The ESTEREL synchronous programming language: design, semantics, implementation
Science of Computer Programming
The STATEMATE semantics of statecharts
ACM Transactions on Software Engineering and Methodology (TOSEM)
The Unified Modeling Language user guide
The Unified Modeling Language user guide
Symbolic model checking using SAT procedures instead of BDDs
Proceedings of the 36th annual ACM/IEEE Design Automation Conference
Symbolic Model Checking
Checking Safety Properties Using Induction and a SAT-Solver
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
Some current topics in model checking
International Journal on Software Tools for Technology Transfer (STTT) - Special Section on Advances in Automated Verification of Critical Systems
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Statemate Statecharts is widely used to specify the behaviour of reactive systems. The Statemate model checker that is used to analyse a Statemate statechart specification for properties such as state reachability, nondeterminism and races does not scale up to industry size specifications. In this paper we propose a technique - super step analysis - that uses bounded model checking to scale up analysis and yet proves non-reachability of states. The proposed technique is based on the asynchronous time model of Statemate in which a system interacts with its environment only when in a stable configuration. In a stable configuration the system reacts to external stimuli and starts a chain of steps until it reaches the next stable configuration. Stable means that further steps are not possible without new external stimuli. For practical Statemate systems adopting the asynchronous time model, in order to ensure that the system interacts with the environment at predictable intervals, there exists a finite bound on the number of steps between any two successive stable configurations. This finite bound between two stable configurations can be exploited to prove non-reachability of states using bounded model checking. In this paper we describe an algorithm that: First determines a finite upper bound K on the number of steps between any two consecutive stable configurations for a given Statemate model M. Then transforms M into another Statemate model M' whose set of initial configurations is a superset of the set of reachable stable configurations of M. Finally, uses bounded model checking up to bound K on M' to analyse properties of M. The paper concludes with the presentation of the results of applying this algorithm on an application from the automotive domain.