Integrating Model Checking into Object-oriented Software Development Processes

A methodology for integrating model checking into object-oriented software development processes is defined, developed, and demonstrated. Model checking is applied to object-oriented analysis(OOA) models that have executable semantics specified as state machines rather than as programs in conventional programming languages. The complexity level of an OOA model yields a manageable state space for model checking. An automata based approach to model checking is used. The OOA models are automatically translated to automaton models. Predicates over the behaviors of the OOA models are mapped to predicates over the automaton models and evaluated by a model checker. Algorithms for translating OOA models to automaton models are given. Procedures for management of dynamic object instance sets and unbounded event queues are given. The algorithms and procedures have been implemented for OOA models constructed in the SES/Objectbench implementation of the Shlaer-Mellor method that provides executable semantics for a subset of Unified Modeling Language. Translation is to the S/R automaton language and the COSPAN system is used for model checking. The algorithms are readily adapted to other OOA models with executable semantics and other model checking systems. A simple example to demonstrate the capabilities is included in this paper. The companion paper[7] gives design rules for constructing OOA models which yield tractable automaton models upon translation and reports on application of the methodology to an OOA model of modest complexity, a minimal robot control system.