Formal model-based conformance verification of an OSEK/VDX compliant RTOS

The conformance of a real time operating system (RTOS) to the OSEK/VDX standard is usually achieved by doing tests where a set of test cases is performed on the RTOS. However, in an embedded system, it is often necessary to specialize (configure) the code of the RTOS according to the requirements of the application. For such specialized RTOS, some conformance test cases can not be applied because they need some functionalities that are not supported anymore. This paper presents a model-based conformance verification of a RTOS with the OSEK/VDX standard. The method is applied on Trampoline RTOS which is used both for industry and academic purposes and which have been entirely and formally modeled by a product of extended finite automata embedding its source code. The first step is the construction of a complete model that describes the interaction between the application and the RTOS. In the second step all OSEK/VDX conformance test cases are translated into observers and composed with the complete model. Then, for a particular application, The observers allow to check if the RTOS model meets the OSEK/VDX specification. The interest of our approach is twofold: i) it allows to check the OSEK/VDX conformance of the complete version of the Trampoline RTOS; ii) for a specialized version of the RTOS, it identifies the relevant test cases for the given application, that require a very carefully conformance testing.

[1]  Wolfgang Schröder-Preikschat,et al.  Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring , 2013, NDSS.

[2]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[3]  Qin Li,et al.  Modeling and Verifying the Code-Level OSEK/VDX Operating System with CSP , 2011, 2011 Fifth International Conference on Theoretical Aspects of Software Engineering.

[4]  Olivier H. Roux,et al.  Formal Synthesis of Optimal RTOS , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[5]  Toshiaki Aoki,et al.  Verifying OSEK/VDX OS Design Using Its Formal Specification , 2016, 2016 10th International Symposium on Theoretical Aspects of Software Engineering (TASE).

[6]  Toshiaki Aoki,et al.  Conformance Testing for OSEK/VDX Operating System Using Model Checking , 2011, 2011 18th Asia-Pacific Software Engineering Conference.

[7]  Yunja Choi,et al.  Safety Analysis of Trampoline OS Using Model Checking: An Experience Report , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[8]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[9]  Takashi Kitamura,et al.  Formal Model-Based Test for AUTOSAR Multicore RTOS , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[10]  Olivier H. Roux,et al.  Formal Model-Based Synthesis of Application-Specific Static RTOS , 2017, ACM Trans. Embed. Comput. Syst..

[11]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[12]  Jean-Luc Béchennec,et al.  Trampoline An Open Source Implementation of the OSEK/VDX RTOS Specification , 2006, 2006 IEEE Conference on Emerging Technologies and Factory Automation.