Incremental bounded model checking for embedded software

Program analysis is on the brink of mainstream usage in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and test case generation are some of the most common applications of automated verification tools based on bounded model checking (BMC). Existing industrial tools for embedded software use an off-the-shelf bounded model checker and apply it iteratively to verify the program with an increasing number of unwindings. This approach unnecessarily wastes time repeating work that has already been done and fails to exploit the power of incremental SAT solving. This article reports on the extension of the software model checker CBMC to support incremental BMC and its successful integration with the industrial embedded software verification tool BTC EMBEDDED TESTER. We present an extensive evaluation over large industrial embedded programs, mainly from the automotive industry. We show that incremental BMC cuts runtimes by one order of magnitude in comparison to the standard non-incremental approach, enabling the application of formal verification to large and complex embedded software. We furthermore report promising results on analysing programs with arbitrary loop structure using incremental BMC, demonstrating its applicability and potential to verify general software beyond the embedded domain

Interoperable Toolchain for Requirements-Driven Model-Based Development

International audienceThis paper introduces a toolchain for requirements-driven model-baseddevelopment of embedded software as used in the automotive industry.Development usually starts with textual functional requirements written innatural language.Verification of functional requirements required in safety critical systemsneeds traceability on system level andon implementation level. Therefore, the formalization of the providedtextual requirements is of vital importance. This however is a challenging taskingeneral, which we approach using an intuitive and graphical formalizationlanguage, namely simplified universal pattern. Having the requirementsformalized, as a second step an analysis is done to ensure that therequirements are in a consistent state. This is important as within agiledevelopment, functionalities are evolving over time and textual requirementsare continuously enhanced. To keep track of the implementation, an aggregationof model changes wrt, e.g., consistency, model test status, formal requirementcoverage, or modeling guideline conformance during project runtime isdone, while all information is visualized inside a single dashboard. Anexpressive running example implemented as Simulink model will beused to show the formalization and verification workflow using the providedtoolchain

Combining Model-based Analysis and Testing

International audienceSafety standards like ISO 26262 and DO 178B/C require demonstrating the functional safety of the software. First, this implies demonstrating the functional correctness with respect to the specified requirements. Second, the absence of critical non-functional hazards has to be shown: violation of timing and storage space constraints, and runtimeerrors like division by zero or invalid pointer accesses. State-of-the-art solutions use model- based testing for showing functional program properties and abstract interpretation-based static analysis to prove the absence of non-functional program errors, but fail to integrate them. In this article we present an integrated approach for model- based testing and analysis addressing both aspects seamlessly. Model-level information like environment specifications and execution models are taken into account automatically. This reduces setup effort and improves analysis precision. Tests and analyses can be launched automatically and produce aggregated result reports. The integrated approach allows safety requirements of contemporary safety standards to be comprehensively addressed and the verification effort to be significantly reduced

Formal Verification of an Avionics Application using Abstraction and Symbolic Model Checking

ion and Symbolic Model Checking ? Tom Bienmuller 1 , Udo Brockmeyer 2 , Werner Damm 2 , Gert Dohmen 2 , Claus Eßmann 2 , Hans-Jurgen Holberg 2 , Hardi Hungar 2 , Bernhard Josko 2 , Rainer Schlor 2 , Gunnar Wittich 2 , Hartmut Wittke 2 , Geoffrey Clements 3 , John Rowlands 3 , and Eric Sefton 3 1 Carl von Ossietzky Universitat Oldenburg, Germany 2 OFFIS, Escherweg 2, 26121 Oldenburg, Germany 3 British Aerospace, Warton Aerodrome, Preston, PR4 1AX Lancashire, UK Abstract. This paper demonstrates the use of model-checking based verification technology to establish safety critical properties for an industrial avionics application. The verification technology is tightly integrated with the Statemate r fl system of i-Logix Inc., USA. Key features of this technology are its scalalability to complete system verification, the powerful debugging capabilities, graphical entry for safety critical properties, and the capability to re-use verification results for d..