skip to main content
research-article
Public Access

Formal Verification of a Timing Enforcer Implementation

Published:27 September 2017Publication History
Skip Abstract Section

Abstract

A timing enforcer is a scheduler that not only allocates CPU cycles to threads, but also uses timers to enforce time budgets. An approach for verifying safety properties of timing enforcers at the source code level is presented. We assume that the enforcer is implemented as a set of “enforcer” functions that are executed atomically on critical system-level events, such as the arrival and departure of jobs, and triggering of timers. The key idea is to express the safety property as an invariant, and prove that it is inductive across all the enforcer functions. A formal semantics of timing enforcers is presented, including the semantics of functions used to read the system clock and set timers. Using this semantics, the verification approach is presented, and its soundness proved. Further, the approach also takes into consideration the periodicity of tasks. It is validated by proving the correctness of the enforcement of CPU cycle budgets for tasks by the Zero-Slack Rate Monotonic (zsrm) scheduler, which is implemented in C as a Linux kernel module. The inductiveness of the necessary zsrm invariants is proved by expressing them as function contracts using the acsl specification language, and verifying the contracts using the frama-c tool.

References

  1. Martín Abadi and Leslie Lamport. 1994. An old-fashioned recipe for real-time. ACM Transactions on Programming Languages and System (TOPLAS) 16, 5 (September 1994), 1543--1571. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Yasmina Abdeddaïm, Eugene Asarin, and Oded Maler. 2006. Scheduling with timed automata. Theoretical Computer Science (TCS) 354, 2 (March 2006), 272--300. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. ACSL website. {n.d.}. ({n.d.}). http://frama-c.com/acsl.html.Google ScholarGoogle Scholar
  4. Bernard Blackham, Yao Shi, Sudipta Chattopadhyay, Abhik Roychoudhury, and Gernot Heiser. 2011. Timing analysis of a protected operating system kernel. In Proceedings of the 32nd Real-Time Systems Symposium (RTSS’11). IEEE Computer Society, Vienna, Austria, 339--348. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Antoine Blin, Cédric Courtaud, Julien Sopena, Julia L. Lawall, and Gilles Muller. 2016. Maximizing parallelism without exploding deadlines in a mixed criticality embedded system. In Proceedings of the 28th Euromicro Conference on Real-Time Systems (ECRTS’16). IEEE Computer Society, Toulouse, France, 109--119.Google ScholarGoogle ScholarCross RefCross Ref
  6. Alan Burns and Robert I. Davis. 2015. Mixed Criticality Systems - A Review. (2015). http://www-users.cs.york.ac.uk/burns/review.pdf.Google ScholarGoogle Scholar
  7. Sagar Chaki and Dionisio de Niz. 2016. Contract-based verification of timing enforcers. In Proc. of HILT.Google ScholarGoogle Scholar
  8. Ernie Cohen, Markus Dahlweid, Mark A. Hillebrand, Dirk Leinenbach, Michal Moskal, Thomas Santen, Wolfram Schulte, and Stephan Tobies. 2009. VCC: A practical system for verifying concurrent C. In Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics (TPHOLs’09) (Lecture Notes in Computer Science), Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.), Vol. 5674. Springer-Verlag, Munich, Germany, 23--42. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08) (Lecture Notes in Computer Science), C. R. Ramakrishnan and Jakob Rehof (Eds.), Vol. 4963. Springer-Verlag, Budapest, Hungary, 337--340. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Dionisio de Niz, Karthik Lakshmanan, and Ragunathan Rajkumar. 2009. On the scheduling of mixed-criticality real-time task sets. In Proceedings of the 30th Real-Time Systems Symposium (RTSS’09). IEEE Computer Society, Washington, DC, USA, 291--300. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Dionisio de Niz and Linh T. X. Phan. 2014. Partitioned scheduling of multi-modal mixed-criticality real-time systems on multiprocessor platforms. In Proceedings of the 20th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’14). IEEE Computer Society, Berlin, Germany, 111--122.Google ScholarGoogle Scholar
  12. Frama-C website. {n.d.}. ({n.d.}). http://frama-c.com.Google ScholarGoogle Scholar
  13. Jonathan L. Herman, Christopher J. Kenna, Malcolm S. Mollison, James H. Anderson, and Daniel M. Johnson. 2012. RTOS support for multicore mixed-criticality systems. In Proceedings of the 18th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’12). IEEE Computer Society, Beijing, China, 197--208. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Computing Surveys (CSUR) 41, 4 (2009). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP’09). Association for Computing Machinery, Big Sky, Montana, 207--220. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Angeliki Kritikakou, Claire Pagetti, Olivier Baldellon, Matthieu Roy, and Christine Rochange. 2014. Run-time control to increase task parallelism in mixed-critical systems. In Proceedings of the 26th Euromicro Conference on Real-Time Systems (ECRTS’14). IEEE Computer Society, Madrid, Spain, 119--128. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. John P. Lehoczky, Lui Sha, and Jay K. Strosnider. 1987. Enhanced aperiodic responsiveness in hard real-time environments. In Proceedings of the 8th Real-Time Systems Symposium (RTSS’87). IEEE Computer Society, San Jose, CA, USA, 261--270.Google ScholarGoogle Scholar
  18. Clifford W. Mercer, Stefan Savage, and Hideyuki Tokuda. 1994. Processor capacity reserves: Operating system support for multimedia applications. In Proceedings of the International Conference on Multimedia Computing and Systems (ICMCS’94). IEEE Computer Society, Boston, Massachusetts, USA, 90--99.Google ScholarGoogle ScholarCross RefCross Ref
  19. Shuichi Oikawa and Ragunathan Rajkumar. 1999. Portable RK: A portable resource kernel for guaranteed and enforced timing behavior. In Proceedings of the 5th IEEE Real-Time Technology and Applications Symposium (RTAS’99). IEEE Computer Society, Vancouver, British Columbia, Canada, 111--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Louchka Popova-Zeugmann. 2013. Time and Petri Nets. Springer-Verlag. Google ScholarGoogle Scholar
  21. Slawomir Samolej. 2011. ARINC specification 653 based real-time software engineering. e-Informatica 5, 1 (2011), 39--49.Google ScholarGoogle Scholar
  22. Thomas Sewell, Felix Kam, and Gernot Heiser. 2016. Complete, high-assurance determination of loop bounds and infeasible paths for WCET analysis. In Proceedings of the 22nd IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’16). IEEE Computer Society, Vienna, Austria, 185--195.Google ScholarGoogle ScholarCross RefCross Ref
  23. Lui Sha, John P. Lehoczky, and Ragunathan Rajkumar. 1986. Solutions for some practical problems in prioritized preemptive scheduling. In Proceedings of the 7th Real-Time Systems Symposium (RTSS’86). IEEE Computer Society, New Orleans, Louisiana, USA, 181--191.Google ScholarGoogle Scholar
  24. Brinkley Sprunt, Lui Sha, and John P. Lehoczky. 1989. Aperiodic task scheduling for hard real-time systems. Real-Time Systems (RTS) 1, 1 (1989), 27--60.Google ScholarGoogle ScholarCross RefCross Ref
  25. Jay K. Strosnider, John P. Lehoczky, and Lui Sha. 1995. The deferrable server algorithm for enhanced aperiodic responsiveness in hard real-time environments. IEEE Transactions on Computers (TC) 44, 1 (January 1995), 73--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Julian Tschannen, Carlo A. Furia, Martin Nordio, and Nadia Polikarpova. 2015. AutoProof: Auto-active functional verification of object-oriented programs. In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’15) (Lecture Notes in Computer Science), Christel Baier and Cesare Tinelli (Eds.), Vol. 9035. Springer-Verlag, London, UK, 566--580. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Steve Vestal. 2007. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In Proceedings of the 28th Real-Time Systems Symposium (RTSS’07). IEEE Computer Society, Tucson, Arizona, USA, 239--243. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Formal Verification of a Timing Enforcer Implementation

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!