objectcheck: a model checking tool for executable object-oriented software system designs fei xie...

ObjectCheck: A Model Checking Tool for Executable Object-oriented Software

System Designs

Fei Xie and James C. Browne

Dept. of Computer Sciences

Univ. of Texas at Austin

Vladimir Levin

Bell-Labs

Lucent Technologies

2

Presentation Agenda

• Background and Overview of ObjectCheck

• Demonstration of ObjectCheckDemonstration of ObjectCheck

• More Case StudiesMore Case Studies

• Summary and Future WorkSummary and Future Work

3

Motivations

• Executable OO modeling languages are widely applied to specify software system designs.

• Model Checking may improve the reliabilities of executable OO software system designs.

• State-of-the-art model checkers are not directly applicable to executable OO system designs.

• A tool supporting application of model checking to executable OO system designs is needed.

4

xUML: An Executable OO Modeling Language

• Executable dialect of UML;

• Expressive system and class hierarchies;

• Extended Moore state machines as state models;– Each state may have an associated state action;

– Each state action is run-to-completion;

• Asynchronous interleaving execution semantics.– A system execution is an asynchronous interleaving

of the executions of state models in the system.

5

Architecture and Workflow of ObjectCheck

Property Specification Interface xUML IDE Error Visualizer

xUML-to-S/R Translator Error Report Generator

COSPAN Model Checker

S/R ModelS/R Query

Error Report

Error Track

Designer

xUML ModelProperty

6

Development of ObjectCheck

• Developed in conjunction with SDLCheck;– SDLCheck is an SDL model checking tool

developed by Robert P. Kurshan, Vladimir Levin, and Husnu Yenigun of Bell-labs.

• Reuses modules from SDLCheck, such as optimization modules that conduct SPOR.– SPOR (Static Partial Order Reduction).

7

Presentation Agenda





8

Case Study for Demonstration

• Classic Dining Philosophers Problem

• More realistic case studies will be shown after the demonstration.

9

Step-by-Step Demonstration

Designer


Error ReportxUML ModelProperty


Error TrackS/R ModelS/R Query


17


Designer






19


Designer






23


Designer






28


Designer






31


Designer






39

Presentation Agenda





40

More Case Studies

• NASA Robot Controller– A typical control-intensive embedded systems;– Presented at FASE 2001 by Natasha Sharygina;

• Online Ticket Sale System– A typical commercial transaction systems;– Presented at FASE 2002;– Focus: Integrated state space reduction.

41

NASA Robot Controller (Class Diagram)

42

NASA Robot Controller(A State Model)

43

An Online Ticket Sale System (Class Diagram)

44

An Online Ticket Sale System (A State Model)

45

Some Verification Statistics of Online Ticket Sale System

• Verification of a liveness property– After an agent is assigned to a customer,

eventually the agent will be released.

• Statistics related to state space reductionsSPOR SMC Memory Usage Time Usage

Off Off Out of Memory -

Off On 113.73M 44736.S

On Off 17.3M 6668.3S

On On 74.0M 1450.3S

46

Related Work

• Most closely related work– UML Model Checking toolset from University

of Michigan– vUML tool from Åbo Akademi University– Both tools employ UML dialects with ad-hoc

execution semantics and without well-defined action semantics.

47

Summary and Future Work

• ObjectCheck– Combines industrial software design and development

environments and model checkers with research tools;

– Provides comprehensive automation support for model checking xUML models;

– Has enabled verification of non-trivial software system designs modeled in xUML.

• Future work is focused on enhancing state space reduction capability of ObjectCheck.

objectcheck: a model checking tool for executable object-oriented software system designs fei xie...

Documents