Proving Determinacy of the PharOS Real-Time Operating System

  • Selma Azaiez
  • Damien Doligez
  • Matthieu Lemerre
  • Tomer Libal
  • Stephan Merz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9675)

Abstract

Executions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA+ and formally state and prove determinacy using the TLA+ Proof System.

References

  1. 1.
    Alur, R., Dill, D.: A theory of timed automata. Theoret. Comput. Sci. 126, 183–235 (1994)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Aussaguès, C., David, V.: A method and a technique to model and ensure timeliness in safety critical real-time systems. In: 4th International Conference Engineering of Complex Computer Systems (ICECCS 1998), Monterey, CA, U.S.A., pp. 2–12. IEEE Computer Society (1998)Google Scholar
  3. 3.
    Azmy, N., Merz, S., Weidenbach, C.: A rigorous correctness proof for pastry. In: Butler, M., Schewe, K.-D., Mashkoor, A., Biro, M. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z (ABZ). LNCS, vol. 9675, pp. 86–101. Springer, Heidelberg (2016)Google Scholar
  4. 4.
    Cousineau, D., Doligez, D., Lamport, L., Merz, S., Ricketts, D., Vanzetto, H.: TLA\(^{+}\) proofs. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 147–154. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Kopetz, H., Bauer, G.: The time-triggered architecture. Proc. IEEE 91(1), 112–126 (2003)CrossRefGoogle Scholar
  6. 6.
    Lamport, L.: Specifying Systems. Addison-Wesley, Boston (2002)MATHGoogle Scholar
  7. 7.
    Lamport, L.: Byzantizing paxos by refinement. In: Peleg, D. (ed.) Distributed Computing. LNCS, vol. 6950, pp. 211–224. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Lemerre, M., David, V., Aussagus, C., Vidal-Naquet, G.: Equivalence between schedule representations: theory and applications. In: Real-Time and Embedded Technology and Applications Symposium, RTAS 2008, pp. 237–247. IEEE, April 2008Google Scholar
  9. 9.
    Lemerre, M., Ohayon, E.: A model of parallel deterministic real-time computation. In : Proceedings of 33rd IEEE Real-Time Systems Symposium (RTSS 2012), San Juan, PR, U.S.A., pp. 273–282. IEEE Computer Society (2012)Google Scholar
  10. 10.
    Lemerre, M., Ohayon, E., Chabrol, D., Jan, M., Jacques, M.-B.: Method and tools for mixed-criticality real-time applications within PharOS. In: 14th IEEE International Symposium Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, Newport Beach, CA, U.S.A., pp. 41–48. IEEE Computer Society (2011)Google Scholar
  11. 11.
    Leuschel, M., Butler, M.J.: ProB: an automated analysis toolset for the B method. Softw. Tools Technol. Transfer 10(2), 185–203 (2008)CrossRefGoogle Scholar
  12. 12.
    Louise, S., Lemerre, M., Aussaguès, C., David, V.: The OASIS kernel: a framework for high dependability real-time systems. In: 13th IEEE International Symposium High-Assurance Systems Engineering (HASE 2011), Boca Raton, FL, U.S.A., pp. 95–103. IEEE Computer Society (2011)Google Scholar
  13. 13.
    Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How amazon web services uses formal methods. CACM 58(4), 66–73 (2015)CrossRefGoogle Scholar
  14. 14.
    Pfeifer, H., von Henke, F.W.: Modular formal analysis of the central guardian in the time-triggered architecture. Reliab. Eng. Syst. Saf. 92(11), 1538–1550 (2007)CrossRefGoogle Scholar
  15. 15.
    Rushby, J.: An overview of formal verification for the time-triggered architecture. In: Damm, W., Olderog, E.-R. (eds.) Formal Techniques in Real-Time and Fault-Tolerant Systems. LNCS, vol. 2469, pp. 83–105. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Yu, Y., Manolios, P., Lamport, L.: Model checking TLA+ specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Selma Azaiez
    • 1
  • Damien Doligez
    • 2
  • Matthieu Lemerre
    • 1
  • Tomer Libal
    • 3
  • Stephan Merz
    • 4
    • 5
  1. 1.CEASaclayFrance
  2. 2.InriaParisFrance
  3. 3.InriaSaclayFrance
  4. 4.InriaVillers-lès-NancyFrance
  5. 5.CNRS, Université de Lorraine, LORIA, UMR 7503Vandoeuvre-lès-NancyFrance

Personalised recommendations