Formal specification and verification of a microkernel

This thesis basically splits up into two parts. The first part introduces the abstract model of the Vamos kernel. The Vamos kernel provides the infrastructure for process and memory management, priority-based round-robin scheduling, communication with external devices, as well as inter-process communication. In the second part, we formulate a simulation theorem between the abstract Vamos model and the concrete Vamos implementation. The crucial points of the theorem are, on the one hand, the abstraction relation connecting the datastructures of the implementation with those of the model and, on the other hand, the implementation invariant formulating validity statements on the datastructures. Besides the exact formal definitions of the abstraction relation and the implementation invariant, we prove substantial parts of the simulation theorem. This work is part of the Verisoft project which aims at the pervasive formal verification of computer systems. For the modelling and the verification of the Vamos kernel this entails the integration of various computational models, for instance, Communicating Virtual Machines (Cvm) encapsulating the hardware-specific low-level functionality, and devices. The models and proofs presented in this thesis are formalized in the uniform logical framework of the interactive theorem prover Isabelle/HOL, and hence, it is rigorously checked that all verification results fit together.Die vorliegende Arbeit teilt sich im Wesentlichen in zwei Teile auf. Im ersten Teil wird das abstrakte Modell des Vamos-Kernels vorgestellt. Der Vamos-Kernel liefert die Infrastruktur für Prozess- und Speicherverwaltung, prioritäts-basiertes Round-Robin-Scheduling, Kommunikation mit externen Geräten, sowie Interprozesskommunikation. Im zweiten Teil der Arbeit formulieren wir ein Simulationstheorem zwischen dem abstrakten Vamos- Modell und der konkreten Vamos-Implementierung. Kernpunkte dieses Theorems sind zum einen die Abstraktionsrelation, die die Datenstrukturen der Implementierung mit denen des Modells in Beziehung setzt und zum anderen die Implementierungsinvariante, die Gültigkeitsaussagen über die Datenstrukturen trifft. Neben den exakten Definitionen der Abstraktionsrelation und der Implementierungsinvariante, werden wesentliche Teile dieses Simulationstheorems bewiesen. Die Arbeit wurde im Rahmen des Verisoft Projekts angefertigt, das die durchgängige formale Verifiktaion von Computersystemen zum Ziel hat. Für die Modellierung und Verifikation des Vamos-Kernels hat dies zur Folge, dass diverse Berechnungsmodelle integriert werden müssen, unter anderem das Gerätemodell und Communicating Virtual Machines (Cvm), das die hardwarespezifische und systemnahe Funktionalität kapselt. Alle Modelle und Beweise, die in dieser Arbeit vorgestellt werden, sind in dem interaktiven Theorembeweiser Isabelle/HOL formalisiert worden, womit sichergestellt ist, dass alle Ergebnisse der Verifikation zusammenpassen

White Paper on implementing the FAIR principles for data in the social, behavioural, and economic sciences

The FAIR principles formulate guidelines for the sustainable reusability of research data. FAIR stands for Findability, Accessibility, Interoperability, and Reusability of data and metadata. While there is a growing body of general implementation guidelines, so far there is a lack of specific recommendations on how to apply the FAIR principles to the specific needs of social, behavioural and economic science data. These disciplines work with highly diverse data types that often contain confidential information on individuals, companies, or institutions. These features pose some challenges to the useful implementation of the FAIR principles - especially regarding the machine-actionability of data and metadata that is at the core of the FAIR principles. This White Paper defines the FAIR principles for the social, behavioural and economic sciences. For each of the 15 FAIR (sub)principles, the paper proposes minimum requirements and provides a vision for a full-implementation of the FAIR principles by repositories and data centres. The paper was authored by members of the Economic and Social Sciences goINg FAIR Implementation Network (EcoSoc-IN) and addresses research data centres and other stakeholders who strive for a FAIR research data infrastructure in the disciplines of KonsortSWD

Proving Fairness and Implementation Correctness of a Microkernel Scheduler.

International audienceWe report on the formal proof of a microkernel’s key property, namely that its multi-priority process scheduler guarantees progress, i. e., strong fairness. The proof archi- tecture links a layer of behavioral reasoning over system-trace sets with a concrete, fairly realistic implementation written in C.Our microkernel provides an infrastructure for memory virtualization, for communica- tion with hardware devices, for processes (represented as a sequence of assembly instruc- tions, which are executed concurrently over an underlying, formally defined processor), and for inter-process communication (IPC) via synchronous message passing. The kernel es- tablishes process switches according to IPCs and timer-events; the scheduling of process switches, however, follows a hierarchy of priorities, favoring, e. g., system processes over application processes over maintenance processes.Besides the quite substantial models developed in Isabelle/HOL and the formal clar- ification of their relationship, we provide a detailed analysis what formal requirements a microkernel imposes on the key ingredients (hardware, timers, machine-dependent code) in order to establish the correct operation of the overall system. On the methodological side, we show how early modeling with foresight to the later verification has substantially helped our project