• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.39 no.3
• /
• pp.1-17
• /
• 2002

In this paper, we present our experiences in using symbolic model checker(SMV) to analyze a number of properties of RACE cache coherence protocol designed by ETRI(Electronics and Communications Research Institute) and to verify that RACE protocol satisfies important requirements. To investigate this, we specified the model of the RACE protocol as the input language of SMV and specified properties as a formula in temporal logic CTL. We successfully used the symbolic model checker to analyze a number of properties of RACE protocol. We verified that abnormal state/input combinations was not occurred and every possible request of processors was executed correctly We verified that RACE protocol satisfies liveness, safety and the property that any abnormal state/input combination was never occurred. Besides, We found some ambiguities of the specification and a case of starvation that the protocol designers could not expect before. By this verification experience, we show advantages of model checking method. And, we propose a new method to generate automatically test cases which are used in simulation and testing.

• Journal of the Korean Institute of Telematics and Electronics C
• /
• v.36C no.12
• /
• pp.36-46
• /
• 1999

As the requirements of embedded systems increase, the design complexity of the system becomes higher. The formal design methodology is required which supports well-balanced specification for control and dataflow to design a complex system. In this paper, control modules and function modules are separately described with FSMs and dataflow graphs respectively, and integrated into a system specification via inter-model communications. In previous approaches, the system could not be verified until control modules and dataflow modules are combined at the final design stage. However our approach enables us to design each part as the proper model of computation at early stage, and to verify the compositions and to co-synthesize the system effectively in the same framework. Especially this paper focuses on the communication protocols between control and dataflow models. Preliminary experiments show practicality of the proposed technique.

• Journal of KIISE:Software and Applications
• /
• v.36 no.7
• /
• pp.523-530
• /
• 2009

Despite the growing need for customized operating system kernels for embedded devices, kernel development continues to suffer from insufficient reliability and high testing cost for several reasons such as the high complexity of the kernel code. To alleviate these difficulties, this study proposes the MOdel-based KERnel Testing (MOKERT) framework for detection of concurrency bugs in the kernel. MOKERT translates a given C program into a corresponding Promela model, and then tries to find a counter example with regard to a given requirement property, If found, MOKERT executes that counter example on the real kernel code to check whether the counter example is a false alarm or not, The MOKERT framework was applied to the Linux proc file system and confirmed that the bug reported in a ChangeLog actually caused a data race problem, In addition, a new data race bug in the Linux proc file system was found, which causes kernel panic.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.5
• /
• pp.1246-1256
• /
• 1998

MIB(Management Information Base), one of the key components of network management system, is a conceptual repository for the information of the various managed objects. MIB stores and manages all the structural and operational data of each managed resources. Therefore, MIB should be protected properly from inadvertant user access or malicious attacks. International standard ISO/IEC 10164-9 describes several managed object classes for the enforcement of MIB security. Those managed object classes described access control rules for security policy. But the exact authorization procedures using those newly added managed object classes are not presented. In this paper, we divide managed object classes into two groups, explicit and implicit ones, and describe the access authorization procedure in Z specification language. Using Z as a description method for both authorization procedure and GDMO's action part, the behaviour of each managed object class and access authorization procedure is more precisely and formally defined than those of natural language form.

• Journal of KIISE:Software and Applications
• /
• v.33 no.2
• /
• pp.186-200
• /
• 2006

Analysis model focuses only on functional requirements and postpones nonfunctional requirements and implementation specific issues until subsequent design activities are undertaken. Based on the analysis models, the design activities are performed by refining and clarifying the analysis models. Thus, the quality of analysis models has a vast impact on the design models. Therefore, much effort should be taken to build correct analysis model. In this paper, we propose a set of structural constraints that analysis models of typical object-oriented development methods should satisfy. Three kinds of constraints are proposed: class related constraints, relation related constraints, and usage related constraints. For each constraint, formal definition and description with OCL are provided. In addition, through a case study with two medium-sired industrial systems, we demonstrated that the proposed approach can help to identify and correct serious deficiencies in object-oriented analysis models.

• Journal of KIISE:Software and Applications
• /
• v.31 no.7
• /
• pp.869-882
• /
• 2004

This paper proposes an effective method to create logically consistent and structured requirement model by applying consistency control approach of the formal method to the use-case modeling. This method integrates the multi-perspective scattered requirement segments that may overlap and conflict each other into a structured requirement model. The model structure can be analyzed based on context goal and concerned area overlap analysis. The model consistency can be achieved by using specification overlap-based consistency checking method as an integration vehicle. An experimental application to case study shows that the Proposed method can successfully identify requirement overlaps and inconsistency. It can also transfer multi-viewpoint requirement segments into a consistently integrated use-case model to clarify software behaviors and functionality This method helps users to enhance capability to identify specification inconsistency in the use-case modeling at the early stage of software engineering development. The proposed approach can also facilitate communication between users and developers to ensure customer satisfaction.

• Journal of KIISE:Software and Applications
• /
• v.30 no.12
• /
• pp.1158-1171
• /
• 2003

The UML is a widely accepted standard in object-oriented modeling. As the UML is semantically rich, we can describe in detail the system that will be developed, but we cannot guarantee the correctness and consistency of the designed model. Therefore, it is important to minimize the error by verifying user models in an early stage. In this paper, we propose a method for verifying the consistency of UML structural diagrams and behavioral diagrams using OCL verification rules and meta-metamodel. The consistency is a nature for checking whether the structural diagrams and behavioral diagrams are coherently designed according to a specific requirement. First we build meta-metamodels of the structural diagram and behavioral diagram that are described with the UML diagrams and the related elements, we derive rules for verifying the consistency from each meta-metamodels, and then formally specify with the language such as OCL for automatic verification. Finally, we verify the usefulness of the rule through a case study.

• Journal of KIISE:Software and Applications
• /
• v.27 no.1
• /
• pp.1-12
• /
• 2000

Model checking is a formal verification technique which checks the consistency between a requirement specification and a behavior model of the system by explorating the state space of the model. We apply model checking to the formal verification of the concurrent object-oriented system, using an existing model checker SPIN which has been successful in verifying concurrent systems. First, we propose an Actor-based modeling language, called APromela, by extending the modeling language Promela which is a modeling language supported in SPIN. APromela supports not only all the primitives of Promela, but additional primitives needed to model concurrent object-oriented systems, such as class definition, object instantiation, message send, and synchronization.Second, we provide translation rules for mapping APromela's such modeling primitives to Promela's. As an application of APromela, we suggest a verification method for UML models. By giving an example of specification, translation, and verification, we also demonstrate the applicability of our proposed approach, and discuss the limitations and further research issues.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.7
• /
• pp.1789-1804
• /
• 1999

This paper presents a simulation-based system for verification and validation(V&V) of design implication of the Visual Real-time Object Model which is produced by existing object's behavior design method. This system can simulate the dynamic interactions using the executable Ada simulation machine, and can detect various logical and temporal problems in the visual real-time object model prior to the real implementation of the application systems. Also, the system can generate the Ada prototype code from the validated specification. This system is implemented by Visual C++ version 4.2. For simulation, this system is using the Ada language because Ada's real-time expression capabilities such as concurrent processes, rendezvous, temporal behavior expression, and etc, are competent compared to other languages. This work contributes to a tightly coupling of methodology-based visual models and formal-based simulation systems, and also contributes to a realization of automated specification V&V.