Eliminating synchronization faults in air traffic control software via design for verification with concurrency controllers

Authors:
Aysu Betin Can;Tevfik Bultan;Mikael Lindvall;Benjamin Lux;Stefan Topp
Affiliations:
Informatics Institute, Middle East Technical University, Ankara, Turkey 06531;Computer Science Department, University of California, Santa Barbara, USA 93106;Fraunhofer Center for Experimental Software Engineering, College Park, USA 20742;Fraunhofer Center for Experimental Software Engineering, College Park, USA 20742;Fraunhofer Center for Experimental Software Engineering, College Park, USA 20742
Venue:
Automated Software Engineering
Year:
2007

Citing 29
Cited 4

Automatically closing open reactive programs

PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Action Language: a specification language for model checking reactive systems

Proceedings of the 22nd international conference on Software engineering
Automatically validating temporal safety properties of interfaces

SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Transformations for model checking distributed Java programs

SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Tool-supported program abstraction for finite-state verification

ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Concurrent Programming in Java. Second Edition: Design Principles and Patterns

Concurrent Programming in Java. Second Edition: Design Principles and Patterns
Specification, verification, and synthesis of concurrency control components

ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Model Checking Programs

Automated Software Engineering
A Formal Object-Oriented Analysis for Software Reliability: Design for Verification

FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Automatic Verification of Parameterized Cache Coherence Protocols

CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Interface Compatibility Checking for Software Modules

CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Modular verification of software components in C

Proceedings of the 25th International Conference on Software Engineering
A Classification of Concurrency Failures in Java Components

IPDPS '03 Proceedings of the 17th International Symposium on Parallel and Distributed Processing
Using Model Checking to Generate Tests from Specifications

ICFEM '98 Proceedings of the Second IEEE International Conference on Formal Engineering Methods
Action Language Verifier

Proceedings of the 16th IEEE international conference on Automated software engineering
Program analysis alleviates java synchronization

Program analysis alleviates java synchronization
Test input generation with java PathFinder

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Risks to the public in computers and related systems

ACM SIGSOFT Software Engineering Notes
Analyzing Interaction Orderings with Model Checking

Proceedings of the 19th IEEE international conference on Automated software engineering
Verifiable Concurrent Programming Using Concurrency Controllers

Proceedings of the 19th IEEE international conference on Automated software engineering
Design for verification for asynchronously communicating Web services

WWW '05 Proceedings of the 14th international conference on World Wide Web
Studying the Fault-Detection Effectiveness of GUI Test Cases for Rapidly Evolving Software

IEEE Transactions on Software Engineering
Application of design for verification with concurrency controllers to air traffic control software

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Design for verification for concurrent and distributed programs

Design for verification for concurrent and distributed programs
On the Use of Mutation Faults in Empirical Assessments of Test Case Prioritization Techniques

IEEE Transactions on Software Engineering
Highly dependable concurrent programming using design for verification

Formal Aspects of Computing
Thread-modular model checking

SPIN'03 Proceedings of the 10th international conference on Model checking software
Symstra: a framework for generating object-oriented unit tests using symbolic execution

TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Action language verifier, extended

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification

An Assume Guarantee Verification Methodology for Aspect-Oriented Programming

ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Action Language verifier: an infinite-state model checker for reactive software specifications

Formal Methods in System Design
API conformance verification for Java programs

ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
Survey: Linear Temporal Logic Symbolic Model Checking

Computer Science Review

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increasing level of automation in critical infrastructures requires development of effective ways for finding faults in safety critical software components. Synchronization in concurrent components is especially prone to errors and, due to difficulty of exploring all thread interleavings, it is difficult to find synchronization faults. In this paper we present an experimental study demonstrating the effectiveness of model checking techniques in finding synchronization faults in safety critical software when they are combined with a design for verification approach. We based our experiments on an automated air traffic control software component called the Tactical Separation Assisted Flight Environment (TSAFE). We first reengineered TSAFE using the concurrency controller design pattern. The concurrency controller design pattern enables a modular verification strategy by decoupling the behaviors of the concurrency controllers from the behaviors of the threads that use them using interfaces specified as finite state machines. The behavior of a concurrency controller is verified with respect to arbitrary numbers of threads using the infinite state model checking techniques implemented in the Action Language Verifier (ALV). The threads which use the controller classes are checked for interface violations using the finite state model checking techniques implemented in the Java Path Finder (JPF). We present techniques for thread isolation which enables us to analyze each thread in the program separately during interface verification. We conducted two sets of experiments using these verification techniques. First, we created 40 faulty versions of TSAFE using manual fault seeding. During this exercise we also developed a classification of faults that can be found using the presented design for verification approach. Next, we generated another 100 faulty versions of TSAFE using randomly seeded faults that were created automatically based on this fault classification. We used both infinite and finite state verification techniques for finding the seeded faults. The results of our experiments demonstrate the effectiveness of the presented design for verification approach in eliminating synchronization faults.