Memory State Verification Based on Inductive and Deductive Reasoning

Abstract

Memory allocation and deallocation are the fundamental operations of embedded operating systems, which have been extensively used in many safety critical systems. The correctness of the operations is of paramount importance because their failure could incur severe consequences. While the system is running, the memory state can easily grow to a gigantic amount, which means that it is impossible to verify the huge memory states one by one. Therefore, it is a challenge how to verify the correctness of running memory state of the system. In this article, we propose a novel memory state verification method based on inductive and deductive reasoning. First, we abstract the memory state as a list of memory blocks, which will transform in memory operations. Second, we construct the generic model based on the transition function of the memory management and summarize the invariant properties of the memory state. Third, we use the inductive method to calculate the changes between the memory states, and verify that the memory state of the system always satisfy the global properties. All the proofs are implemented in the interactive theorem prover Coq. On the basis of our proposed model, we verify the correctness of a two-level segregated fit (TLSF) algorithm through some extensions, and we also apply this method to verify the correctness of the memory state of the embedded system at runtime.