Formal Refinement for Operating System Kernels

The kernel of any operating system is its most critical component. The remainder of the system depends upon a correctly functioning and reliable kernel for its operation.


The purpose of this book is to show that the formal specification of kernels can be followed by a completely formal refinement process that leads to the extraction of executable code. The formal refinement process ensures that the code meets the specification in a precise sense.


Two kernels are specified and refined. The first is small and of the kind often used in embedded and real-time systems. It closely resembles the one modelled in our Formal Models of Operating System Kernels. The second is a Separation Kernel, a microkernel architecture devised for cryptographic and other secure applications. Both kernels are refined to the point at which executable code can be extracted. Apart from documenting the process, including proofs, this book also shows how refinement of a realistically sized specification can be undertaken.


Iain Craig is a Chartered Fellow of the BCS and has a PhD in Computer Science.