1 / 43

Formal Specification and Verification of VAMOS Scheduler

This master's seminar presents the formal specification and verification of functions of the VAMOS Scheduler, including configuration, assumptions, functional verification, proof sketches, and invariants.

xuan
Télécharger la présentation

Formal Specification and Verification of VAMOS Scheduler

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of SaarlandDepartment of Computer Science Formal Specification and Verification of Functions of the VAMOS Scheduler Yury Chebiryak chebiryak@mail.ru Master’s Seminar 19.07.2005

  2. Overview • VAMOS configuration • Assumptions • Functional Verification • Specification • Proof Sketch • Invariants

  3. VAMOS Configuration

  4. VAMOS configuration: gd

  5. VAMOS configuration: PrcsConf

  6. VAMOS Scheduler

  7. Overview • VAMOS configuration • Assumptions • Functional Verification • Specification • Proof Sketch • Invariants

  8. vamosData

  9. vamosData • Disjointness of lists of VAMOS • Current process is always ready

  10. vamosData • Always exist at least one ready process (IDLE) • Length of ReadyListsArray • Priority is in correct range

  11. vamosData • Current Maximum Priority (CMP) is in correct range • Ready List indexed by CMP is not empty • Current maximum priority is correct

  12. Overview • VAMOS configuration • Assumptions • Functional Verification • Specification • Proof Sketch • Invariants

  13. Specification: search_next_process Signature: Assumptions: Let Result:

  14. Specification: compute_max_prio Signature: Assumptions: Let Result:

  15. Specification: wake_up

  16. Specification: wake_up

  17. Specification: wake_up

  18. Specification: wake_up

  19. Specification: wake_up Signature: Let Assumptions: Let

  20. Specification: wake_up Result:

  21. Specification: process_get_mypid Signature: Assumptions: Result:

  22. Specification: process_switch_to

  23. Specification: process_switch_to

  24. Specification: process_switch_to

  25. Specification: process_switch_to

  26. Specification: process_switch_to Signature: Assumptions: Let

  27. Specification: process_switch_to Abbreviations:

  28. Specification: process_switch_to Result(1):

  29. Specification: process_switch_to Result(2): Error Result:

  30. Specification: prcs_ch_sch_p Signature: Assumptions:

  31. Specification: prcs_ch_sch_p Let

  32. Specification: prcs_ch_sch_p Let Error Result:

  33. Specification: prcs_ch_sch_p Result:

  34. Overview • VAMOS configuration • Assumptions • Functional Verification • Specification • Proof Sketch • Invariants

  35. Proof Sketch: wake_up int wake_up(pib_p p) { pib_p dummy; int dummy_int; wakeup_list = dlist_pib_t_queue_Delete(wakeup_list,p); ready_lists[p->priority] = queue_InsertTail(ready_lists[p->priority],p); p->state = VAMOS_PROCESS_READY; if (p->priority > current_max_prio) { current_max_prio = p->priority; dummy_int = search_next_process(); } return 0; }

  36. Proof Sketch: wake_up int wake_up(pib_p p) { pib_p dummy; int dummy_int; wakeup_list = dlist_pib_t_queue_Delete(wakeup_list,p); ready_lists[p->priority] = queue_InsertTail(ready_lists[p->priority],p); p->state = VAMOS_PROCESS_READY; if (p->priority > current_max_prio) { current_max_prio = p->priority; dummy_int = search_next_process(); } return 0; }

  37. Proof Sketch: wake_up int wake_up(pib_p p) { pib_p dummy; int dummy_int; wakeup_list = dlist_pib_t_queue_Delete(wakeup_list,p); ready_lists[p->priority] = queue_InsertTail(ready_lists[p->priority],p); p->state = VAMOS_PROCESS_READY; if (p->priority > current_max_prio) { current_max_prio = p->priority; dummy_int = search_next_process(); } return 0; }

  38. Overview • VAMOS configuration • Assumptions • Functional Verification • Specification • Proof Sketch • Invariants

  39. Invariants: Safety properties • Proceses from wakeup_list are not scheduled • After call of search_next_process current process has priority current_max_prio • If process i has priority less than current_max_prio it can only be scheduled if switch_to(i) is invoked (not by handler_clock)

  40. Invariants: Safety properties • If during execution of process i there was no call of wake_up of process with priority higher than current_max_prio, then process i consumes its whole timeslice (it will not be interrupted) • If there is only one process with priority current_max_prio, then it will run until • call of switch_to() or • call of process_kill performing suicide or • wake_up of process with higher priority.

  41. Invariants: Liveness properties • Processes with current_max_prio share CPU time with respect to their timeslices

  42. Summary

  43. Thank you. Questions?

More Related