Checking subsystem safety properties in compositional reachability analysis

Abstract

The software architecture of a distributed program can be represented by an hierarchical composition of subsystems, with interacting processes at the leaves of the hierarchy. Compositional reachability analysis has been proposed as a promising automated method to derive the overall behavior of a distributed program in stages, based on its architecture. The method is particularly suitable for the analysis of programs which are subject to evolutionary change. When a program evolves, only behavior of those subsystems affected by the change need be re-evaluated. The method however has a limitation. The properties available for analysis are constrained by the set of actions that remain globally observable. The properties of subsystems, may not be analyzed. We extend the method to check safety properties of subsystems which may contain actions that are not globally observable. These safety properties can still be checked in the framework of compositional reachability analysis. The extension is supported by augmenting finite-state machines with a special undefined state /spl pi/. The state is used to capture possible violation of the safety properties specified by software developers. The concepts are illustrated using a gas station system as a case study.