Safety analysis of Trampoline OS using model checking: An experience report

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

17 Scopus citations

Abstract

Model checking is an effective technique used to identify subtle problems in software safety. Its comprehensive search method on system state space provides high-level confidence regarding verification results, and its automated counterexample generation facility is a useful tool for tracing potential safety bugs. However, this comprehensiveness requires a large amount of resources and is often too expensive to be applied in practice. This work reports our experience with the software safety analysis of the Trampoline operating system using model checking. Trampoline OS is an open source operating system for automotive electronic/electrical devices based on the OSEK/VDX international standard. We present methods for converting the Trampoline kernel code into formal models and a series of experiments using an incremental verification approach. The conversion methods include functional modularization and treatment for hardware-dependent code, such as context-switching behavior. The incremental verification approach aims at increasing the level of confidence in the verification even when comprehensiveness cannot be provided due to the limitations of the hardware resource. We also report on a safety bug found in the Trampoline kernel during the experiments.

Original languageEnglish
Title of host publicationProceedings - 22nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2011
Pages200-209
Number of pages10
DOIs
StatePublished - 2011
Event22nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2011 - Hiroshima, Japan
Duration: 29 Nov 20112 Dec 2011

Publication series

NameProceedings - International Symposium on Software Reliability Engineering, ISSRE
ISSN (Print)1071-9458

Conference

Conference22nd IEEE International Symposium on Software Reliability Engineering, ISSRE 2011
Country/TerritoryJapan
CityHiroshima
Period29/11/112/12/11

Keywords

  • Model Checking
  • OSEK/VDX
  • Safety Analysis
  • Trampoline Operating System

Fingerprint

Dive into the research topics of 'Safety analysis of Trampoline OS using model checking: An experience report'. Together they form a unique fingerprint.

Cite this