The control software of the CERN Compact Muon Solenoid experiment contains
over 30,000 finite state machines. These state machines are organised
hierarchically: commands are sent down the hierarchy and state changes are sent
upwards. The sheer size of the system makes it virtually impossible to fully
understand the details of its behaviour at the macro level. This is fuelled by
unclarities that already exist at the micro level. We have solved the latter
problem by formally describing the finite state machines in the mCRL2 process
algebra. The translation has been implemented using the ASF+SDF
meta-environment, and its correctness was assessed by means of simulations and
visualisations of individual finite state machines and through formal
verification of subsystems of the control software. Based on the formalised
semantics of the finite state machines, we have developed dedicated tooling for
checking properties that can be verified on finite state machines in isolation.Comment: To appear in FSEN'11. Extended version with details of the ASF+SDF
translation of SML into mCRL