Abstract:
Although component-based software development promises increased reuse and faster development time, it has proven difficult to build component-based systems software. One obstacle is that the concurrency structure in systems software tends to be complex. First, instead of a single scheduler, there is a hierarchy of schedulers: the processor schedules interrupts, the OS schedules software interrupts and threads, and threads run event loops. This gives rise to many different execution environments, each with its own restrictions on actions that can be taken by code running in it. Second, the preemption relationships between these execution environments are often asymmetric: an interrupt handler can preempt a thread but not vice versa. This results in an asymmetric pattern of locking where low priority code must protect against high priority code but not vice versa. This situation is rare in other application domains but common in systems software. We have developed Task/Scheduler Logic (TSL) for reasoning about component-based systems software. We show that TSL can be used to reason about race conditions, illegal lock usage, and redundant or unnecessary synchronization points in component-based systems software. Further, we show that TSL can realistically be applied to large, complex systems. 1.
Citations
|
1345
|
The Temporal Logic of Reactive and Concurrent Systems: Specification
– Manna, Pnueli
- 1992
|
|
880
|
System Architecture Directions for Networked Sensors
– Hill, Szewczyk, et al.
- 2000
|
|
498
|
Wait-Free Synchronization
– Herlihy
- 1991
|
|
424
|
The click modular router
– Kohler, Morris, et al.
- 2000
|
|
403
|
Bandera: extracting finitestate models from java source code
– Corbett, Dwyer, et al.
- 2000
|
|
278
|
A Hierarchical CPU Scheduler for Multimedia Operating Systems
– Goyal, Guo, et al.
- 1996
|
|
257
|
An Axiomatic Proof Technique for Parallel Programs I
– Owicki, Gries
- 1976
|
|
250
|
Extended static checking
– Detlefs, Leino, et al.
- 1998
|
|
218
|
The SPIN Model Checker
– Holzmann
- 2003
|
|
173
|
A calculus of mobile processes (parts
– Milner, Parrow, et al.
- 1992
|
|
89
|
Overview of the ptolemy project
– Lee
- 2001
|
|
83
|
Types for Safe Locking
– Flanagan, Abadi
- 1999
|
|
73
|
CPU Inheritance Scheduling
– Ford, Susarla
- 1996
|
|
56
|
The Flux OSKit: A substrate for OS and language research
– Ford, Back, et al.
- 1997
|
|
42
|
The `Hoare logic' of concurrent programs
– Lamport
- 1980
|
|
37
|
A Framework for Composing Soft Real-Time Schedulers
– Regehr, Stankovic
- 2001
|
|
30
|
The RTLinux manifesto
– Yodaiken
- 1999
|
|
27
|
Knit: Component composition for system software
– Reid, Flatt, et al.
- 2000
|
|
21
|
Ommering, “Building product populations with software components
– van
- 2002
|
|
13
|
Assuring and evolving concurrent programs: Annotations and policy
– Greenhouse, Scherlis
- 2002
|
|
7
|
Eliminating unnecessary synchronization from Java programs
– Aldrich, Chambers, et al.
- 1999
|
