|
262
|
1 |
\documentclass[runningheads]{llncs}
|
|
|
2 |
\usepackage{isabelle}
|
|
|
3 |
\usepackage{isabellesym}
|
|
|
4 |
\usepackage{amsmath}
|
|
|
5 |
\usepackage{amssymb}
|
|
|
6 |
\usepackage{tikz}
|
|
|
7 |
\usepackage{pgf}
|
|
|
8 |
%\usetikzlibrary{arrows,automata,decorations,fit,calc}
|
|
|
9 |
%\usetikzlibrary{shapes,shapes.arrows,snakes,positioning}
|
|
|
10 |
%\usepgflibrary{shapes.misc} % LATEX and plain TEX and pure pgf
|
|
|
11 |
%\usetikzlibrary{matrix}
|
|
|
12 |
\usepackage{pdfsetup}
|
|
|
13 |
\usepackage{ot1patch}
|
|
|
14 |
\usepackage{times}
|
|
|
15 |
%%\usepackage{proof}
|
|
|
16 |
%%\usepackage{mathabx}
|
|
|
17 |
\usepackage{stmaryrd}
|
|
|
18 |
\usepackage{url}
|
|
|
19 |
|
|
|
20 |
\titlerunning{Myhill-Nerode using Regular Expressions}
|
|
|
21 |
|
|
|
22 |
|
|
|
23 |
\urlstyle{rm}
|
|
|
24 |
\isabellestyle{it}
|
|
|
25 |
\renewcommand{\isastyleminor}{\it}%
|
|
|
26 |
\renewcommand{\isastyle}{\normalsize\it}%
|
|
|
27 |
|
|
|
28 |
|
|
|
29 |
\def\dn{\,\stackrel{\mbox{\scriptsize def}}{=}\,}
|
|
|
30 |
\renewcommand{\isasymequiv}{$\dn$}
|
|
|
31 |
\renewcommand{\isasymemptyset}{$\varnothing$}
|
|
|
32 |
\renewcommand{\isacharunderscore}{\mbox{$\_\!\_$}}
|
|
|
33 |
|
|
|
34 |
\newcommand{\isasymcalL}{\ensuremath{\cal{L}}}
|
|
|
35 |
\newcommand{\isasymbigplus}{\ensuremath{\bigplus}}
|
|
|
36 |
|
|
|
37 |
\newcommand{\bigplus}{\mbox{\Large\bf$+$}}
|
|
|
38 |
\begin{document}
|
|
|
39 |
|
|
|
40 |
\title{A Formalisation of Priority Inheritance Protocol \\
|
|
|
41 |
for Correct and Efficient Implementation}
|
|
|
42 |
\author{Xingyuan Zhang\inst{1} \and Christian Urban\inst{2} \and Chunhan Wu\inst{1}}
|
|
|
43 |
\institute{PLA University of Science and Technology, China \and
|
|
265
|
44 |
King's College London, United Kingdom}
|
|
262
|
45 |
\maketitle
|
|
|
46 |
|
|
|
47 |
\begin{abstract}
|
|
265
|
48 |
In realtime systems with support for resource locking and
|
|
|
49 |
processes involving priorities, one faces the problem of
|
|
|
50 |
priority inversion. This problem can make the behaviour of processes unpredictable
|
|
|
51 |
and the resulting bugs can be hard to find. The Priority Inheritance
|
|
|
52 |
Protocol is one solution implemented in many systems for
|
|
|
53 |
solving the priority inversion problem, but the correctness of this solution has never
|
|
|
54 |
been formally verified in a theorem prover. The original description
|
|
|
55 |
of the Property Inheritance Protocol presents a ``correctness proof''
|
|
|
56 |
done with pencil-and-paper for an \emph{incorrect} algorithm. This has
|
|
|
57 |
already been pointed out in the literature. In this paper we fix the
|
|
|
58 |
problem of the original proof by making all notions precise and implement a
|
|
|
59 |
variant of a solution proposed earlier. Our formalisation in
|
|
|
60 |
Isabelle/HOL uncovered facts not mentioned in the literature, but also
|
|
|
61 |
shows how to efficiently implement this protocol. Earlier correct
|
|
|
62 |
implementations were criticised as too inefficient. Our formalisation
|
|
|
63 |
is based on Paulson's inductive approach to verifying
|
|
|
64 |
protocols.\medskip
|
|
|
65 |
|
|
|
66 |
{\bf Keywords:} Priority Inheritance Protocol, formal connectness proof,
|
|
|
67 |
realtime systems
|
|
262
|
68 |
\end{abstract}
|
|
|
69 |
|
|
|
70 |
\input{session}
|
|
|
71 |
|
|
|
72 |
\bibliographystyle{plain}
|
|
|
73 |
\bibliography{root}
|
|
|
74 |
|
|
|
75 |
\end{document}
|
|
|
76 |
|
|
|
77 |
%%% Local Variables:
|
|
|
78 |
%%% mode: latex
|
|
|
79 |
%%% TeX-master: t
|
|
|
80 |
%%% End:
|