Abstract
The safety and reliability of automotive systems are becoming a big concern in our daily life. Recently, a functional safety standard which specializes in automotive systems has been proposed by the ISO. In addition, electrical throttle systems have been inspected by NHTSA and NASA due to the unintended acceleration problems of Toyota’s cars. In light of such recent circumstances, we are researching practical applications of formal methods to ensure the high quality of automotive operating systems. An operating system which we focus on is the one conforming to the OSEK/VDX standard. This chapter shows a case study where model checking is applied to a commercial automotive operating system. In this case study, the model checking is combined with testing in order to efficiently and effectively verify the operating system. As a result, we gained the confidence that the quality of the operating system is very high.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ISO 26262 Road vehicles—functional safety (2011)
Technical Assessment of Toyota Electronic Throttle Control Systems, NHTSA (2011)
OSEK/VDX Operating System Specication 2.2.3 (2005)
Specification of Operating System 4.0.0, AUTOSAR (2009)
L. Sha et al., Priority inheritance protocols: an approach to real-time synchronization. IEEE Trans. Comput. 39(9), 1175–1185 (1990)
G.J. Holzmann, The Spin Model Checker (2004)
J. Penix et al., Verifying time partitioning in the DEOS scheduling kernel. Formal Methods Syst. Des. 26(2), 103–135 (2005)
M. Dwyer, C. Pasareanu, Filter-based model checking of partial systems, in Foundations of Software Engineering (1998), pp. 189–202
K. Yatake, T. Aoki, Automatic generation of model checking scripts based on environment modeling, in International SPIN Workshop on Model Checking of Software (2010), pp. 58–75
Object: Unified Modeling Language: Superstructure, version 2.1.2 (2007)
J. Warmer, A. Kleppe, The Object Constraint Language: Precise Modeling with UML (Addison-Wesley, Boston, 1999)
K. Yatake, T. Aoki, SMT-based enumeration of object graphs from UML class diagrams. ACM SIGSOFT Softw. Eng. Notes 37(4), 1–8 (2012). International Workshop UML and Formal Methods
D. Lee, M. Yannakakis, Principles and methods of testing finite state machines—a survey. Proc. IEEE 84(8), 1090–1123 (1996)
G. Fraser, F. Wotawa, P. Ammann, Testing with model checkers: a survey. J. Softw. Test. Verification Reliab. 19(3), 215–261 (2009)
G. Klein, Operating system verification—an overview. Sādhanā 34(1), 26–69 (2009)
G. Klein et al., seL4: formal verification of an OS kernel, in ACM Symposium on Operating Systems Principles (2009), pp. 207–220
G. Klein et al., Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst. 32(1), 1–70 (2014)
C. Pasareanu, DEOS kernel: environment modeling using LTL assumptions. NASA ames technical report NASA-ARC-IC-2000-196, NASA Ames Research Center (2000)
L. Zhu et al., Formalizing application programming interfaces of the OSEK/VDX operating system specification, in Theoretical Aspects of Software Engineering (2011), pp. 27–34
E. Cohen et al., VCC: a practical system for verifying concurrent C, in International Conference on Theorem Proving in Higher Order Logics (2011), pp. 23–42
Y. Huang et al., Modeling and verifying the code-level OSEK/VDX operating system with CSP, in Theoretical Aspects of Software Engineering (2011), pp. 142–149
PAT, Process Analysis Toolkit 2.9 User Manual. Software Engineering Lab, School of Computing, National University of Singapore (2007)
Y. Choi, Safety analysis of trampoline os using model checking: an experience report, in International Symposium on Software, Reliability Engineering (2011), pp. 200–209
Y. Choi, Model checking trampoline OS: a case study on safety analysis for automotive software. Softw. Test. Verification Reliabil. 24(1), 38–60 (2014)
Trampoline—open source RTOS project, http://trampoline.rtssoftware.org
K. Yatake, T. Aoki, Model checking of OSEK/VDX OS design model based on environment modeling, in International Colloquium on Theoretical Aspect of Computing (2012), pp. 183–197
J. Chen, T. Aoki, Conformance testing for OSEK/VDX operating system using model checking, in Asia-Pacific Software Engineering Conference (2011), pp. 274–281
J.M. Spivey, The Z notation: a reference manual (1992)
IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems (1998)
Y. Tahara, N. Yoshioka, K. Taguchi, T. Aoki, S. Honiden, Evolution of a course on model checking for practical applications. ACM SIGCSE Bull. 41(2), 38–44 (2009)
H. Nishihara, K. Shinozaki, K. Hayamizu, T. Aoki, K. Taguchi, F. Kumeno, Model checking education for software engineers in Japan. ACM SIGCSE Bull. 41(2), 45–50 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Aoki, T., Satoh, M., Tani, M., Yatake, K., Kishi, T. (2017). Combined Model Checking and Testing Create Confidence—A Case on Commercial Automotive Operating System. In: Nakajima, S., Talpin, JP., Toyoshima, M., Yu, H. (eds) Cyber-Physical System Design from an Architecture Analysis Viewpoint. Springer, Singapore. https://doi.org/10.1007/978-981-10-4436-6_5
Download citation
DOI: https://doi.org/10.1007/978-981-10-4436-6_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4435-9
Online ISBN: 978-981-10-4436-6
eBook Packages: Computer ScienceComputer Science (R0)