ase05 - Application of Design for VeriFcation with...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Application of Design for VeriFcation with Concurrency Controllers to Air TrafFc Control Software * Aysu Betin-Can Tevfk Bultan Computer Science Department University of California Santa Barbara, CA 93106, USA { aysu,bultan } @cs.ucsb.edu Mikael Lindvall Benjamin Lux SteFan Topp Fraunhofer Center for Experimental Software Engineering 4321 Hartwick Road, Suite 500 College Park, MD 20742, USA { mikli,blux,stopp } @Fc-md.umd.edu ABSTRACT We present an experimental study which demonstrates that model checking techniques can be effective in Fnding synchronization errors in safety critical software when they are combined with a design for veriFcation approach. We apply the concurrency con- troller design pattern to the implementation of the synchronization operations in Java programs. This pattern enables a modular ver- iFcation strategy by decoupling the behaviors of the concurrency controllers from the behaviors of the threads that use them using interfaces speciFed as Fnite state machines. The behavior of a con- currency controller can be veriFed with respect to arbitrary num- bers of threads using inFnite state model checking techniques, and the threads which use the controller classes can be checked for in- terface violations using Fnite state model checking techniques. We present techniques for thread isolation which enables us to analyze each thread in the program separately during interface veriFcation. We conducted an experimental study investigating the effectiveness of the presented design for veriFcation approach on safety criti- cal air trafFc control software. In this study, we Frst reengineered the Tactical Separation Assisted ¡light Environment (TSA¡E) soft- ware using the concurrency controller design pattern. Then, using fault seeding, we created 40 faulty versions of TSA¡E and used both inFnite and Fnite state veriFcation techniques for Fnding the seeded faults. The experimental study demonstrated the effective- ness of the presented modular veriFcation approach and resulted in a classiFcation of faults that can be found using the presented approach. Categories and Subject Descriptors: D.2.2 [Software Engineer- ing]: Design Tools and Techniques; D.2.4 [Software Engineering] Software/Program VeriFcation – Model checking, ¡ormal methods General Terms: Design, VeriFcation Keywords: model checking, concurrent programming, synchro- nization, design patterns, interfaces * This work is supported by the NS¡ grant CCR-0341365, the NASA funded High Dependability Computing Project through NASA cooperative agreement NCC2-1968, and the NS¡ grant CC¡-0438933. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proF t or commercial advantage and that copies bear this notice and the full citation on the F rst page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior speciF c permission and/or a fee.permission and/or a fee....
View Full Document

This note was uploaded on 10/04/2011 for the course CEN 5016 taught by Professor Workman,d during the Spring '08 term at University of Central Florida.

Page1 / 10

ase05 - Application of Design for VeriFcation with...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online