Validating requirements for fault tolerant systems using model checking

Model checking is shown to be an effective tool in validating the behavior of a fault tolerant embedded spacecraft controller. The case study presented, shows that by judiciously abstracting away extraneous complexity, the state space of the model could be exhaustively searched allowing critical functional requirements to be validated down to the design level. Abstracting away detail not germane to the problem of interest leaves by definition a partial specification behind. The success of this procedure shows that it is feasible to effectively validate a partial specification with this technique. Three anomalies were found in the system. One was an error in the detailed requirements, and the other two were missing/ambiguous requirements. Because the method allows validation of partial specifications, it is also an effective approach for maintaining fidelity between a co-evolving specification and an implementation.

[1]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[2]  John R. Callahan,et al.  Formal methods for V&V of partial specifications: an experience report , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[3]  John R. Callahan,et al.  An approach to verification and validation of a reliable multicasting protocol , 1996, ISSTA '96.

[4]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[5]  Parameswaran Ramanathan,et al.  Use of Common Time Base for Checkpointing and Rollback Recovery in a Distributed System , 1993, IEEE Trans. Software Eng..

[6]  J. R. Büchi On a Decision Method in Restricted Second Order Arithmetic , 1990 .

[7]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[8]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[9]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[10]  Z. Manna,et al.  Tools and rules for the practicing verifier , 1990 .

[11]  Kathryn L. Heninger Specifying Software Requirements for Complex Systems: New Techniques and Their Application , 2001, IEEE Transactions on Software Engineering.

[12]  Daniel Jackson,et al.  Elements of style: analyzing a software design feature with a counterexample detector , 1996, ISSTA '96.

[13]  Edmund M. Clarke,et al.  Symbolic model checking for sequential circuit verification , 1993, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[14]  Dino Mandrioli,et al.  Formal Methods for Real-Time Computing: an Overview , 1996 .

[15]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[16]  S. Sieber On a decision method in restricted second-order arithmetic , 1960 .