Symbolic Execution for Realizability-Checking of Scenario-Based Specifications

Scenario-based specification with the Scenario Modeling Language (SML) is an intuitive approach for formally specifying the behavior of reactive systems. SML is close to how humans conceive and communicate requirements, yet SML is executable and simulation and formal realizability checking can find specification flaws early. The realizability checking complexity is, however, exponential in the number of scenarios and variables. Therefore algorithms relying on explicit-state exploration do not scale and, especially when specifications have message parameters and variables over large domains, fail to unfold their potential. In this paper, we present a technique for the symbolic execution of SML specifications that interprets integer message parameters and variables symbolically. It can be used for symbolic realizability checking and interactive symbolic simulation. We implemented the technique in ScenarioTools. Evaluation shows drastic performance improvements over the explicit-state approachfor a range of examples. Moreover, symbolic checking produces more concise counter examples, which eases the comprehension of specification flaws.

[1]  Maxime Cordy,et al.  Efficient consistency checking of scenario-based product-line specifications , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[2]  Wilhelm Schäfer,et al.  On-the-Fly Synthesis of Scarcely Synchronizing Distributed Controllers from Scenario-Based Specifications , 2015, FASE.

[3]  Alessandro Cimatti,et al.  Proving and explaining the unfeasibility of Message Sequence Charts for hybrid systems , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[4]  Lori A. Clarke,et al.  A System to Generate Test Data and Symbolically Execute Programs , 1976, IEEE Transactions on Software Engineering.

[5]  David Harel,et al.  Specifying and executing behavioral requirements: the play-in/play-out approach , 2003, Software & Systems Modeling.

[6]  Shahar Maoz,et al.  Assume-guarantee scenarios: semantics and synthesis , 2012, MODELS'12.

[7]  Martín Abadi,et al.  Realizable and Unrealizable Specifications of Reactive Systems , 1989, ICALP.

[8]  David Harel,et al.  On composing and proving the correctness of reactive behavior , 2013, 2013 Proceedings of the International Conference on Embedded Software (EMSOFT).

[9]  Kim G. Larsen,et al.  Scenario-based analysis and synthesis of real-time systems using uppaal , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[10]  Jun Sun,et al.  Synthesis of Distributed Processes from Scenario-Based Specifications , 2005, FM.

[11]  Tao Wang,et al.  Symbolic Execution of Behavioral Requirements , 2004, PADL.

[12]  Joel Greenyer,et al.  The ScenarioTools Play-Out of Modal Sequence Diagram Specifications with Environment Assumptions , 2013, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[13]  Nicolas Rapin,et al.  Symbolic Execution Based Model Checking of Open Systems with Unbounded Variables , 2009, TAP@TOOLS.

[14]  Pierre-Yves Schobbens,et al.  From live sequence charts to state machines and back: a guided tour , 2005, IEEE Transactions on Software Engineering.

[15]  Frank Ortmeier,et al.  Interactive Verification of Statecharts , 2004, SoftSpez Final Report.

[16]  Amir Pnueli,et al.  Synthesis Revisited: Generating Statechart Models from Scenario-Based Requirements , 2005, Formal Methods in Software and Systems Modeling.

[17]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[18]  Corina S. Pasareanu,et al.  Statechart Analysis with Symbolic PathFinder , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[19]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[20]  David Harel,et al.  Behavioral programming , 2012, CACM.

[21]  Guy Katz,et al.  Scenario-Based Modeling and Synthesis for Reactive Systems with Dynamic System Structure in ScenarioTools , 2016, D&P@MoDELS.

[22]  David Harel,et al.  LSCs: Breathing Life into Message Sequence Charts , 1999, Formal Methods Syst. Des..

[23]  Marsha Chechik,et al.  Synthesis of Partial Behavior Models from Properties and Scenarios , 2009, IEEE Transactions on Software Engineering.

[24]  Shahar Maoz Polymorphic scenario-based specification models: semantics and applications , 2010, Software & Systems Modeling.

[25]  David Harel,et al.  Synthesizing State-Based Object Systems from LSC Specifications , 2000, Int. J. Found. Comput. Sci..

[26]  Joel Greenyer,et al.  Synthesizing tests for combinatorial coverage of modal scenario specifications , 2015, 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS).

[27]  Maxime Cordy,et al.  Incrementally synthesizing controllers from scenario-based product line specifications , 2013, ESEC/FSE 2013.

[28]  Jürgen Dingel,et al.  Symbolic execution of UML-RT State Machines , 2012, SAC '12.

[29]  Ekkart Kindler,et al.  Compositional Synthesis of Controllers from Scenario-Based Assume-Guarantee Specifications , 2013, MoDELS.