“…There are many formalizations of memory models in the literature, e.g., [10,14,15,19,21], where some of them only create an abstract specification of the services for memory allocation and release [10,15,21]. 2Formal verification of OS memory management has been studied in CertiKOS [11,20], seL4 [12,13], Verisoft [3], and in the hypervisors from [4,5], where only the works in [4,11] consider concurrency. Comparing to buddy memory allocation, the data structures and algorithms verified in [11] are relatively simpler, without block split/coalescence and multiple levels of free lists and bitmaps.…”