Ingredients of Operating System Correctness Lessons Learned in the Formal Verification of PikeOS
نویسندگان
چکیده
In the context of the Verisoft XT project functional correctness of the microkernel of PikeOS from SYSGO AG is shown at the source code level using the VCC verification tool, developed by Microsoft Research. In this paper we outline a simulation theorem between a top-level abstract model and the system consisting of the kernel and user programs running in alternation on the real machine. Based on an example of a typical code trace through the kernel, we identify the correctness properties of all components in the trace that are needed for the overall correctness proof of the microkernel.
منابع مشابه
Formal Verification of a Microkernel Used in Dependable Software Systems
In recent years, deductive program verification has improved to a degree that makes it feasible for real-world programs. Following this observation, the main goal of the Verisoft XT project is (a) the creation of methods and tools which allow for the pervasive formal verification of integrated computer systems, and (b) the prototypical realization of four concrete, industrial application tasks....
متن کاملBetter Avionics Software Reliability by Code Verification? A Glance at Code Verification Methodology in the Verisoft XT Project
Software reliability is a core requirement for safetyand security-critical systems. In the area of avionics, for example, the DO-178B standard requires extensive validation, such as software reviews, requirement engineering, coverage analysis, and careful design of test cases. In a broader context, EAL7 (of the Common Criteria framework) also demands “formally verified, designed, and tested” sy...
متن کاملLocal Verification of Global Invariants in Concurrent Programs
We describe a practical method for reasoning about realistic concurrent programs. Our method allows global two-state invariants that restrict update of shared state. We provide simple, sufficient conditions for checking those global invariants modularly. The method has been implemented in VCC, an automatic, sound, modular verifier for concurrent C programs. VCC has been used to verify functiona...
متن کاملMicrokernel Verification Down To Assembly Extending the seL4 verification
When constructing systems with high assurance requirements, it is desirable to build on a formally verified trusted computing base, such as the seL4 microkernel [4]. The verification of seL4 guarantees correctness down to the kernel’s C implementation and relies on the correctness of the C compiler used. CompCert, a verified C compiler [2, 5], has the potential to extend these guarantees to the...
متن کاملTowards the Pervasive Verification of Automotive Systems
The tutorial reviews recent results from the Verisoft project [1]. We present a uniform mathematical theory, in which we can formulate pervasive correctness proofs for very large portions of automotive computer systems. The basic ingredients of this theory are (i) correctness of processors with memory mamagement units and external interrupts [2], (ii) correctness of a compiler for (a subset of)...
متن کامل