Abstract
Static analysis of formal, high-level specifications of safety critical software can discover flaws in the specification that would escape conventional syntactic and semantic analysis. As an example, specifications written in the Requirements State Machine Language (RSML) should be checked for consistency: two transitions out of the same state that are triggered by the same event should have mutually exclusive guarding conditions. The check uses only behavioral information that is local to a small set of states and transitions.
However, since only local behavior is analyzed, information about the behavior of the surrounding system is missing. The check may consequently produce counterexamples for state combinations that are not possible when the behavior of the whole system is taken into account. A solution is to identify invariants of the global system that can be used to exclude the impossible state combinations. Manually deriving invariants from designs of realistic size is laborious and error-prone. Finding them by mechanically enumerating the state space is computationally infeasible. The challenge is to find approximate methods that can find fewer but adequate invariants from abstracted models of specifications.
We present an algorithm for deriving invariants that are used to exclude impossible counterexamples resulting from checking consistency of transitions in RSML. The algorithm has been implemented in an RSML prototype tool and has been applied successfully to the static checking of version 6.04a of the (air) Traffic alert and Collision Avoidance System (TCAS II) specification.
The research was supported by the Defense Advanced Research Projects Agency under contract number DABT63-96-C-0097-P00002.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
R.J. Anderson, P.Beame, S. Burns, W. Chan, F. Modugno, Notkin D, and J.D. Reese. Model checking large software specifications. In D. Garlan, editor, Proceedings of the Fourth ACM SIGSOFT Symposium on the Foundations of Software Engineering (SIGSOFT’96), pages 156–166, October 1996.
C. Barrett D.L. Dill and J. Levitt. Validity checking for combinations of theories with equality. In M. Srivas and A. Camilleri, editors, Formal Methods in Computer Aided Design (FMCAD), number 1166 in Lecture Notes in Computer Science, pages 197–201. Springer-Verlag, November 1996.
S. Gerhart, D. Craigen, and T. Ralston. Formal methods reality check: Industrial usage. IEEE Transactions on Software Engineering, 21(2):90–98, February 1995.
D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231–274, 1987.
D. Harel and A. Pnueli. On the development of reactive systems. In K.R. Apt, editor, Logics and Models of Conc. Systems, pages 477–498. Springer-Verlag, 1985.
M. P.E. Heimdahl and N.G. Leveson. Completeness and consistency analysis of state-based requirements. IEEE TSE, 22(6):363–377, June 1996.
C. L. Heitmeyer, R. D. Jeffords, and B. G. Labaw. Automated consistency checking of requirements specifications. TOSEM, 5(3):231–261, July 1996.
D.N. Hoover and Zewei Chen. Tablewise, a decision table tool. In J. Rushby, editor, Proceedings of 10th Annual Conference on Computer Assurance (COMPASS ’95), pages 97–108, Gaithersburg, MD, USA, June 1995. IEEE.
M. S. Jaffe, N. G. Leveson, M. P.E. Heimdahl, and B. Melhart. Software requirements analysis for real-time process-control systems. IEEE Transactions on Software Engineering, 17(3):241–258, March 1991.
N.G. Leveson, M. P.E. Heimdahl, H. Hildreth, and J.D. Reese. Requirements specification for process control systems. IEEE Transactions on Software Engineering, 20(9):694–707, September 1994.
D. Y.W. Park, J.U. SkakkebÆk, M. P.E. Heimdahl, B.J. Czerny, and D.L. Dill. Checking properties of safety critical specifications using efficient decision procedures. In Formal Methods in Software Practice, pages 34–43. ACM Press, 1998.
D. L. Parnas, G. J. K. Asmis, and J. Madey. Assessment of safety-critical software in nuclear power plants. Nuclear Safety, 32(2):189–198, April–June 1991.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, D.Y.W., SkakkebÆk, J.U., Dill, D.L. (1998). Static analysis to identify invariants in RSML specifications. In: Ravn, A.P., Rischel, H. (eds) Formal Techniques in Real-Time and Fault-Tolerant Systems. FTRTFT 1998. Lecture Notes in Computer Science, vol 1486. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055343
Download citation
DOI: https://doi.org/10.1007/BFb0055343
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65003-4
Online ISBN: 978-3-540-49792-9
eBook Packages: Springer Book Archive