital Library

[56]

J. Yang A.K. Mok and F. Wang, "Symbolic Model Checking for Event-Driven Real-Time Systems," ACM Trans. Programming Languages and Systems, vol. 19, no. 2, pp. 386-412, Mar. 1997.

Digital Library

Cited By

Zhou ZZhi QMorisaki S(2021)A Composite Safety Assurance Method for Developing System Architecture Using Model CheckingInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.202101010512:1(78-93)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.4018/IJSSSP.2021010105
Adesina OLethbridge TSomé SPretschner AVoss SBurgueño L(2019)Optimizing hierarchical, concurrent state machines in umple for model checkingProceedings of the 22nd International Conference on Model Driven Engineering Languages and Systems10.1109/MODELS-C.2019.00082(524-532)Online publication date: 15-Sep-2019
https://dl.acm.org/doi/10.1109/MODELS-C.2019.00082
Hasegawa IYokogawa T(2019)Automatic Verification for Node-Based Visual Script Notation Using Model CheckingFormal Methods and Software Engineering10.1007/978-3-030-32409-4_4(52-68)Online publication date: 5-Nov-2019
https://dl.acm.org/doi/10.1007/978-3-030-32409-4_4
Show More Cited By

Index Terms

Model Checking Large Software Specifications

Recommendations

Optimizing Symbolic Model Checking for Statecharts
Special issue on 1999 international conference on software engineering

Symbolic model checking based on binary decision diagrams is a powerful formal verification technique for reactive systems. In this paper, we present various optimizations for improving the time and space efficiency of symbolic model checking for systems ...
Improving efficiency of symbolic model checking for state-based system requirements
ISSTA '98: Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis

We present various techniques for improving the time and space efficiency of symbolic model checking for system requirements specified as synchronous finite state machines. We used these techniques in our analysis of the system requirements specification ...
Improving efficiency of symbolic model checking for state-based system requirements

We present various techniques for improving the time and space efficiency of symbolic model checking for system requirements specified as synchronous finite state machines. We used these techniques in our analysis of the system requirements specification ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 24, Issue 7

July 1998

88 pages

ISSN:0098-5589

Issue’s Table of Contents

Copyright © Copyright © 1998 IEEE. All Rights Reserved.

Publisher

IEEE Press

Publication History

Published: 01 July 1998

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

85
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhou ZZhi QMorisaki S(2021)A Composite Safety Assurance Method for Developing System Architecture Using Model CheckingInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.202101010512:1(78-93)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.4018/IJSSSP.2021010105
Adesina OLethbridge TSomé SPretschner AVoss SBurgueño L(2019)Optimizing hierarchical, concurrent state machines in umple for model checkingProceedings of the 22nd International Conference on Model Driven Engineering Languages and Systems10.1109/MODELS-C.2019.00082(524-532)Online publication date: 15-Sep-2019
https://dl.acm.org/doi/10.1109/MODELS-C.2019.00082
Hasegawa IYokogawa T(2019)Automatic Verification for Node-Based Visual Script Notation Using Model CheckingFormal Methods and Software Engineering10.1007/978-3-030-32409-4_4(52-68)Online publication date: 5-Nov-2019
https://dl.acm.org/doi/10.1007/978-3-030-32409-4_4
Karna AChen YYu HZhong HZhao J(2018)The role of model checking in software engineeringFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-016-6192-012:4(642-668)Online publication date: 1-Aug-2018
https://dl.acm.org/doi/10.1007/s11704-016-6192-0
Barnat JBauch PBeneš NBrim LBeran JKratochvíla T(2016)Analysing sanity of requirements for avionics systemsFormal Aspects of Computing10.1007/s00165-015-0348-928:1(45-63)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1007/s00165-015-0348-9
Meller YGrumberg OYorav K(2015)Learning-Based Compositional Model Checking of Behavioral UML SystemsRevised Selected Papers of the 12th International Conference on Formal Aspects of Component Software - Volume 953910.1007/978-3-319-28934-2_15(275-293)Online publication date: 14-Oct-2015
https://dl.acm.org/doi/10.1007/978-3-319-28934-2_15
Aceituna DDo HSrinivasan SJalote PBriand LHoek A(2014)A systematic approach to transforming system requirements into model checking specificationsCompanion Proceedings of the 36th International Conference on Software Engineering10.1145/2591062.2591183(165-174)Online publication date: 31-May-2014
https://dl.acm.org/doi/10.1145/2591062.2591183
Pontes RVéras PAmbrosio AVillani E(2014)Contributions of model checking and CoFI methodology to the development of space embedded softwareEmpirical Software Engineering10.1007/s10664-012-9215-y19:1(39-68)Online publication date: 1-Feb-2014
https://dl.acm.org/doi/10.1007/s10664-012-9215-y
Zhao YLi ZShen HMa D(2013)Development of global specification for dynamically adaptive softwareComputing10.1007/s00607-013-0295-395:9(785-816)Online publication date: 1-Sep-2013
https://dl.acm.org/doi/10.1007/s00607-013-0295-3
Barnat JBauch PBrim L(2012)Checking sanity of software requirementsProceedings of the 10th international conference on Software Engineering and Formal Methods10.1007/978-3-642-33826-7_4(48-62)Online publication date: 1-Oct-2012
https://dl.acm.org/doi/10.1007/978-3-642-33826-7_4
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents