Proving Determinacy of the PharOS Real-Time Operating System
@inproceedings{Azaiez2016ProvingDO, title={Proving Determinacy of the PharOS Real-Time Operating System}, author={Selma Azaiez and Damien Doligez and Matthieu Lemerre and Tomer Libal and Stephan Merz}, booktitle={International Conference on Abstract State Machines, Alloy, B, TLA, VDM, and Z}, year={2016} }
Executions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA+ and formally state and…
6 Citations
EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems
- Computer ScienceSci. Comput. Program.
- 2017
A Review of the Scopes and Challenges of the Modern Real-Time Operating Systems
- Computer ScienceInt. J. Embed. Real Time Commun. Syst.
- 2018
The existing design challenges and scope of the modern RTOSs are investigated and a comparative study with their prospects has been explained so that interested readers can use the article as a readily available starting point for their further studies on this topic.
Encoding TLA+ into unsorted and many-sorted first-order logic
- Computer ScienceSci. Comput. Program.
- 2018
Verifying Hyperproperties With TLA
- Computer Science2021 IEEE 34th Computer Security Foundations Symposium (CSF)
- 2021
This work uses self–composition to handle a larger class of Hyperproperties that includes those the authors have seen that express security conditions, and describes systems and their properties in the temporal logic TLA.
Compl´etude du ZX-Calcul
- 2022
Les syst`emes logiciels ´evoluent et s’ex´ecutent dans un environnement ou contexte. Raisonner sur la correction de leur comportement repose sur une relation ternaire entre les mod`eles de besoins,…
References
SHOWING 1-10 OF 18 REFERENCES
The OASIS Kernel: A Framework for High Dependability Real-Time Systems
- Computer Science2011 IEEE 13th International Symposium on High-Assurance Systems Engineering
- 2011
This paper shows how, from a formalism, and a Domain Specific Language, to build a generic execution layer that conforms to the highest levels of safety, how the safety is implemented thank to the interaction between the kernel and the compilation tools, and how performance was optimized within these constraints.
A Model of Parallel Deterministic Real-Time Computation
- Computer Science2012 IEEE 33rd Real-Time Systems Symposium
- 2012
This paper presents a model of computation based on real-time constraints and asynchronous message passing, and proves a sufficient and necessary condition for this model to be deterministic. The…
Modular formal analysis of the central guardian in the Time-Triggered Architecture
- Computer ScienceReliab. Eng. Syst. Saf.
- 2004
An Overview of Formal Verification for the Time-Triggered Architecture
- Computer ScienceFTRTFT
- 2002
Formal verification of some of the key algorithms in the Time-Triggered Architecture for real-time safety-critical control applications and the larger challenges posed by formal verification of the interaction of the constituent algorithms and of their emergent properties are described.
Method and Tools for Mixed-Criticality Real-Time Applications within PharOS
- Computer Science2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops
- 2011
Some principles and mechanisms to securely operate mixed-criticality real-time systems on embedded platforms and an analysis of their impact on the global system safety, in particular on the determinism property of the PharOS model are provided.
Model Checking TLA+ Specifications
- Computer ScienceCHARME
- 1999
TLC is a new model checker for debugging a TLA+ specification by checking invariance properties of a finite-state model of the specification.
A method and a technique to model and ensure timeliness in safety critical real-time systems
- Computer ScienceProceedings. Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.98EX193)
- 1998
A method and its associated technique to model both real-time tasks and the timeliness ensuring concern when tasks are executed in parallel and how this work can be applied to the multiprocessor case is introduced.
TLA + Proofs
- Computer ScienceFM
- 2012
This work uses Peterson’s mutual exclusion algorithm as a simple example to describe the features of TLAPS and shows how it and the Toolbox help users to manage large, complex proofs.
The time-triggered architecture
- Computer ScienceProceedings First International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC '98)
- 1998
An overview of the Time-Triggered Architecture is given, the architectural principles are discussed, the sensor/actuator interfaces in the TTA are described, the implementation of fault-tolerance is informed and the provision of fully specified interfaces between subsystems is described.
Byzantizing Paxos by Refinement
- Computer ScienceDISC
- 2011
A formal, machine-checked proof that the Byzantized algorithm implements the ordinary Paxos consensus algorithm under a suitable refinement mapping is written.