TY - GEN
T1 - Safety analysis of Trampoline OS using model checking
T2 - 22nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2011
AU - Choi, Yunja
PY - 2011
Y1 - 2011
N2 - Model checking is an effective technique used to identify subtle problems in software safety. Its comprehensive search method on system state space provides high-level confidence regarding verification results, and its automated counterexample generation facility is a useful tool for tracing potential safety bugs. However, this comprehensiveness requires a large amount of resources and is often too expensive to be applied in practice. This work reports our experience with the software safety analysis of the Trampoline operating system using model checking. Trampoline OS is an open source operating system for automotive electronic/electrical devices based on the OSEK/VDX international standard. We present methods for converting the Trampoline kernel code into formal models and a series of experiments using an incremental verification approach. The conversion methods include functional modularization and treatment for hardware-dependent code, such as context-switching behavior. The incremental verification approach aims at increasing the level of confidence in the verification even when comprehensiveness cannot be provided due to the limitations of the hardware resource. We also report on a safety bug found in the Trampoline kernel during the experiments.
AB - Model checking is an effective technique used to identify subtle problems in software safety. Its comprehensive search method on system state space provides high-level confidence regarding verification results, and its automated counterexample generation facility is a useful tool for tracing potential safety bugs. However, this comprehensiveness requires a large amount of resources and is often too expensive to be applied in practice. This work reports our experience with the software safety analysis of the Trampoline operating system using model checking. Trampoline OS is an open source operating system for automotive electronic/electrical devices based on the OSEK/VDX international standard. We present methods for converting the Trampoline kernel code into formal models and a series of experiments using an incremental verification approach. The conversion methods include functional modularization and treatment for hardware-dependent code, such as context-switching behavior. The incremental verification approach aims at increasing the level of confidence in the verification even when comprehensiveness cannot be provided due to the limitations of the hardware resource. We also report on a safety bug found in the Trampoline kernel during the experiments.
KW - Model Checking
KW - OSEK/VDX
KW - Safety Analysis
KW - Trampoline Operating System
UR - http://www.scopus.com/inward/record.url?scp=84856880725&partnerID=8YFLogxK
U2 - 10.1109/ISSRE.2011.22
DO - 10.1109/ISSRE.2011.22
M3 - Conference contribution
AN - SCOPUS:84856880725
SN - 9780769545684
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 200
EP - 209
BT - Proceedings - 22nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2011
Y2 - 29 November 2011 through 2 December 2011
ER -