A spiral process of formalization and verification: A case study on verification of the scheduling mechanism of OSEK/VDX

Formalization and verification of a system usually are not one time tasks due to the increasing complexity of software systems. The relation between formalization and verification should not be sequential but iterative in that verification follows formalization and in turn helps validate and refine formalization. The iteration is a spiral process with a formal model being incrementally developed and more properties being verified. In this paper, we present such a spiral process of doing formalization and verification with a concrete case study to demonstrate how we formalize and verify in the spiral manner a scheduling mechanism and Priority Ceiling Protocol (PCP) of an industrial automobile standard called OSEK/VDX. We choose an algebraic formal language called CafeOBJ for its features of modularity and interactive theorem proving functionality. We start with a prototypical model of the scheduling mechanism, validate and refine it based on verification results. By theorem proving, it reinforces our understanding of the specifications and their gap with the specified problem domains. The formal model is refined until all these properties are successfully proved. We incrementally extend it to formalize PCP and verify more properties such as deadlock freedom and priority inversion freedom.

[1]  James R. Larus,et al.  Debugging temporal specifications with concept analysis , 2003, PLDI '03.

[2]  Lui Sha,et al.  Priority Inheritance Protocols: An Approach to Real-Time Synchronization , 1990, IEEE Trans. Computers.

[3]  Akira Fukuda,et al.  Towards Formal Description of Standards for Automotive Operating Systems , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[4]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[5]  Kazuhiro Ogata,et al.  CafeOBJ: Logical Foundations and Methodologies , 2003, Comput. Artif. Intell..

[6]  Roderick Bloem,et al.  Debugging Unrealizable Specifications with Model-Based Diagnosis , 2010, Haifa Verification Conference.

[7]  Richard A. Kemmerer,et al.  Testing Formal Specifications to Detect Design Errors , 1985, IEEE Transactions on Software Engineering.

[8]  Bruno Dutertre Formal analysis of the priority ceiling protocol , 2000, Proceedings 21st IEEE Real-Time Systems Symposium.

[9]  Jianqi Shi,et al.  ORIENTAIS: Formal Verified OSEK/VDX Real-Time Operating System , 2012, 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems.

[10]  Qin Li,et al.  Modeling and Verifying the Code-Level OSEK/VDX Operating System with CSP , 2011, 2011 Fifth International Conference on Theoretical Aspects of Software Engineering.

[11]  Toshiaki Aoki Model Checking Multi-Task Software on Real-Time Operating Systems , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[12]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[13]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[14]  Samira Sadaoui,et al.  Implementation of CafeOBJ Specifications to Java Code , 2006, SEKE.

[15]  José Meseguer,et al.  Principles of OBJ2 , 1985, POPL.

[16]  Kokichi Futatsugi Fostering Proof Scores in CafeOBJ , 2010, ICFEM.

[17]  Kazuhiro Ogata,et al.  Some Tips on Writing Proof Scores in the OTS/CafeOBJ Method , 2006, Essays Dedicated to Joseph A. Goguen.

[18]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[19]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[20]  Taratip Suwannasart,et al.  An Automatic Approach to Transform CafeOBJ Specifications to Java Template Code , 2003, Software Engineering Research and Practice.

[21]  Kazuhiro Ogata,et al.  Principles of proof scores in CafeOBJ , 2012, Theor. Comput. Sci..