Abstract
As the behavior of multitasking embedded software is dependent on the underlying operating system(s), rigorous and efficient verification in this domain requires models of operating systems (OS) that enable OS-aware verification of application programs at reduced cost. However, the heterogeneity of the languages used for OS models and of the program source code makes it difficult to compose these seemingly independent components and thus requires translation of one language into another, causing various issues in verification. To alleviate this problem, we propose a hybrid approach that composes formal OS models with application programs in an interaction model. Based on typical OS-application interaction behavior, our interaction model is a composition framework that connects an OS model to application programs as long as they share the same Application Program Interface (API). It provides seamless composition of two heterogeneous software artifacts by formulating source code annotations based on control-flow analysis and by synchronizing state transitions over API function calls to regulate the context switching of multitasking programs. A prototype implementation of the interaction model was applied to eight benchmark programs of the Erika OS and a control program with real-scale complexity from the automotive domain. It was shown that the framework supports systematic and effective verification of multitasking embedded software, which has not been possible using code-level model checking.
Highlights
Embedded software1 [15] controls hardware devices and typically runs on top of an operating system as the sole software on the target device
The fact that, unlike typical general-purpose computer-based systems, the control software does not share operating system services with other applications makes it possible to optimize the software for memory efficiency, system safety, and performance at the cost of higher interdependency with its underlying operating system
Formal verification approaches for multitasking embedded software have mostly focused on the control logic separately from the operating systems (OS) [1], [13], [30], [35], [38]–[40], [45], [47], which often produces a large number of false alarms due to the over-approximation of the environment, including the operating system
Summary
Embedded software1 [15] controls hardware devices and typically runs on top of an operating system as the sole software on the target device. The fact that, unlike typical general-purpose computer-based systems, the control software does not share operating system services with other applications makes it possible to optimize the software for memory efficiency, system safety, and performance at the cost of higher interdependency with its underlying operating system. It formally defines an interaction model and an application wrapper that enable heterogeneous composition of a model of the operating system and the source code of embedded control software. Comparative experiments with existing state-of-art verification approaches on a set of benchmark programs for Erika OS [17] and a representative embedded control software (Winlift [34]) in the automotive domain demonstrate that the use of this interaction model improves verification accuracy and is more scalable, outperforming the state-of-art verification tools.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
