Symbolic model checking the most widely used verification techniques are testing and simulation. School of software, tsinghua university, beijing 84, china 4. Variability in software product lines is generally expressed in terms of features, and the number of potential. Us20060058989a1 symbolic model checking of generally. Efficient software product line model checking using induction and a sat solver. Whereas classical model checkers are only capable of checking properties against each individual product. Comparing symbolic and explicit model checking of a software. Classen a, heymans p, schobbens p and legay a symbolic model checking of software product lines proceedings of the 33rd international conference on software engineering, 3230 staunton j and clark j finding short counterexamples in promela models using estimation of distribution algorithms proceedings of the th annual conference on. Abstract we study the problem of model checking software product line spl behaviours against temporal properties. In this paper, we propose an extension of the fsm test model for software product lines spls, named featured finite state machine ffsm. Typically, one has hardware or software systems in mind, whereas the specification contains safety requirements such as the absence of deadlocks and similar critical.
Symbolic model checking of software cmu school of computer. Programming languages logic algorithms embedded systems os system programming cyber physical system. Integration testing of software product lines using. We describe finitestate programs over realnumbered time in a guardedcommand language with realvalued clocks or, equivalently, as finite automata with realvalued clocks. Model checking background undergraduate cs classes contributing to this area software engineering ok counter examples or system modeling requirement properties. Symbolic model checking how is symbolic model checking. It traces its roots to logic and theorem proving, both to.
This is more difficult than for single systems because an spl with n features yields up to 2 n individual systems to verify. Reasoning about agents and modalities such as knowledge and belief leads to models where di. However, most formal verification approaches for spls presented in the literature focus on the static spls, where the features of a product are fixed and cannot be changed. Andreas classen, patrick heymans, pierreyves schobbens, axel legay, and jeanfrancois raskin. Section 9 relates model checking to software testing and type systems, and section 10 presents a general conclusion. Pdf model checking for software product lines with snip. Symbolic model checking of software product lines a classen, p heymans, py schobbens, a legay proceeding of the 33rd international conference on software engineering, 3230, 2011. It subsumes different smt techniques and similar methods such as abstract. Efficient software productline model checking using. For this purpose, we enrich the featureoriented language flan with action rates, which specify the likelihood of exhibiting par. The develop ment of efficient software tools supporting the use of formal methods in system design is a very active area of research in computer science. Towards symbolic model checking for multiagent systems. The symbolic model checking algorithm is a labeling algorithm that makes use of obdd. Symbolic models are extremely complicated, so it will serve us well to start from the very beginning.
Bdds enabled handling much larger concurrent systems. This is more difficult than for single systems because a product line with n features yields up to 2n individual systems to verify. Product line model of an automatic banking machine. Seshia3, and david wagner2 1university of north carolina at chapel hill 2university of california, berkeley 3intel labs abstractmodeling is the crucial. Distributed symbolic model checking research thesis submitted in partial ful. Symbolic model checking of software product lines andreas classen, patrick heymans, pierreyves schobbens, axel legay to cite this version. The verification of concurrent software predominantly employs explicitstate model checkers, such as spin, that use partialorder reduction as a main technique to deal with large state spaces efficiently. When you import a file and explode it in revit, the import lines are converted to model lines. Product line pl engineering promotes the development of families of related products, where individual products are differentiated by which optional features they include. This is more difficult than for single systems because an spl with n features yields up to 2n individual systems to verify. For model lines, you can specify line weights for modeling components, such as doors, windows, and walls, in orthographic views.
However, we consider performance properties such as throughput and do not focus energy related parameters. Software model checking is the algorithmic analysis of programs to prove prop erties of their. Model checking software 26th international symposium, spin 2019, beijing, china, july 1516, 2019. In the case of complex, asynchronous systems, however, these techniques can cover only a limited portion of possible behaviors. Quantitative analysis of probabilistic models of software product lines with statistical model checking maurice h. Variability in software product lines is generally expressed in terms of features, and the number of potential products is exponential in the number of features. Use the convert lines tool to change a line to a model line, a detail line, or a symbolic line.
Symbolic model checking of software product lines proceedings of. We study the problem of model checking product line behaviours against temporal properties. Dang2, sakshi jain, michael mccoyd2, wei yang tan, petros maniatis 2, sanjit a. Tsinghua national laboratory for information science and technology tnlist, tsinghua university, beijing 84, china 2. The simple machines we will consider model the processes of basic logic and arithmetic. Symbolic model checking of productline requirements using. Formal semantics, modular specification, and symbolic. Current product line model checking techniques leverage symbolic model checking and variability information to optimize the analysis, but still face limitations that make them costly or even unfeasible for some product lines. Though not closely related to this paper, we want to fi nally mention that beneath the realtime extensions of ctl. Formal techniques for specifying and verifying software product lines spl are actively studied. Symbolic model checking with bdds ken mcmillan implemented a version of the ctl model checking algorithm using binary decision diagrams in 1987.
Using symbolic model checking for test case generation s1 s2 s3 s5 s4 s6 f1 f2 generate ccode from model and enrich it. Section 2 describes the basic algorithm for temporal logic model checking, as well as some of the breakthroughs in. A symbolic execution framework often uses also some elements exploration, search of symbolic model checking to be usable for testing etc. An automated modelbased testing approach in software product. A software product line is a set of software intensive systems sharing a common, managed set of features that satisfy the specific needs of a particular market segment or mission and that are developed from a common set of core assets in a prescribed way 4. Verifying nonfunctional properties of software product lines.
Intel pentium bug long list of space missions failed due to software. As the first step towards using ffsms as test models, we define featureoriented variants of basic test model validation criteria. After this, we analyze its complexity, and present the fragment jctll of jctl that can be checked more efficiently. The paper presents a good overview of the state of the art in software model checking. Model checking relies on a representation of a model s state and the transitions between it. The korat approach acm sigsoft impact paper award 2012. Techniques for symbolic model checking mostly use either automata 8, or obdds for the representation of all the parameters needed by. Proceeding of the 33rd international conference on. Model checking is a popular formal verification technique for both software and hardware. Symbolic software model validation cynthia sturton, rohit sinha1, thurston h. Model checking tools face a combinatorial blow up of the statespace, commonly known as the state explosion problem, that must be addressed to solve most realworld problems.
Symbolic and familybased model checking have been proven to be successful for tackling the combinatorial blowup arising when reasoning about several feature combinations. Probabilistic model checking for energy analysis in software. In independent lines of work, clarke and emerson 1981. Model checking is the formal process through which a desired behavioral property the specification is verified to hold for a given system the model via an exhaustive enumeration either explicit or symbolic of all of the reachable system states and the behaviors that cause the system to. Pdf symbolic model checking of software product lines to. Our motivation stems from two observations about the application of model checking in software engineering. This article describes how this is done in practice, using the example of a product line of meteorological data systems. Use the line weights dialog to define the width of the pen used to draw lines in views. The framework can be used for test input generation as follows. Software product line engineering with feature models. Modelling and analyzing requirements models of pls allows for early detection and correction of requirements errors including unintended feature interactions, which are a serious problem in featurerich systems. Symbolic modeling approach in verification and testing. Department of computer science and technology, national university of defense technology, changsha 410073, china department of computer science and technology, national university of defense technology, changsha 410073, china. Manage tabsettings panel additional settings dropdown line weights you can control line weights for model lines, perspective lines, and annotation lines.
We investigate the suitability of statistical model checking techniques for analysing quantitative properties of software product line models with probabilistic aspects. Multiperspective modeling and performance analysis of. From the symbolic point of view we say that everything is a symbol except an object and the interpretation see gallery. We study the problem of model checking software product line spl behaviours against temporal properties.
Modelling and model checking software product lines. Multivalued symbolic modelchecking 3 variables in the. Andreas classen, patrick heymans, pierreyves schobbens, axel legay. Model checking of software patrice godefroid bell laboratories, lucent technologies. Section 8, liveness and termination, briefly offers some hints for working in this area. Armin biere1, alessandro cimatti2, edmund clarke1, and yunshan zhu1 1 computer science department, carnegie mellon university 5000 forbes avenue, pittsburgh, pa 152, u. A read is counted each time someone views a publication summary such as the title, abstract, and list of authors, clicks on a figure, or views or downloads the fulltext. Symbol is an agreement about a relation from it to correponding other symbols or objects. Symbolic model checking how is symbolic model checking abbreviated. Line weights revit products autodesk knowledge network.
In 1987, he developed a software tool called smv symbolic model verifier with which systems with over 1020 states could be verified. Software product lines spls, or software product line development, refers to software engineering methods, tools and techniques for creating a collection of similar software systems from a shared set of software assets using a common means of production. Symbolic model checking of software product lines ieee xplore. Modelbased test case generation for dynamic software.
The modelling language is an extended version of the smv. Model checking 2 is an exhaustive exploration of the states and transitions of the mathematical model. This ultimately leads to a symbolic expression similar to ours. In 33rd international conference on software engineering icse 2011, waikiki, honolulu, hawaii, proceedings, pages 3230. We present snip, an efficient model checker for software product lines spls. Towards an efficient approach using parametric model checking cg, ams, pp. Convert line types revit products autodesk knowledge. Every particle that we can see is either a real life object or a sign illustrating other things. Acm sigsoft 20th international symposium on the foundations of software engineering fse, 1 page, research triangle park, nc, november 2012. Emacs interface and vim syntax highlighting if you are at cmu in computer science department, most likely emacs mode for smv is already installed on your machine. The satisfaction relation can be multivalued or boolean. Pdf symbolic model checking of software product lines. Pdf there are two main paradigms for model checking.
A model checker includes a model checker to generate a model of a piece of generally asynchronous hardware in which the set of variables includes a separate process chooser variable and the remainder of the variables are divided into disjoint sets of groups. Model checking answers the question which states of a realtime program satisfy a branchingtime specification given in an extension of ctl with clock variables. Symbolic model checking of software product lines acm digital. In the next few modules, we will explore symbolic models in their most primitive form. Symbolic model checking for realtime systems sciencedirect. Term symbolic model checking has been introduced by mcmillan 3 where states of model are presented as formulas in some theory. In hardware verification, the introduction of symbolic model checking has been considered a break through, allowing to verify. The major drawback of this method is that the generalization of counterexample generation from symbolic model checking to black box model checking, could lead to nonuniform counterexamples that do not meet the behavior of the system intended. While the foundations of this domain recently made significant progress with the introduction of featured transition systems ftss and associated algorithms, spl model checking still faces the wellknown state explosion problem. Model checking software product lines with snip springerlink. Model checking has had a big impact on formal veri. Some are very specific to model checking and some are modular and used in a standalone symbolic execution framework, as it was defined by the inventors of symbolic execution. The manual does not cover the temporal logic ctl, or model checking algorithms.
Jun 14, 2012 read model checking software product lines with snip, international journal on software tools for technology transfer on deepdyve, the largest online rental service for scholarly research with thousands of academic publications available at your fingertips. In the hardware domain, the introduction of symbolic model checking has been considered a. The success of boolean satisfiability solvers in bounded model checking led to the widespread use of satisfiability solvers in symbolic model checking. Symbolic and familybased model checking have been proven to be. Carl pixley independently developed a similar algorithm, as did the french researchers, coudert and madre. Quantitative analysis of probabilistic models of software. Binary decision diagrams 4 symbolic model checking a new approach, based on exploring state sets idea. As each individual verification suffers from state explosion, it is crucial to propose efficient formalisms and heuristics. In computer science, model checking, or property checking, is, for a given finitestate model of a system, exhaustively and automatically checking whether this model meets a given specification a. Automated testing using symbolic model checking and. Another approach translates umlannotated software product line. The models that we handle are in the form of discretetime markov chains. Using this example we will show how a product line is designed, and how product variants can be derived automatically.
More recently, software model checking has been in. Symbolic model checking of software product lines a classen, p heymans, py schobbens, a legay proceedings of the 33rd international conference on software engineering, 2011. The potential state space s is simply the cross product over the finite ranges thereof. This lead us to consider computation tree logic ctl which is supported by the industrystrength symbolic model checker nusmv. If this is not the line type you want to work with, you can use the convert lines tool to convert model lines to detail lines.
Featurefamilybased reliability analysis of software product. This is more dicult than for single systems because an spl with n features yields up to 2. Whereas classical model checkers are only capable of checking properties against each individual product in the product line, snip exploits. Symbolic model article about symbolic model by the free. Software product line engineering and evolution university. Symbolic model checking for incomplete designs with. Jun 14, 2012 we present snip, an efficient model checker for software product lines spls. We present a featurefamilybased strategy to efficiently analyze the reliability of product lines. Symbolic model checking of logics with actions charles pecheur1. At the symbolic software cryptography training, well cover cryptographic protocol design principles, implementation. Software testing, symbolic execution, and model checking c. It is implemented by a recursive procedure check with.