Objective
"The TOROS project targets the challenge of implementing safety-critical cyber-physical systems (CPSs) on commodity multicore processors such that their temporal correctness can be certified in a formal, trustworthy manner.
While today it is in principle possible to construct a CPS in a temporally sound way, in practice this rarely happens because, with the current real-time foundations, the prerequisite investments in time, expertise, and resources are prohibitive.
This situation is caused in large parts by three fundamental shortcomings in the design of state-of-the-art real-time operating systems (RTOSs) and the applicable timing analyses: (i) current RTOSs expose primarily low-level mechanisms that suffer from accidental unpredictability, i.e. mechanisms that require too much expertise to be used and composed in a temporally sound way; (ii) most analyses rely on idealized worst-case execution-time assumptions that realistically cannot be satisfied on commodity multicore platforms; and (iii) the available real-time theory depends on often complex and tedious proofs, and cannot always be trusted to be sound.
As a result, formal timing analysis is rarely relied upon in the certification of CPSs in reality, and instead
the use of ad-hoc, unsound ""safety margins"" prevails.
The TOROS project seeks to close this gap by moving the RTOS closer to analysis, the analysis closer to reality, and by ensuring that the analysis can be trusted.
Specifically, the TOROS project will
1. introduce a radically new, theory-oriented RTOS that by design ensures that the temporal behavior of any workload can be analyzed (even if the application developer is unaware of the relevant theory),
2. develop a matching novel timing analysis that allows for below-worst-case provisioning with analytically sound safety margins that yields meaningful probabilistic response-time guarantees, and
3. mechanize and verify all supporting timing analysis with the Coq proof assistant."