research-article

Open access

Using formal reasoning on a model of tasks for FreeRTOS

Authors:

Shu Cheng,

Jim Woodcock,

Deepak D’SouzaAuthors Info & Claims

Formal Aspects of Computing, Volume 27, Issue 1

Pages 167 - 192

https://doi.org/10.1007/s00165-014-0308-9

Published: 01 January 2015 Publication History

PDF eReader

Abstract

FreeRTOS is an open-source real-time microkernel that has a wide community of users. We present the formal specification of the behaviour of the task part of FreeRTOS that deals with the creation, management, and scheduling of tasks using priority-based preemption. Our model is written in the Z notation, and we verify its consistency using the Z/Eves theorem prover. This includes a precise statement of the preconditions for all API commands. This task model forms the basis for three dimensions of further work: (a) the modelling of the rest of the behaviour of queues, time, mutex, and interrupts in FreeRTOS; (b) refinement of the models to code to produce a verified implementation; and (c) extension of the behaviour of FreeRTOS to multi-core architectures. We propose all three dimensions as benchmark challenge problems for Hoare’s Verified Software Initiative.

References

[1]

Andrews Z, Bryans J, Fitzgerald J, Hughes J, Payne R, Pierce K, Riddle S (2011) Modelling and refinement of the Mondex electronic purse in VDM. Technical Report Series 1308, Newcastle University School of Computing Science

Google Scholar

[2]

Arthan R (2012) ProofPower. http://www.lemma-one.com/ProofPower/

Google Scholar

[3]

Barry R (2012) FreeRTOS Reference Manual—API functions and configuration options. PDF book available from http://shop.freertos.org

Google Scholar

[4]

Barry R (2012) Using the FreeRTOS real time kernel—a practical guide. PDF book available from http://www.freertos.org

Google Scholar

[5]

Egon B, Craig I (2009) Modeling an operating system kernel. In: Diekert V, Weicker K, Weicker N (eds) Informatik als Dialog zwischen Theorie und Anwendung. Vieweg+Teubner, pp 199–216

Google Scholar

[6]

Jacobs FPB, Smans J (2010) A quick tour of the verifast program verifier. In: APLAS 2010. Lecture notes in computer science, vol 6461. Springer, Berlin

Google Scholar

[7]

Butler M and Yadav D An incremental development of the Mondex system in Event-B Formal Aspects Comput J 2008 20 1 61-77

Digital Library

Google Scholar

[8]

Craig ID Formal models of operating system kernels 2006 Berlin Springer

Digital Library

Google Scholar

[9]

Craig ID Formal refinement for operating system kernels 2007 Berlin Springer

Digital Library

Google Scholar

[10]

Déharbe D, Galvão S, Moreira AM (2009) Formalizing FreeRTOS: first steps. In: Oliveira MVM, Woodcock J (eds) Formal methods: foundations and applications, 12th Brazilian symposium on formal methods, SBMF 2009, Gramado, Brazil, August 19–21, 2009, Revised selected papers. Lecture notes in computer science, vol 5902. Springer, Berlin, pp 101–117

Google Scholar

[11]

Ferreira J, He G, Qin S (2012) Automated verification of the FreeRTOS scheduler in HIP/SLEEK. In: 6th international symposium on theoretical aspects of software engineering (TASE’12), 4–6 July

Google Scholar

[12]

Freitas L, Woodcock J (2008) Mechanising Mondex with Z/EVES. Formal Aspects Comput J 20(1)

Google Scholar

[13]

Freitas L and Woodcock J A chain datatype in Z Int J Softw Inf 2009 3 2–3 357-374

Google Scholar

[14]

George C and Haxthausen AE Specification, proof, and model checking of the Mondex electronic purse using RAISE Formal Aspects Comput 2008 20 1 101-116

Digital Library

Google Scholar

[15]

Hoare CAR, Misra J, Leavens GT, Shankar N (2009) The Verified Software Initiative: a manifesto. ACM Comput Surv 41(4)

Google Scholar

[16]

Hoare CAR The verifying compiler: a grand challenge for computing research J ACM 2003 50 1 63-69

Digital Library

Google Scholar

[17]

Haneberg D, Schellhorn G, Grandy H, and Reif W Verification of Mondex electronic purses with KIV: from transactions to a security protocol Formal Aspects Comput J 2008 20 1 41-59

Digital Library

Google Scholar

[18]

Jones C, O’Hearn P, and Woodcock J Verified software: a grand challenge IEEE Comput 2006 39 4 93-95

Digital Library

Google Scholar

[19]

Jones CB, Pierce KG (2007) What can the π-calculus tell us about the Mondex purse system? In: 12th international conference on engineering of complex computer systems (ICECCS 2007), 10–14 July 2007, Auckland, New Zealand. IEEE Computer Society, pp 300–306

Google Scholar

[20]

Jones C, Woodcock J (2008) Special issue on Mondex. Formal Aspects Comput 20(1)

Google Scholar

[21]

Klein G, Elphinstone K, Heiser G, Andronick J, Cock D, Derrin P, Elkaduwe D, Engelhardt K, Kolanski R, Norrish M, Sewell T, Tuch H, Winwood S (2009) seL4: formal verification of an OS kernel. In SOSP, pp 207–220

Google Scholar

[22]

Kuhlmann M and Gogolla M Modeling and validating Mondex scenarios described in UML and OCL with USE Formal Aspects Comput J 2008 20 1 79-100

Digital Library

Google Scholar

[23]

Klein G (2009) Operating system verification—an overview. Sadhana 34(1):27–69

Google Scholar

[24]

Klein G (2010) A formally verified OS kernel. Now what? In Kaufmann M, Paulson LC (eds) Interactive theorem proving, first international conference, ITP 2010, Edinburgh, UK, July 11–14, 2010. Proceedings. Lecture notes in computer science, vol 6172. Springer, Berlin, pp 1–7

Google Scholar

[25]

Klein G (2010) From a verified kernel towards verified systems. In: Ueda K (ed) Programming languages and systems—8th Asian Symposium, APLAS 2010, Shanghai, China, November 28–December 1, 2010. Proceedings. Lecture notes in computer science, vol 6461. Springer, Berlin, pp 21–33

Google Scholar

[26]

Klein G (2010) The L4.verified project—next steps. In: Leavens GT, O’Hearn PW, Rajamani SK (eds) Verified software: theories, tools, experiments, third international conference, VSTTE 2010, Edinburgh, UK, August 16–19, 2010. Proceedings. Lecture notes in computer science, vol 6217. Springer, berlin, pp 86–96

Google Scholar

[27]

Kong W, Ogata K, Futatsugi K (2007) Algebraic approaches to formal analysis of the Mondex electronic purse system. In: Davies J, Gibbons J (eds) Integrated formal methods, 6th international conference, IFM 2007, Oxford, UK, July 2–5, 2007, Proceedings. Lecture Notes in Computer Science, vol 4591. Springer, Berlin, pp 393–412

Google Scholar

[28]

Labrosse JJ (2002) MicroC OS I: The real time kernel. Newnes

Google Scholar

[29]

Lin Y (2010) Formal analysis of FreeRTOS. Master’s thesis, University of York

Google Scholar

[30]

Muehlberg JT, Freitas L (2011) Verifying FreeRTOS: from requirements to binary code. In: Bendisposto J, Jones C, Leuschel M, Romanovsky A (eds) Proceedings of the 11th international workshop on automated verification of critical systems (AVoCS 2011). Electronic communications of the EASST, vol 10, pp 1–2

Google Scholar

[31]

Mistry J (2011) FreeRTOS and multicore, September. MSc Dissertation, Department of Computer Science, University of York

Google Scholar

[32]

Mühlberg JT, Lüttgen G (2010) Symbolic object code analysis. In: van de Pol J, Weber M (eds) Model checking software—17th international SPIN Workshop, Enschede, The Netherlands, September 27–29, 2010. Proceedings, Lecture Notes in Computer Science, vol 6349. Springer, berlin, pp 4–21

Google Scholar

[33]

Mistry J, Naylor M, Woodcock J (2013) FreeRTOS and multicore

Google Scholar

[34]

Meisels I, Saaltink M (1997) Z/Eves 1.5 Reference Manual. ORA Canada, TR-97-5493-03d

Google Scholar

[35]

Owre S, Shankar N, Rushby J (2012) PVS. http://pvs.csl.sri.com/

Google Scholar

[36]

Paulson L (2012) Isabelle. http://www.cl.cam.ac.uk/research/hvg/isabelle/

Google Scholar

[37]

Pronk C (2010) Verifying FreeRTOS: a feasibility study. Technical Report TUD-SERG-2010-042, Delft University of Technology, Software Engineering Research Group

Google Scholar

[38]

Ramananandro T (2008) Mondex, an electronic purse: Specification and refinement checks with the Alloy model-finding method. Formal Aspects Comput J 20(1):21–39

Google Scholar

[39]

Saaltink M (1999) Z/Eves 2.0 Mathematical Toolkit. ORA Canada, TR-99-5493-05b

Google Scholar

[40]

Saaltink M (1999) Z/Eves 2.0 User’s Guide. ORA Canada, TR-99-5493-06a

Google Scholar

[41]

Spivey JM (1992) The Z notation: a reference manual. Series in Computer Science, 2nd edn. Prentice Hall International

Google Scholar

[42]

Sewell T, Winwood S, Gammie P, Murray TC, Andronick J, Klein G (2011) seL4 enforces integrity. In: Marko C, van Eekelen JD, Geuvers H, Schmaltz J, Wiedijk F (eds) Interactive theorem proving—second international conference, ITP 2011, Berg en Dal, The Netherlands, August 22–25, 2011. Proceedings. Lecture notes in computer science, vol 6898. Springer, Berlin

Google Scholar

[43]

Woodcock J, Davies J (1996) Using Z: specification, refinement, and proof. International series in computer science. Prentice-Hall, Englewood Cliffs

Google Scholar

[44]

Woodcock J First steps in the Verified Software Grand Challenge IEEE Comput 2006 39 10 57-64

Digital Library

Google Scholar

[45]

Woodcock J, Stepney S, Cooper D, Clark J, Jacob J (2008) The certification of the Mondex electronic purse to ITSEC Level E6. Formal Aspects Comput 20(1)

Google Scholar

Cited By

View all

Lu CChen JCai JWang HMao XXia WFu G(2024)Design and application of insulation skin wrapping robot for overhead distribution lineInternational Journal of Advanced Robotic Systems10.1177/1729880624129323721:6Online publication date: 14-Nov-2024
https://doi.org/10.1177/17298806241293237
Martins Gomes RAichernig BBaunach M(2024)A framework for embedded software portability and verification: from formal models to low-level codeSoftware and Systems Modeling (SoSyM)10.1007/s10270-023-01144-y23:2(289-315)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s10270-023-01144-y
Lin CWang B(2024)Formal Analysis of FreeRTOS Scheduler on ARM Cortex-M4 CoresFormal Methods and Software Engineering10.1007/978-981-96-0617-7_12(199-215)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1007/978-981-96-0617-7_12
Show More Cited By

Index Terms

Using formal reasoning on a model of tasks for FreeRTOS
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning

Index terms have been assigned to the content through auto-classification.

Recommendations

Analysis and Implementation of an Embedded System Platform Based on FreeRTOS and Cortex-M3
ICCIS 2017: Proceedings of the 2017 2nd International Conference on Communication and Information Systems

FreeRTOS is an open-source and portable real-time operating system which is widely used in embedded applications. As embedded system becoming more complex, porting real-time operating system kernel to the hardware platform can shorten the design cycle ...
Formal verification of SystemC^FLspecifications using SPIN
MINO'06: Proceedings of the 5th WSEAS international conference on Microelectronics, nanoelectronics, optoelectronics

The formal language SystemC^FL is the formalization of SystemC. The language semantics of SystemC^FL was formally defined in a standard structured operational semantics (SOS) style. For verification purposes, in this paper, we present an approach to use ...
Formal Semantics and Verification for Feature Modeling
ICECCS '05: Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems

Research on features has received much attention in the domain engineering community. Feature modeling plays an important role in the design and implementation of complex software systems. However, the presentation and analysis of feature models are ...

Reviews

Reviewer: Richard John Botting

Z (pronounced Zed) is a rigorous specification language developed in the 1980s. It uses sets to describe system states plus required invariants, operations, and pre- and post-conditions. This paper is a tutorial demonstrating the usability of Z and it's tools on a real operating system called FreeRTOS. Z precisely describes the micro-kernel application program interface (API), ProZ animates the specifications, and Z/Eves verifies properties. The focus is on how to use Z/Eves to prove that the operations maintain the invariants and that the initial states are attainable. I was surprised by the care needed to prove mostly obvious theorems. Much of the Z notation is explained in the paper. If you know Z, there are a few surprises-for example: defining ΔTask in a schema on page 177 and using "topReadyTask" on page 183 to label a formula in a schema so it can be used in a proof. The formula might be simplified by using the "max" function in the Z mathematical toolkit [1]. I spotted one trivial typographical error: "TaskProperty5" is listed as "TaskPriority5." This is not in the web version [2]. I was happy to see that the authors invite others to use different methods on FreeRTOS. If I were not retired, I would point a graduate student at FreeRTOS. The authors plan to verify the code. Using mathematics and logic plus Floyd's methods let me show that my code satisfied its specifications and/or discovered bugs back in 1970. It should be easier now. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

Formal Aspects of Computing Volume 27, Issue 1

Jan 2015

232 pages

ISSN:0934-5043

EISSN:1433-299X

Issue’s Table of Contents

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 January 2015

Accepted: 24 June 2014

Revision received: 10 May 2014

Received: 15 October 2012

Published in FAC Volume 27, Issue 1

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
206
Total Downloads

Downloads (Last 12 months)121
Downloads (Last 6 weeks)16

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lu CChen JCai JWang HMao XXia WFu G(2024)Design and application of insulation skin wrapping robot for overhead distribution lineInternational Journal of Advanced Robotic Systems10.1177/1729880624129323721:6Online publication date: 14-Nov-2024
https://doi.org/10.1177/17298806241293237
Martins Gomes RAichernig BBaunach M(2024)A framework for embedded software portability and verification: from formal models to low-level codeSoftware and Systems Modeling (SoSyM)10.1007/s10270-023-01144-y23:2(289-315)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s10270-023-01144-y
Lin CWang B(2024)Formal Analysis of FreeRTOS Scheduler on ARM Cortex-M4 CoresFormal Methods and Software Engineering10.1007/978-981-96-0617-7_12(199-215)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1007/978-981-96-0617-7_12
Li XChen SGuan YZhang QWang GShi Z(2024)Refinement Verification of OS Services based on a Verified Preemptive MicrokernelFundamental Approaches to Software Engineering10.1007/978-3-031-57259-3_9(188-209)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57259-3_9
Van Eyck TTrimech HMichiels SHughes DSalehi MJanjuaa HTa T(2023)Mr-TEEProceedings of the 24th International Middleware Conference: Industrial Track10.1145/3626562.3626831(22-28)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3626562.3626831
Ribeiro LLorber FNyman ULarsen KBaunach M(2023)A Modeling Concept for Formal Verification of OS-Based Compositional SoftwareFundamental Approaches to Software Engineering10.1007/978-3-031-30826-0_2(26-46)Online publication date: 22-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30826-0_2
Gomes RBaunach MHong JBures MPark JCerny T(2022)A framework for OS portabilityProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3506996(1156-1165)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3506996
Huo DCao CLiu PWang YLi MXu Z(2021)Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!Journal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2021.102114116:COnline publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1016/j.sysarc.2021.102114
Gomes RAichernig BBaunach M(2020)A Formal Modeling Approach for Portable Low-Level OS FunctionalitySoftware Engineering and Formal Methods10.1007/978-3-030-58768-0_9(155-174)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1007/978-3-030-58768-0_9
Gomes RBaunach M(2018)A Model-Based Concept for RTOS Portability2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA.2018.8612862(1-6)Online publication date: Oct-2018
https://doi.org/10.1109/AICCSA.2018.8612862
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

References

Cited By

Index Terms

Recommendations

Analysis and Implementation of an Embedded System Platform Based on FreeRTOS and Cortex-M3

Formal verification of SystemCFLspecifications using SPIN

Formal Semantics and Verification for Feature Modeling

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations

Formal verification of SystemC^FLspecifications using SPIN