The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Nos sistemas de controle automotivo, os riscos potenciais de defeitos de software têm aumentado devido à crescente complexidade do software impulsionada pelos avanços no controle eletroeletrônico. Alguns tipos de defeitos, como condições de corrida, raramente podem ser detectados por testes ou simulações porque esses defeitos se manifestam apenas em algumas execuções raras. A verificação de modelos, que emprega uma exploração exaustiva do espaço de estados, é eficaz para detectar tais defeitos. Este artigo relata nossa abordagem para aplicar técnicas de verificação de modelos a programas de controle automotivo do mundo real. É impossível modelar diretamente a verificação de tais programas devido ao seu grande tamanho e alta complexidade; assim, é necessário derivar, do programa sob verificação, um modelo que seja passível de verificação de modelo. Nossa abordagem utiliza o verificador de modelo SPIN, bem como ferramentas internas que facilitam esse processo. Um dos principais recursos implementados nessas ferramentas é o fatiamento de programa com limite ajustável, que permite ao usuário especificar e extrair parte do código-fonte que é relevante para o problema de verificação de interesse. A conversão do código extraído para Promela, linguagem de entrada do SPIN, é realizada por meio de uma das ferramentas de forma semiautomática. Esta abordagem tem sido usada há vários anos na prática e considerada útil mesmo quando o tamanho do código do software excede 400 KLOC.
Masahiro MATSUBARA
Hitachi Automotive Systems, Ltd.,Osaka University
Tatsuhiro TSUCHIYA
Osaka University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Masahiro MATSUBARA, Tatsuhiro TSUCHIYA, "Model Checking of Automotive Control Software: An Industrial Approach" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 8, pp. 1794-1805, August 2020, doi: 10.1587/transinf.2019FOP0002.
Abstract: In automotive control systems, the potential risks of software defects have been increasing due to growing software complexity driven by advances in electric-electronic control. Some kind of defects such as race conditions can rarely be detected by testing or simulations because these defects manifest themselves only in some rare executions. Model checking, which employs an exhaustive state-space exploration, is effective for detecting such defects. This paper reports our approach to applying model checking techniques to real-world automotive control programs. It is impossible to directly model check such programs because of their large size and high complexity; thus, it is necessary to derive, from the program under verification, a model that is amenable to model checking. Our approach uses the SPIN model checker as well as in-house tools that facilitate this process. One of the key features implemented in these tools is boundary-adjustable program slicing, which allows the user to specify and extract part of the source code that is relevant to the verification problem of interest. The conversion from extracted code into Promela, SPIN's input language, is performed using one of the tools in a semi-automatic manner. This approach has been used for several years in practice and found to be useful even when the code size of the software exceeds 400 KLOC.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019FOP0002/_p
Copiar
@ARTICLE{e103-d_8_1794,
author={Masahiro MATSUBARA, Tatsuhiro TSUCHIYA, },
journal={IEICE TRANSACTIONS on Information},
title={Model Checking of Automotive Control Software: An Industrial Approach},
year={2020},
volume={E103-D},
number={8},
pages={1794-1805},
abstract={In automotive control systems, the potential risks of software defects have been increasing due to growing software complexity driven by advances in electric-electronic control. Some kind of defects such as race conditions can rarely be detected by testing or simulations because these defects manifest themselves only in some rare executions. Model checking, which employs an exhaustive state-space exploration, is effective for detecting such defects. This paper reports our approach to applying model checking techniques to real-world automotive control programs. It is impossible to directly model check such programs because of their large size and high complexity; thus, it is necessary to derive, from the program under verification, a model that is amenable to model checking. Our approach uses the SPIN model checker as well as in-house tools that facilitate this process. One of the key features implemented in these tools is boundary-adjustable program slicing, which allows the user to specify and extract part of the source code that is relevant to the verification problem of interest. The conversion from extracted code into Promela, SPIN's input language, is performed using one of the tools in a semi-automatic manner. This approach has been used for several years in practice and found to be useful even when the code size of the software exceeds 400 KLOC.},
keywords={},
doi={10.1587/transinf.2019FOP0002},
ISSN={1745-1361},
month={August},}
Copiar
TY - JOUR
TI - Model Checking of Automotive Control Software: An Industrial Approach
T2 - IEICE TRANSACTIONS on Information
SP - 1794
EP - 1805
AU - Masahiro MATSUBARA
AU - Tatsuhiro TSUCHIYA
PY - 2020
DO - 10.1587/transinf.2019FOP0002
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 8
JA - IEICE TRANSACTIONS on Information
Y1 - August 2020
AB - In automotive control systems, the potential risks of software defects have been increasing due to growing software complexity driven by advances in electric-electronic control. Some kind of defects such as race conditions can rarely be detected by testing or simulations because these defects manifest themselves only in some rare executions. Model checking, which employs an exhaustive state-space exploration, is effective for detecting such defects. This paper reports our approach to applying model checking techniques to real-world automotive control programs. It is impossible to directly model check such programs because of their large size and high complexity; thus, it is necessary to derive, from the program under verification, a model that is amenable to model checking. Our approach uses the SPIN model checker as well as in-house tools that facilitate this process. One of the key features implemented in these tools is boundary-adjustable program slicing, which allows the user to specify and extract part of the source code that is relevant to the verification problem of interest. The conversion from extracted code into Promela, SPIN's input language, is performed using one of the tools in a semi-automatic manner. This approach has been used for several years in practice and found to be useful even when the code size of the software exceeds 400 KLOC.
ER -