Longfei Zhu

Modeling and Verifying the Code-Level OSEK/VDX Operating System with CSP

As an automotive industry standard of operating system specification, OSEK/VDX is widely applied in the process of designing and implementing the static operating system and the corresponding interfaces for automotive electronics. It is challenging to explore an effective method to support large-scale correctness verification of OSEK/VDX specification. In this paper, we employ process algebra CSP to describe and reason about a real code-level OSEK/VDX operating system. Thus the whole system is formally modeled as a CSP process which is encoded and implemented in process analysis toolkit (PAT). Furthermore, the expected properties are described and expressed in terms of the first-order logic. The properties are also established and verified in our framework. The result indicates that the whole system is deadlock-free and the scheduling scheme is sound with respect to the specification.

Formal Modeling and Analyzing Kerberos Protocol

Kerberos protocol is one of the popular security protocols used to authenticate the identities of the communication participants. The key distribution mechanism in this protocol is suitable for other secure applications. We formalize the protocol using CSP methods. Based on the formal model, the mechanism of the protocol is exposed to us clearly. Principles and tools support the verification of the formal model. In that way, we can prove that the system protected by the protocol is indeed secure as it declared. The reasons for security can be fixed out formally as a reference to analyzing other protocols.

Modeling and Verification of CAN Bus with Application Layer using UPPAAL

Controller Area Network (CAN) is a high-speed serial bus system with real-time capability. In this paper, we present a formal model of the CAN bus protocol, mainly focusing on the arbitration process, transmission process, and fault confinement mechanism. Moreover, 11 important properties are formalized in terms of the protocol. Based on the verification tool UPPAAL, we describe the system model and properties for performing verification work of the CAN bus protocol. The verification results indicate that some properties are not satisfied in CAN bus system, most of which are caused by the starvation and bus-off nodes. On this basis, the dynamic priority scheduling algorithm and bus-off recovery mechanism are applied, which indicates that some problems can be solved on the application layer.

A Bigraphical Model of WSBPEL

In this paper, we give a bigraphical model for web services composition. We investigate how to represent scope-based compensation handing mechanism by means of Bigraphical Reactive Systems (13RSs for short), which have been proposed to provide a uniform way to model spatially distributed systems that both compute and communicate. The service composition language we focus on is WSBPEL, which is the standard of web service composition and orchestration. This bigraphical model can be regarded as a unifying semantics of BPEL-like languages with the key concepts related to compensation handling. The rationality of the model is discussed by investigating the relationship between BPEL language and BRSs. Based on the bigraphical model, the algebraic laws for BPEL are proved as well.

A Timing Verification Framework for AUTOSAR OS Component Development Based on Real-Time Maude

The AUTOSAR (AUTomotive Open System ARchitecture) is an open standard in automotive industry, aiming at unifying the methodology of the automotive software development. It is drawing increasing attention because of its great concern about the safety of automotive electronics. The safety of automotive electronics greatly depends on the Operating System (OS) components, which fully implement the functionality part of automotive applications. However, taking the complex timing protection mechanism of AUTOSAR OS and random occurrences of interrupt requests (IRs) into consideration, it is hard for the developers to design and configure the OS components correctly or even reconcilably. In this paper, we focus on the timing properties and propose an automatic verification framework, in which developers could analyze the timing behaviors and devise the OS components configuration. Furthermore, three important timing properties are expressed and can be verified in our framework, namely, schedulability, non-fault-propagation, and consistency. As a reduced version of AUTOSAR OS and auxiliary analysis modules have been implemented based on Real-Time Maude, developers could easily employ the tool to experiment with different configurations of OS components.

Formalizing Application Programming Interfaces of the OSEK/VDX Operating System Specification

OSEK/VDX Operating System Specification is a standard in automotive industry with a long history. Dozens of mature industrial operating systems are based on this specification and widely applied in the products of major automotive manufacturers. The verification of the operating system products is always a hard nut to crack. In this paper, we propose a formal specification of OSEK/VDX Operating System based on Hoare Logic, which helps us to get rid of the confusion and ambiguities of the informal specification. In this framework, the formalization of all the Application Programming Interfaces are made. As a case study, we link our framework to the formal verification tool VCC. Some errors are detected in a market-upcoming operating system product based on our framework. We conclude that our framework is feasible in verification of operating system.

A denotational model for instantaneous signal calculus

In this paper we explore an observation-oriented denotational semantics for instantaneous signal calculus which contains all conceptually instantaneous reactions of signal calculus for event-based synchronous languages. The healthiness conditions are studied for especially dealing with the emission of signals. Every instantaneous reaction can be identified as denoting a healthiness function over the set of events which describe the state of the system and its environment. The normal form, surprisingly, has the comparatively elegant and straightforward denotational semantic definition. Furthermore, a set of algebraic laws concerning the distinct features for instantaneous signal calculus is investigated. All algebraic laws can be established in the framework of our semantic model, i.e., if the equality of two differently written instantaneous reactions is algebraically provable, the two reactions are also equivalent with respect to the denotational semantics.

A Formal Model for a Hybrid Programming Language

A cyber-physical system (CPS) is an interactive system of continuous plants and real-time controller programs. These systems usually feature a tight relationship between the physical and computational components and exhibit strict true-concurrency with respect to time. These communication and concurrency issues have been well investigated in event-based synchronous languages but only for discrete systems. In this paper, we present an imperative-style programming language for CPS and explore an observation-oriented denotational semantics for the language. Furthermore, a set of algebraic laws that could facilitate the transformation of programs are investigated and consistency of the algebraic laws can be ensured with respect to the denotational semantics. The algebraic laws which have been established in the framework of our semantic model could greatly enhance the reliability of algebraic transformation.

Towards a modeling language for cyber-physical systems

A cyber-physical system (CPS) is an interactive system of continuous plants and real-time controller programs. These systems usually feature a tight relationship between the physical and computational components and exhibit true concurrency with respect to time. These communication and concurrency issues have been well investigated in event based synchronous languages but only for discrete systems. In this paper, we investigate the distinct features of CPS and propose an imperative-style language framework for the programming of CPS. To characterize the semantics of the language, a set of algebraic laws are provided, which can be used to reduce arbitrary program into normal form. The programs in the normal form exhibit clear time-consuming and instantaneous behaviors. Moreover, the algebraic laws can be used in the transformation from the high level hybrid program specification to low level controller programs interacting with the physical plants. We will investigate this part in the follow-up work.

Binary Code Level Verification for Interrupt Safety Properties of Real-Time Operating System

Interrupt mechanism is indispensable in embedded software due to lots of factors such as switching context and enhancing efficiency. In this context, the traditional way to ensure the correctness of software will not remain in force. Having the interrupt is envolved, the complicated and nondeterminism environment should be taken into consideration during the verification process. In this paper, we propose a novel way to verify the interrupt safety properties based on low-level binary code. At first, an Abstract xBIL is transformed from the xBIL with the time and interrupt properties reserved. xBIL [1] is a binary intermediate language we proposed to represent the machine instructions on multiple architectures. Afterwards, we present an automatic way to construct the Discrete-Time Markov Chains [2] from the Abstract xBIL code. After that, the properties can be easily generated and quantitative analysis could be performed. To prove the feasibility of our approach, we have applied our method to the verification of a commercial automotive operating system and it is proved to be of great help with the development of software.