Virtual timeline: a formal abstraction for verifying preemptive schedulers with temporal isolation

Liu, Mengqi; Rieg, Lionel; Shao, Zhong; Gu, Ronghui; Costanzo, David; Kim, Jung-Eun; Yoon, Man-Ki

doi:10.1145/3371088

Cited by 9 publications

(3 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The initial sequential CertiKOS kernel [Gu et al 2015] was decomposed into 37 certified layers consisting of C and assembly modules such as physical and virtual memory managers, context-switch libraries, thread and process managers, virtual machine managers, and page fault and trap handlers. Later versions of CertiKOS Gu et al , 2018Liu et al 2019] showed how to extend certified layers to support multicore and multithreaded concurrency, fine-grained locking, device drivers, and real-time scheduling; they have also been extended to verify not only the total functional correctness but also information-flow security properties Liu et al 2019].…”

Section: Certified Abstraction Layersmentioning

confidence: 99%

Layered and object-based game semantics

Vale

Melliès

Shao

et al. 2022

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Large-scale software verification relies critically on the use of compositional languages, semantic models, specifications, and verification techniques. Recent work on certified abstraction layers synthesizes game semantics, the refinement calculus, and algebraic effects to enable the composition of heterogeneous components into larger certified systems. However, in existing models of certified abstraction layers, compositionality is restricted by the lack of encapsulation of state. In this paper, we present a novel game model for certified abstraction layers where the semantics of layer interfaces and implementations are defined solely based on their observable behaviors. Our key idea is to leverage Reddy's pioneer work on modeling the semantics of imperative languages not as functions on global states but as objects with their observable behaviors. We show that a layer interface can be modeled as an object type (i.e., a layer signature) plus an object strategy. A layer implementation is then essentially a regular map, in the sense of Reddy, from an object with the underlay signature to that with the overlay signature. A layer implementation is certified when its composition with the underlay object strategy implements the overlay object strategy. We also describe an extension that allows for non-determinism in layer interfaces. After formulating layer implementations as regular maps between object spaces, we move to concurrency and design a notion of concurrent object space, where sequential traces may be identified modulo permutation of independent operations. We show how to express protected shared object concurrency, and a ticket lock implementation, in a simple model based on regular maps between concurrent object spaces.

show abstract

Section: Certified Abstraction Layersmentioning

confidence: 99%

Layered and object-based game semantics

Vale

Melliès

Shao

et al. 2022

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The Yale FLINT Group aimed to develop a novel and practical programming architecture to build large-scale verified system software. The members of the group have made substantial contributions in the field of formal verification, such as presenting a new framework for certified binaries [9], verifying the concurrent OS kernel [10], abstracting preemptive schedulers [11], presenting a language for certified software [12], and verifying distributed systems [13].…”

Section: B the Yale Flint Groupmentioning

confidence: 99%

Verification of Operating Systems for Internet of Things in Smart Cities From the Assembly Perspective Using Isabelle/HOL

2021

View full text Add to dashboard Cite

“…Flint used separation logic to verify the accuracy of memory sharing and data abstraction (Koenig and Shao 2018;Gu et al 2015). Meanwhile, virtual timeline was used to specify and reason for preemptive scheduling, and a novel compositional framework is proposed for reasoning Liu et al (2020). For distributed systems, a system called WormSpace was design and verified to supply an address space of the Write-Once Register Shin et al (2019).…”

Section: Related Workmentioning

confidence: 99%

Formal design and verification of system task in intelligent transportation systems based on micro-kernel architecture

Qian

Jin

Sun

et al. 2021

J Ambient Intell Human Comput

View full text Add to dashboard Cite

The accuracy of design and implementation of an operating system in intelligent transportation systems is difficult to describe and validate because of its complexity. In this paper, we describe an OS in intelligent transportation systems with automaton theory and establish an OS state model. Based on this model, we construct an isomorphic model in Isabelle/HOL, describe the work objects and operational semantics of the system, and verify the system at the assembly level. We use a micro-kernel OS prototype (VSOS) for intelligent transportation systems as an example to illustrate our method and verify the correctness of design and implementation in VSOS with Isabelle/HOL. Verification shows that the proposed method is feasible.

show abstract

Virtual timeline: a formal abstraction for verifying preemptive schedulers with temporal isolation

Cited by 9 publications

References 36 publications

Layered and object-based game semantics

Layered and object-based game semantics

Verification of Operating Systems for Internet of Things in Smart Cities From the Assembly Perspective Using Isabelle/HOL

Formal design and verification of system task in intelligent transportation systems based on micro-kernel architecture

Contact Info

Product

Resources

About