Towards the Correctness of Software Behavior in UML: A Model Checking Approach Based on Slicing

Embedded systems are systems which have ongoing interactions with their environments, accepting requests and producing responses. Such systems are increasingly used in applications where failure is unacceptable: traffic control systems, avionics, automobiles, etc. Correct and highly dependable construction of such systems is particularly important and challenging. A very promising and increasingly attractive method for achieving this goal is using the approach of formal verification. A formal verification method consists of three major components: a model for describing the behavior of the system, a specification language to embody correctness requirements, and an analysis method to verify the behavior against the correctness requirements. This Ph.D. addresses the correctness of the behavioral design of embedded systems, using model checking as the verification technology. More precisely, we present an UML-based verification method that checks whether the conditions on the evolution of the embedded system are met by the model. Unfortunately, model checking is limited to medium size systems because of its high space requirements. To overcome this problem, this Ph.D. suggests the integration of the slicing (reduction) technique.

[1]  Panagiotis Manolios,et al.  Refinement maps for efficient verification of processor models , 2005, Design, Automation and Test in Europe.

[2]  Bernhard Rumpe,et al.  UML Semantics FAQ , 1999, ECOOP Workshops.

[3]  André Arnold,et al.  Finite transition systems - semantics of communicating systems , 1994, Prentice Hall international series in computer science.

[4]  S. Agrawal,et al.  Real - time Embedded Software Systems - An Introduction , 2001 .

[5]  Ji Wang,et al.  Model checking UML statecharts , 2001, Proceedings Eighth Asia-Pacific Software Engineering Conference.

[6]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[7]  Claus Lewerentz,et al.  Formal Development of Reactive Systems: Case Study Production Cell , 1995 .

[8]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[9]  Stephan Merz,et al.  Specification and refinement of mobile systems in MTLA and mobile UML , 2006, Theor. Comput. Sci..

[10]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[11]  Peter Linz,et al.  An Introduction to Formal Languages and Automata , 1997 .

[12]  Johan Lilius,et al.  vUML: a tool for verifying UML models , 1999, 14th IEEE International Conference on Automated Software Engineering.

[13]  Mark David Weiser,et al.  Program slices: formal, psychological, and practical investigations of an automatic program abstraction method , 1979 .

[14]  Jonathan P. Bowen,et al.  Seven More Myths of Formal Methods , 1995, IEEE Softw..

[15]  Kenneth L. McMillan,et al.  A Compositional Rule for Hardware Design Refinement , 1997, CAV.

[16]  Yong Rae Kwon,et al.  Static semantics and priority schemes for statecharts , 1995, Proceedings Nineteenth Annual International Computer Software and Applications Conference (COMPSAC'95).

[17]  Sun Meng,et al.  On semantics and refinement of UML statecharts: a coalgebraic view , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[18]  Terry Winograd,et al.  Bringing Design to Software , 1996 .

[19]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[20]  A. Frank Ackerman,et al.  Software inspections: an effective verification process , 1989, IEEE Software.

[21]  S. Ramesh,et al.  Model Checking of Statechart Models: Survey and Research Directions , 2004, ArXiv.

[22]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[23]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[24]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[25]  Sara Van Langenhove Protocol Conformance through Refinement Mappings in Cadence SMV , 2005 .

[26]  Girish Keshav Palshikar Introduction to Model-checking , 2004 .

[27]  Dieter Kranzlmuller,et al.  Event Graph Analysis for Debugging Massively Parallel Programs , 2000 .

[28]  Luciano Baresi,et al.  Style-based refinement of dynamic software architectures , 2004, Proceedings. Fourth Working IEEE/IFIP Conference on Software Architecture (WICSA 2004).

[29]  Bernard Carré,et al.  Information-flow and data-flow analysis of while-programs , 1985, TOPL.

[30]  Amir Pnueli,et al.  Understanding UML: A Formal Semantics of Concurrency and Communication in Real-Time UML , 2002, FMCO.

[31]  M. Fujita Debugging a communications chip , 1996, IEEE Spectrum.

[32]  Diego Latella,et al.  Dependability analysis in the early phases of UML-based system design , 2001, Comput. Syst. Sci. Eng..

[33]  Stephan Merz,et al.  Model Checking , 2000 .

[34]  Dana Fisman,et al.  The Definition of a Temporal Clock Operator , 2003, ICALP.

[35]  Gérard Le Lann,et al.  An analysis of the Ariane 5 flight 501 failure-a system engineering perspective , 1997, ECBS.

[36]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[37]  Janusz W. Laski,et al.  Dynamic Program Slicing , 1988, Inf. Process. Lett..

[38]  Johan Lilius,et al.  The Production Cell: an exercise in the formal verification of a UML model , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[39]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[40]  Diego Latella,et al.  Model checking UML Statechart diagrams using JACK , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[41]  Ji Wang,et al.  Slicing Hierarchical Automata for Model Checking UML Statecharts , 2002, ICFEM.

[42]  Mieke Massink,et al.  Automatic Verication of a Behavioural Subset of UML Statechart Diagrams Using the SPIN , 1999 .

[43]  Carina Andersson,et al.  Exploring the Software Verification and Validation Process with Focus on Efficient Fault Detection , 2003 .

[44]  Joanne M. Atlee,et al.  Feasibility of model checking software requirements: a case study , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[45]  Sebastian John,et al.  Transition Selection Algorithms for Statecharts , 2001, GI Jahrestagung.

[46]  Avner Landver,et al.  The ForSpec Temporal Logic: A New Temporal Property-Specification Language , 2002, TACAS.

[47]  Bran Selic On the Semantic Foundations of Standard UML 2.0 , 2004, SFM.

[48]  Michelle L. Crane,et al.  On the Semantics of UML State Machines : Categorization and Comparison Technical Report 2005-501 , 2005 .

[49]  Mats Per Erik Heimdahl,et al.  Reduction and slicing of hierarchical state machines , 1997, ESEC '97/FSE-5.

[50]  David Harel,et al.  Executable object modeling with statecharts , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[51]  Edmund M. Clarke,et al.  Characterizing Finite Kripke Structures in Propositional Temporal Logic , 1988, Theor. Comput. Sci..

[52]  C. T. Arrington,et al.  Enterprise Java with UML , 2001 .

[53]  Bruce Powell Douglass,et al.  Real-time UML (2nd ed.): developing efficient objects for embedded systems , 1997 .

[54]  Lynette I. Millett,et al.  Issues in slicing PROMELA and its applications to model checking, protocol understanding, and simulation , 2000, International Journal on Software Tools for Technology Transfer.

[55]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[56]  Doron A. Peled,et al.  Stutter-Invariant Temporal Properties are Expressible Without the Next-Time Operator , 1997, Inf. Process. Lett..

[57]  Jens Krinke,et al.  Context-sensitive slicing of concurrent programs , 2003, ESEC/FSE-11.

[58]  Dana Fisman,et al.  The Temporal Logic Sugar , 2001, CAV.

[59]  李幼升,et al.  Ph , 1989 .

[60]  Bruce P. Douglass,et al.  Doing hard time: developing real-time systems with uml , 1999 .

[61]  Gihwon Kwon,et al.  Rewrite rules and Operational Semantics for Model Checking UML Statecharts , 2000, UML.

[62]  Issa Traoré,et al.  An Outline of PVS Semantics for UML Statecharts , 2000, J. Univers. Comput. Sci..

[63]  Shane Sendall,et al.  Specifying reactive system behavior , 2002 .

[64]  Richard Thomas,et al.  Introduction to the Unified Modeling Language , 1997, Proceedings. Technology of Object-Oriented Languages and Systems, TOOLS 25 (Cat. No.97TB100239).

[65]  S. Ramesh,et al.  Slicing Synchronous Reactive Programs , 2002, SLAP@ETAPS.

[66]  Meyer C. Tanuan,et al.  Automated Analysis of Unified Modeling Language (UML) Specifications , 2001 .

[67]  Egon Börger,et al.  Integrating ASMs into the Software Development Life Cycle , 1997, J. Univers. Comput. Sci..

[68]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[69]  Diego Latella,et al.  Towards a Formal Operational Semantics of UML Statechart Diagrams , 1999, FMOODS.

[70]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[71]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[72]  Albert Hoogewijs,et al.  Integrating Cadence SMV in the Verification of UML Software , 2004 .

[73]  David Harel,et al.  The Rhapsody Semantics of Statecharts (or, On the Executable Core of the UML) - Preliminary Version , 2004, SoftSpez Final Report.

[74]  Balázs Benyó,et al.  Verification of UML Statechart Models of Embedded Systems , 2002 .

[75]  Dolores R. Wallace,et al.  Reference information for the software verification and validation process , 1996 .

[76]  Jonathan P. Bowen,et al.  Ten commandments revisited: a ten-year perspective on the industrial application of formal methods , 2005, FMICS '05.

[77]  Peter Freeman,et al.  A science of design for software-intensive systems , 2004, CACM.

[78]  Edmund M. Clarke,et al.  Modular Translation of Statecharts to SMV , 2000 .

[79]  Sara Van Langenhove UML-Based Approach to Developing Verified Embedded Software , 2005 .

[80]  Albert Hoogewijs,et al.  UML based Verification of Software , 2004 .

[81]  Johann Deneux,et al.  A Formal Semantics for UML Statecharts , 2003 .

[82]  Leslie Lamport,et al.  What Good is Temporal Logic? , 1983, IFIP Congress.

[83]  Mark Weiser,et al.  Programmers use slices when debugging , 1982, CACM.

[84]  Karl J. Ottenstein,et al.  The program dependence graph in a software development environment , 1984, SDE 1.

[85]  Yassine Lakhnech,et al.  Hierarchical Automata as Model for Statecharts , 1997, ASIAN.

[86]  Johan Lilius,et al.  Formalising UML State Machines for Model Checking , 1999, UML.

[87]  Jens Krinke,et al.  Static slicing of threaded programs , 1998, PASTE '98.

[88]  Matthew B. Dwyer,et al.  Slicing Software for Model Construction , 2000, High. Order Symb. Comput..

[89]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[90]  Bruce Powel Douglass Real-time UML - developing efficient objects for embedded systems , 1997, Addison-Wesley object technology series.