article

Free access

Model checking large software specifications

Authors:

Richard J. Anderson,

Francesmary Modugno,

Jon D. ReeseAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 21, Issue 6

Pages 156 - 166

https://doi.org/10.1145/250707.239127

Published: 01 October 1996 Publication History

Abstract

In this paper we present our results and experiences of using symbolic model checking to study the specification of an aircraft collision avoidance system. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in the question of whether or not model checking techniques can be applied to large software specifications.To investigate this, we translated a portion of the finite-state requirements specification of TCAS II (Traffic Alert and Collision Avoidance System) into a form accepted by a model checker (SMV). We successfully used the model checker to investigate a number of dynamic properties of the system.We report on our experiences, describing our approach to translating the specification to the SMV language and our methods for achieving acceptable performance in model checking, and giving a summary of the properties that we were able to check. We consider the paper as a data point that provides reason for optimism about the potential for successful application of model checking to software systems. In addition, our experiences provide a basis for characterizing features that would be especially suitable for model checkers built specifically for analyzing software systems.The intent of this paper is to evaluate symbolic model checking of state-machine based specifications, not to evaluate the TCAS II specification. We used a preliminary version of the specification, the version 6.00, dated March, 1993, in our study. We did not have access to later versions, so we do not know if the properties identified here are present in later versions.

References

[1]

T. Alspaugh, S. Faulk, K. Britton, R. Parker, D. Parnas,and J. Shore. Software requirements for the A-7E aircraft. Technical report, Naval Research Lab., March 1988,

[2]

J. M. Atlee and A. M. Buckley. A logic-model semantics for SCR software requirements. In Proceedings of the International Symposium on Software Testing and Analysis, pages 280-292, January 1996.

Digital Library

[3]

R. E. Bryant. On the complexity of VLSI implementations and graph representation of boolean functions with applications to integer multiplication. IEEE Transactions on Computers, 40(2):205-213, February 1991.

Digital Library

[4]

R. E. Bryant and Chen Y.-A. Verification of arithmetic circuits with Binary Moment Diagrams. In Proceedings of the 32nd ACM/IEEE Design Automation Conference,pages 535-541, June 1995,

Digital Library

[5]

R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(6):677-691, August 1986.

Digital Library

[6]

J. R. Burch, E. M. Clarke, D. E. Long, K. L. McMillan, and D. L. Dill. Symbolic model checking for sequential circuit verification. IEEE Transactions on Computer-Aided Design oj Integrated Circuits and Systems,13(4):401-424, April 1994.

Digital Library

[7]

E. Clarke and X. Zhao. Word level symbolic model checking: A new approach for verifying arithmetic circuits.Technical Report CMU-CS-95-161, School of Computer Science, Carnegie Mellon University, May 1995.

Digital Library

[8]

E.M. Clarke, E.A. Emerson, and A.P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244-63, April 1986.

Digital Library

[9]

J.C, Corbett, Evaluating deadlock detection methods for concurrent software. IEEE Transactions on Software Engineering, SE-22(3), March 1996.

Digital Library

[10]

Federal Aviation Administration, U.S. Department of Transportation. Introduction to TCAS II, March 1990.

[11]

Federal Aviation Administration, U.S. Department of Transportation. TCAS II Collision Avoidance System (CAS) System Requirements Specification, Change 6.00, March 1993.

[12]

D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231 274, 1987.

Digital Library

[13]

M.P.E. Heimdahl and N.G. Leveson. Completeness and consist ency analysis of state-based requirements. In Proceedings of the 17th International Conference on Software Engineering, pages 3-14, April 1995.

Digital Library

[14]

K. Heninger. Specifying software requirements for complex systems: New techniques and their applications.IEEE Transactions on Software Engineering, SE- 6(1):2-12, January 1980.

[15]

D. Jackson. Abstract model checking of infinite specifications.In Proceedings of FME '94: Industrial Benefit of Formal Methods, Second International Symposium of Format Methods Europe, pages 519-31. Springer-Verlag, October 1994.

Digital Library

[16]

M. S. Jaffe, N. G. Leveson, M. P. E. Heimdahl, and B. E. Melhart. Software requirements analysis for realtime process-control systems. IEEE Transactions on Software Engineering, 17(3):241-258, March 1991.

Digital Library

[17]

N.G. Leveson, M.P.E. Heimdahl, H. Hildreth, and J.D. Reese. Requirements specification for process-control systems. IEEE Transactions on Software Engineering, SE-20(9), September 1994.

Digital Library

[18]

K.L. McMillan. Symbolic Model Checking. Kluwer Academic publishers, 1993.

Digital Library

[19]

A. Pnueli and M. Shalev. What is in a step: On the semantics of Statecharts. In Proceedings of International Conference on Theoretical Aspects of Computer Software,pages 245-264. Springer-Verlag, September 1991.

Digital Library

[20]

S. Ponzio. A lower bound for integer multiplication with read-once branching programs. In Proceedings of the 27th ACM Symposium on Theory of Computing, pages 130-139, May 1995.

Digital Library

[21]

T. Sreemani and J. Atlee. Feasibility of model checking software requirements: A case study. Technical Report CS96-05, Department of Computer Science, University of Waterloo, January 1996.

[22]

J.M. Wing and M. Vaziri-Farahani. Model checking software systems: A case study. In Proceedings of SIGSOFT'95 Third A CM SIGSOFT Symposium on the Foundations of Software Engineering, pages 128-139, October 1995.

Digital Library

Cited By

Beyer DStahlbauer A(2014)BDD-based software verificationInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-014-0334-116:5(507-518)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.1007/s10009-014-0334-1
Teplitsky MExman I(2006)Measuring Behavioral Software Design Patterns2006 IEEE 24th Convention of Electrical & Electronics Engineers in Israel10.1109/EEEI.2006.321116(384-388)Online publication date: Nov-2006
https://doi.org/10.1109/EEEI.2006.321116
Turk AProbst SPowers G(2005)Verification of real time chemical processing systemsHybrid and Real-Time Systems10.1007/BFb0014731(259-272)Online publication date: 9-Jun-2005
https://doi.org/10.1007/BFb0014731
Show More Cited By

Index Terms

Model checking large software specifications

Recommendations

Model checking large software specifications
SIGSOFT '96: Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering

In this paper we present our results and experiences of using symbolic model checking to study the specification of an aircraft collision avoidance system. Symbolic model checking has been highly successful when applied to hardware systems. We are ...
Model Checking Large Software Specifications

In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are ...
Symbolic model checking for large software specifications

Comments

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 21, Issue 6

Nov. 1996

192 pages

ISSN:0163-5948

DOI:10.1145/250707

Editor:
David Garlan

Issue’s Table of Contents

SIGSOFT '96: Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering
October 1996
190 pages
ISBN:0897917979
DOI:10.1145/239098
Chairmen:
Mark Moriconi
SRI International, Menlo Park, CA
,
Gregory Abowd
Georgia Institute of Technology, Atlanta
,
Editor:
David Garlan
Carnegie Mellon Univ., Pittsburgh, PA

Copyright © 1996 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 1996

Published in SIGSOFT Volume 21, Issue 6

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
925
Total Downloads

Downloads (Last 12 months)81
Downloads (Last 6 weeks)22

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Beyer DStahlbauer A(2014)BDD-based software verificationInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-014-0334-116:5(507-518)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.1007/s10009-014-0334-1
Teplitsky MExman I(2006)Measuring Behavioral Software Design Patterns2006 IEEE 24th Convention of Electrical & Electronics Engineers in Israel10.1109/EEEI.2006.321116(384-388)Online publication date: Nov-2006
https://doi.org/10.1109/EEEI.2006.321116
Turk AProbst SPowers G(2005)Verification of real time chemical processing systemsHybrid and Real-Time Systems10.1007/BFb0014731(259-272)Online publication date: 9-Jun-2005
https://doi.org/10.1007/BFb0014731
Dwyer MCarr VHines L(2005)Model checking graphical user interfaces using abstractionsSoftware Engineering — ESEC/FSE'9710.1007/3-540-63531-9_18(244-261)Online publication date: 1-Aug-2005
https://doi.org/10.1007/3-540-63531-9_18
Hou DHoover HStroulia E(2002)Supporting the Deployment of Object-Oriented FrameworksActive Flow and Combustion Control 201810.1007/3-540-47961-9_13(151-166)Online publication date: 29-May-2002
https://doi.org/10.1007/3-540-47961-9_13
Hall R(2000)Explanation-Based Scenario Generation for Reactive System ModelsAutomated Software Engineering10.1023/A:10087622255207:2(157-177)Online publication date: 1-May-2000
https://dl.acm.org/doi/10.1023/A%3A1008762225520
Dwyer MAvrunin GCorbett JArdis MAtlee J(1998)Property specification patterns for finite-state verificationProceedings of the second workshop on Formal methods in software practice10.1145/298595.298598(7-15)Online publication date: 4-Mar-1998
https://dl.acm.org/doi/10.1145/298595.298598
Dwyer MPasareanu C(1998)Filter-based model checking of partial systemsACM SIGSOFT Software Engineering Notes10.1145/291252.28830723:6(189-202)Online publication date: 1-Nov-1998
https://dl.acm.org/doi/10.1145/291252.288307
Dwyer MPasareanu COsterweil LScherlis W(1998)Filter-based model checking of partial systemsProceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering10.1145/288195.288307(189-202)Online publication date: 1-Nov-1998
https://dl.acm.org/doi/10.1145/288195.288307
Dwyer MCarr VHines L(1997)Model checking graphical user interfaces using abstractionsACM SIGSOFT Software Engineering Notes10.1145/267896.26791422:6(244-261)Online publication date: 1-Nov-1997
https://dl.acm.org/doi/10.1145/267896.267914
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents