Fairness
IEEE Transactions on Computers - Special issue on architectural support for programming languages and operating systems
An approach to systems verification
Journal of Automated Reasoning
Journal of Automated Reasoning
Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Communications of the ACM
Workplace microkernel and OS: a case study
Software—Practice & Experience
A Mechanically Checked Proof of the AMD5K86TM Floating-Point Division Program
IEEE Transactions on Computers
Introduction to Mathematical Logic and Type Theory: To Truth through Proof
Introduction to Mathematical Logic and Type Theory: To Truth through Proof
ACL2 Theorems About Commercial Microprocessors
FMCAD '96 Proceedings of the First International Conference on Formal Methods in Computer-Aided Design
Towards the Formal Verification of a C0 Compiler: Code Generation and Implementation Correctnes
SEFM '05 Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods
Putting it all together – Formal verification of the VAMP
International Journal on Software Tools for Technology Transfer (STTT) - A View from Formal Methods 2003 (pp 301-354); Special Section on Recent Advances in Hardware Verification (pp 355-447)
Verifying a signature architecture: a comparative case study
Formal Aspects of Computing
Towards trustworthy computing systems: taking microkernels to the next level
ACM SIGOPS Operating Systems Review
CVM -- A Verified Framework for Microkernel Programmers
Electronic Notes in Theoretical Computer Science (ENTCS)
Correct Microkernel Primitives
Electronic Notes in Theoretical Computer Science (ENTCS)
Journal of Automated Reasoning
The Why/Krakatoa/Caduceus platform for deductive program verification
CAV'07 Proceedings of the 19th international conference on Computer aided verification
On the architecture of system verification environments
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Using XCAP to certify realistic systems code: machine context management
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Formal pervasive verification of a paging mechanism
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Realistic worst-case execution time analysis in the context of pervasive system verification
Program analysis and compilation, theory and practice
Boogie: a modular reusable verifier for object-oriented programs
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Journal of Automated Reasoning
HOL-Boogie--An Interactive Prover-Backend for the Verifying C Compiler
Journal of Automated Reasoning
Pervasive verification of an OS microkernel: inline assembly, memory consumption, concurrent devices
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Modular specification and verification of interprocess communication
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Improving interrupt response time in a verifiable protected microkernel
Proceedings of the 7th ACM european conference on Computer Systems
| Hi-index | 0.00 |
We report on the formal proof of a microkernel's key property, namely that its multi-priority process scheduler guarantees progress, i.e., strong fairness. The proof architecture links a layer of behavioral reasoning over system-trace sets with a concrete, fairly realistic implementation written in C. Our microkernel provides an infrastructure for memory virtualization, for communication with hardware devices, for processes (represented as a sequence of assembly instructions, which are executed concurrently over an underlying, formally defined processor), and for inter-process communication (IPC) via synchronous message passing. The kernel establishes process switches according to IPCs and timer-events; the scheduling of process switches, however, follows a hierarchy of priorities, favoring, e.g., system processes over application processes over maintenance processes. Besides the quite substantial models developed in Isabelle/HOL and the formal clarification of their relationship, we provide a detailed analysis what formal requirements a microkernel imposes on the key ingredients (hardware, timers, machine-dependent code) in order to establish the correct operation of the overall system. On the methodological side, we show how early modeling with foresight to the later verification has substantially helped our project.