A symbolic model checker for testing ASTRAL real-time specifications

ASTRAL is a high-level formal specification language for real-time (infinite state) systems. It is provided with structuring mechanisms that allow one to build modularized specifications of complex real-time systems with layering. In this paper, the methods and techniques used in the prototype implementation of the ASTRAL symbolic model checker, which is a component of the ASTRAL software development environment (SDE), are presented. The model checking procedure uses the Omega library to represent a subset of states, and model checking is carried out on the execution tree of an ASTRAL process. The tree is further trimmed by the execution graph of the process. The model checker combines both explicit state exploration and symbolic state calculation in order to reduce the number of variables needed, by dynamically resolving their values as well as their histories along a path of execution. Based upon the ASTRAL proof theory, the model checker is modularized, in the sense that each time it checks only one process instance of each process type that is globally declared. A limited window size technique is further proposed to encode the history of an imported variable when the history of the variable is referenced. The model checker is run on several earlier versions of the railroad-crossing ASTRAL specification, which contained errors, as well as on the final version, which has been proved correct. The results show that it is effective for detecting bugs in an ASTRAL specification, which is extremely important in our use of the model checker as a specification debugger. The model checker is fully automated without manual abstractions