Recently, model checking is widely applied to software and hardware verification. It can locate hard-to-find bugs in systems by exhaustively searching executing paths. In this paper, we propose a new software design method that enables us to evaluate the fault tolerance of software behavior at the specification level: we can check software behavior, not only when the hardware and network are in good order, but also when they are out of order; we can then improve fault tolerance of the target software using the model checker. We can test software under environments in which we destroy hardware and/or networks intentionally in computer simulation. The method is explained by taking an example of a network-connected AV appliance. We model the AV appliance by the modeling language Promela and analyze it by the SPIN model checker
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.