Abstract-In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effectively applied to large software specifications. To investigate this, we translated a portion of the state-based system requirements specification of Traffic Alert and Collision Avoidance System II (TCAS II) into input to a symbolic model checker (SMV). We successfully used the symbolic model checker to analyze a number of properties of the system. We report on our experiences, describing our approach to translating the specification to the SMV language, explaining our methods for achieving acceptable performance, and giving a summary of the properties analyzed. Based on our experiences, we discuss the possibility of using model checking to aid specification development by iteratively applying the technique early in the development cycle. We consider the paper to be a data point for optimism about the potential for more widespread application of model checking to software systems.
Determining the time separation of events is a fundamental problem in the analysis, synthesis, and optimization of concurrent systems. Applications range from logic optimization of asynchronous digital circuits to evaluation of execution times of programs for real-time systems. We present an e cient algorithm to nd exact (tight) bounds on the separation time of events in an arbitrary process graph without conditional behavior. The algorithm is based on a functional decomposition technique that permits the implicit evaluation of an in nitely unfolded process graph.
In this paper we present our results and experiences of using symbolic model checking to study the specification of an aircraft collision avoidance system. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in the question of whether or not model checking techniques can be applied to large software specifications.To investigate this, we translated a portion of the finitestate requirements specification of TCAS II (Traffic Alert and Collision Avoidance System) into a form accepted by a model checker (SMV). We successfully used the model checker to investigate a number of dynamic properties of the system.We report on our experiences, describing our approach to translating the specification to the SMV language and our methods for achieving acceptable performance in model checking, and giving a summary of the properties that we were able to check. We consider the paper as a data point that provides reason for optimism about the potential for successful application of model checking to software systems. In addition, our experiences provide a basis for characterizing features that would be especially suitable for model checkers built specifically for analyzing software systems.The intent of this paper is to evaluate symbolic model checking of state-machine based specifications, not to evaluate the TCAS II specification. We used a preliminary version of the specification, the version 6.00, dated March, 1993, in our study. We did not have access to later versions, so we do not know if the properties identified here are present in later versions.
Abstract-In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effectively applied to large software specifications. To investigate this, we translated a portion of the state-based system requirements specification of Traffic Alert and Collision Avoidance System II (TCAS II) into input to a symbolic model checker (SMV). We successfully used the symbolic model checker to analyze a number of properties of the system. We report on our experiences, describing our approach to translating the specification to the SMV language, explaining our methods for achieving acceptable performance, and giving a summary of the properties analyzed. Based on our experiences, we discuss the possibility of using model checking to aid specification development by iteratively applying the technique early in the development cycle. We consider the paper to be a data point for optimism about the potential for more widespread application of model checking to software systems.
Determining the tzme separation of events as u firnduinental problem in the unulysis, synthesis, und optimizution of concvrrrnt systems. Applicutions runye from logic nptimizutron of asynchronous diyitul circiizts to evuliiution of e x e c d o n timtts of proyrums f o r real-time systems. W e present u n eficient ulyorithm t o find exuct (tight) boimds on the separation time of t : w nts i n an arbitrury process yruph without conditionul behuvior. The algorithm is bused on U fiinctional dec,omposition technique that permits the implicit evciliiufion of uii infinitely unfolded process gruph. 1ntrodu.ctionIn this paper, we derivt. an exact, algorithn that dei ermines tight, upper and lower boiinds on the separation in time of an arbitrary pair of system eventls. Depending on the level of ahstaraction in the specification, events may represent, low-level signal transitions at, a circuit, interface or control flow in a more abstr;zct behavioral view. If we are able to determine t,ht. bounds on. the separation in time of two events tht'n we can iise this information to: simplify cornhinat.ional and sequentd logic by extracting t,emporal don't, care information, verify that ii logic implement,at.ion meets specified timing constrairit,s, identify and remove hazards from asynclironous circuits, and fociis opi.imization efforts in data-path synthesis by generat,-ing useful scheduling constraints. Thris, det,ermining t,htb time separation of event,s is a fiintlarnent,al problrm in hhe analysis, synthesis, and optimizat,ion of conciirrent systems.We develop an efficient, solution for determining t,inie ~eparation bounds and also t8aki3 into account, tohe effvcts of starting thr system from a specific reset, or start state. We model a concurrent system as a cyclic connected graph. The nodes of the graph represent events and the arcs are annotated with lower and upper bounds on delays between events. Currently, our solution is limited t,o graphs without, conditional behavior. However, that, stsill leaves a large and useful class of conciirrent, specifications t80 which our analysis applies.Other approaches to the problem of finding bounds on the separation in time of two events have either been inexac.t, or based on a more restrictive graph topology. Loose hounds t9hatl may not, enable all possible optimizations were obtained by [8]. Both [7] and[IO] can only handle acyclic graphs, and [a] only supports a 1imit.ed form of synchronization and conciirrency.This paper is corriposrd of five sections. We follow this int,rotliict.iori witch a formalization of the problem, a review of t,he foundation provided by the solution for finite acyclic graphs, and some examples. Section 3 provides t,he cletsails of our algorithm, which is based on a striic.tjural decomposition of the unfolded process graph. Some practical examples are presenked in Section 4, and finally, Section 5 summarizes the contributions of this paper. P r o b l e m FormalizationConsider a simplr roriciirrrnt system consisting of thrrr proresst~s tliat synchronize over ...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.