Bounded model checking technique for interrupt-driven systems

被引：0

作者：

State Key Laboratory for Novel Software Technology , Nanjing ^{[1
]}

210023, China

不详 ^{[2
]}

210093, China

不详 ^{[3
]}

710072, China

不详 ^{[4
]}

210023, China

不详 ^{[5
]}

100094, China

机构：

[1] State Key Laboratory for Novel Software Technology (Nanjing University), Nanjing

[2] Institute of Software Engineering, Nanjing University, Nanjing

[3] School of Computer Science and Engineering, Northwestern Polytechnical University, Xi'an

[4] Department of Computer Science and Technology, Nanjing University, Nanjing

[5] China Academy of Space Technology, Beijing

来源：

Ruan Jian Xue Bao | / 10卷 / 2485-2503期

关键词：

Bounded model checking; Deadline detection; Interrupt-driven system;

D O I：

10.13328/j.cnki.jos.004790

中图分类号：

学科分类号：

摘要：

This paper proposes an approach to model and verify a certain class of interrupt-driven aerospace control systems. These interrupt-driven systems consist of interrupt handlers and system-scheduling tasks. When an interrupt event occurs, the corresponding interrupt-handler executes in response. An interrupt-handler may leave some post-processing works to the system tasks by setting some control variables to certain values. The operating system schedules a set of tasks periodically to deal with routine tasks and some post-processing of interrupt events. In this paper, timed automata labeled with interrupts are used to model interrupt events and task scheduling events. The execution processes of interrupts are modeled by pseudo-code of interrupt handlers and the interrupt vector. Control variables are used to model the interactions between interrupt processing and system tasks while the tasks perform post-processing of interrupts according to the values of control variables set by interrupt handlers. A bounded model checking algorithm is presented in this paper to check these models w.r.t some important timing properties. The algorithm explores all feasible paths in K steps using the depth-first searching method. During the exploring process, time constraints and time requirements in the specification are calculated by the SMT solver Z3. © Copyright 2015, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

引用

页码：2485 / 2503

页数：18

共 18 条

[1] Silberschatz A., Galvin P.B., Gagne G., Operating System Concepts, (2008)
[2] Walker W., Cragon H.G., Interrupt processing in concurrent processors, IEEE Computer, 28, 6, pp. 36-46, (1995)
[3] Clarke E.M., Grumberg O., Peled D.A., Model Checking
[4] Alur R., Dill D.L., A theory of timed automata, Theoretical Computer Science, 126, 2, pp. 183-235, (1994)
[5] Henzinger T.A., The theory of hybrid automata, Verification of Digital and Hybrid Systems, 170, pp. 265-292, (2000)
[6] Biere A., Cimatti A., Clarke E., Zhu Y.S., Symbolic model checking without BDDs, Proc. of the Tools and Algorithms for the Construction and Analysis of Systems, pp. 193-207, (1999)
[7] Amla N., Kurshan R., McMillan K.L., Medel R., Experimental analysis of different techniques for bounded model checking, Proc. of the Tools and Algorithms for the Construction and Analysis of Systems, pp. 34-48, (2003)
[8] Brylow D., Damgaard N., Palsberg J., Static checking of interrupt-driven software, Proc. of the 23rd Int'l Conf. on Software Engineering, pp. 47-56, (2001)
[9] Brylow D., Palsberg J., Deadline analysis of interrupt-driven software, IEEE Trans. on Software Engineering, 30, 10, pp. 634-655, (2004)
[10] Stoddart B., Cansell D., Zeyda F., Modeling and proof analysis of interrupt driven scheduling, Proc. of the Formal Specification and Development in B 2007, pp. 155-170, (2006)

← 1 2 →