The aim of this paper is to show, how a multitasking application running under a real-time operating system compliant with an OSEK/VDX standard can be modeled by timed automata. The application under consideration consists of several non-preemptive tasks and interrupt service routines that can be synchronized by events. A model checking tool is used to verify time and logical properties of the proposed model. Use of this methodology is demonstrated on an automated gearbox case study and the

more »

... lt of the worst-case response time verification is compared with the classical method based on the time-demand analysis. It is shown that the model-checking approach provides less pessimistic results due to a more detailed model and exhaustive state-space exploration. Keywords Formal methods · Verification · Model-checking · Timed automata · OSEK/VDX · Multitasking Introduction This paper deals with formal modeling of applications running under real-time operating system (OS). The typical application under assumption, shown as a case study in Sect. 7, is a complex controller consisting of periodic and aperiodic tasks constrained by deadlines and synchronized via inter-task communication primitives. The objective is to use model-checking approach (Larsen et al. 1995; Berard et al. 2001) for automatic verification of the model described in this paper.