This paper reports as a case study an attempt to model check the control subsystem of an operational NASA robotics system. Thirty seven properties including both safety and liveness specifications were formulated for for the system. Twenty two of the thirty seven properties were successfully model checked. Several significant flaws in the original software system were identified and corrected during the model checking process. The case study presents the entire process in a semi-historical mode. The goal is to provide reusable knowledge of what worked, what did not work and why.
Published in the Proceedings of the
SEI Software Model Checking Workshop, Pittsburgh, PA, USA, March, 2003.
PostScript(gz) /
PDF
© 2003 Natasha Sharygina.