Model checking RAISE applicative specifications

Ensuring the correctness of a given software component has become a crucial aspect in software engineering and model checking provides an almost fully automatic way of achieving this goal. Due to the scalability problems of the model checking technique, it has become popular to apply it at early stages in the development process, when the size of the model is much smaller than the final code. Properties proved in this way can be shown to hold at the implementation level provided that the final code refines the original specification. In this paper we focus on the main issues for adding model checking functionality to the RAISE specification language (RSL) and present the semantic foundations of our current approach for doing so. We also describe a way to use model checking to verify RAISE confidence conditions, ensuring the soundness and completeness of the results checked in this way. We then present the most interesting details of the implementation of a tool that follows the described approach. Finally, we illustrate the application of the technique with two case studies: a Digital Multiplexed Radio Telephone System and the Mondex electronic purse.