Model checking a C++ software framework: a case study

This paper presents a case study on applying two model checkers, Spin and Divine, to verify key properties of a C++ software framework, known as ADAPRO, originally developed at CERN. Spin was used for verifying properties on the design level. Divine was used for verifying simple test applications that interacted with the implementation. Both model checkers were found to have their own respective sets of pros and cons, but the overall experience was positive. Because both model checkers were used in a complementary manner, they provided valuable new insights into the framework, which would arguably have been hard to gain by traditional testing and analysis tools only. Translating the C++ source code into the modeling language of the Spin model checker helped to find flaws in the original design. With Divine, defects were found in parts of the code base that had already been subject to hundreds of hours of unit tests, integration tests, and acceptance tests. Most importantly, model checking was found to be easy to integrate into the workflow of the software project and bring added value, not only as verification, but also validation methodology. Therefore, using model checking for developing library-level code seems realistic and worth the effort.

[1]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[2]  Kristin Yvonne Rozier,et al.  Linear Temporal Logic Symbolic Model Checking , 2011, Comput. Sci. Rev..

[3]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[4]  Matthias Rudolph Richter,et al.  Upgrade of the ALICE Experiment Letter Of Intent , 2014 .

[5]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[6]  Gerard J. Holzmann,et al.  Economics of software verification , 2001, PASTE '01.

[7]  Zhe Chen,et al.  Model checking aircraft controller software: a case study , 2015, Softw. Pract. Exp..

[8]  Borja Fernández Adiego,et al.  Bringing Automated Model Checking to PLC Program Development - a CERN Case Study , 2014, WODES.

[9]  Marco Pistore,et al.  Nusmv version 2: an opensource tool for symbolic model checking , 2002, CAV 2002.

[10]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[11]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[12]  Ivana Cerná,et al.  DiVM: Model Checking with LLVM and Graph Memory , 2017, J. Syst. Softw..

[13]  C. Gaspar,et al.  SMI++ object-oriented framework for designing and implementing distributed control systems , 2004, IEEE Transactions on Nuclear Science.

[14]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[15]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[16]  Jeannette M. Wing,et al.  A Case study in Model Checking Software Systems , 1997, Sci. Comput. Program..

[17]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[18]  Mordechai Ben-Ari,et al.  Principles of the spin model checker , 2008 .

[19]  Christel Baier,et al.  Principles of model checking , 2008 .

[20]  Sander J. J. Leemans,et al.  Formalising and analysing the control software of the Compact Muon Solenoid Experiment at the Large Hadron Collider , 2011, Sci. Comput. Program..

[21]  Gerhard Goos,et al.  Automated Technology for Verification and Analysis , 2004, Lecture Notes in Computer Science.

[22]  Pedro de la Cámara,et al.  Model checking software with well-defined APIs: the socket case , 2005, FMICS '05.

[23]  Satish Chandra,et al.  Software model checking in practice: an industrial case study , 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002.

[24]  Jim Woodcock,et al.  Industrial Deployment of Formal Methods: Trends and Challenges , 2013, Industrial Deployment of System Engineering Methods.

[25]  Keijo Heljanko,et al.  A Symbolic Model Checking Approach to Verifying Satellite Onboard Software , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[26]  Clara Gaspar,et al.  DIM, a portable, light weight package for information publishing, data transfer and inter-process communication , 2001 .

[27]  Alex Groce,et al.  Swarm Verification , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[28]  Vladimír Still,et al.  Model Checking of C and C++ with DIVINE 4 , 2017, ATVA.

[29]  Peter Chochula,et al.  JACoW : ADAPOS: An architecture for publishing ALICE DCS conditions data , 2018 .