practice
Doi: 10.1145/1646353.1646372
A translator framework enables the use
of model checking in complex avionics
systems and other industrial settings.
BY steVen P. miLLeR, michAeL W. WhALen,
AnD DARRen D. cofeR
software
model
checking
takes off
AlTHOUGH FOrMAl METHODS have been used in the
development of safety- and security-critical systems
for years, they have not achieved widespread industrial
use in software or systems engineering. However,
two important trends are making the industrial use
of formal methods practical. The first is the growing
acceptance of model-based development for the
design of embedded systems. Tools such as MATLAB
Simulink6 and esterel Technologies SCADe Suite2 are
achieving widespread use in the design of avionics and
automotive systems. The graphical models produced
by these tools provide a formal, or nearly formal,
specification that is often amenable to formal analysis.
The second is the growing power of formal verification
tools, particularly model checkers. For many classes
of models they provide a “
push-button” means of determining if a model
meets its requirements. Since these
tools examine all possible combinations of inputs and state, they are
much more likely to find design errors
than testing.
Here, we describe a translator
framework developed by Rockwell Collins and the University of Minnesota
that allows us to automatically translate from some of the most popular
commercial modeling languages to a
variety of model checkers and theorem
provers. We describe three case studies
in which these tools were used on industrial systems that demonstrate that
formal verification can be used effectively on real systems when properly
supported by automated tools.
