The algorithmic analysis of hybrid systems
Theoretical Computer Science - Special issue on hybrid systems
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Translation validation for an optimizing compiler
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Temporal-Safety Proofs for Systems Code
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Foundational proof checkers with small witnesses
Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
Modeling Heterogeneous Real-time Components in BIP
SEFM '06 Proceedings of the Fourth IEEE International Conference on Software Engineering and Formal Methods
Formal verification of translation validators: a case study on instruction scheduling optimizations
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Incremental Component-Based Construction and Verification of a Robotic System
Proceedings of the 2008 conference on ECAI 2008: 18th European Conference on Artificial Intelligence
Generating Invariant-Based Certificates for Embedded Systems
ACM Transactions on Embedded Computing Systems (TECS)
| Hi-index | 0.00 |
The BIP framework provides a methodology supported by a tool chain for developing software for embedded systems. The design of a BIP system follows the decomposition in behavior, interaction and priority. The first step comprises the division of desired behavior of a system into components. In a second step interactions and their priorities are added between the components. Finally, machine code is generated from the BIP model. While adding interactions it is possible to overconstrain a system resulting in potential deadlocks. The tool chain crucially depends on an automatic tool, D-Finder, which checks for deadlock-freedom. This paper reports on guaranteeing the correctness of the verdict of D-Finder. We address the problem of formally proving deadlock-freedom of an embedded system in a way that is comprehensible for third party users and other tools. We propose the automatic generation of certificates for each BIP model declared safe by D-Finder. These certificates comprise a proof of deadlock-freedom of the BIP model which can be checked by an independent checker. We use the Coq theorem prover as certificate checker. Thus, bringing the high level of confidence of a formal proof to the deadlock analysis results. With the help of certificates one gets a deadlock-freedom guarantee of BIP models without having to trust or even take a look at the deadlock checking tool. The proof of deadlock-freedom fundamentally relies on the computation of invariant properties of the considered BIP model which is carried out by D-Finder and serves as basis for certificate generation. Encapsulating these invariants into certificates and checking them is the most important subtask of our methodology for guaranteeing deadlock-freedom.