Formal verification of the MetaH executive using linear hybrid automata

MetaH is a language and toolset for the development of real time high assurance software. There is an associated executive that is automatically configured by the tools to perform the task and message scheduling specified for an application. Linear hybrid automata are finite state automata augmented with real-valued variables. Transitions between discrete states may be conditional on the values of these variables and may reassign variables. These variables can be used to model real time and accumulated task compute time as well as program variables. We developed a concurrent linear hybrid automata model for that portion of the MetaH executive software that implements task scheduling and time partitioning. A reachability analysis was performed to verify selected properties for a selected set of application configurations. The approach combines aspects of testing and verification and automates much of the modeling and analysis. There are limits on the degree of assurance that can be provided, but the approach may be more thorough and less expensive than some traditional testing methods