Maria Spichkova

Towards verified automotive software

Automotive software is one of the most challenging fields of software engineering: it must meet real time requirements, is safety critical and distributed over multiple processors. With the increasing complexity of automotive software, as for example in the case of drive-by-wire, automated driving and driver assitents, software correctness becomes more and more a crucial issue. In order that these innovations can become reality, it is necessary to be able to guarantee software correctness.The presented work aims at verification of automotive software. For this purpose it introduces a verification approach, including a framework of verified modules which assists the verification of the actual application. Feasibility of this approach was validated on a case study that also showed how verification can be integrated into the development process.

Verified System Development with the AutoFocus Tool Chain

This work presents a model-based development methodology1 for verified software systems as well as a tool support for it: an applied AUTOFOCUS 3 tool chain and its basic principles emphasizing the verification of the system under development as well as the check mechanisms we used to raise the level of confidence in the correctness of the implementation of the automatic generators.

On the correctness of upper layers of automotive systems

Formal verification of software systems is a challenge that is particularly important in the area of safety-critical automotive systems. Here, approaches like direct code verification are far too complicated, unless the verification is restricted to small textbook examples. Furthermore, the verification of application logic is of limited use in industrial context, unless the underlying operating system and the hardware are verified, too. This paper introduces a generic model stack, allowing the verification of all system layers as well as the concrete application models being used in the upper layers. The presented models and proofs close the gap between the correctness proof for the lower layers of car electronics developed at the Saarland University and the verification procedure for distributed applications developed at the Technische Universität München.

Towards modularized verification of distributed time-triggered systems

The correctness of a system according to a given specification is essential, especially for safety-critical applications. One such typical application domain is the automotive sector, where more and more safety-critical functions are performed by largely software-based systems. n nVerification techniques can guarantee correctness of the system. Although automotive systems are relatively small compared to other systems (e.g. business information systems) they are still too large for monolithic verification of the system as a whole. n nTackling this problem, we present an approach for modularized verification, aiming at time-triggered automotive systems. We show how the concept of tasks, as used in current automotive operating systems, can be modeled in a CASE tool, verified and deployed. This results in a development process facilitating verification of safety-critical, real-time systems at affordable cost.

Refinement-Based Verification of Interactive Real-Time Systems

Formal specification provides a system description that is much more precise than the natural language one and it can help to solve a lot of specification problems. But even a formal specification of a system can contain mistakes or can disagree with systems requirements. To cover this, we integrate a specification framework with a verification system. Given a system, represented in a formal specification framework Focus, one can verify its properties by translating the specification to a Higher-Order Logic and subsequently using the theorem prover Isabelle/HOL. Moreover, using this approach one can validate the refinement relation between two given systems. The approach uses the idea of refinement-based verification: we see any proof about a system as the proof that a more concrete system specification is a refinement of a more abstract one. The case when one needs to prove a single property of a system specification can also be seen as a refinement relation: this property can be defined as a Focus specification itself and then one needs just show that the system specification is its refinement. The major aspects of this approach are exemplified here by a case study on telematics (electronic data transmission) gateway.

Service-Oriented Modeling of CoCoME with Focus and AutoFocus

Reactive distributed systems, including business information systems and embedded control systems, require systematic software engineering approaches that can manage the complexity of the system and the development. This helps to ensure resulting implementations of high quality within reasonable cost and time frames. The CoCoME POS system (see Chapter 3) is a telling example that combines elements of both system classes.