From NuSMV to SPIN: Experiences with model checking flight guidance systems

Research output: Contribution to journalArticlepeer-review

23 Scopus citations

Abstract

Model checking has become a promising technique for verifying software and hardware designs; it has been routinely used in hardware verification, and a number of case studies and industrial applications show its effectiveness in software verification as well. Nevertheless, most existing model checkers are specialized for limited aspects of a system, where each of them requires a certain level of expertise to use the tool in the right domain in the right way. Hardly any guideline is available on choosing the right model checker for a particular problem domain, which makes adopting the technique difficult in practice, especially for verifying software with high complexity. In this work, we investigate the relative pitfalls and benefits of using the explicit model checker Spin on commercial Flight Guidance Systems (FGSs) at Rockwell-Collins, based on the author's prior experience with the use of the symbolic model checker NuSMV on the same systems. This has been a question from the beginning of the project with Rockwell-Collins. The challenge includes the efficient use of Spin for the complex synchronous mode logic with a large number of state variables, where Spin is known to be not particulary efficient. We present the way the Spin model is optimized to avoid the state space explosion problem and discuss the implication of the result. We hope our experience can be a useful 21 reference for the future use of model checking in a similar domain.

Original languageEnglish
Pages (from-to)199-216
Number of pages18
JournalFormal Methods in System Design
Volume30
Issue number3
DOIs
StatePublished - Jun 2007

Keywords

  • Flight guidance systems
  • Model checking
  • NuSMV
  • SPIN

Fingerprint

Dive into the research topics of 'From NuSMV to SPIN: Experiences with model checking flight guidance systems'. Together they form a unique fingerprint.

Cite this