A Foundation for Formally Proven Schedulability Analysis

What is Prosa?

Prosa is a repository of definitions and proofs for real-time schedulability analysis. To ensure full correctness, Prosa is built and verified with Coq, a powerful and mature proof assistant with support for higher-order logic and computation.

Prosa’s distinguishing characteristic is that Prosa prioritizes readability to ensure that specifications remain accessible to readers without a background in formal proofs. (A background in real-time scheduling is assumed.)

To get started:

See the original Prosa paper for an in-depth discussion of the project’s motivation and goals, and Bedarkar et al.’s more recent case study for a detailed step-by-step guide to proving a response-time bound with modern Prosa.
Check out the overview of results for a list of the main high-level theorems that have been formalized and verified in Prosa to date.
To simply run some of the verified analyses found in Prosa without getting into Coq yourself, check out the POET RTA tool.

News

December 2023: New paper by Bozhko et al. on defining probabilistic worst-case execution time (pWCET) — check it out.
June 2023: New paper by Fradet et al. on certifying CAN analysis results — check it out.
November 2022: First public release of POET — check out the repository.
November 2022: Prosa 0.5 released, with support for POET — read the release notes.
October 2022: New paper by Bedarkar et al. on a case study in verified response-time analysis — check it out (PDF).
July 2022: Maida et al. win an Outstanding Paper Award at ECRTS’22 for their paper introducing foundational response-time analysis as a means to obtain explainable and trustworthy evidence of timeliness — check it out (PDF).
July 2022: New paper by Roux et al. on a formal link between response-time analysis and network calculus — check it out (PDF).
July 2022: Fifth and final physical RT-PROOFS meeting @ ECRTS’22 in Modena, Italy.
December 2021: New work-in-progress paper by Maida et al. on the automatic generation of proof-carrying response-time bounds — check it out (PDF).
August 2021: New paper by Guo et al. on certified schedulability analysis in RT-CertiKOS — check it out (PDF).
July 2020: Bozhko and Brandenburg win an Outstanding Paper Award at ECRTS’20 for their paper on abstract response-time analysis in Prosa — check it out (PDF).
December 2019: Prosa 0.4 released, a completely refactored version of Prosa.
October 2019: Fourth RT-PROOFS meeting @ Inria in Paris, France.
July 2019: New paper by Guo et al. on a connection between CertiKOS and Prosa — check it out (PDF).
June 2019: Up-to-date coqdoc documentation for the master branch and work-in-progress branches is now available at https://prosa.mpi-sws.org/branches.
April 2019: New paper by Fradet et al. on CertiCAN, a tool for certified CAN analysis — check it out (PDF).
April 2019: Third RT-PROOFS meeting @ TUBS in Braunschweig, Germany.
December 2018: New paper by Fradet et al. on a generic proof of typical worst-case analysis at RTSS’18 — check it out (PDF).
October 2018: New paper by Fradet et al. on generalized digraph models at RTNS’18 — check it out (PDF).
September 2018: Second RT-PROOFS meeting @ MPI-SWS in Kaiserslautern, Germany.
July 2018: Prosa 0.3 released, including a formalization of sustainability theory and self-suspending tasks.
July 2018: New work-in-progress paper by Riffard et al. on support for synchronization protocols in Prosa — check it out (PDF)!
July 2018: Cerqueira et al. win an Outstanding Paper Award at ECRTS’18 for their paper on strong and weak sustainability, with proofs checked in Prosa — check it out (PDF)!
January 2018: First RT-PROOFS meeting @ ONERA in Toulouse, France.
December 2017: New work-in-progress paper by Xiaojie Guo et al. on certified schedulability analysis tools — check it out (PDF)!
October 2017: The French-German RT-PROOFS project, which leverages and seeks to improve Prosa, is funded by ANR and DFG for three years (≈660k EUR).
July 2016: Cerqueira et al. win the ECRTS’16 Best Paper Award for their paper introducing Prosa.
June 2016: Prosa 0.2 released, with support for arbitrary processor affinities (APA).
May 2016: Prosa 0.1 released.

Why should I use Prosa?

Prosa is a framework for developing schedulability analysis backed by mechanized proofs, i.e., formal proofs that are developed using a proof assistant (e.g., Coq, Isabelle, Agda, etc.). The mechanization process provides three main benefits:

Guaranteed correctness: since proofs are machine-checked, they are bug-free and can be easily checked by third parties.
Trustworthy extensions: localized changes in the task model (e.g., to introduce jitter, blocking, or system overheads) or other assumptions can be factored in systematically, without compromising correctness. If a change in assumptions breaks a proof, it will be flagged by the proof assistant.
Safe composition: schedulability analyses that are individually correct can be safely composed without the risk of implicit or mismatching assumptions. In Prosa, all assumptions are explicit, and any differences in assumptions will be flagged by the proof assistant.

One of the distinguishing features of Prosa is its emphasis on making the specification readable and accessible to the community at large. In the long term, as the formal specification gains widespread acceptance by the real-time community, Prosa will allow us to develop schedulability analysis with the highest-possible degree of confidence, matching the requirements of safety-critical applications.

What does Prosa look like?

Prosa is nothing more than a collection of reusable definitions, hypotheses, and theorems, with extensive commentary in between. As a representative example, check out the formalization of Bedarkar et al.’s response-time analysis for FIFO scheduling, which is described in detail in their RTSS’22 paper.

Where can I learn more?

To learn about the original ideas and motivation behind Prosa, and generally the case for use of mechanized proofs for schedulability analysis, please check out the ECRTS’16 paper.

For a gentle introduction to the contemporary version of Prosa, refer to Bedarkar et al.’s case study.

To learn more about how to read Prosa’s formal specifications and how to develop formal proofs, please consult the references provided in the documentation.