Testing the IPC Protocol for a Real-Time Operating System
In this paper, we adapt model-based testing techniques to concurrent code, namely for test generations of an (industrial) OS kernel called PikeOS. Since our data-models are complex, the problem is out of reach of conventional model-checking techniques. Our solution is based on symbolic execution implemented inside the interactive theorem proving environment Isabelle/HOL extended by a plugin with test generation facilities called HOL-TestGen.
As a foundation for our symbolic computing techniques, we refine the theory of monads to embed interleaving executions with abort, synchronization, and shared memory to a general but still optimized behavioral test framework.
This framework is instantiated by a model of PikeOS inter-process communication system-calls. Inheriting a micro-architecture going back to the L4 kernel, the system calls of the IPC-API are internally structured by atomic actions; according to a security model, these actions can fail and must produce error-codes. Thus, our tests reveal errors in the enforcement of the security model.
KeywordsTest program generation Symbolic test case generations Black box testing Testing operating systems Certification CC Concurrency Interleaving
This work was partially supported by the Euro-MILS project funded by the European Union’s Programme [FP7/2007-2013] under grant agreement number ICT-318353.
- 1.Hierons, R.M., Bowen, J.P., Harman, M. (eds.): FORTEST. LNCS, vol. 4949. Springer, Heidelberg (2008)Google Scholar
- 7.Euro-Mils. http://www.euromils.eu/
- 10.Härtig, H., Hohmuth, M., Liedtke, J., Schönberg, S., Wolter, J.: The performance of microkernel-based systems. In: SOSP (1997)Google Scholar
- 11.Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: SOSP, pp. 207–220 (2009)Google Scholar
- 12.Liedtke, J.: On \(\mu \)-kernel construction. SOSP 29(5), 237–250 (1995)Google Scholar
- 14.Common criteria for information technology security evaluation. http://www.commoncriteriaportal.org/
- 15.Musuvathi, M., Qadeer, S., Ball, T.: Chess: a systematic testing tool for concurrent software. Technical report MSR-TR-2007-149, Microsoft Research (2007)Google Scholar
- 17.Shan Lu, W.J., Zhou, Y.: A study of interleaving coverage criteria. In: ESEC-FSE Companion, pp. 533–536 (2007)Google Scholar
- 19.SYSGO: PikeOS Fundamentals. SYSGO (2013)Google Scholar
- 20.SYSGO: PikeOS Kernel. SYSGO (2013)Google Scholar