A spiral process of formalization and verification: A case study on verification of the scheduling mechanism of OSEK/VDX

Formalization and verification of a system usually are not one time tasks due to the increasing complexity of software systems. The relation between formalization and verification should not be sequential but iterative in that verification follows formalization and in turn helps validate and refine formalization. The iteration is a spiral process with a formal model being incrementally developed and more properties being verified. In this paper, we present such a spiral process of doing formalization and verification with a concrete case study to demonstrate how we formalize and verify in the spiral manner a scheduling mechanism and Priority Ceiling Protocol (PCP) of an industrial automobile standard called OSEK/VDX. We choose an algebraic formal language called CafeOBJ for its features of modularity and interactive theorem proving functionality. We start with a prototypical model of the scheduling mechanism, validate and refine it based on verification results. By theorem proving, it reinforces our understanding of the specifications and their gap with the specified problem domains. The formal model is refined until all these properties are successfully proved. We incrementally extend it to formalize PCP and verify more properties such as deadlock freedom and priority inversion freedom.