Preemption Abstraction

Authors:
Erik Schierboom;Alejandro Tamalet;Hendrik Tews;Marko Eekelen;Sjaak Smetsers
Affiliations:
BliXem Internet Services,;Digital Security Group, Radboud Universiteit Nijmegen,;Digital Security Group, Radboud Universiteit Nijmegen,;Digital Security Group, Radboud Universiteit Nijmegen, and Faculty of Computer Science, Open University,;BliXem Internet Services,
Venue:
FMICS '09 Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical Systems
Year:
2009

Citing 7
Cited 1

Pragmatic Nonblocking Synchronization for Real-Time Systems

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Formalising the L4 microkernel API

CATS '06 Proceedings of the 12th Computing: The Australasian Theroy Symposium - Volume 51
Verified Protection Model of the seL4 Microkernel

VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
The Verisoft Approach to Systems Verification

VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Secure Microkernels, State Monads and Scalable Refinement

TPHOLs '08 Proceedings of the 21st International Conference on Theorem Proving in Higher Order Logics
Formal Memory Models for the Verification of Low-Level Operating-System Code

Journal of Automated Reasoning
On the architecture of system verification environments

HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing

A formal verification study on the Rotterdam storm surge barrier

ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents the preemption abstraction , an abstraction technique for lightweight verification of one sequential component of a concurrent system. Thereby, different components of the system are permitted to interfere with each other. The preemption abstraction yields a sequential abstract system that can easily be described in the higher-order logic of a theorem prover. One can therefore avoid the cumbersome and costly reasoning about all possible interleavings of state changes of each system component. The preemption abstraction is best suited for components that use preemption points, that is, where the concurrently running environment can only interfere at a limited number of points. The preemption abstraction has been used to model the IPC subsystem of the Fiasco microkernel. We proved two practically relevant properties of the model. On the attempt to prove a third property, namely that the assertions in the code are always valid, we discovered a bug that could potentially crash the whole system.