Model Extraction for ARINC 653 Based Avionics Software

Cámara, Pedro de la; Gallardo, María del Mar Prados; Merino, Pedro

doi:10.1007/978-3-540-73370-6_16

Cited by 15 publications

(8 citation statements)

References 9 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This model is used to automatically obtain a correct abstraction of the software that makes use of this api. We have successfully used our method for the Berkeley-like Socket [13] and for the APEX interface for avionics software [14]. Figure 7 details the whole process to obtain the verifiable models and to carry out the verification.…”

Section: Fig 7 Model Extraction Processmentioning

confidence: 99%

“…Additionally, when the dereference occurs on the left side of an assignment, it is necessary to save a new object in the store. We now give an example of this, although more details and examples can be found in [13] and [14]. Figures 8 and 9 represent the C code to reverse a linked list and part of the Promela model extracted from that code (lines 14 to 17).…”

mentioning

confidence: 97%

“…The first is to define a formal operational semantics of each api call, in order to have a clear design of the functionality to be included in the model generator (see [13] for the socket case). The second way is to do exhaustive testing using reference applications on top of the api (see how to use official APEX test cases in [14]). …”

mentioning

confidence: 99%

See 2 more Smart Citations

Model Checking Dynamic Memory Allocation in Operating Systems

2009

Self Cite

View full text Add to dashboard Cite

Most system software, including operating systems, contains dynamic data structures whose shape and contents should satisfy design requirements during execution. Model checking technology, a powerful tool for automatic verification based on state exploration, should be adapted to deal with this kind of structure. This paper presents a method to specify and verify properties of C programs with dynamic memory management. The proposal contains two main contributions. First, we present a novel method to extend explicit model checking of C programs with dynamic memory management. The approach consists of defining a canonical representation of the heap, moving most of the information from the state vector to a global structure. We provide a formal semantics of the method that allows us to prove the soundness of the representation. Secondly, we combine temporal LTL and CTL logic to define a two-dimensional logic, in time and space, which is suitable to specify complex properties of programs with dynamic data structures. We also define the model checking algorithms for this logic. The whole method has been implemented in the well known model checker SPIN, and illustrated with an example where a typical memory reader/writer driver is modelled and analyzed.

show abstract

Section: Fig 7 Model Extraction Processmentioning

confidence: 99%

mentioning

confidence: 97%

See 1 more Smart Citation

Model Checking Dynamic Memory Allocation in Operating Systems

2009

Self Cite

View full text Add to dashboard Cite

show abstract

“…Bandera follows a similar approach and can analyze Java programs; it uses an optimizing compiler to translate them to either a Spin or NuSMV model [5]. This has also been done with programs written in C with a mixed-mode translation; the programs are compiled and combined with manually written system calls [8]. Care has to be taken that the extraction provides a faithful model of the system [10].…”

Section: Introductionmentioning

confidence: 99%

Model Checking Industrial Robot Systems

Weibmann

Bedenk

Buckl

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Modern production plants are highly automated complex systems consisting of several robots and other working machines. Errors leading to damage and stop of production are extremely expensive and must be avoided by all means. Hence, the state of practice is to test control programs in advance which implies high effort and comes with high costs. To increase the confidence into the control systems and to reduce the necessary effort, this paper proposes to use model checking to verify certain properties. It presents a compiler that can transform industrial robot programs into PROMELA models. Since the statements of the robot programming language can not be mapped directly into PROMELA statements, we apply compiler optimization techniques to close the semantic gap. In case of a specification violation the trace is mapped to the original context so that the robot programmer can reconstruct the problem. As a case study we applied the tool to verify the absence of collisions and deadlocks. We were able to detect one deadlock in a car-body welding station with 9 robots, correct the program and verify the correctness of the resulting system.

show abstract

“…The construction of the PROMELA models follows the approach by the authors towards the verification of software with well‐defined APIs 9, 15. Specific models of the OS functions offered with ARINC API are defined.…”

Section: Introductionmentioning

confidence: 99%

Verification support for ARINC‐653‐based avionics software

Cámara

Castro

Gallardo

et al. 2011

Software Testing Verif & Rel

Self Cite

View full text Add to dashboard Cite

Software model checking consists in applying the most powerful results in formal verification research to programming languages such as C. One general technique to implement this approach is producing a reduced model of the software in order to employ existing and efficient tools, such as SPIN. This paper focusses on the application of this approach to the avionics software constructed on top of the Application Executive Software (APEX) Interface, which is widely employed by manufacturers in the avionics industry. It presents a method to automatically extract PROMELA models from the C source code. In order to close the extracted model during verification, we built a reusable APEX‐specific environment. This APEX environment models the execution engine (i.e. an APEX compliant real‐time operating system) that implements APEX services. In particular, it explains how to deal with aspects such as real‐time and APEX scheduling. Time is modelled in such a way that the we save time and memory by avoiding the analysis of irrelevant steps. This model of time and the construction of a deterministic scheduler guarantees the scalability of our approach. The paper also presents a tool that can verify realistic applications, and that has been used as a novel testing method to ensure the correctness of our APEX environment. This testing method uses SPIN to execute official APEX test cases. Copyright © 2010 John Wiley & Sons, Ltd.

show abstract

Model Extraction for ARINC 653 Based Avionics Software

Cited by 15 publications

References 9 publications

Model Checking Dynamic Memory Allocation in Operating Systems

Model Checking Dynamic Memory Allocation in Operating Systems

Model Checking Industrial Robot Systems

Verification support for ARINC‐653‐based avionics software

Contact Info

Product

Resources

About