On the formal verification of component-based embedded operating systems

The increasing complexity of embedded systems is pushing their design to System-Level, thus leading to a convergence between software and hardware. Consequently, operating systems in this realm are also being required to deliver their services both as software and as hardware. In such a scenario, it is desirable to verify system properties regardless of whether its components are instantiated at software or hardware. In this paper, we describe an approach to formally verify functional correctness and safety properties of such system-level component. The approach is illustrated by a case study of EPOS' scheduler, whose implementation can be driven to yield both a software instance compiled by the GCC C++ compiler or a hardware instance synthesized by the CatapultC ESL tool. We demonstrate that the scheduler follows its specification regardless of the domain for which it is instantiated. We also demonstrate that the proposed approach causes no run-time overhead, since the adopted Software Model Checking techniques are deployed at compile-time.

[1]  Christian Haubelt,et al.  Electronic System-Level Synthesis Methodologies , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[2]  Hongseok Yang,et al.  Modular verification of preemptive OS kernels , 2011, Journal of Functional Programming.

[3]  Daniel Kroening,et al.  Scoot: A Tool for the Analysis of SystemC Models , 2008, TACAS.

[4]  Masahiro Fujita,et al.  Verification Techniques for System-Level Design , 2007, The Morgan Kaufmann series in systems on silicon.

[5]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[6]  Norbert Schirmer,et al.  Verification of sequential imperative programs in Isabelle-HOL , 2006 .

[7]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[8]  Antônio Augusto Fröhlich,et al.  High-level design and synthesis of a resource scheduler , 2011, 2011 18th IEEE International Conference on Electronics, Circuits, and Systems.

[9]  Wolfgang Schröder-Preikschat,et al.  Implementing OS components in hardware using AOP , 2012, OPSR.

[10]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[11]  Marco Roveri,et al.  Kratos - A Software Model Checker for SystemC , 2011, CAV.

[12]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[13]  Wolfram Schulte,et al.  Local Verification of Global Invariants in Concurrent Programs , 2010, CAV.

[14]  Antônio Augusto Fröhlich,et al.  On the Design of Flexible Real-Time Schedulers for Embedded Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[15]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[16]  Antônio Augusto Fröhlich,et al.  Application oriented operating systems , 2001 .

[17]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[18]  Wolfgang Schröder-Preikschat,et al.  Scenario Adapters: Efficiently Adapting Components∗ , 2002 .

[19]  Daniel Kroening,et al.  Verification of SpecC using predicate abstraction , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..