Proving fairness and implementation correctness of a microkernel scheduler

Journal of Automated Reasoning

Volumn 42, Issue 2-4, 2009, Pages 349-388

  Daum, Matthias ^a   Dörrenbächer, Jan ^a   Wolff, Burkhart ^b  

^a SAARLAND UNIVERSITY   (Germany)

^b UFR 919 Laboratoire d'Informatique Pour la Mécanique et les Sciences de l'Ingénieur   (France)

Author keywords

Formal verification; Interactive theorem proving; Isabelle HOL; Microkernel

Indexed keywords

FORMAL VERIFICATION; HARDWARE; MESSAGE PASSING;

APPLICATION PROCESS; ASSEMBLY INSTRUCTIONS; BEHAVIORAL REASONING; INTERACTIVE THEOREM PROVING; INTERPROCESS COMMUNICATION; ISABELLE/HOL; MEMORY VIRTUALIZATION; MICROKERNEL;

SCHEDULING;

EID: 67349187952     PISSN: 01687433     EISSN: 15730670     Source Type: Journal    
DOI: 10.1007/s10817-009-9119-8     Document Type: Article

References (49)

1. Alkassar, E., Hillebrand, M.A.: Formal functional verification of device drivers. In: Woodcock, J., Shankar, N. (eds.) Verified Software: Theories, Tools, and Experiments. LNCS, vol. 5295, pp. 225-239. Springer, New York (2008)
2. Alkassar, E., Hillebrand, M.A., Leinenbach, D., Schirmer, N.W., Starostin, A.: The Verisoft approach to systems verification. In: Shankar, N., Woodcock, J. (eds.) Verified Software: Theories, Tools, and Experiments. LNCS, vol. 5295, pp. 209-224. Springer, New York (2008)
3. E Alkassar DC Leinenbach NW Schirmer A Starostin A Tsyban 2009 Balancing the load-leveraging a semantics stack for systems verification J. Autom. Reasoning, 1294 Special Issue on Operating System Verification 10.1007/s10817-009-9123-z
4. Alkassar, E., Schirmer, N., Starostin, A.: Formal pervasive verification of a paging mechanism. In: TACAS. LNCS, vol. 4963, pp. 109-123. Springer, New York (2008)
5. Andrews, P.B.: An Introduction to Mathematical Logic and Type Theory: To Truth Through Proof. Kluwer, Dordrecht (2002)
6. Barnett, M., Chang, B.Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.P (eds.) Formal Methods for Components and Objects: 4th International Symposium, FMCO 2005. LNCS, vol. 4111, pp. 364-387. Springer, New York (2006) (Pubitemid 44548955)
7. DA Basin H Kuruma K Miyazaki K Takaragi B Wolff 2007 Verifying a signature architecture: a comparative case study Form. Asp. Comput. 19 1 63 91 (Pubitemid 46407479)
8. WR Bevier 1989 Kit and the short stack J. Autom. Reason. 5 4 519 530 (Pubitemid 20668737)
9. WR Bevier WA Hunt JS Moore Jr WD Young 1989 An approach to systems verification J. Autom. Reason. 5 4 411 428 (Pubitemid 20668733)
10. S Beyer C Jacobi D Kröning D Leinenbach WJ Paul 2006 Putting it all together: Formal verification of the VAMP STTT 8 4-5 411 430
11. Böhme, S., Leino, K.R.M., Wolff, B.: HOL-Boogie-an interactive prover for the Boogie program-verifier. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs. LNCS, vol. 5170, pp. 150-166. Springer, New York (2008)
12. Brock, B., Kaufmann, M., Moore, J S.: ACL2 theorems about commercial microprocessors. In: FMCAD, pp. 275-293. Springer, New York (1996) (Pubitemid 126149765)
13. A Church 1940 A formulation of the simple theory of types J. Symb. Log. 5 2 56 68
14. Cock, D., Klein, G., Sewell, T.: Secure microkernels, state monads and scalable refinement. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs. LNCS, vol. 5170, pp. 167-182. Springer, New York (2008)
15. Cohen, E., Moskal, M., Schulte, W., Tobies, S.: A precise yet efficient memory model for C (2008). http://research.microsoft.com/apps/pubs/default.aspx? id=77174
16. Daum, M., Dörrenbächer, J., Wolff, B., Schmidt, M.: A verification approach for system-level concurrent programs. In: Woodcock, J., Shankar, N. (eds.) Verified Software: Theories, Tools, and Experiments. LNCS, vol. 5295, pp. 161-176. Springer, New York (2008)
17. Elphinstone, K., Greenaway, D., Ruocco, S.: Lazy scheduling and direct process switch - merit or myths? In: Workshop on Operating System Platforms for Embedded Real-Time Applications. Pisa, Italy (2007). http://www.ertos.nicta.com. au/publications/papers/Elphinstone-GR-07.pdf
18. Engler, D.R., Kaashoek, M.F., O'Toole, J.: Exokernel: an operating system architecture for application-level resource management. In: SOSP, pp. 251-266. ACM, New York (1995)
19. R Fagin JH Williams 1983 A fair carpool scheduling algorithm IBM J. Res. Develop. 27 2 133 139 (Pubitemid 13505488)
20. Filliâtre, J.C., Marché, C.: The why/Krakatoa/Caduceus platform for deductive program verification. In: CAV, pp. 173-177, Berlin, 3-7 July 2007
21. BD Fleisch MAA Co 1998 Workplace microkernel and OS: a case study Softw. Pract. Exp. 28 6 569 591 (Pubitemid 128614809)
22. Fox, A.C.J.: Formal specification and verification of ARM6. In: TPHOLs, pp. 25-40, Rome, 8-12 September 2003 (Pubitemid 37095839)
23. Francez, N.: Fairness. Springer, New York (1986)
24. Heckmann, R., Ferdinand, C.: Worst-case execution time prediction by static program analysis. White paper, AbsInt Angewandte Informatik GmbH (2004). http://www.absint.com/wcet.htm
25. G Heiser K Elphinstone I Kuz G Klein SM Petters 2007 Towards trustworthy computing systems: taking microkernels to the next level Oper. Syst. Rev. 41 4 3 11
26. Hillebrand, M.A., Paul, W.J.: On the architecture of system verification environments. In: Haifa Verification Conference, pp. 153-168. Springer, New York (2007)
27. In der Rieden, T., Tsyban, A.: CVM-a verified framework for microkernel programmers. In: Systems Software Verification. ENTCS, vol. 217, pp. 151-168. Elsevier Science B.V., Amsterdam (2008)
28. Kaiser, R.: Combining partitioning and virtualization for safety-critical systems. White Paper WP-CPV-10-A4-R10, SYSGO AG (2007). http://www.sysgo.com/ news-events/whitepapers/
29. Klein, G.: Operating system verification-an overview. In: Sādhanā, vol. 34, no. 1, pp. 27-69. Springer (2009)
30. S Knapp W Paul 2007 Realistic worst case execution time analysis in the context of pervasive system verification T Reps M Sagiv J Bauer Program Analysis and Compilation, Theory and Practice: Essays Dedicated to Reinhard Wilhelm on the Occasion of his 60th Birthday Lecture Notes in Computer Science 4444 Springer New York 53 81 Knapp, S., Paul, W.: Realistic worst case execution time analysis in the context of pervasive system verification. In: Reps, T., Sagiv, M., Bauer, J. (eds.) Program Analysis and Compilation, Theory and Practice: Essays Dedicated to Reinhard Wilhelm on the Occasion of his 60th Birthday. Lecture Notes in Computer Science, vol. 4444, pp. 53-81. Springer, New York (2007). http://www.verisoft.de/.rsrc/PublikationSeite/KP06.pdf
31. Leinenbach, D.: Compiler verification in the context of pervasive system verification. Ph.D. thesis, Saarland University, Saarbrücken (2008). http://www-wjp.cs.uni-sb.de/publikationen/Lei08.pdf
32. Leinenbach, D., Paul, W.J., Petrova, E.: Towards the formal verification of a C0 compiler: Code generation and implementation correctness. In: SEFM, pp. 2-12. IEEE Computer Society, Los Alamitos (2005)
33. Liedtke, J.: Improving IPC by kernel design. In: SOSP, pp. 175-188. ACM, New York (1993)
34. Liedtke, J.: On μ-kernel construction. In: SOSP, pp. 237-250. ACM, New York (1995)
35. J Liedtke 1996 Towards real microkernels Commun. ACM 39 9 70 77
36. Moore, J S.: A grand challenge proposal for formal methods: A verified stack. In: 10th Anniversary Colloquium of UNU/IIST, pp. 161-172. Springer, New York (2002)
37. TM floating point division program IEEE Trans. Comput. 47 9 913 926 (Pubitemid 128737482)
38. Ni, Z., Yu, D., Shao, Z.: Using XCAP to certify realistic systems code: Machine context management. In: TPHOLs. LNCS, vol. 4732, pp. 189-206. Springer, New York (2007)
39. Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A proof assistant for higher-order logic. LNCS, vol. 2283. Springer, New York (2002)
40. Petters, S.M., Zadarnowski, P., Heiser, G.: Measurements or static analysis or both? In: Rochange, C. (ed.) WCET. Dagstuhl Seminar Proceedings, vol. 07002. Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007)
41. R Rashid J Avadis Tevanin M Young D Golub R Baron 1988 Machine-independent virtual memory management for paged uniprocessor and multiprocessor architectures IEEE Trans. Comput. 37 8 896 908 (Pubitemid 18538631)
42. Ruocco, S.: Real-time programming and L4 microkernels. In: Workshop on Operating System Platforms for Embedded Real-Time Applications, Dresden, Germany (2006). http://www.ertos.nicta.com.au/publications/papers/Ruocco-06.pdf.
43. Samman, T.: Verifying 50,000 lines of C code. Futures, Microsoft's European Innovation Magazine, vol. 21. Microsoft Corporate Affairs Europe, Brussels (2008)
44. N Schirmer 2005 A verification environment for sequential imperative programs in Isabelle/HOL LPAR. LNCS Springer New York 398 414 Schirmer, N.: A verification environment for sequential imperative programs in Isabelle/HOL. In: LPAR. LNCS, pp. 398-414. Springer, New York (2005). http://isabelle.in.tum.de/ ~schirmer/pub/hoare-lpar04.html
45. Schirmer, N.: Verification of sequential imperative programs in Isabelle/HOL. Ph.D. thesis, TU Munich (2006)
46. Shapiro, J., Doerrie, M.S., Northup, E., Sridhar, S., Miller, M.: Towards a verified, general-purpose operating system kernel. In: FM Workshop on OS Verification. Tech. rep. 0401005T-1, pp. 1-19. National ICT Australia (2004). http://www.coyotos.org/docs/osverify-2004/osverify-2004.pdf
47. Singal, M., Petters, S.M.: Issues in analysing L4 for its WCET. In: Workshop on Microkernels for Embedded Systems, Sydney, Australia. http://www.ertos.nicta.com.au/publications/papers/Singal-Petters-07.pdf (2007)
48. Starostin, A., Tsyban, A.: Correct microkernel primitives. In: Systems Software Verification. ENTCS, vol. 217, pp. 169-185. Elsevier Science B.V., Amsterdam (2008)
49. Starostin, A., Tsyban, A.: Verified process-context switch for C-programmed kernels. In: Shankar, N., Woodcock, J. (eds.) Verified Software: Theories, Tools, and Experiments. LNCS, vol. 5295, pp. 240-254. Springer, New York (2008)