TY - GEN
T1 - Experiences from Large-Scale Model Checking
T2 - 14th IEEE International Conference on Software Testing, Verification and Validation, ICST 2021
AU - Fritzsch, Jonas
AU - Schmid, Tobias
AU - Wagner, Stefan
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/4
Y1 - 2021/4
N2 - In the age of autonomously driving vehicles, functionality and complexity of embedded systems are increasing tremendously. Safety aspects become more important and require such systems to operate with the highest possible level of fault tolerance. Simulation and systematic testing techniques often reach their limits in this regard. Here, formal verification as a long established technique can be an appropriate complement. However, the necessary preparatory work like adequately modeling a system and specifying properties in temporal logic are anything but trivial. In this paper, we report on our experiences applying model checking to verify the arbitration logic of a Vehicle Control System. We balance pros and cons of different model checking techniques and tools, and reason about our choice of the symbolic model checker NuSMV. We describe the process of modeling the architecture, resulting in ∼1500 LOC, 69 state variables and 38 LTL constraints. To handle this large-scale model, we automate and optimize the model checking procedure for use on multi-core CPUs and employ Bounded Model Checking to avoid the state explosion problem. We share our lessons learned and provide valuable insights for architects, developers, and test engineers involved in this highly present topic.
AB - In the age of autonomously driving vehicles, functionality and complexity of embedded systems are increasing tremendously. Safety aspects become more important and require such systems to operate with the highest possible level of fault tolerance. Simulation and systematic testing techniques often reach their limits in this regard. Here, formal verification as a long established technique can be an appropriate complement. However, the necessary preparatory work like adequately modeling a system and specifying properties in temporal logic are anything but trivial. In this paper, we report on our experiences applying model checking to verify the arbitration logic of a Vehicle Control System. We balance pros and cons of different model checking techniques and tools, and reason about our choice of the symbolic model checker NuSMV. We describe the process of modeling the architecture, resulting in ∼1500 LOC, 69 state variables and 38 LTL constraints. To handle this large-scale model, we automate and optimize the model checking procedure for use on multi-core CPUs and employ Bounded Model Checking to avoid the state explosion problem. We share our lessons learned and provide valuable insights for architects, developers, and test engineers involved in this highly present topic.
KW - Bounded Model Checking
KW - Driving Automation
KW - Experience Report
KW - Formal Verification
KW - Model Checking
KW - NuSMV
KW - Vehicle Control System
UR - http://www.scopus.com/inward/record.url?scp=85107929667&partnerID=8YFLogxK
U2 - 10.1109/ICST49551.2021.00049
DO - 10.1109/ICST49551.2021.00049
M3 - Conference contribution
AN - SCOPUS:85107929667
T3 - Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021
SP - 372
EP - 382
BT - Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 12 April 2021 through 16 April 2021
ER -