2009
DOI: 10.1007/s10817-009-9119-8
|View full text |Cite
|
Sign up to set email alerts
|

Proving Fairness and Implementation Correctness of a Microkernel Scheduler

Abstract: We report on the formal proof of a microkernel's key property, namely that its multi-priority process scheduler guarantees progress, i. e., strong fairness. The proof architecture links a layer of behavioral reasoning over system-trace sets with a concrete, fairly realistic implementation written in C.Our microkernel provides an infrastructure for memory virtualization, for communication with hardware devices, for processes (represented as a sequence of assembly instructions, which are executed concurrently ov… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
7
0

Year Published

2009
2009
2019
2019

Publication Types

Select...
2
2
2

Relationship

3
3

Authors

Journals

citations
Cited by 15 publications
(7 citation statements)
references
References 40 publications
0
7
0
Order By: Relevance
“…Existing works on using ontologies as part of safety-critical (e. g., [7,26]) or security-critical (e. g., [15]) focus on using ontologies for structuring queries on the set of specifications documents. While not discussed in this paper, Isabelle/DOF supports this time of knowledge management as well: the Isabelle/DOF editor allows for interactively querying for instances of concepts defined in the underlying ontologies as well as for the formal artifacts (formal definitions, proofs, etc.).…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Existing works on using ontologies as part of safety-critical (e. g., [7,26]) or security-critical (e. g., [15]) focus on using ontologies for structuring queries on the set of specifications documents. While not discussed in this paper, Isabelle/DOF supports this time of knowledge management as well: the Isabelle/DOF editor allows for interactively querying for instances of concepts defined in the underlying ontologies as well as for the formal artifacts (formal definitions, proofs, etc.).…”
Section: Related Workmentioning
confidence: 99%
“…This failure led the authors of this paper to the following insight: For a successful formal certification process, it is by far not enough to have abstract models and corresponding refinement proofs to some implementation model (or even, as is the case in [13] or the seL4 initiative [20], to realistic C code). Certification processes targeting higher-levels of assurance such as CENELEC 50128/SIL 4 [11] or CC EAL7 [12] are all requiring the use of formal methods.…”
Section: Introductionmentioning
confidence: 99%
“…C0 assumes a typed memory model. While C0 has been used in substantial case studies [1,20], the limited language fragment restricts its use to "code designed for verification", i. e. academic projects. These limitations were partially overcome within the current L4.VERIFIED project [32], where a trusted pre-compiler to C0 is used to enlarge the supported C fragment; the code to be verified is about 10kloc.…”
Section: Related Workmentioning
confidence: 99%
“…The CVM marks the top-level model described in this article. It is the basis for a microkernel and an operating system built on top of it [15][16][17].…”
Section: Cvmmentioning
confidence: 99%