Domain-Specific Model Checking for Cyber-Physical Systems

Cyber-physical systems (CPS) require model checking to guarantee the functional correctness of software models, providing counterexamples in case of violations. Domain-specific model checking (DSMC) allows to apply model checking to specific application domains. DSMC hides the complexity of using a model checker by translating from a domain-specific modeling language (DSML) to the model checker’s input language, and by translating counterexamples back to the domain-specific level. Implementing DSMC is challenging for CPS due to the large differences between DSMLs and the input language of a model checker. In this paper, we present a successful application of DSMC to MECHATRONICUML, a DSML for the software design of CPS, using the model checker UPPAAL. As a key benefit, our approach is able to translate counterexamples back to the domain-specific level even in case of large differences between DSML and the model checker’s input language. We show the correctness of our approach using a case study from the area of car-2-car communication.