Detecting design flaws in UML state charts for embedded software

Abstract

Embedded systems are used in various critical devices and correct functioning of these devices is crucial. For non-trivial devices, exhaustive testing is costly, time consuming and probably impossible. A complementary approach is to perform static model checking to verify certain design correctness properties. Though static model checking techniques are widely used for hardware circuit verification, the goal of model checking software systems remains elusive. However embedded systems fall in the category of concurrent reactive systems and can be expressed through communicating state machines. Behavior of concurrent reactive systems is more similar to hardware than general software. So far, this similarity has not been exploited sufficiently. IBM®1 Rational® Rose® RealTime (RoseRT) is widely used for designing concurrent reactive systems and supports UML State Charts. IBM RuleBase is an effective tool for hardware model checking. In this paper, we describe our experiments of using RuleBase for static model checking RoseRT models. Our tool automatically converts RoseRT models to the input for RuleBase, allows user to specify constraints graphically using a variation of sequence diagrams, and presents model checking results (counterexamples) as sequence diagrams consisting of states and events in the original UML model. The model checking step is seamlessly integrated with RoseRT. Prior knowledge of model checking or formal methods is not expected, and familiarity of UML sequence diagram is exploited to make temporal constraint specification and counterexample presentation more accessible. This approach brings the benefits of model checking to embedded system developers with little cost of learning. © Springer-Verlag Berlin Heidelberg 2007.