The three dimensions of formal validation and verification of reactive system behaviors

Abstract : In-spite of three decades of software formal verification and validation (FV&V) research, there exists no ideal FV&V technique that works well for all FV&V concerns. That is, there is no one technique that enables the following: (1) easy and correct construction of requirement specification of complex real-life properties, and (2) complete verification coverage of complete real-life complex software with respect to those requirements. Moreover, many of the FV&V techniques are ineffective in handling temporal behavior of reactive systems. In this article, the authors present a visual tradeoff space, called the FV&V "tradeoff cuboid," for software engineers to discuss the various tradeoffs (e.g. cost, coverage, etc.) between different FV&V approaches in order to select the appropriate techniques for V&V. They illustrate the use of the tradeoff space with a discussion of cost and coverage tradeoffs among three categories of FV&V techniques: theorem proving, non-execution-based model checking, and execution-based model checking via the combination of runtime verification and automatic test generation. They show, using the cuboid, the pros and cons of the three categories of techniques. The authors advocate the assertion-based over the model-based approach to V&V for requirements specifications because the former allows system developers to modularize their thinking and focus on each property (or sets of properties) in isolation. In addition, it is much easier to verify the behavior of the actual system against each assertion (or sets of assertions) than comparing the equivalence of two monolithic formal models.

[1]  Mandayam K. Srivas,et al.  Experiences in applying formal methods to the analysis of software and system requirements , 1995, Proceedings of 1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques.

[2]  Doron Drusinsky,et al.  Creating and Validating Embedded Assertion Statecharts , 2007, IEEE Distributed Systems Online.

[3]  Insup Lee,et al.  RT-MaC: runtime monitoring and checking of quantitative and probabilistic properties , 2005, 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA'05).

[4]  Grigore Rosu,et al.  An Overview of the Runtime Verification Tool Java PathExplorer , 2004, Formal Methods Syst. Des..

[5]  Doron Drusinsky,et al.  Semantics and Runtime Monitoring of TLCharts: Statechart Automata with Temporal Logic Conditioned Transitions , 2004, RV@ETAPS.

[6]  Walter Truszkowski,et al.  Verification of NASA emergent systems , 2004, Proceedings. Ninth IEEE International Conference on Engineering of Complex Computer Systems.

[7]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[8]  Rachel Cardell-Oliver,et al.  An embedding of Timed Transition Systems in HOL , 1993, Formal Methods Syst. Des..

[9]  Ulrich Ultes-Nitsche Propositional Linear Temporal Logic and Language Homomorphisms , 1994, LFCS.

[10]  Edward Y. Chang,et al.  Compositional verification of real-time systems , 1994, Proceedings Ninth Annual IEEE Symposium on Logic in Computer Science.

[11]  A Straw,et al.  Guide to the Software Engineering Body of Knowledge , 1998 .

[12]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[13]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[14]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[15]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[16]  Christopher A. Rouff,et al.  Experiences with a requirements-based programming approach to the development of a NASA autonomous ground control system , 2005, 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS'05).

[17]  Christopher A. Rouff,et al.  A formal approach to requirements-based programming , 2005, 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS'05).

[18]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[19]  Gregory Tassey,et al.  Prepared for what , 2007 .

[20]  Michael R. Lowry,et al.  Towards a theory for integration of mathematical verification and empirical testing , 1998, Proceedings 13th IEEE International Conference on Automated Software Engineering (Cat. No.98EX239).

[21]  R.W. Butler,et al.  NASA Langley's research and technology-transfer program in formal methods , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[22]  T.C. Lethbridge,et al.  Guide to the Software Engineering Body of Knowledge (SWEBOK) and the Software Engineering Education Knowledge (SEEK) - a preliminary mapping , 2001, 10th International Workshop on Software Technology and Engineering Practice.

[23]  John Kelly,et al.  Experiences Using Lightweight Formal Methods for Requirements Modeling , 1998, IEEE Trans. Software Eng..

[24]  Timothy G. Trucano,et al.  Verification and validation. , 2005 .

[25]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[26]  Doron Drusinsky,et al.  Modeling and verification using UML statecharts - a working guide to reactive system design, runtime monitoring and execution-based model checking , 2006 .

[27]  Stavros Tripakis,et al.  Kronos: A Model-Checking Tool for Real-Time Systems , 1998, CAV.

[28]  Joseph Y. Halpern,et al.  “Sometimes” and “not never” revisited: on branching versus linear time temporal logic , 1986, JACM.

[29]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[30]  Daniel M. Berry,et al.  Formal Methods: The Very Idea Some Thoughts About Why They Work When They Work , 1998, Monterey Workshop.

[31]  Jeffrey John Joyce,et al.  Multi-level verification of microprocessor-based systems , 1989 .

[32]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[33]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[34]  Robyn R. Lutz,et al.  Analyzing software requirements errors in safety-critical, embedded systems , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[35]  H. M. Holt Assessment of fault-tolerant computing systems at NASA's Langley Research Center , 1997, 1997 IEEE Aerospace Conference.

[36]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[37]  Edward Y. Chang,et al.  STeP: Deductive-Algorithmic Verification of Reactive and Real-Time Systems , 1996, CAV.

[38]  J. von Wright,et al.  Mechanizing The Temporal Logic Of Actions In HOL , 1991, 1991., International Workshop on the HOL Theorem Proving System and Its Applications.

[39]  Dominique Perrin,et al.  On the Expressive Power of Temporal Logic , 1993, J. Comput. Syst. Sci..

[40]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .