Connecting Higher-Order Separation Logic to a First-Order Outside World

Mansky, William; Honoré, Wolf; Appel, Andrew W.

doi:10.1007/978-3-030-44914-8_16

Cited by 5 publications

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These may include the I/O library, the operating system, the hardware, the communication network, as well as potential attackers and link or node failures. Recent work by Mansky et al [2020] demonstrates how to connect the verification of I/O behavior to a verified operating system to remove the I/O library and operating system from the trust assumptions. Their approach could be adapted to our setting.…”

Section: Trust Assumptionsmentioning

confidence: 99%

Igloo: soundly linking compositional refinement and separation logic for distributed system verification

Sprenger

Klenze

Eilers

et al. 2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Lighthouse projects like CompCert, seL4, IronFleet, and DeepSpec have demonstrated that full system verification is feasible by establishing a refinement between an abstract system specification and an executable implementation. Existing approaches however impose severe restrictions on the abstract system specifications due to their limited expressiveness or versatility, or on the executable code due to their use of suboptimal code extraction or inexpressive program logics. We propose a novel methodology that combines the compositional refinement of event-based models of distributed systems with the verification of full-fledged program code using expressive separation logics, which support features of realistic programming languages like heap data structures and concurrency. Our main technical contribution is a formal framework that soundly relates event-based system models to program specifications in separation logics. This enables protocol development tools to soundly interoperate with program verifiers to establish a refinement between the model and the code. We formalized our framework, Igloo, in Isabelle/HOL. We report on three case studies, a leader election protocol, a replication protocol, and a security protocol, for which we refine formal requirements into program specifications that we implement in Java and Python and prove correct using the VeriFast and Nagini tools.

show abstract

Section: Trust Assumptionsmentioning

confidence: 99%

Igloo: soundly linking compositional refinement and separation logic for distributed system verification

Sprenger

Klenze

Eilers

et al. 2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

Verified Erasure Correction in Coq with MathComp and VST

Cohen

Wang

Appel

2022

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Most methods of data transmission and storage are prone to errors, leading to data loss. Forward erasure correction (FEC) is a method to allow data to be recovered in the presence of errors by encoding the data with redundant parity information determined by an error-correcting code. There are dozens of classes of such codes, many based on sophisticated mathematics, making them difficult to verify using automated tools. In this paper, we present a formal, machine-checked proof of a C implementation of FEC based on Reed-Solomon coding. The C code has been actively used in network defenses for over 25 years, but the algorithm it implements was partially unpublished, and it uses certain optimizations whose correctness was unknown even to the code’s authors. We use Coq’s Mathematical Components library to prove the algorithm’s correctness and the Verified Software Toolchain to prove that the C program correctly implements this algorithm, connecting both using a modular, well-encapsulated structure that could easily be used to verify a high-speed, hardware version of this FEC. This is the first end-to-end, formal proof of a real-world FEC implementation; we verified all previously unknown optimizations and found a latent bug in the code.

show abstract