Relevant HAL Interface Requirements for Embedded Systems
Manuel Bentele, Andreas Podelski, Axel Sikora, Bernd Westphal
TL;DR
The paper tackles the problem of prioritizing HAL interface requirements to prevent hardware-damaging failures by introducing a formal relevance criterion. It proposes two workflows—extract-and-check a single candidate from failure reports and bulk-check a candidate set using formal verification—to prove that a requirement is indisputably relevant. A SPI/spidev case study demonstrates feasibility: three temporal dependencies among 26 candidates are proven relevant, guiding developers to focus on critical HAL usage. The work provides a principled, verifiable approach to hal interface requirements that can improve reliability in embedded software and prevent specific failure modes.
Abstract
Embedded applications often use a Hardware Abstraction Layer (HAL) to access hardware. Improper use of the HAL can lead to incorrect hardware operations, resulting in system failure and potentially serious damage to the hardware. The question is how one can obtain prioritize, among a possibly large set of HAL interface requirements, those that are indisputably relevant for preventing this kind of system failure. In this paper, we introduce a formal notion of relevance. This allows us to leverage a formal method, i.e., software model checking, to produce a mathematical proof that a requirement is indisputably relevant. We propose an approach to extract provably relevant requirements from issue reports on system failures. We present a case study to demonstrate that the approach is feasible in principle. The case study uses three examples of issue reports on embedded applications that use the SPI bus via the spidev HAL. The overall contribution of this paper is to pave the way for the study of approaches to a new kind of prioritization aimed at preventing a specific kind of system failure.