Date of this Version
Rajeev Alur, Michael McDougall, and Zijiang Yang, "Exploiting Behavioral Hierarchy for Efficient Model Checking", Lecture Notes in Computer Science: Computer Aided Verification 2404, 338-342. July 2002. http://dx.doi.org/10.1007/3-540-45657-0_25
Inspired by the success of model checking in hardware and protocol verification, model checking techniques for software have been the focus of a lot of research in the last few years [5,3,2,6]. Model checking can be applied only to relatively small models due to its inherently high computational requirements, and there are two complementary trends to address scalability. The model extraction approach, exemplified by projects such as Bandera  and SLAM , involves constructing inputs to model checkers by abstracting programs written in languages such as C and Java. The model-based design approach, exemplified by modeling notations such as Statecharts , promotes design using high-level models that are compiled into code. Our research agenda is to develop model checking techniques for model-based design of software.
Modern software design languages promote hierarchy as one of the key constructs for structuring complex specifications. The input language to our model checker is based on hierarchic reactive modules . This choice was motivated by the fact that, unlike STATECHARTS and other languages, in hierarchic reactive modules, the notion of hierarchy is semantic with an observational trace-based semantics and a notion of refinement with assume-guarantee rules. The first contribution of this paper is the Hermes toolkit that implements hierarchic reactive modules. Our implementation has a visual front-end and XML-based back-end, consistent with modern software design tools, and is in Java.
There are two basic techniques for reachability analysis. Enumerative model checkers such as SPIN  perform an on-the-fly exploration of the state-space using a depth-first search, while symbolic model checkers such as SMV  perform a breadth-first search by manipulating sets of states, rather than individual states, encoded typically by ordered binary (or multi-valued) decision diagrams. Since the two approaches are incomparable, and have been shown to be successful, Hermes supports both enumerative and symbolic reachability analysis. In this paper, we report progress on exploiting the structuring information in the behavioral hierarchy of the input model to speed up the exploration of reachable state-space of the model for both the approaches. More information about the tool is available at http://www.cis.upenn.edu/sdrl/hermes/
CPS Formal Methods
Lecture Notes in Computer Science: Computer Aided Verification
The original publication is available at www.springerlink.com
Date Posted: 13 December 2005