The ESTEREL synchronous programming language: design, semantics, implementation
Science of Computer Programming
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Reduction and slicing of hierarchical state machines
ESEC '97/FSE-5 Proceedings of the 6th European SOFTWARE ENGINEERING conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering
Using Abstraction and Model Checking to Detect Safety Violations in Requirements Specifications
IEEE Transactions on Software Engineering
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Model checking
Slicing Software for Model Construction
Higher-Order and Symbolic Computation
Model Checking Large Software Specifications
IEEE Transactions on Software Engineering
Comparing Symbolic and Explicit Model Checking of a Software System
Proceedings of the 9th International SPIN Workshop on Model Checking of Software
Assumption Generation for Software Component Verification
Proceedings of the 17th IEEE international conference on Automated software engineering
Model Checking RSML-e Requirements
HASE '02 Proceedings of the 7th IEEE International Symposium on High Assurance Systems Engineering
NIMBUS: A Tool for Specification Centered Development
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
Formal Verification of a Flash Memory Device Driver --- An Experience Report
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Idle port scanning and non-interference analysis of network protocol stacks using model checking
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
| Hi-index | 0.00 |
Model checking has become a promising technique for verifying software and hardware designs; it has been routinely used in hardware verification, and a number of case studies and industrial applications show its effectiveness in software verification as well. Nevertheless, most existing model checkers are specialized for limited aspects of a system, where each of them requires a certain level of expertise to use the tool in the right domain in the right way. Hardly any guideline is available on choosing the right model checker for a particular problem domain, which makes adopting the technique difficult in practice, especially for verifying software with high complexity.In this work, we investigate the relative pitfalls and benefits of using the explicit model checker Spin on commercial Flight Guidance Systems (FGSs) at Rockwell-Collins, based on the author's prior experience with the use of the symbolic model checker NuSMV on the same systems. This has been a question from the beginning of the project with Rockwell-Collins. The challenge includes the efficient use of Spin for the complex synchronous mode logic with a large number of state variables, where Spin is known to be not particulary efficient. We present the way the Spin model is optimized to avoid the state space explosion problem and discuss the implication of the result. We hope our experience can be a useful 21 reference for the future use of model checking in a similar domain.