Proving Determinacy of the PharOS Real-Time Operating System [chapter]

Selma Azaiez, Damien Doligez, Matthieu Lemerre, Tomer Libal, Stephan Merz
2016 Lecture Notes in Computer Science  
Executions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA + and formally state and prove determinacy using the TLA + Proof System.
doi:10.1007/978-3-319-33600-8_4 fatcat:5ugq7bzd3bfqfnmx75z36xhcvq