Automatic Generation of State Invariants

Automatic generation of state invariants, properties that hold in every reachable state of a state machine model, can be valuable in software development. Not only can such invariants be presented to system users for validation, in addition, they can be used as auxiliary assertions in proving other invariants. This paper describes an algorithm for the automatic generation of state invariants that, in contrast to most other such algorithms, which operate on programs, derives invariants from requirements speci cations. Generating invariants from requirements speci cations rather than programs has two advantages: 1) because requirements speci cations, unlike programs, are at a high level of abstraction, generation of and analysis using such invariants is easier, and 2) using invariants to detect errors during the requirements phase is considerably more cost-e ective than using invariants later in software development. To illustrate the algorithm, we use it to generate state invariants from requirements speci cations of an automobile cruise control system and a simple control system for a nuclear plant. The invariants are derived from speci cations expressed in the SCR (Software Cost Reduction) tabular notation. Keywords|requirements, speci cation, formal methods, invariants, veri cation, validation, software tools