From NuSMV to SPIN: Experiences with model checking flight guidance systems

Choi

Model Checking Software

et al. 2008

Self Cite

Abstract. Flash memory has become virtually indispensable in most mobile devices. In order for mobile devices to operate successfully, it is essential that flash memory be controlled correctly through the device driver software. However, as is typical for embedded software, conventional testing methods often fail to detect hidden flaws in the complex device driver software. This deficiency incurs significant development and operation overhead to the manufacturers. In order to compensate for the weaknesses of conventional testing, we have applied NuSMV, Spin, and CBMC to verify the correctness of a multi-sector read operation of the Samsung OneNAND TM flash device driver and studied their relative strengths and weaknesses empirically. Through this project, we verified the correctness of the multi-sector read operation on a small scale. The results demonstrate the feasibility of using model checking techniques to verify the control algorithm of a device driver in an industrial setting.

Section: Experimental Settings and Verification Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Formal Verification of a Flash Memory Device Driver – An Experience Report

Choi

Model Checking Software

et al. 2008

Self Cite

Science of Computer Programming

“…Although [23] pointed out weaknesses of model checkers in handling complex data structures and arithmetic operations, model checking is still a powerful tool for verifying safety-critical protocols and several case studies on model checking various aerospace systems have been published [6,21,31]. Our study is carried out early in the design phase before any system implementation is available.…”

Section: Related Workmentioning

confidence: 99%

“…Our study is carried out early in the design phase before any system implementation is available. Our system model and specifications for model validation and model verification are generated directly from natural language, while [31] generates the system model from the source code, and [6,21] generate NuSMV models automatically from another formal language.…”

Section: Related Workmentioning

confidence: 99%

Formal specification and verification of a coordination protocol for an automated air traffic control system

Zhao

Rozier

2014

Safe separation between aircraft is the primary consideration in air traffic control. To achieve the required level of assurance for this safety-critical application, the Automated Airspace Concept (AAC) proposes three levels of conflict detection and resolution. Recently, a high-level operational concept was proposed to define the cooperation between components in the AAC. However, the proposed coordination protocol has not been formally studied. We use formal verification techniques to ensure there are no potentially catastrophic design flaws remaining in the AAC design before the next stage of production. We formalize the high-level operational concept, which was previously described only in natural language, in NuSMV and perform model validation by checking against LTL/CTL specifications we derive from the system description. We write LTL specifications describing safe system operations and use model checking for system verification. We employ specification debugging to ensure correctness of both sets of formal specifications and model abstraction to reduce model checking time and enable fast, design-time checking. We analyze two counterexamples revealing unexpected emergent behaviors in the operational concept that triggered design changes by system engineers to meet safety standards. Our experience report illuminates the application of formal methods in real safety-critical system development by detailing a complete end-to-end design-time verification process including all models and specifications.

Journal of Computer Science

“…(Choi, 2007) were compared on a model of Flight Guidance System (FGS). The purpose of this study is to investigate whether SPIN more suitable than NuSMV in term of scability and usability.…”

Section: Introductionmentioning

confidence: 99%

Analysis of the Model Checkers' Input Languages for Modeling Traffic Light Systems

Samat

Zin

Shukur

2011

Problem statement: Model checking is an automated verification technique that can be used for verifying properties of a system. A number of model checking systems have been developed over the last few years. However, there is no guideline that is available for selecting the most suitable model checker to be used to model a particular system. Approach: In this study, we compare the use of four model checkers: SMV, SPIN, UPPAAL and PRISM for modeling a distributed control system. In particular, we are looking at the capabilities of the input languages of these model checkers for modeling this type of system. Limitations and differences of their input language are compared and analyses by using a set of questions. Results: The result of the study shows that although the input languages of these model checkers have a lot of similarities, they also have a significant number of differences. The result of the study also shows that one model checker may be more suitable than others for verifying this type of systems Conclusion: User need to choose the right model checker for the problem to be verified.