A configurable V&V framework using formal behavioral patterns for OSEK/VDX operating systems

“…The system configuration and the OS patterns are used for constructing configuration-dependent OS models. We reused the prototype tool developed for the pattern-based OS model generation framework [7] for the OS model generation part. The platform-dependent library functions used by the application program were abstracted manually to make them platform-independent.…”

“…Assuming that the OS model is comprehensively verified with respect to functional correctness as well as system safety, we can perform two-step verification: (1) verification of the OS implementation using the OS model as a test oracle, and then (2) verification of the embedded software by replacing the OS implementation with the verified OS model. Such thoroughly verified operating system models already exist, for instance OSs developed using a proof-by-construction approach [5], [31] and formal OS models written in formal modeling languages [7], [26], [33], [52]. Among these, our previous approach [7] generates formal OS models by assembling predefined formal service patterns for a given system configuration, thereby providing a formal framework for the verification in accordance with the typical construction process of embedded software illustrated in Figure 2.…”

“…Such thoroughly verified operating system models already exist, for instance OSs developed using a proof-by-construction approach [5], [31] and formal OS models written in formal modeling languages [7], [26], [33], [52]. Among these, our previous approach [7] generates formal OS models by assembling predefined formal service patterns for a given system configuration, thereby providing a formal framework for the verification in accordance with the typical construction process of embedded software illustrated in Figure 2. The remaining issue is how to compose the generated formal OS models with control programs written in various programming languages.…”

“…Synchronized parallel composition allows each statemachine to accept a transition while the others remain in the same state, but all statemachines satisfying the transition conditions must undergo the transitions at the same time 4. Each statemachine is parameterized with the system configuration and utilized as a statemachine pattern[7].…”

OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

“…The system configuration and the OS patterns are used for constructing configuration-dependent OS models. We reused the prototype tool developed for the pattern-based OS model generation framework [7] for the OS model generation part. The platform-dependent library functions used by the application program were abstracted manually to make them platform-independent.…”

“…Assuming that the OS model is comprehensively verified with respect to functional correctness as well as system safety, we can perform two-step verification: (1) verification of the OS implementation using the OS model as a test oracle, and then (2) verification of the embedded software by replacing the OS implementation with the verified OS model. Such thoroughly verified operating system models already exist, for instance OSs developed using a proof-by-construction approach [5], [31] and formal OS models written in formal modeling languages [7], [26], [33], [52]. Among these, our previous approach [7] generates formal OS models by assembling predefined formal service patterns for a given system configuration, thereby providing a formal framework for the verification in accordance with the typical construction process of embedded software illustrated in Figure 2.…”

“…Such thoroughly verified operating system models already exist, for instance OSs developed using a proof-by-construction approach [5], [31] and formal OS models written in formal modeling languages [7], [26], [33], [52]. Among these, our previous approach [7] generates formal OS models by assembling predefined formal service patterns for a given system configuration, thereby providing a formal framework for the verification in accordance with the typical construction process of embedded software illustrated in Figure 2. The remaining issue is how to compose the generated formal OS models with control programs written in various programming languages.…”

“…Synchronized parallel composition allows each statemachine to accept a transition while the others remain in the same state, but all statemachines satisfying the transition conditions must undergo the transitions at the same time 4. Each statemachine is parameterized with the system configuration and utilized as a statemachine pattern[7].…”

OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

“…Motivated by failure cases identified from our previous case studies [4], [6], we have developed a prototype toolset AutoCheck FP based on a pattern-based model generation framework [9]. Figure 2 is an overview of the toolset.…”

A Toolset for Validation and Verification of Automotive Control Software Using Formal Patterns

OS‐in‐the‐Loop verification for multi‐tasking control software