Verification of Real Time Operating System Exception Management Based on SPARCv8

Abstract: Exception management, as the lowest level function module of the operating system, is responsible for making abrupt changes in the control flow to react to exception events in the system. The correctness of the exception management is crucial to guaranteeing the safety of the whole system. However, existing formal verification projects have not fully considered the issues of exceptions at the assembly level. Especially for real-time operating systems, in addition to basic exception handling, there are nested e… Show more

“…As a function module, exception management is generally implemented in assembly language and is in charge of implementing unexpected modifications in the control flow to respond to exceptional events. Unfortunately, to facilitate formal models, the current verification initiatives either neglect to simulate how exceptions are handled or employ methodologies according to the abstraction layer to certify the accuracy of exception management [35]. seL4 implements an event-driven model, where exceptions are delivered to a central handler and processed according to a set of predefined rules.…”

“…Year Verified property Approach Formal language Tool verification effort (LoC) iDola [38] 2014 Exception management Refinement iDola Tsmart-Edola ~20 k RPC stub [44] 2015 Automating capabilities Theorem Proving Isabelle/HOL AutoCorres N/A mCertiKOS [39] 2016 Exception management Refinement Coq CompCert 3 k Gao et al [33] 2021 MILS scheduling Theorem Proving Coq Clightgen ~0.5 k EMS [35] 2021 Exception management Theorem Proving Coq N/A 15 k I/O-SM [40] 2021 I/O separation Refinement Coq Dafny 28,518 HAMR [50] 2021 Application development Refinement HOL AADL 40 k…”

Is Formal Verification of seL4 Adequate to Address the Key Security Challenges of Kernel Design?

“…As a function module, exception management is generally implemented in assembly language and is in charge of implementing unexpected modifications in the control flow to respond to exceptional events. Unfortunately, to facilitate formal models, the current verification initiatives either neglect to simulate how exceptions are handled or employ methodologies according to the abstraction layer to certify the accuracy of exception management [35]. seL4 implements an event-driven model, where exceptions are delivered to a central handler and processed according to a set of predefined rules.…”

“…Year Verified property Approach Formal language Tool verification effort (LoC) iDola [38] 2014 Exception management Refinement iDola Tsmart-Edola ~20 k RPC stub [44] 2015 Automating capabilities Theorem Proving Isabelle/HOL AutoCorres N/A mCertiKOS [39] 2016 Exception management Refinement Coq CompCert 3 k Gao et al [33] 2021 MILS scheduling Theorem Proving Coq Clightgen ~0.5 k EMS [35] 2021 Exception management Theorem Proving Coq N/A 15 k I/O-SM [40] 2021 I/O separation Refinement Coq Dafny 28,518 HAMR [50] 2021 Application development Refinement HOL AADL 40 k…”

Is Formal Verification of seL4 Adequate to Address the Key Security Challenges of Kernel Design?

An efficient schedulability analysis based on worst-case interference time for real-time systems

A heuristic mixed real-time task allocation of virtual utilization in multi-core processor