Integrating Model Checking into Object-oriented Software Development Processes

A methodology for integrating model checking into object-oriented software development processes is defined, developed, and demonstrated. Model checking is applied to object-oriented analysis(OOA) models that have executable semantics specified as state machines rather than as programs in conventional programming languages. The complexity level of an OOA model yields a manageable state space for model checking. An automata based approach to model checking is used. The OOA models are automatically translated to automaton models. Predicates over the behaviors of the OOA models are mapped to predicates over the automaton models and evaluated by a model checker. Algorithms for translating OOA models to automaton models are given. Procedures for management of dynamic object instance sets and unbounded event queues are given. The algorithms and procedures have been implemented for OOA models constructed in the SES/Objectbench implementation of the Shlaer-Mellor method that provides executable semantics for a subset of Unified Modeling Language. Translation is to the S/R automaton language and the COSPAN system is used for model checking. The algorithms are readily adapted to other OOA models with executable semantics and other model checking systems. A simple example to demonstrate the capabilities is included in this paper. The companion paper[7] gives design rules for constructing OOA models which yield tractable automaton models upon translation and reports on application of the methodology to an OOA model of modest complexity, a minimal robot control system.

[1]  Patrice Godefroid,et al.  Refining Dependencies Improves Partial-Order Verification Methods (Extended Abstract) , 1993, CAV.

[2]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[3]  Antti Valmari,et al.  A stubborn attack on state explosion , 1990, Formal Methods Syst. Des..

[4]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[5]  Dragan Bosnacki,et al.  Model Checking SDL with Spin , 2000, TACAS.

[6]  Bernhard Schätz,et al.  AutoFocus: A Tool for Distributed Systems Specification , 1996, FTRTFT.

[7]  Doron A. Peled,et al.  Static Partial Order Reduction , 1998, TACAS.

[8]  Johan Lilius,et al.  vUML: a tool for verifying UML models , 1999, 14th IEEE International Conference on Automated Software Engineering.

[9]  O. Slotosch,et al.  Overview over the project , 1999, FM 1999.

[10]  James C. Browne,et al.  A Formal Object-Oriented Analysis for Software Reliability: Design for Verification , 2001, FASE.

[11]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[12]  Oscar Slotosch,et al.  Overview over the Project Quest , 1998, FM-Trends 1998.

[13]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[14]  Stephen J. Mellor,et al.  Object lifecycles: modeling the world in states , 1992 .

[15]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[16]  Joseph Sifakis,et al.  IF: An intermediate representation for SDL and its applications , 1999, SDL Forum.

[17]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.