Model checking large software specifications

Richard J. Anderson, Paul Beame, Steve Burns, William Chan, Francesmary Modugno, David Notkin, Jon D. Reese
1996 Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering - SIGSOFT '96  
In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effectively applied to large software specifications. To investigate this, we translated a portion of the state-based system requirements specification of Traffic Alert and Collision Avoidance System II
more » ... S II) into input to a symbolic model checker (SMV). We successfully used the symbolic model checker to analyze a number of properties of the system. We report on our experiences, describing our approach to translating the specification to the SMV language, explaining our methods for achieving acceptable performance, and giving a summary of the properties analyzed. Based on our experiences, we discuss the possibility of using model checking to aid specification development by iteratively applying the technique early in the development cycle. We consider the paper to be a data point for optimism about the potential for more widespread application of model checking to software systems. Index Terms-Formal methods, state-based specifications, requirements, statecharts, symbolic model checking, binary decision diagrams, software verification. ----------F ---------- MODEL CHECKING Model checking is a formal verification technique based on state exploration. Given a state transition system and a property, model checking algorithms exhaustively explore the state space to determine whether the system satisfies 0098-5589/98/$10.00
doi:10.1145/239098.239127 dblp:conf/sigsoft/AndersonBBCMNR96 fatcat:ufuh5lpfjvgyja4p6iqnbny4ea