A Formal Correctness Proof for an EDF Scheduler Implementation

The scheduler is a critical piece of software in real-time systems. A failure in the scheduler can have serious consequences; therefore, it is important to provide strong correctness guarantees for it. In this paper we propose a formal proof methodology that we apply to an Earliest Deadline First (E...

Full description

Saved in:
Bibliographic Details
Published inProceedings / IEEE Real-Time and Embedded Technology and Applications Symposium pp. 281 - 292
Main Authors Vanhems, Florian, Rusu, Vlad, Nowak, David, Grimaud, Gilles
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2022
Subjects
Codes
coq
correction
EDF
formal
implementation
job
monad
proof
real-time
Real-time systems
refinement
scheduler
shallow embedding
Software
TCB
verification
Voting
Online AccessGet full text
ISSN2642-7346
DOI10.1109/RTAS54340.2022.00030

Cover

More Information
Summary:The scheduler is a critical piece of software in real-time systems. A failure in the scheduler can have serious consequences; therefore, it is important to provide strong correctness guarantees for it. In this paper we propose a formal proof methodology that we apply to an Earliest Deadline First (EDF) scheduler. It consists first in proving the correctness of the election function algorithm and then lifting this proof up to the implementation through refinements. The proofs are formalized in the Coq proof assistant, ensuring that they are free of human errors and that all cases are considered. Our methodology is general enough to be applied to other schedulers or other types of system code. To the best of our knowledge, this is the first time that an implementation of EDF applicable to arbitrary sequences of jobs has been proven correct.
ISSN:2642-7346
DOI:10.1109/RTAS54340.2022.00030