Verification of time partitioning in the DEOS scheduler kernel

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Verification of time partitioning in the DEOS scheduler kernel

Full text

Pdf (112 KB)

Source

International Conference on Software Engineering archive
Proceedings of the 22nd international conference on Software engineering table of contents

Limerick, Ireland

Pages: 488 - 497

Year of Publication: 2000

ISBN:1-58113-206-9

Authors

John Penix	Automated Software Engineering Group, NASA Ames Research Center, Moffet Field, CA
Willem Visser	Automated Software Engineering Group, NASA Ames Research Center, Moffet Field, CA
Eric Engstrom	Honeywell Technology Center, 3660 Technology Drive, Minneapolis, MN
Aaron Larson	Honeywell Technology Center, 3660 Technology Drive, Minneapolis, MN
Nicholas Weininger	Honeywell Technology Center, 3660 Technology Drive, Minneapolis, MN

Sponsors

IEEE-CS : Computer Society
SIGSOFT: ACM Special Interest Group on Software Engineering
Irish Comp Soc : Irish Computer Society

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 5, Downloads (12 Months): 37, Citation Count: 11

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/337180.337364 What is a DOI?

ABSTRACT

This paper describes an experiment to use the Spin model checking system to support automated verification of time partitioning in the Honeywell DEOS real-time scheduling kernel. The goal of the experiment was to investigate whether model checking could be used to find a subtle implementation error that was originally discovered and fixed during the standard formal review process. To conduct the experiment, a core slice of the DEOS scheduling kernel was first translated without abstraction from C++ into Promela (the input language for Spin). We constructed an abstract “test-driver” environment and carefully introduced several abstractions into the system to support verification. Several experiments were run to attempt to verify that the system implementation adhered to the critical time partitioning requirements. During these experiments, the known error was rediscovered in the time partitioning implementation. We believe this case study provides several insights into how to develop cost-effective methods and tools to support the software design and implementation review process.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Richard J. Anderson , Paul Beame , Steve Burns , William Chan , Francesmary Modugno , David Notkin , Jon D. Reese, Model checking large software specifications, Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering, p.156-166, October 16-18, 1996, San Francisco, California, United States
	2	Pam Binns. Design document for slack scheduling in deos, draft alpha.3. Honeywell, September 1998.
	3	William Chan , Richard J. Anderson , Paul Beame , David H. Jones , David Notkin , William E. Warner, Decoupling synchronization from local control for efficient symbolic model checking of statecharts, Proceedings of the 21st international conference on Software engineering, p.142-151, May 16-22, 1999, Los Angeles, California, United States [doi>10.1145/302405.302460]
	4	Edmund M. Clarke , Orna Grumberg , David E. Long, Verification Tools for Finite-State Concurrent Systems, A Decade of Concurrency, Reflections and Perspectives, REX School/Symposium, p.124-175, June 01-04, 1993
	5	Edmund M. Clarke , Orna Grumberg , David E. Long, Model checking and abstraction, ACM Transactions on Programming Languages and Systems (TOPLAS), v.16 n.5, p.1512-1542, Sept. 1994 [doi>10.1145/186025.186051]
	6	E. M. Clarke , E. A. Emerson , A. P. Sistla, Automatic verification of finite-state concurrent systems using temporal logic specifications, ACM Transactions on Programming Languages and Systems (TOPLAS), v.8 n.2, p.244-263, April 1986 [doi>10.1145/5397.5399]
	7	Zhe Dang , Richard A. Kemmerer, Using the ASTRAL model checker to analyze mobile IP, Proceedings of the 21st international conference on Software engineering, p.132-141, May 16-22, 1999, Los Angeles, California, United States [doi>10.1145/302405.302459]
	8	Satyaki Das , David L. Dill , Seungjoon Park, Experience with Predicate Abstraction, Proceedings of the 11th International Conference on Computer Aided Verification, p.160-171, July 06-10, 1999
	9	Claudio Demartini , Radu Iosif , Riccardo Sisto, dSPIN: A Dynamic Extension of SPIN, Proceedings of the 5th and 6th International SPIN Workshops on Theoretical and Practical Aspects of SPIN Model Checking, p.261-276, September 21-24, 1999
	10	Matthew B. Dwyer , Corina S. Pasareanu, Filter-based model checking of partial systems, Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering, p.189-202, November 01-05, 1998, Lake Buena Vista, Florida, United States
	11	Susanne Graf , Hassen Saïdi, Construction of Abstract State Graphs with PVS, Proceedings of the 9th International Conference on Computer Aided Verification, p.72-83, June 22-25, 1997
	12	John Hatcliff , Matthew B. Dwyer , Shawn Laubach, Staging Static Analyses Using Abstraction-Based Program Specialization, Proceedings of the 10th International Symposium on Principles of Declarative Programming, p.134-151, September 16-18, 1998
	13	K. Havelund and T. Pressburger. Model checking java programs using java pathfinder. International Journal on Software Tools for Technology Transfer, 1999.
	14	Gerard J. Holzmann, The Model Checker SPIN, IEEE Transactions on Software Engineering, v.23 n.5, p.279-295, May 1997 [doi>10.1109/32.588521]
	15	Gerard J. Holzmann , Margaret H. Smith, Software Model Checking, Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX), p.481-497, October 05-08, 1999
	16	J. Penix, W. Visser, E. Engstrom, A. Larson, and N. Weininger. Translation and verification of the DEOS scheduling kernel. Technical report, NASA Ames Research Center / Honeywell Technology Center, October 1999.
	17	Corina S. Pasareanu , Matthew B. Dwyer , Michael Huth, Assume-Guarantee Model Checking of Software: A Comparative Case Study, Proceedings of the 5th and 6th International SPIN Workshops on Theoretical and Practical Aspects of SPIN Model Checking, p.168-183, September 21-24, 1999
	18	Jean-Pierre Queille , Joseph Sifakis, Specification and verification of concurrent systems in CESAR, Proceedings of the 5th Colloquium on International Symposium on Programming, p.337-351, April 06-08, 1982
	19	RTCA Special Committee 167. Software considerations in airborne systems and equipment certification. Technical Report DO-178B, RTCA, Inc., dec 1992.
	20	Tomas E. Uribe Restrepo , Zohar Manna, Abstraction-based deductive-algorithmic verification of reactive systems, 1999
	21	W. Visser, K. Havelund, and J. Penix. Adding Active Objects to SPIN. In Proceedings of the 5th SPIN Workshop, Trento, Italy, July 1999.

CITED BY 11

	Darren D. Cofer , Murali Rangarajan, Simulation and verification II: event-triggered environments for verification of real-time systems, Proceedings of the 35th conference on Winter simulation: driving innovation, December 07-10, 2003, New Orleans, Louisiana
	William Visser , SeungJoon Park , John Penix, Using predicate abstraction to reduce object-oriented programs for model checking, Proceedings of the third workshop on Formal methods in software practice, p.3-182, August 2000, Portland, Oregon, United States
	Darren Cofer , Eric Engstrom , Robert Goldman , David Musliner , Steve Vestal, Applications of model checking at Honeywell Laboratories, Proceedings of the 8th international SPIN workshop on Model checking of software, p.296-303, May 2001, Toronto, Ontario, Canada
	Matthew B. Dwyer , John Hatcliff , Roby Joehanes , Shawn Laubach , Corina S. Păsăreanu , Hongjun Zheng , Willem Visser, Tool-supported program abstraction for finite-state verification, Proceedings of the 23rd International Conference on Software Engineering, p.177-187, May 12-19, 2001, Toronto, Ontario, Canada
	Willem Visser , Corina S. Pǎsǎreanu , Sarfraz Khurshid, Test input generation with java PathFinder, ACM SIGSOFT Software Engineering Notes, v.29 n.4, July 2004
	Jia Xu, On Inspection and Verification of Software with Timing Requirements, IEEE Transactions on Software Engineering, v.29 n.8, p.705-720, August 2003
	John Penix , Willem Visser , Seungjoon Park , Corina Pasareanu , Eric Engstrom , Aaron Larson , Nicholas Weininger, Verifying Time Partitioning in the DEOS Scheduling Kernel, Formal Methods in System Design, v.26 n.2, p.103-135, March 2005
	Oksana Tkachuk , Sreeranga P. Rajan, Application of automated environment generation to commercial software, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA
	Julia L. Lawall , Gilles Muller , Luciano Porto Barreto, Capturing OS expertise in an event type system: the Bossa experience, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Alex Groce , Willem Visser, Model checking Java programs using structural heuristics, ACM SIGSOFT Software Engineering Notes, v.27 n.4, July 2002
	Vu Ha , Murali Rangarajan , Darren Cofer , Harald Rues , Bruno Dutertre, Feature-Based Decomposition of Inductive Proofs Applied to Real-Time Avionics Software: An Experience Report, Proceedings of the 26th International Conference on Software Engineering, p.304-313, May 23-28, 2004