Using model checking for verification of partitioning properties in integrated modular avionics

Time partitioning is a crucial property for integrated modular avionics architectures, particularly those in which applications of different criticalities run on the same processor. In a time-partitioned operating system, the scheduler is responsible for ensuring that the actions of one thread cannot affect other threads' guaranteed access to CPU execution time. However, the large number of variables affecting application execution interleavings makes it difficult and costly to verify time partitioning by traditional means. We believe that automated model checking is a promising technique for verifying the correct design of partitioning algorithms. Our experience with modeling the DEOS scheduler shows that expressive models can be produced at a reasonable cost. Using automated model checking can increase design assurance by allowing coverage of a larger range of execution interleavings than can feasibly be covered by traditional testing. Furthermore, model checking can decrease development and testing costs by finding design errors early in the development cycle.

[1]  Ben L. DiVito A Formal Model of Partitioning for Integrated Modular Avionics , 1998 .

[2]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[3]  John Rushby,et al.  Formal Methods and their Role in the Certification of Critical Systems , 1997 .

[4]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[5]  Edmund M. Clarke,et al.  Verification Tools for Finite-State Concurrent Systems , 1993, REX School/Symposium.

[6]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[7]  Chung Laung Liu,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[8]  John Penix,et al.  Verification of time partitioning in the DEOS scheduler kernel , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[9]  Matthew B. Dwyer,et al.  Slicing Software for Model Construction , 2000, High. Order Symb. Comput..