Software Systems

Timing analysis of a protected operating system kernel


Bernard Blackham, Yao Shi, Sudipta Chattopadhyay, Abhik Roychoudhury and Gernot Heiser


Operating systems offering virtual memory and protected address spaces have been an elusive target of static worst-case execution time (WCET) analysis. This is due to a combination of size, unstructured code and tight coupling with hardware. As a result, hard real-time systems are usually developed without memory protection, perhaps utilizing a lightweight real-time executive to provide OS abstractions.

This paper presents a WCET analysis of seL4, a third-generation microkernel. seL4 is the world's first formally-verified operating-system kernel, featuring machine-checked correctness proofs of its complete functionality. This makes seL4 an ideal platform for security-critical systems. Adding temporal guarantees makes seL4 also a compelling platform for safety- and timing-critical systems. It creates a foundation for integrating hard real-time systems with less critical time-sharing components on the same processor, supporting enhanced functionality while keeping hardware and development costs low.

We believe this is one of the largest code bases on which a fully context-aware WCET analysis has been performed. This analysis is made possible due to the minimalistic nature of modern microkernels, and properties of seL4's source code arising from the requirements of formal verification.

BibTeX Entry

    doi              = {10.1109/RTSS.2011.38},
    author           = {Bernard Blackham and Yao Shi and Sudipta Chattopadhyay and Abhik Roychoudhury and Gernot Heiser},
    month            = {nov},
    year             = {2011},
    title            = {Timing Analysis of a Protected Operating System Kernel},
    booktitle        = {Proceedings of the 32nd IEEE Real-Time Systems Symposium},
    pages            = {339--348},
    address          = {Vienna, Austria}