Proving Determinacy of the PharOS Real-Time Operating System

  title={Proving Determinacy of the PharOS Real-Time Operating System},
  author={Selma Azaiez and Damien Doligez and Matthieu Lemerre and Tomer Libal and Stephan Merz},
  booktitle={International Conference on Abstract State Machines, Alloy, B, TLA, VDM, and Z},
Executions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA+ and formally state and… 

A Review of the Scopes and Challenges of the Modern Real-Time Operating Systems

The existing design challenges and scope of the modern RTOSs are investigated and a comparative study with their prospects has been explained so that interested readers can use the article as a readily available starting point for their further studies on this topic.

Encoding TLA+ into unsorted and many-sorted first-order logic

Specifying reversibility with TLA+

  • T. Kapus
  • Computer Science
    J. Log. Algebraic Methods Program.
  • 2020

Verifying Hyperproperties With TLA

This work uses self–composition to handle a larger class of Hyperproperties that includes those the authors have seen that express security conditions, and describes systems and their properties in the temporal logic TLA.

Compl´etude du ZX-Calcul

  • 2022
Les syst`emes logiciels ´evoluent et s’ex´ecutent dans un environnement ou contexte. Raisonner sur la correction de leur comportement repose sur une relation ternaire entre les mod`eles de besoins,



The OASIS Kernel: A Framework for High Dependability Real-Time Systems

This paper shows how, from a formalism, and a Domain Specific Language, to build a generic execution layer that conforms to the highest levels of safety, how the safety is implemented thank to the interaction between the kernel and the compilation tools, and how performance was optimized within these constraints.

A Model of Parallel Deterministic Real-Time Computation

This paper presents a model of computation based on real-time constraints and asynchronous message passing, and proves a sufficient and necessary condition for this model to be deterministic. The

Modular formal analysis of the central guardian in the Time-Triggered Architecture

An Overview of Formal Verification for the Time-Triggered Architecture

Formal verification of some of the key algorithms in the Time-Triggered Architecture for real-time safety-critical control applications and the larger challenges posed by formal verification of the interaction of the constituent algorithms and of their emergent properties are described.

Method and Tools for Mixed-Criticality Real-Time Applications within PharOS

Some principles and mechanisms to securely operate mixed-criticality real-time systems on embedded platforms and an analysis of their impact on the global system safety, in particular on the determinism property of the PharOS model are provided.

Model Checking TLA+ Specifications

TLC is a new model checker for debugging a TLA+ specification by checking invariance properties of a finite-state model of the specification.

A method and a technique to model and ensure timeliness in safety critical real-time systems

  • Christophe AussaguèsV. David
  • Computer Science
    Proceedings. Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.98EX193)
  • 1998
A method and its associated technique to model both real-time tasks and the timeliness ensuring concern when tasks are executed in parallel and how this work can be applied to the multiprocessor case is introduced.

TLA + Proofs

This work uses Peterson’s mutual exclusion algorithm as a simple example to describe the features of TLAPS and shows how it and the Toolbox help users to manage large, complex proofs.

The time-triggered architecture

  • H. Kopetz
  • Computer Science
    Proceedings First International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC '98)
  • 1998
An overview of the Time-Triggered Architecture is given, the architectural principles are discussed, the sensor/actuator interfaces in the TTA are described, the implementation of fault-tolerance is informed and the provision of fully specified interfaces between subsystems is described.

Byzantizing Paxos by Refinement

A formal, machine-checked proof that the Byzantized algorithm implements the ordinary Paxos consensus algorithm under a suitable refinement mapping is written.