Priority Inheritance Protocol Proved Correct

In real-time systems with threads, resource locking and priority scheduling, one faces the problem of Priority Inversion. This problem can make the behaviour of threads unpredictable and the resulting bugs can be hard to find. The Priority Inheritance Protocol is one solution implemented in many systems for solving this problem, but the correctness of this solution has never been formally verified in a theorem prover. As already pointed out in the literature, the original informal investigation of the Property Inheritance Protocol presents a correctness “proof” for an incorrect algorithm. In this paper we fix the problem of this proof by making all notions precise and implementing a variant of a solution proposed earlier. Our formalisation in Isabelle/HOL uncovers facts not mentioned in the literature, but also shows how to efficiently implement this protocol. Earlier correct implementations were criticised as too inefficient. Our formalisation is based on Paulson’s inductive approach to verifying protocols.

[1]  Giorgio Buttazzo,et al.  Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications , 1997 .

[2]  Markus Wenzel,et al.  Local Theory Specifications in Isabelle/Isar , 2009, TYPES.

[3]  Ragunathan Rajkumar,et al.  Synchronization in Real-Time Systems: A Priority Inheritance Approach , 1991 .

[4]  Alan Burns,et al.  Integrating Priority Inheritance Algorithms in the Real-Time Specification for Java , 2007, 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07).

[5]  Peter B. Galvin,et al.  Operating System Concepts, 4th Ed. , 1993 .

[6]  Seppo J. Ovaska,et al.  Real-Time Systems Design and Analysis: Tools for the Practitioner , 2011 .

[7]  B. Dutertre The Priority Ceiling Protocol : Formalization and Analysis Using PVS , 1999 .

[8]  James H. Anderson,et al.  Scheduling and locking in multiprocessor real-time operating systems , 2011 .

[9]  L. Budin,et al.  Time-constrained programming in Windows NT environment , 1999, ISIE '99. Proceedings of the IEEE International Symposium on Industrial Electronics (Cat. No.99TH8465).

[10]  J. M. Faria Formal development of solutions for real-time operating systems with TLA+/TLC , 2008 .

[11]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[12]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[13]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[14]  Qing Li,et al.  Real-Time Concepts for Embedded Systems , 2003 .

[15]  Xingyuan Zhang,et al.  Liveness Reasoning with Isabelle/HOL , 2009, TPHOLs.

[16]  Butler W. Lampson,et al.  Experience with processes and monitors in Mesa , 1980, CACM.

[17]  John Regehr,et al.  Scheduling tasks with mixed preemption relations for robustness to timing faults , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[18]  Alan Burns,et al.  A survey of hard real-time scheduling for multiprocessor systems , 2011, CSUR.

[19]  Victor Yodaiken,et al.  Against priority inheritance , 2004 .

[20]  Manas Saksena,et al.  Scheduling fixed-priority tasks with preemption threshold , 1999, Proceedings Sixth International Conference on Real-Time Computing Systems and Applications. RTCSA'99 (Cat. No.PR00306).

[21]  Nicolas Halbwachs,et al.  Synchronous Modeling and Validation of Priority Inheritance Schedulers , 2009, FASE.

[22]  Lui Sha,et al.  Priority Inheritance Protocols: An Approach to Real-Time Synchronization , 1990, IEEE Trans. Computers.

[23]  G. E. Reeves,et al.  What Really Happened on Mars , 1998 .

[24]  Uresh K. Vahalia UNIX Internals: The New Frontiers , 1995 .