Model checking Trampoline OS: a case study on safety analysis for automotive software

Choi, Yunja

doi:10.1002/stvr.1482

Cited by 17 publications

(9 citation statements)

References 31 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Approaches for verifying multitasking embedded software can be divided into three categories: (1) verification of application programs with a highly abstracted scheduling policy [20], [27], [32], [38], [44], (2) verification approaches for OS [5], [6], [14], [26] that focus on the correctness of either OS models or implementations; and (3) verification of embedded programs with verified OS models [28], [42], [50], [52].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

Choi

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

As the behavior of multitasking embedded software is dependent on the underlying operating system(s), rigorous and efficient verification in this domain requires models of operating systems (OS) that enable OS-aware verification of application programs at reduced cost. However, the heterogeneity of the languages used for OS models and of the program source code makes it difficult to compose these seemingly independent components and thus requires translation of one language into another, causing various issues in verification. To alleviate this problem, we propose a hybrid approach that composes formal OS models with application programs in an interaction model. Based on typical OS-application interaction behavior, our interaction model is a composition framework that connects an OS model to application programs as long as they share the same Application Program Interface (API). It provides seamless composition of two heterogeneous software artifacts by formulating source code annotations based on control-flow analysis and by synchronizing state transitions over API function calls to regulate the context switching of multitasking programs. A prototype implementation of the interaction model was applied to eight benchmark programs of the Erika OS and a control program with real-scale complexity from the automotive domain. It was shown that the framework supports systematic and effective verification of multitasking embedded software, which has not been possible using code-level model checking. INDEX TERMS Embedded software, multi-tasking, heterogeneous composition, model checking

show abstract

Section: Related Workmentioning

confidence: 99%

“…The second category includes the Haskell model of seL4 [31], verification methods for OSEK-conformant compilers [14], model checking of the Trampoline OS [6], compositional verification of OS kernels and device drivers [5], the formal OSEK/VDX OS model in the K-framework [52], and modeling and verification of an OS kernel in CSP [26].…”

Section: Related Workmentioning

confidence: 99%

OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

Choi

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…[7] presents a case study on checking the operating systems compliant with OSEK/VDX. The authors describe the specification in temporal logic formulas.…”

Section: Related Workmentioning

confidence: 99%

“…Existing works focus on cases (i) where the user requirements are translated into temporal logic formulas [22] and the design is described in imperative specification languages like Promela [7] and (ii) where the specification and the design are described in the same specification language [1], [6]. We can see drawbacks when straightforwardly applying the existing approaches to verify the reactive systems.…”

Section: Introductionmentioning

confidence: 99%

A Framework for Verifying the Conformance of Design to Its Formal Specifications

Chiba

Yatake

et al. 2015

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYVerification of a design with respect to its requirement specification is important to prevent errors before constructing an actual implementation. The existing works focus on verifications where the specifications are described using temporal logics or using the same languages as that used to describe the designs. Our work considers cases where the specifications and the designs are described using different languages. To verify such cases, we propose a framework to check if a design conforms to its specification based on their simulation relation. Specifically, we define the semantics of the specifications and the designs commonly as labelled transition systems (LTSs). We appreciate LTSs since they could interpret information about the system and actions that the system may perform as well as the effect of these actions. Then, we check whether a design conforms to its specification based on the simulation relation of their LTS. In this paper, we present our framework for the verification of reactive systems, and we present the case where the specifications and the designs are described in Event-B and Promela/Spin, respectively. We also present two case studies with the results of several experiments to illustrate the applicability of our framework on practical systems.

show abstract

“…Examples of RTOS include FreeRTOS, RTX, OSEK, VxWorks, µC/OS-II, µC/OS-III, LynxOS, MbedOS, RT-thread, Nucleus, etc. Furthermore, these RTOSs are implemented in small microcontrollers and widely used in several domains such as automotive (11)(12)(13) , Avionic (14) , mobile, and the internet of things (IoT) (15,16) , and robotic (17) .…”

Section: Introductionmentioning

confidence: 99%

Benchmarking and Comparison of Two Open-source RTOSs for Embedded Systems Based on ARM Cortex-M4 MCU

Mazzi¹,

Georesources²,

Gaga³

et al. 2021

IJST

View full text Add to dashboard Cite

Objective: To evaluate the performance of two open-source real-time operating systems (RTOSs), Keil RTX5 and FreeRTOS. Besides, a comparison between them has been also established based on four timing metrics: task switching time, pre-emption time, semaphore shuffling time, and inter-task messaging latency. All the tests have been performed on an STM32F429 discovery board based on Cortex-M4 MCUs. Methods: To measure the timing metrics, the ARM cycle counter register implemented in the DWT unit was used. Findings: The DWT cycle counter allows us to capture the number of cycles that occurred in the execution of a part of the code. Therefore, the time measurements of the metrics selected show that FreeRTOS has good performance with the lowest value of switching time, preemption time, and semaphore shuffling time. Instead, Keil RTX5 has fast message passing. Novelty: The study provides an evaluation and comparison of the latest version of the most used open-source RTOSs, Keil RTX5 and FreeRTOS v10.2.0. Furthermore, the timing metrics have been measured accurately with the ARM cycle counter register without using any other hardware or GPIO pin that may disturb the measurement. The comparison is based on four critical timing metrics that affect mostly the performance of any RTOS and define their time capability. Finally, the tests have been made on a low-power ARM MCU.

show abstract

Model checking Trampoline OS: a case study on safety analysis for automotive software

Cited by 17 publications

References 31 publications

OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

A Framework for Verifying the Conformance of Design to Its Formal Specifications

Benchmarking and Comparison of Two Open-source RTOSs for Embedded Systems Based on ARM Cortex-M4 MCU

Contact Info

Product

Resources

About