Hyperkernel

Nelson, Luke; Sigurbjarnarson, Helgi; Zhang, Kaiyuan; Johnson, Dan L.; Bornholt, James; Torlak, Emina; Wang, Xi

doi:10.1145/3132747.3132748

Cited by 61 publications

(5 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The real-time and OS communities have seen recent effort towards formal proofs, through several techniques such as model checking [16,22] and interactive theorem provers [7,14,17]. This trend is motivated by the high stakes of critical systems and the combinatorial complexity of considering all possible interleavings of states of a system, which makes pen-and-paper reasoning too error-prone.…”

Section: Introductionmentioning

confidence: 99%

Integrating Formal Schedulability Analysis into a Verified OS Kernel

Guo¹,

Lesourd²,

Liu³

et al. 2019

Computer Aided Verification

View full text Add to dashboard Cite

Formal verification of real-time systems is attractive because these systems often perform critical operations. Unlike non real-time systems, latency and response time guarantees are of critical importance in this setting, as much as functional correctness. Nevertheless, formal verification of real-time OSes usually stops the scheduling analysis at the policy level: they only prove that the scheduler (or its abstract model) satisfies some scheduling policy. In this paper, we go further and connect together Prosa, a verified schedulability analyzer, and RT-CertiKOS, a verified single-core sequential real-time OS kernel. Thus, we get a more general and extensible schedulability analysis proof for RT-CertiKOS, as well a concrete implementation validating Prosa models. It also showcases that it is realistic to connect two completely independent formal developments in a proof assistant.

show abstract

Section: Introductionmentioning

confidence: 99%

Integrating Formal Schedulability Analysis into a Verified OS Kernel

Guo¹,

Lesourd²,

Liu³

et al. 2019

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…Unlike us, however, there is no verified implementation, as the proofs are only done at the specification level. Nelson et al [2017] report the push-button verification of a kernel using the z3 SMT solver. To achieve that though, they must make compromises on the interfaces to make them amenable to automated verification by removing all quantifiers.…”

Section: Related Workmentioning

confidence: 99%

Virtual timeline: a formal abstraction for verifying preemptive schedulers with temporal isolation

Liu

Rieg

Shao

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The reliability and security of safety-critical real-time systems are of utmost importance because the failure of these systems could incur severe consequences (e.g., loss of lives or failure of a mission). Such properties require strong isolation between components and they rely on enforcement mechanisms provided by the underlying operating system (OS) kernel. In addition to spatial isolation which is commonly provided by OS kernels to various extents, it also requires temporal isolation, that is, properties on the schedule of one component (e.g., schedulability) are independent of behaviors of other components. The strict isolation between components relies critically on algorithmic properties of the concrete implementation of the scheduler, such as timely provision of time slots, obliviousness to preemption, etc. However, existing work either only reasons about an abstract model of the scheduler, or proves properties of the scheduler implementation that are not rich enough to establish the isolation between different components. In this paper, we present a novel compositional framework for reasoning about algorithmic properties of the concrete implementation of preemptive schedulers. In particular, we use virtual timeline, a variant of the supply bound function used in real-time scheduling analysis, to specify and reason about the scheduling of each component in isolation. We show that the properties proved on this abstraction carry down to the generated assembly code of the OS kernel. Using this framework, we successfully verify a real-time OS kernel, which extends mCertiKOS, a single-processor non-preemptive kernel, with user-level preemption, a verified timer interrupt handler, and a verified real-time scheduler. We prove that in the absence of microarchitectural-level timing channels, this new kernel enjoys temporal and spatial isolation on top of the functional correctness guarantee. All the proofs are implemented in the Coq proof assistant.

show abstract

“…High-level type-safe programming languages have the potential to eliminate many classes of programming bugs that could be exploited [3,30]. Similarly, formal verification of OS kernels provides a fundamentally safe trusted computing base (TCB) [27,39]. Although this approach can reduce bugs in the implementation of OS abstractions, they do not address the root of the problem: a large TCB.…”

Section: Motivation: Many Os Abstractions Are Problematicmentioning

confidence: 99%

I/O Is Faster Than the CPU

Enberg

Rao

Tarkoma

2019

Proceedings of the Workshop on Hot Topics in Operating Systems

View full text Add to dashboard Cite

I/O is getting faster in servers that have fast programmable NICs and non-volatile main memory operating close to the speed of DRAM, but single-threaded CPU speeds have stagnated. Applications cannot take advantage of modern hardware capabilities when using interfaces built around abstractions that assume I/O to be slow. We therefore propose a structure for an OS called parakernel, which eliminates most OS abstractions and provides interfaces for applications to leverage the full potential of the underlying hardware. The parakernel facilitates application-level parallelism by securely partitioning the resources and multiplexing only those resources that are not partitioned.

show abstract

Hyperkernel

Cited by 61 publications

References 55 publications

Integrating Formal Schedulability Analysis into a Verified OS Kernel

Integrating Formal Schedulability Analysis into a Verified OS Kernel

Virtual timeline: a formal abstraction for verifying preemptive schedulers with temporal isolation

I/O Is Faster Than the CPU

Contact Info

Product

Resources

About