Verifying Embedded C Software with Timing Constraints using an Untimed Model Checker

TL;DR

This paper presents a method to verify timing constraints in embedded C software using an untimed model checker by translating timing annotations into auxiliary variables, demonstrated on a medical device case study.

Contribution

It introduces a novel approach to verify timing constraints with an untimed model checker through code annotations and automatic translation, enabling integrated verification.

Findings

Successfully verified timing constraints of a pulse oximeter

Demonstrated compatibility with existing untimed model checkers

Enabled interaction between timing and system requirements

Abstract

Embedded systems are everywhere, from home appliances to critical systems such as medical devices. They usually have associated timing constraints that need to be verified for the implementation. Here, we use an untimed bounded model checker to verify timing properties of embedded C programs. We propose an approach to specify discrete time timing constraints using code annotations. The annotated code is then automatically translated to code that manipulates auxiliary timer variables and is thus suitable as input to conventional, untimed software model checker such as ESBMC. Thus, we can check timing constraints in the same way and at the same time as untimed system requirements, and even allow for interaction between them. We applied the proposed method in a case study, and verified timing constraints of a pulse oximeter, a noninvasive medical device that measures the oxygen saturation of arterial blood.