Formal Verification within the ESA funded RTEMS-SMP qualification activity

Andrew Butterfield Andrew.Butterfield at
Tue Aug 27 14:58:08 UTC 2019

Dear RTEMS developers, qualifiers,

 I am involved with the ESA funded RTEMS (SMP) qualification activity,
and I, with colleagues, will be exploring how formal verification techniques 
can help.

We will not "formally prove" all of RTEMS, but will focus on critical
parts of the code, particularly those parts that are hard to test.
The planning underway is looking at two key aspects of the work to be

(1) Which algorithms/code should we consider?
(2) How should we do the formal verification so we get the best results
with least effort and disruption to users and developers.

This email focusses from here onwards on (1) above. 
I'll get back later regarding (2).

The following suggestions have been made for code and other design artefacts
that we should consider:

 - The key scheduler algorithms: MrsP, OMIP
 - Synchronisation primitives incl. C11 Atomics
 - The assembly code portions
 - RTEMS API specifications 

Any other suggestions?

Sebastian Huber has pointed me at the following source files:;a=blob;f=newlib/libc/sys/rtems/include/sys/lock.h;h=ec3415a5222f6ac055d5041aaf44970fd212c600;hb=HEAD

Anything that should be added?

Regards, and thanks, 

  Andrew Butterfield
Andrew Butterfield     Tel: +353-1-896-2517     Fax: +353-1-677-2204
Lero at TCD, Head of Foundations & Methods Research Group
School of Computer Science and Statistics,
Room G.39, O'Reilly Institute, Trinity College, University of Dublin

More information about the devel mailing list