The Verus Language : Representing Time efficiently with BDDs 1

There have been significant advances on formal methods and tools to verify real-time systems recently. Nevertheless, these methods have not yet been accepted as a realistic alternative to the verification of industrial systems. One reasons for this is that formal methods are still difficult to apply efficiently. Another reason is that even though being more efficient than previous ones, verification algorithms are still not efficient enough to handle many complex systems. This work addresses this problem by presenting a language designed especially to simplify writing real-time programs. It is an imperative language with a syntax similar to C. Special constructs are provided to allow the straightforward expression of timing properties. The familiar syntax makes it easier for nonexperts to use the tool. The special constructs make it possible to model the timing characteristics of the system naturally and accurately. The language is compiled into state-transition graphs, which provide a simple but extremely efficient model of time. Symbolic model checking and quantitative algorithms are used to check the timing properties of the system. The efficiency of the representation allows complex realistic systems to be verified by the method as evidenced by the aircraft controller discussed in the paper. The model for this example has about 1015 states and counterexamples with thousands of states have been produced in seconds using the language and algorithms proposed.