Operating system verification—An overview

Klein, Gerwin

doi:10.1007/s12046-009-0002-4

Cited by 99 publications

(66 citation statements)

References 88 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar achievements have been obtained in other fields of computer science, spanning from hardware (Harrison, 2007) to operating systems (? ; Klein, 2009).…”

Section: Resultsmentioning

confidence: 99%

Social processes, program verification and all that

Asperti

Geuvers

Natarajan

2009

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

In a controversial paper at the end of 1970's, R.A. De Millo, R.J. Lipton and A.J. Perlis (DeMillo, Lipton and Perlis, 1979) argued against formal verifications of programs, mostly motivating their position by an analogy with proofs in mathematics, and in particular with the impracticality of a strictly formalist approach to this discipline. The recent, impressive achievements in the field of interactive theorem proving provide an interesting ground for a critical revisiting of those theses. We believe that the social nature of proof and program development is uncontroversial and ineluctable but formal verification is not antithetical to it. Formal verification should strive not only to cope, but to ease and enhance the collaborative, organic nature of this process, eventually helping to master the growing complexity of scientific knowledge. IntroductionHeavier than air flying machines are impossible.-S.P. Langley (Langley, 1891) Formal verification of programs, no matter how obtained, will not play the same role in the development of computer science and software engineering as proofs do in mathematics.-R.A. De Millo, R.J. Lipton, A.J. Perlis (DeMillo et al., 1979) Samuel Pierpont Langley was a professor of astronomy and physics, and a world-expert in aerodynamics during the late nineteenth and early twentieth century. The esteem with which he is held can be seen from the fact that one of the research centers of NASA is named after Langley. At the height of his research career, Samuel Langley published a result (Langley, 1891) which came to be known as "Langley's Law." According to this erroneous law -higher the speed, lower the drag -more power was required in order to make an aircraft fly slower, and if this were to be true then heavier than air flying machines would certainly have been an impossibility. Fortunately the Wright Brothers Andrea Asperti, Herman Geuvers and Raja Natarajan 2 had not read Langley's book, and they went on to develop the first manned aircrafts which could be controlled in-flight from the aircraft itself.In It is precisely in view of these achievements, however, that we can look back at (DeMillo et al., 1979) with a less passionate and more objective spirit, making a more stringent analysis of their thesis and arguments, without focusing on the polemic frame intentionally chosen by its authors, viz., in Lamport's words † , as a debate between a reasonable engineering approach that completely ignores verification and a completely unrealistic view of verification advocated only by its most naive proponents.In fact, some of the thesis advocated by De Millo, Lipton and Perlis are sharable, very pertinent and still relevant; on the other hand, most of their arguments, after thirty years of research, sounds obsolete and a bit trite, asking for a critical reappraisal. Here is a quick summary of our critique, before we enunciate it in detail.-De Millo et al. state that . . . intuition is the final authority (quoting the logician Rosser).: Intuitions and analogies may help in the explanation a...

show abstract

“…Similar achievements have been obtained in other fields of computer science, spanning from hardware (Harrison, 2007) to operating systems (? ; Klein, 2009).…”

Section: Resultsmentioning

confidence: 99%

Social processes, program verification and all that

Asperti

Geuvers

Natarajan

2009

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

show abstract

“…While details of the Hyper-V effort are not publicly available (see [21,24]) PikeOS [6]i sa n embedded OS, similar in nature to FreeRTOS though with a few more features like virtualization. The verification uses VCC and specifications are annotations and correctness is in terms of conformance to ghost code.…”

Section: Related Workmentioning

confidence: 99%

Refinement-Based Verification of the FreeRTOS Scheduler in VCC

Divakaran

D’Souza

Kushwah

et al. 2015

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Abstract. We describe our experience with verifying the schedulerrelated functionality of FreeRTOS, a popular open-source embedded real-time operating system. We propose a methodology for carrying out refinement-based proofs of functional correctness of abstract data types in the popular code-level verifier VCC. We then apply this methodology to carry out a full machine-checked proof of the functional correctness of the FreeRTOS scheduler. We describe the bugs found during this exercise, the fixes made, and the effort involved.

show abstract

“…Technical details on these two proofs have appeared elsewhere [2,16]. This article shows how they are put together into a common, general refinement framework that allows us to connect the results and extract the main overall theorem: the C code of seL4 correctly implements its abstract specification.…”

Section: Examplementioning

confidence: 99%

“…We briefly summarise related work on OS verification; a comprehensive overview is provided by Klein [16].…”

Section: Related Workmentioning

confidence: 99%

Refinement in the Formal Verification of the seL4 Microkernel

Klein¹,

Sewell²,

Winwood³

2010

Design and Verification of Microprocessor Systems for High-Assurance Applications

Self Cite

View full text Add to dashboard Cite

We present an overview of the different refinement frameworks used in the L4.verified project to formally prove the functional correctness of the seL4 microkernel. The verification is conducted in the interactive theorem prover Isabelle/HOL and proceeds in two large refinement steps: one proof between two monadic, functional specifications in HOL and one proof between such a monadic specification and a C program. To connect these proofs into one overall theorem, we map both refinement statements into a common overall framework.

show abstract

Operating system verification—An overview

Cited by 99 publications

References 88 publications

Social processes, program verification and all that

Social processes, program verification and all that

Refinement-Based Verification of the FreeRTOS Scheduler in VCC

Refinement in the Formal Verification of the seL4 Microkernel

Contact Info

Product

Resources

About