Experiences in embedded scheduling

  • David M. Jackson
Session 7a: Model Checking (1)
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1051)


This paper summarises a number of features of several recent projects in the field of high-integrity embedded system design, and in particular in the design and verification of schedulers and schedules for such systems. It discusses the technical issues of modelling the timing requirements and features of such software with reference to the CSP language and the FDR model checking tool, and makes some observations about the choice and availability of data, re-use of modelling effort, and presentation of results. The technical work is illustrated by a small example, and shows a variety of useful modelling idioms rather than new mathematical results. The final section discusses the applicability of the present process, and attempts to draw conclusions regarding the wider application of formal methods.


Embed System Task Execution Minor Cycle Communicate Sequential Process Execution Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    G. Berry and G. Gonthier. The ESTEREL synchronous programming language: design, semantics, implementation. Science of Computer Programming, 1992.Google Scholar
  2. 2.
    S. Campos, E. Clarke, W. Marrero, and M. Minea. Timing analysis of industrial real-time systems. In Workshop on Industrial-Strength Formal Specification Techniques (WIFT'95), pages 97–107. IEEE, 1995.Google Scholar
  3. 3.
    D. Harel. STATECHARTS: A visual formalism for complex systems. Science of Computer Programming, 1987.Google Scholar
  4. 4.
    C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1985.Google Scholar
  5. 5.
    David M. Jackson. Verifying Timing Properties of Static Schedulers. Contractors report to U.S. ONR SBIR N00014-93-C-0213, Formal Systems Design and Development, Inc., P.O. Box 3004, Auburn, AL 36831-3004, 1995.Google Scholar
  6. 6.
    X. Nicollin, J.L. Richier, J. Sifakis, and J. Voiron. ATP: an algebra for timed processes. In Proceedings IFIP Working Group Conference on Programming Concepts and Methods, pages 402–429. Springer-Verlag, 1990.Google Scholar
  7. 7.
    Sam Owre, John Rushby, Natarajan Shankar, and Friedrich von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. In Transactions on Software Engineering Vol.21, pages 107–125. IEEE, 1995.Google Scholar
  8. 8.
    Oxford TCSP Group. Timed CSP: Theory and practice. In Proceedings of REX Workshop, Nijmegen. Springer-Verlag, 1991.Google Scholar
  9. 9.
    Requirements and Technical Concepts for Aviation, Washington, DC. DO-178B: Software Considerations in Airborne Systems and Equipment Certification, 1992.Google Scholar
  10. 10.
    A.W. Roscoe. Modelling discrete time in untimed CSP. Contractors report to U.S. ONR SBIR N00014-93-C-0213, Formal Systems Design and Development, Inc., P.O. Box 3004, Auburn, AL 36831-3004, 1995.Google Scholar
  11. 11.
    A.W. Roscoe et al. Hierarchical Model-checking for CSP. In Proceedings of TACAS '95. Springer-Verlag, 1995.Google Scholar
  12. 12.
    John Rushby. Formal Methods and their Role in the Certification of Critical Systems. Technical report SRI-CSL-95-01, SRI International, 1995.Google Scholar
  13. 13.
    UK Ministry of Defence. Interim Defence Standard 00-55: The Procurement of Safety Critical Software in Defence Equipment, April 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • David M. Jackson
    • 1
    • 2
  1. 1.Formal Systems Design & Development, Inc.AuburnUSA
  2. 2.Formal Systems (Europe) LtdOxfordUK

Personalised recommendations