Automated verification of the FreeRTOS scheduler in Hip/Sleek

  • João F. Ferreira
  • Cristian Gherghina
  • Guanhua He
  • Shengchao Qin
  • Wei-Ngan Chin
Tase 12


Automated verification of operating system kernels is a challenging problem, partly due to the use of shared mutable data structures. In this paper, we show how we can automatically verify memory safety and functional correctness properties of the task scheduler component of the FreeRTOS kernel using the verification system Hip/Sleek. We show how some of Hip/Sleek features such as user-defined predicates and lemmas make the specifications highly expressive and the verification process viable. To the best of our knowledge, this is the first code-level verification of memory safety and functional correctness properties of the FreeRTOS scheduler. The outcome of our experiment confirms that Hip/Sleek can indeed be used to verify code that is used in production. Moreover, since the properties that we verify are quite general, we envisage that the same approach can be adopted to verify components of other operating systems.


FreeRTOS Separation logic Automated verification  Operating systems Embedded systems Task scheduler  HIP/SLEEK 


  1. 1.
    The SafeRTOS™ project website. Accessed 11 Mar 2014
  2. 2.
    Hoare, T.: The verifying compiler: a grand challenge for computing research. J. ACM 50, 63–69 (2003)Google Scholar
  3. 3.
    Jones, C., O’Hearn, P., Woodcock, J.: Verified software: a grand challenge. Computer 39, 93–95 (2006)Google Scholar
  4. 4.
    The FreeRTOS™ project website. Accessed 11 Mar 2014
  5. 5.
    Woodcock, J.: Grand challenge in software verification. In: SBMF (2008)Google Scholar
  6. 6.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL (1999)Google Scholar
  7. 7.
    Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: LICS (2002)Google Scholar
  8. 8.
    Chin, W.N., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Computer Progr. 77, 1006–1036 (2012)CrossRefzbMATHGoogle Scholar
  9. 9.
    Nguyen, H.H., David, C., Qin, S., Chin, W.N.: Automated verification of shape and size properties via separation logic. In: VMCAI (2007)Google Scholar
  10. 10.
    Klarlund, N., Møller, A.: MONA version 1.4 user manual (2001)Google Scholar
  11. 11.
    Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. J. ACM 58(6), 26 (2011)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: TACAS, pp. 287–302 (2006)Google Scholar
  13. 13.
    Chin, W.N., Gherghina, C., Voicu, R., Le, Q.L., Craciun, F., Qin, S.: A specialization calculus for pruning disjunctive predicates to support verification. In: CAV (2011)Google Scholar
  14. 14.
    Klein, G.: Operating system verification—an overview. Sadhana 34, 27–69 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: PLDI (2003)Google Scholar
  16. 16.
    Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: EuroSys (2006)Google Scholar
  17. 17.
    Henzinger, T.A., Jhala, R., Majumdar, R., McMillan, K.L.: Abstractions from proofs. In: POPL (2004)Google Scholar
  18. 18.
    Sputh, B.H.C., Faust, O., Verhulst, E., Mezhuyev, V.: Opencomrtos: a runtime environment for interacting entities. In: CPA (2009)Google Scholar
  19. 19.
    Baumann, C., Beckert, B., Blasum, H., Bormer, T.: Formal verification of a microkernel used in dependable software systems. In: SAFECOMP (2009)Google Scholar
  20. 20.
    Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: sel4: formal verification of an os kernel. In: SOSP (2009)Google Scholar
  21. 21.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic, LNCS, vol. 2283. Springer, London (2002)Google Scholar
  22. 22.
    Berdine, J., Calcagno, C., O’Hearn, P.W.: Smallfoot: Modular automatic assertion checking with separation logic. In: FMCO (2005) Google Scholar
  23. 23.
    Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W.: Scalable shape analysis for systems code. In: CAV (2008)Google Scholar
  24. 24.
    Magill, S., Tsai, M.H., Lee, P., Tsay, Y.K.: Thor: A tool for reasoning about shape and arithmetic. In: CAV (2008)Google Scholar
  25. 25.
    Mühlberg, J.T., Leo, F.: Verifying FreeRTOS: from requirements to binary code. In: AVoCS (2011)Google Scholar
  26. 26.
    Jacobs, B., Smans, J., Piessens, F.: A quick tour of the verifast program verifier. In: APLAS (2010)Google Scholar
  27. 27.
    Cook, B., Koskinen, E., Vardi, M.Y.: Temporal property verification as a program analysis task. In: CAV (2011)Google Scholar
  28. 28.
    Qin, S., He, G., Luo, C., Chin, W.N.: Loop invariant synthesis in a combined domain. In: ICFEM (2010)Google Scholar
  29. 29.
    Qin, S., He, G., Luo, C., Chin, W.N., Chen, X.: Loop invariant synthesis in a combined abstract domain. J. Symb. Comput. 50(0), 386–408 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  30. 30.
    Qin, S., Luo, C., Chin, W.N., He, G.: Automatically refining partial specifications for program verification. In: FM (2011)Google Scholar
  31. 31.
    Qin, S., He, G., Luo, C., Chin, W.N., Yang, H.: Automatically refining partial specifications for heap-manipulating programs. Sci. Comput Program 82, 56–76 (2014)Google Scholar
  32. 32.
    Sharma, A., Hobor, A., Chin, W.N.: Specifying compatible sharing in data structures. In preparation (2013)Google Scholar
  33. 33.
    Lee, O., Yang, H., Petersen, R.: Program analysis for overlaid data structures. In: CAV (2011)Google Scholar
  34. 34.
    Lee, O., Yang, H., Petersen, R.: A divide-and-conquer approach for analysing overlaid data structures. Formal Methods Syst. Design 41(1), 4–24 (2012)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • João F. Ferreira
    • 1
    • 2
  • Cristian Gherghina
    • 3
  • Guanhua He
    • 1
  • Shengchao Qin
    • 1
    • 4
  • Wei-Ngan Chin
    • 5
  1. 1.School of ComputingTeesside UniversityMiddlesbroughUK
  2. 2.HASLab/INESC TECUniversidade do MinhoBragaPortugal
  3. 3.Singapore University of Technology and DesignSingaporeSingapore
  4. 4.Shenzhen UniversityShenzhenChina
  5. 5.National University of SingaporeSingaporeSingapore

Personalised recommendations