Improving efficiency of symbolic model checking for state-based system requirements

We present various techniques for improving the time and space efficiency of symbolic model checking for system requirements specified as synchronous finite state machines. We used these techniques in our analysis of the system requirements specification of TCAS II, a complex aircraft collision avoidance system. They together reduce the time and space complexities by orders of magnitude, making feasible some analysis that was previously intractable. The TCAS II requirements were written in RSML, a dialect of state-charts.

[1]  Olivier Coudert,et al.  Verification of Synchronous Sequential Machines Based on Symbolic Execution , 1989, Automatic Verification Methods for Finite State Systems.

[2]  J. J. Britt Case study: Applying formal methods to the Traffic Alert and Collision Avoidance System (TCAS) II , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[3]  H. Iwashita,et al.  CTL model checking based on forward state traversal , 1996, ICCAD 1996.

[4]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[5]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[6]  Enrico Tronci,et al.  Automatic Veriication of a Hydroelectric Power Plant 1 , 1996 .

[7]  Edmund M. Clarke,et al.  Symbolic model checking for sequential circuit verification , 1993, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[8]  Edmund M. Clarke,et al.  Characterizing Finite Kripke Structures in Propositional Temporal Logic , 1988, Theor. Comput. Sci..

[9]  Luciano Lavagno,et al.  Disjunctive partitioning and partial iterative squaring: an effective approach for symbolic traversal of large circuits , 1997, DAC.

[10]  Randal E. Bryant,et al.  Efficient implementation of a BDD package , 1991, DAC '90.

[11]  Richard Rudell Dynamic variable ordering for ordered binary decision diagrams , 1993, ICCAD.

[12]  HarelDavid Statecharts: A visual formalism for complex systems , 1987 .

[13]  Nancy G. Leveson,et al.  Completeness and Consistency in Hierarchical State-Based Requirements , 1996, IEEE Trans. Software Eng..

[14]  Edmund M. Clarke Automatic Verification of Finite-state Concurrent Systems , 1994, Application and Theory of Petri Nets.

[15]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[16]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[17]  Matthew B. Dwyer,et al.  Model checking graphical user interfaces using abstractions , 1997, ESEC '97/FSE-5.

[18]  Alan J. Hu,et al.  New Techniques for Efficient Verification with Implicitly Conjoined BDDs , 1994, 31st Design Automation Conference.

[19]  Joanne M. Atlee,et al.  Feasibility of model checking software requirements: a case study , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[20]  Joseph Sifakis,et al.  Automatic Verification Methods for Finite State Systems , 1989, Lecture Notes in Computer Science.

[21]  Enrico Tronci,et al.  Automatic Verification of a Hydroelectric Power Plant , 1996, FME.

[22]  Mats Per Erik Heimdahl,et al.  Reduction and slicing of hierarchical state machines , 1997, ESEC '97/FSE-5.

[23]  Judith Crow,et al.  Formalizing Space Shuttle Software Requirements , 1996 .

[24]  David Notkin,et al.  Combining Constraint Solving and Symbolic Model Checking for a Class of a Systems with Non-linear Constraints , 1997, CAV.

[25]  Randal E. Bryant,et al.  On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[26]  Ilan Beer,et al.  Efficient Model Checking by Automated Ordering of Transition Relation Partitions , 1994, CAV.

[27]  Alan J. Hu,et al.  Reducing BDD Size by Exploiting Functional Dependencies , 1993, 30th ACM/IEEE Design Automation Conference.

[28]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[29]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[30]  Nancy G. Leveson,et al.  Completeness and Consistency Analysis of State-Based Requirements , 1995, 1995 17th International Conference on Software Engineering.

[31]  Gianpiero Cabodi,et al.  Efficient state space pruning in symbolic backward traversal , 1994, Proceedings 1994 IEEE International Conference on Computer Design: VLSI in Computers and Processors.

[32]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[33]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..