CVM -- A Verified Framework for Microkernel Programmers
Electronic Notes in Theoretical Computer Science (ENTCS)
Correct Microkernel Primitives
Electronic Notes in Theoretical Computer Science (ENTCS)
Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
The semantics of power and ARM multiprocessor machine code
Proceedings of the 4th workshop on Declarative aspects of multicore programming
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Formal verification of a c compiler front-end
FM'06 Proceedings of the 14th international conference on Formal Methods
XtratuM/PPC: a hypervisor for partitioned system on PowerPC processors
The Journal of Supercomputing
A Framework for the Verification of Certifying Computations
Journal of Automated Reasoning
Hi-index | 0.00 |
In recent years, deductive program verification has improved to a degree that makes it feasible for real-world programs. Following this observation, the main goal of the BMBF-supported Verisoft XT project is (a) the creation of methods and tools which allow the pervasive formal verification of integrated computer systems, and (b) the prototypical realization of four concrete, industrial application tasks. In this paper, we report on the Verisoft XT subproject Avionics, where formal verification is being applied to a commercial embedded operating system. The goal is to use deductive techniques to verify functional correctness of the PikeOS system, which is a microkernel-based partitioning hypervisor. We present our approach to verifying the microkernel's system calls, using a system call for changing the priority of threads as an example. In particular, (a) we give an overview of the tool chain and the verification methodology, (b) we explain the hardware model and how assembly semantics is specified so that functions whose implementation contain assembly can be verified, and (c) we describe the verification of the system call itself.