Component-based approach to run-time kernel specification and verification

The traditional approach to high-integrity embedded system development has been to develop and verify the application with the assumption that either the operating system services have deterministic behaviour with well understood operational semantics or that the operating system itself is certified. Formal verification approaches have focused on modelling the application at the right level of abstraction and verifying specific properties based on the model. The effective use of formal methods in high-integrity embedded system development requires efficient models of both the application and the underlying operating system services. Software implemented operating systems pose significant complexity constraints in terms of creating usable models. This paper presents a component-based formal model of a hardware-implemented run-time kernel. It builds on work carried out earlier for the LAMR kernel (K. Lundqvist and L. Asplund, 2003). The components are designed to allow easy deployment, and can be replicated to enable system growth. Additionally, the kernel presented in this paper supports multiprocessor scheduling.

[1]  Juan Zamorano,et al.  The design and implementation of the open Ravenscar kernel , 2001, IRTAW '00.

[2]  Juan Antonio de la Puente,et al.  The design and implementation of the open Ravenscar kernel , 2001 .

[3]  Sergio Yovine,et al.  KRONOS: a verification tool for real-time systems , 1997, International Journal on Software Tools for Technology Transfer.

[4]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[5]  Pao-Ann Hsiung,et al.  A state graph manipulator tool for real-time system specification and verification , 1998, Proceedings Fifth International Conference on Real-Time Computing Systems and Applications (Cat. No.98EX236).

[6]  Juan Zamorano,et al.  Precise response time analysis for Ravenscar kernels , 2002, IRTAW '02.

[7]  Lars Asplund,et al.  A Ravenscar-Compliant Run-time Kernel for Safety-Critical Systems* , 2004, Real-Time Systems.

[8]  Sami Evangelista,et al.  Quasar: A New Tool for Concurrent Ada Programs Analysis , 2003, Ada-Europe.

[9]  Alan Burns,et al.  The Ravenscar tasking profile for high integrity real-time programs , 1998, SIGAda '98.

[10]  P. N. Amey,et al.  Static analysis of Ravenscar programs , 2003 .

[11]  Alan Burns,et al.  Guide for the use of the Ada Ravenscar Profile in high integrity systems , 2004, ALET.

[12]  Janusz Górski,et al.  Formal specification and verification of a real-time kernel , 1994, Proceedings Sixth Euromicro Workshop on Real-Time Systems.

[13]  Gustaf Naeser,et al.  Extended abstract: evaluation of delay queues for a Ravenscar HW kernel , 2005, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2005. MEMOCODE '05..

[14]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[15]  Johan Furunäs Evaluation of Delay Queues for a Ravenscar Hardware Kernel , 2005 .

[16]  Lennart Lindh,et al.  A Comparison of Multiprocessor Real-Time Operating Systems Implemented in Hardware and Software , 2003 .

[17]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[18]  Sami Evangelista,et al.  Verifying linear time temporal logic properties of concurrent Ada programs with quasar , 2003, SIGAda.

[19]  Juan Antonio de la Puente,et al.  Precise response time analysis for Ravenscar kernels , 2002 .

[20]  Luis Miguel Pinho,et al.  Verifying, validating and monitoring the open Ravenscar real time kernel , 2003 .