Advertisement

Refinement-Based Verification of the FreeRTOS Scheduler in VCC

  • Sumesh Divakaran
  • Deepak D’Souza
  • Anirudh Kushwah
  • Prahladavaradan Sampath
  • Nigamanth Sridhar
  • Jim WoodcockEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9407)

Abstract

We describe our experience with verifying the scheduler-related functionality of FreeRTOS, a popular open-source embedded real-time operating system. We propose a methodology for carrying out refinement-based proofs of functional correctness of abstract data types in the popular code-level verifier VCC. We then apply this methodology to carry out a full machine-checked proof of the functional correctness of the FreeRTOS scheduler. We describe the bugs found during this exercise, the fixes made, and the effort involved.

Keywords

Priority Queue Refinement Condition Functional Correctness Client Program Abstract Data Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Softw. Tools Technol. Transf. 12(6), 447–466 (2010)CrossRefGoogle Scholar
  2. 2.
    Abrial, J.R., Schuman, S.A., Meyer, B.: Specification language. In: McKeag, R.M., Macnaughlen, A.M. (eds.) On the Construction of Programs, pp. 343–410. Cambridge University Press, Cambridge (1980)Google Scholar
  3. 3.
    Alkassar, E., Hillebrand, M.A., Paul, W., Petrova, E.: Automated verification of a small hypervisor. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds.) VSTTE 2010. LNCS, vol. 6217, pp. 40–54. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  4. 4.
    Barry, R.: Using the FreeRTOS Real Time Kernel - A Practical Guide (2010)Google Scholar
  5. 5.
    Barry, R.: Personal communication by email (2013)Google Scholar
  6. 6.
    Baumann, C., Beckert, B., Blasum, H., Bormer, T.: Lessons learned from microkernel verification - specification is the new bottleneck. In: SSV, pp. 18–32 (2012)Google Scholar
  7. 7.
    Beckert, B., Moskal, M.: Deductive verification of system software in the verisoft XT project. KI 24(1), 57–61 (2010)Google Scholar
  8. 8.
    Bjørner, D., Jones, C.B. (eds.): The Vienna Development Method: The Meta-Language. LNCS, vol. 61. Springer, Berlin (1978) zbMATHGoogle Scholar
  9. 9.
    Cohen, E.: Data abstraction in VCC. In: Broy, M., Peled, D., Kalus, G. (eds.) Engineering Dependable Software Systems, NATO Science for Peace and Security Series - D: Information and Communication Security, vol. 34, pp. 79–114. IOS Press, Amsterdam (2013)Google Scholar
  10. 10.
    Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    Divakaran, S., D’Souza, D., Sampath, P., Sridhar, N., Woodcock, J.: A theory of refinement for ADTs with functional interfaces. Technical report TR-2015-4, Department of Computer Science and Automation, IISc, Bangalore (2015)Google Scholar
  12. 12.
    Divakaran, S., D’Souza, D., Sridhar, N.: Efficient refinement checking in VCC. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 21–36. Springer, Heidelberg (2014) Google Scholar
  13. 13.
    Ferreira, J.F., Gherghina, C., He, G., Qin, S., Chin, W.: Automated verification of the FreeRTOS scheduler in Hip/Sleek. STTT 16(4), 381–397 (2014)CrossRefGoogle Scholar
  14. 14.
    The FreeRTOS Project. www.freertos.org (Accessed on 10 April 2012)
  15. 15.
    Gotsman, A., Yang, H.: Modular verification of preemptive OS kernels. In: Proceeding of the 16th ACM SIGPLAN International Conference on Functional Programming, ICFP 2011, pp. 404–417 (2011)Google Scholar
  16. 16.
    He, J., Hoare, C.A.R., Sanders, J.W.: Data refinement refined. In: Robinet, B., Wilhelm, R. (eds.) ESOP 1986. LNCS, vol. 213, pp. 187–196. Springer, Heidelberg (1986)Google Scholar
  17. 17.
    Heitmeyer, C.L., Archer, M., Leonard, E.I., McLean, J.D.: Formal specification and verification of data separation in a separation kernel for an embedded system. In: 13th ACM Computer and Communications Security (CCS), pp. 346–355 (2006)Google Scholar
  18. 18.
    Hoare, C.A.R., Hayes, I.J., He, J., Morgan, C.C., Sanders, J.W., Sorensen, I.H., Spivey, J.M., Sufrin, B.A.: Data Refinement Refined (DRAFT). Technical report, Oxford University Computing Laboratory, Oxford, UK, May 1985Google Scholar
  19. 19.
    Hoare, C., Misra, J., Leavens, G.T., Shankar, N.: The verified software initiative: a manifesto. ACM Comput. Surv. 41(4), 22:1–22:8 (2009)Google Scholar
  20. 20.
    Jones, C.B.: Systematic Software Development Using VDM. Prentice Hall International Series in Computer Science. Prentice Hall, Upper Saddle River (1986)zbMATHGoogle Scholar
  21. 21.
    Klein, G.: Operating system verification – an overview. Sādhanā 34(1), 27–69 (2009)MathSciNetzbMATHGoogle Scholar
  22. 22.
    Klein, G., Andronick, J., Elphinstone, K., Murray, T.C., Sewell, T., Kolanski, R., Heiser, G.: Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst. 32(1), 2 (2014)CrossRefGoogle Scholar
  23. 23.
    Klein, G., Elphinstone, K., Heiser, G., et al.: sel4: formal verification of an OS kernel. In: Matthews, J.N., Anderson, T.E. (eds.) SOSP, pp. 207–220. ACM (2009)Google Scholar
  24. 24.
    Leinenbach, D., Santen, T.: Verifying the microsoft hyper-V hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  25. 25.
    Miné, A.: Static analysis of run-time errors in embedded critical parallel C programs. In: Barthe, G. (ed.) ESOP 2011. LNCS, vol. 6602, pp. 398–418. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  26. 26.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL - A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002) zbMATHGoogle Scholar
  27. 27.
    Owre, S., Rushby, J.M., Shankar, N.: PVS: a prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS(LNAI), vol. 607, pp. 748–752. Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Penninckx, W., Mühlberg, J.T., Smans, J., Jacobs, B., Piessens, F.: Sound formal verification of Linux’s USB BP keyboard driver. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 210–215. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  29. 29.
    Saaltink, M.: The Z/EVES system. In: Till, D., Bowen, J.P., Hinchey, M.G. (eds.) ZUM 1997. LNCS, vol. 1212, pp. 72–85. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  30. 30.
    Schwarz, M.D., Seidl, H., Vojdani, V., Lammich, P., Müller-Olm, M.: Static analysis of interrupt-driven programs synchronized via the priority ceiling protocol. In: POPL 2011, pp. 93–104. ACM (2011)Google Scholar
  31. 31.
    Sewell, T.A.L., Myreen, M.O., Klein, G.: Translation validation for a verified OS kernel. In: Boehm, H., Flanagan, C. (eds.) ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013, 16–19 June 2013, Seattle, WA, USA, pp. 471–482. ACM (2013)Google Scholar
  32. 32.
    Woodcock, J., Davies, J.: Using Z: Specification, Refinement, and Proof. Prentice-Hall, Upper Saddle River (1996)zbMATHGoogle Scholar
  33. 33.
    Verisoft XT Project (2010). http://www.verisoftxt.de/

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Sumesh Divakaran
    • 1
    • 2
  • Deepak D’Souza
    • 1
  • Anirudh Kushwah
    • 1
  • Prahladavaradan Sampath
    • 3
  • Nigamanth Sridhar
    • 4
  • Jim Woodcock
    • 5
    Email author
  1. 1.Indian Institute of ScienceBangaloreIndia
  2. 2.Government Engineering CollegeIdukkiIndia
  3. 3.MathWorks IndiaBangaloreIndia
  4. 4.Cleveland State UniversityClevelandUSA
  5. 5.University of YorkYorkUK

Personalised recommendations