Modeling and Verification of A Timing Protection Mechanism in the OSEK/VDX OS using CSP

Author:

Huang Yanhong1ORCID,Pang Haiping2,Shi Jianqi1ORCID

Affiliation:

1. National Trusted Embedded Software Engineering Technology Research Center, East China Normal University, 3663 N. Zhongshan Rd., Shanghai, China

2. Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, 3663 N. Zhongshan Rd., Shanghai, China

Abstract

Abstract The functions of automobiles are becoming increasingly intelligent, which leads to the increasing number of electrical control units for one automobile. Hence, it makes software migration and extension more complicated. In order to avoid these problems, the standard OSEK/VDX has been proposed jointly by a German automotive company consortium and the University of Karlsruhe. This standard provides specifications for the development of automotive software, this standard has become one of the major standards for real-time automotive operating systems (OSs). Since errors in the automotive OS may pose threat to the safety of people in a vehicle, it is necessary to verify the correctness of the OSEK OS which is used by many manufacturers around the world. Formal methods can be adopted to verify the correctness of both software and hardware. Therefore, we propose a formal model of the OSEK OS at the code level and verify three significant properties of the OSEK-based system. In this study, the code-level OSEK OS is verified to ensure compliance with the specifications. An automotive OS always requires that the systemreacts in a timelymanner to external events and performs the computations within the timing constraints. However, there is a possibility that the running time of the tasks exceeds the timing requirements due to the complexity of the tasks. Therefore, by referring to one of the extensions of the OSEK OS, Automotive Open System Architecture (AUTOSAR), we proposed tpOSEK, which is capable of extending the OSEK OS with a timing protection mechanism in AUTOSAR in this study. In our previous study, it was verified that the higher-priority task cannot be preempted by lower-priority tasks. In this paper, after improvement made to the OSEK OS model by adding interrupt service routine models and alarms, and extension of the OSEK OS model with a timing protection model, we have verified that tpOSEK satisfies three significant properties, which include deadlock f ree, complete and no timeout. These properties represent the basic conditions for the systemto run smoothly. If such properties as deadlock f ree and complete are satisfied, it means no deadlock is encountered by this system and all of the tasks can be scheduled completely. Moreover, if the property timeout cannot be satisfied, it means that none of the tasks would miss the deadline. Based on the tpOSEK model, the correct timing protection APIs can be designed at the code level. Thus, by extending the OSEKOSwith theseAPIs,we can update theOSEKOS faster and the need tomodify the dependent applications can be removed. Furthermore, we have constructed formal models for two industrial cases based on tpOSEK OS to demonstrate the soundness of our methods.

Funder

National Natural Science Foundation of China

Science and Technology Commission of Shanghai Municipality

Publisher

Association for Computing Machinery (ACM)

Subject

Theoretical Computer Science,Software

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3