Society is increasingly dependent on dedicated computer and software systems to assist. All these mechanisms allow us to control the complexity of the design process by proceeding from the abstract design model to concrete design model in a systematic manner. Initially, we coined the label slam as an acronym for software specifications, programming languages, abstraction, and model checking. This paper provides a brief description, including a bibliography, of the spin2002 tutorial on abstraction in model checking of software. Principles and practice, third edition, remains the most authoritative introduction to the field.
An introduction to software engineering practices using model. Boolean and cartesian abstraction for model checking c. Widely used in analysing hardware and software systems, todays model checking algorithms are capable of handling some system descriptions with very large sets of reachable states. The model extends an existing abstraction model for traditional requirements engineering with aspects specific to agile processes. This paper provides a brief description, including a bibliography, of the spin2002 tutorial on. An expanded and updated edition of a comprehensive presentation of the theory and practice of model checking, a technology that automates the analysis of complex systems. The influence of software module systems on modular verification. The combination of predicate abstraction and iterative abstraction refinement. What youre describing is the latter moving from a specific idea to a more general one. Hughes is a professor of computer science at brown university.
Reorganized, expanded, and updated, the new edition retains the focus on the foundations of temporal logic model while offering new chapters that cover topics that did not exist in 1999. Recently, bensalem et al, 1992 considered abstractions as galois connec. A new approach to software verification introduces alloy, a language that captures the essence of software abstraction with an analysis that is fully automated. S o f t w a r e t e c h n o l o g i e s seven principles. Agile requirements abstraction model requirements engineering in a scrum environment. The first edition, the original foley and van dam, helped to define computer graphics and how it could be taught. The algorithms implemented in these tools are available in published literature, and the principles behind these algorithms are well. Allocation of bpma concepts on mof levels have many abstractions, in the further discussion we refer to a process model m. In software abstractions daniel jackson introduces an approach to software design that draws on traditional formal methods but exploits automated tools to find flaws as early as possible. Model checking software 9th international spin workshop. The paper presents a good overview of the state of the art in software model checking. We the human can not remember all the things all the times. Abstraction model checking is for systems where an actual representation is too complex in developing the model alone. A tool for abstraction in model checking sciencedirect.
Engineering abstractions in model checking and testing. There are three commonly used abstraction mechanisms in software design, namely, functional abstraction, data abstraction and control abstraction. So, the design undergoes a kind of translation to scaled down abstract version. To illustrate the use of constraint logic for software model checking, consider the example. This column will provide an introduction to abstraction and make some links to business architecture. Model checking software book subtitle 9th international spin workshop grenoble, france, april 11. Abstraction in software model checking principles and. The second application, which is still being developed, is the use of underapproximating predicate abstraction to abstract the component being verified rather than the surrounding software. The principles of abstraction are aimed at just these problems. The history of successful spin workshops is evidence for the maturing of model checking technology, not only in the hardware domain, but increasingly also in the software area. Abstraction is moving from concrete things to abstract things, e. Boolean and cartesian abstraction for model checking c programs. The programmer works with an idealized interface usually well defined and can add additional.
Abstraction, in general, is a fundamental concept to computer science and software development. Several fundamental concepts were invented in the last decade which made it possible to scale the technology from tiny examples to real programs. The principles that follow emerged from experience studying software testing and developing automated. The practical value of counterexamples to the verification engineer is evident, and for many years, counterexample generation algorithms have been employed. Livenessproperties often require forms of abstraction that differ from those used in safety properties. Mar 20, 2018 in software engineering and computer science, abstraction is a technique for arranging complexity of computer systems.
It works by establishing a level of simplicity on which a person interacts with the system, suppressing the more complex details below the current level. Livenessproperties often require forms of abstraction. For example, if your friend speaks 30 random numbers quickly and asks you to add them all, it wont be possible for you. Models can also be considered types of abstractions per their generalization of aspects of reality. Software model checking with abstraction refinement computer science and artificial intelligence laboratory mit armando solarlezama with slides from thomas henzinger, ranjit jhala and rupak majumdar. While in principle, one can model the exact machine. Data abstraction without control abstraction in software. Model checking is a verification technology that provides an algorithmic means of determining whether an abstract modelrepresenting, for example, a hardware or software designsatisfies a formal specification expressed. Spin, a tool for the integration of several abstraction approaches for models and formulas into the well known model checker spin.
Model checking software via abstraction of loop transitions. In our method, the initial abstract model is generated by an automatic analysis of the control structures in the program to be veri. Reijers 2, thijs nugteren, and mathias weske 1 hasso plattner institute, potsdam, germany sergey. This can be viewed as a higherorder counterpart of previous software model checkers for imperative languages like blast 6 and slam 7. These abstractions should preserve the nonvalidity of the properties.
Counter examples are checked against the real state space because we obtain spurious counter examples. Software model checking is the algorithmic analysis of programs to prove prop erties of their. In software abstractions daniel jackson introduces a new approach to software design that draws on traditional formal methods but exploits automated tools to find flaws as early as possible. As state explosion is the main drawback to model checking, we propose two. Citeseerx document details isaac councill, lee giles, pradeep teregowda. Spin integrates two dual approaches, the classic abstraction method. Model checking baier and katoen, 2008 is a powerful algorithmic technique for automatically proving certain properties of statebased models. This book constitutes the refereed proceedings of the 9th international spin workshop on model checking software, held in grenoble, france in april 2002 as a satellite event of etaps 2002. Introduction over the past decade we have seen several program veri ers and static analysis tools 5,2,1,6 used in industrial practice. Data abstraction is the programming process of creating a data type, usually a class, that hides the details of the data representation in order to make the data type easier to work with. Software model checking with abstraction refinement.
The real state space is summarized into a smaller set of the visible ones. We show how to attack the problem of model checking a c program with recursive procedures using an abstraction that we formally define as the composition of the boolean and the cartesian abstractions. Nielsen, editors, international conference on concurrency theory, number 2154 in lncs, pages 426440, springer, berlin, 2001. The approach judiciously incorporates mathematical formalism, in the form of models, to provide a disciplined and logical analysis practice, rather than a proof of correctness strategy. While in earlier years algorithms and tool development 1 around the spin model checker were the focus of this workshop series, the. Developed by examining over 500 temporal specifications collected from the literature. Principles of model checking christel baier and joostpieter katoen. A formal specificationis the expression, in some formal language and at some level of abstraction, of a collection of properties that some system should satisfy axel van lamsweerde, future of software engineering, 2000 formal language ensures precision. Model checking and abstraction carnegie mellon university. Pdf model checking download full pdf book download. Abstraction layer computer science commonly presents levels or, less commonly, layers of abstraction, wherein each level represents a different model of the same information and processes, but with varying amounts of detail. More recently, software model checking has been in. A decade of software model checking with slam july 2011. An agile model, with four abstraction levels was developed in close collaboration with industry.
Model based verification is a twostep practice of model building creation and model checking analysis for finding errors in software artifacts. Reduction and abstraction techniques for model checking fi muni. We show how this abstract model can be used to verify properties of the orgmal program. We conclude that it is possible to integrate traditional. Section 8, liveness and termination, briefly offers some hints for working in this area. In my last column, i described the use of the business motivation model for answering the question how well. Jun 22, 2006 the second application, which is still being developed, is the use of underapproximating predicate abstraction to abstract the component being verified rather than the surrounding software. Principles and practice tutorial overview and bibliography. This makes it imperative to understand the scope and limitations of testing and perform it right. May 23, 2002 abstractionbased model checking using modal transition systems. In software engineering and computer science, abstraction is. Oct 06, 2014 the principles of abstraction are aimed at just these problems. The process of abstraction can also be referred to as modeling and is closely related to the concepts of theory and design. Based on the above given definition, we can, in principle, construct abstract tran.
Abstractionbased model checking using modal transition systems. While in earlier years algorithms and tool development 1 around the spin model. Architecture, abstraction and algebra iaakov exman software engineering department. An introduction to software engineering practices using. Mochi is a software model checker for a subset of ocaml, constructed based on higherorder model checking 14, predicate abstraction, and counterexampleguided abstraction re. University professor of technology and education, and professor of computer science at brown university. Software model checking has been successful for improving the quality of computer programs 4. Modelbased verification mbv is a systematic approach to finding defects errors in software requirements, designs, or code gluch 98. Software model checking via iterative abstraction refinement of. These practices combine established software modeling methods with promising techniques emerging from academic and corporate research communities.
Predicate abstraction 16 with counterexampleguided abstraction re. A problem with abstraction model checking is that although the abstraction simulates the real, when the abstraction does not satisfy a property, it does not mean that this property actually fails in the real model. This approach to software model checking, when combined with an explicit model checker that operates directly on the software artifact such as the java. Section vi summarizes algebraic principles of software design. Modelling, abstraction, and computation in systems biology. We then describe abstraction techniques section 4, which reduce the. Symmetry reduction criteria for software model checking. Mar 30, 2017 abstraction is one of the most important principles in objectoriented software engineering and is closely related to several other important concepts, including encapsulation, inheritance and polymorphism.
Algorithmic counterexample generation is a central feature of model checking which sets the method apart from other approaches such as theorem proving. The set of variables are partitioned into visible and invisible depending on their change of values. Section 9 relates model checking to software testing and type systems, and section 10 presents a general conclusion. Model checking generally takes place on abstract versions of the studied systems.
Modelbased verification is a twostep practice of model building creation and model checking analysis for finding errors in software artifacts. His primary research is in computer graphics, particularly those aspects of graphics involving substantial mathematics. The abstraction of the model should be followed by the abstraction of the temporal formulas to be checked. Abstraction is applied in the process of identifying software artifacts objects to model the problem domain. Theory and practice 3 m0 instance m1 model m2 metamodel m ma instm n fig.