Compositional model checking of Ada tasking programs

Model checking has proved to be an effective analysis tool for domains such as hardware circuits and communication protocols. However, it has not yet been widely applied to more general concurrent systems, such as those realized by Ada multitasking programs. A major impediment to the use of model checking in such systems is the exponential growth of the state-space, which results from the parallel composition of component tasks. Various compositional approaches have been proposed to address this problem, in which the parts of a system are analyzed separately, and then the results are combined into inferences about the whole. One of the more promising of these techniques is called compositional minimization, which eliminates each component´s “uninteresting” states as the model checking proceeds; this in turn can lead to a significant reduction in the composite state-space. In this paper we evaluate the application of this approach to Ada multitasking programs, particularly highlighting the design choices made to accommodate Ada´s semantics. We also discuss the types of systems (and properties) for which this method produces significant time/space savings, as well as those for which the savings are less pronounced