Unit verification: the CARA experience

The computer-aided resuscitation algorithm, or CARA, is part of a US Army-developed automated infusion device for treating blood loss experienced by combatants injured on the battlefield. CARA is responsible for automatically stabilizing a patient’s blood pressure by infusing blood as needed based on blood pressure data the CARA system collects. The control part of the system is implemented in software, which is extremely safety critical and thus must perform correctly .This paper describes a case study in which a verification tool, the Concurrency Workbench of the New Century (CWB-NC), is used to analyze a model of the CARA system. The huge state space of CARA makes it problematic to conduct traditional “push-button” automatic verification such as model checking. Instead, we develop a technique called unit verification, which entails taking small units of a system, putting them in a “verification harness” that exercises relevant executions appropriately within the unit, and then model checking these more tractable units. For systems like CARA whose requirements are localized to individual system components or interactions between small numbers of components, unit verification offers a means of coping with huge state spaces.

[1]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[2]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[3]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[4]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[5]  Rance Cleaveland,et al.  Modeling and Verifying Active Structural Control Systems , 1997, Sci. Comput. Program..

[6]  Robert E. Tarjan,et al.  Three Partition Refinement Algorithms , 1987, SIAM J. Comput..

[7]  Scott A. Smolka,et al.  CCS expressions, finite state processes, and three problems of equivalence , 1983, PODC '83.

[8]  Shing-Chi Cheung,et al.  Verification of liveness properties using compositional reachability analysis , 1997, ESEC '97/FSE-5.

[9]  Jean-Claude Fernandez,et al.  An Implementation of an Efficient Algorithm for Bisimulation Equivalence , 1990, Sci. Comput. Program..

[10]  Faron Moller,et al.  A Temporal Calculus of Communicating Systems , 1990, CONCUR.

[11]  Rance Cleaveland,et al.  A Front-End Generator for Verification Tools , 1995, TACAS.

[12]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[13]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[14]  Matthew Hennessy,et al.  Algebraic theory of processes , 1988, MIT Press series in the foundations of computing.

[15]  Rance Cleaveland,et al.  The concurrency workbench: a semantics-based tool for the verification of concurrent systems , 1993, TOPL.

[16]  Tommaso Bolognesi,et al.  Tableau methods to describe strong bisimilarity on LOTOS processes involving pure interleaving and enabling , 1994, FORTE.

[17]  Henny B. Sipma,et al.  STeP: The Stanford Temporal Prover (Educational Release) User''s Manual , 1995 .

[18]  D. Kozen Results on the Propositional µ-Calculus , 1982 .

[19]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[20]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[21]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[22]  Rance Cleaveland,et al.  Generic tools for verifying concurrent systems , 2002, Sci. Comput. Program..

[23]  Rance Cleaveland,et al.  The NCSU Concurrency Workbench , 1996, CAV.

[24]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[25]  Shing-Chi Cheung,et al.  Checking subsystem safety properties in compositional reachability analysis , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[26]  R.C. Linger,et al.  Cleanroom process model , 1994, IEEE Software.