CertiKOS: an extensible architecture for building certified concurrent OS kernels. Complete formal verification of a non-trivial concurrent OS kernel is widely considered a grand challenge. We present a novel compositional approach for building certified concurrent OS kernels. Concurrency allows interleaved execution of kernel/user modules across different layers of abstraction. Each such layer can have a different set of observable events. We insist on formally specifying these layers and their observable events, and then verifying each kernel module at its proper abstraction level. To support certified linking with other CPUs or threads, we prove a strong contextual refinement property for every kernel function, which states that the implementation of each such function will behave like its specification under any kernel/user context with any valid interleaving. We have successfully developed a practical concurrent OS kernel and verified its (contextual) functional correctness in Coq. Our certified kernel is written in 6500 lines of C and x86 assembly and runs on stock x86 multicore machines. To our knowledge, this is the first proof of functional correctness of a complete, general-purpose concurrent OS kernel with fine-grained locking.
Keywords for this software
References in zbMATH (referenced in 8 articles )
Showing results 1 to 8 of 8.
- Syeda, Hira Taqdees; Klein, Gerwin: Formal reasoning under cached address translation (2020)
- Rahli, Vincent; Bickford, Mark; Cohen, Liron; Constable, Robert L.: Bar induction is compatible with constructive type theory (2019)
- Achermann, Reto; Humbel, Lukas; Cock, David; Roscoe, Timothy: Physical addressing on real hardware in Isabelle/HOL (2018)
- Benzaken, V.; Contejean, É.; Keller, Ch.; Martins, E.: A Coq formalisation of SQL’s execution engines (2018)
- Chen, Hao; Wu, Xiongnan; Shao, Zhong; Lockerman, Joshua; Gu, Ronghui: Toward compositional verification of interruptible OS kernels and device drivers (2018)
- Nemati, Hamed; Baumann, Christoph; Guanciale, Roberto; Dam, Mads: Formal verification of integrity-preserving countermeasures against cache storage side-channels (2018)
- Syeda, Hira Taqdees; Klein, Gerwin: Program verification in the presence of cached address translation (2018)
- Taqdees, Syeda Hira; Klein, Gerwin: Reasoning about translation lookaside buffers (2017)