OS-Aware Interaction Model for the Verification of Multitasking Embedded Software

Abstract: As the behavior of multitasking embedded software is dependent on the underlying operating system(s), rigorous and efficient verification in this domain requires models of operating systems (OS) that enable OS-aware verification of application programs at reduced cost. However, the heterogeneity of the languages used for OS models and of the program source code makes it difficult to compose these seemingly independent components and thus requires translation of one language into another, causing various issues… Show more

“…F I G U R E 1 Construction process of embedded software [24] (iii) Number of context switches: Theoretically, the two tasks may non-deterministically interleave with each other at any point of the execution. There can be at least m  n possible interleavings for executing each while loop once if we assume n and m lines of code inside the while loops in the two tasks and if we also assume that the interleavings occur at the level of a simple statement.…”

“…The models for API functions, which constitute the OS model, are specified using the input language of the Spin model checker for comprehensive verification and the C language for simulation and dynamic testing using a state-of-the-art concolic testing tool. Acting as a black-box service provider, the OS model is used to perform heterogeneous composition with device controllers written in C, following the OS-aware interaction model introduced in Choi [24]. Comprehensive verification using model checking is performed on the composition model with the aim of finding potential safety issues as early as possible.…”

OS‐in‐the‐Loop verification for multi‐tasking control software

“…F I G U R E 1 Construction process of embedded software [24] (iii) Number of context switches: Theoretically, the two tasks may non-deterministically interleave with each other at any point of the execution. There can be at least m  n possible interleavings for executing each while loop once if we assume n and m lines of code inside the while loops in the two tasks and if we also assume that the interleavings occur at the level of a simple statement.…”

“…The models for API functions, which constitute the OS model, are specified using the input language of the Spin model checker for comprehensive verification and the C language for simulation and dynamic testing using a state-of-the-art concolic testing tool. Acting as a black-box service provider, the OS model is used to perform heterogeneous composition with device controllers written in C, following the OS-aware interaction model introduced in Choi [24]. Comprehensive verification using model checking is performed on the composition model with the aim of finding potential safety issues as early as possible.…”

OS‐in‐the‐Loop verification for multi‐tasking control software