Deep Specifications and Certified Abstraction Layers

GuRonghui,; Koenig, Jérémie; RamananandroTahina,; Shao, Zhong; WuXiongnan,; WengShu-Chun,; ZhangHaozhong,; Guoyu,

doi:10.1145/2775051.2676975

Cited by 32 publications

(17 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Appropriate candidates include separation kernels, hypervisors, real-time operating systems (RTOSes), compilers, file systems, web broswers, sandboxes, cryptographic algorithms and garbage collectors. Perhaps surprisingly, the literature already includes artefacts that have been verified in all of these categories, albeit with somewhat limited functionality: the seL4 microkernel [ 33 ], the mCertiKOS hypervisor [ 35 ], the eChronos and ORIENTIAS RTOSes [ 27 , 36 ], the CompCert C Compiler [ 37 ], the FSCQ and BilbyFS file systems [ 38 , 39 ], the Quark web broswer [ 40 ], the RockSalt browser sandbox [ 41 ], various crytographic algorithms [ 42 , 43 ] and the Nucleus garbage collector [ 44 ]. The existence of two of these artefacts were crucial to DARPA’s decision to fund the HACMS program, serving as a basis of confidence that the program had some chance of succeeding: the seL4 microkernel and the CompCert verifying C compiler.…”

Section: What Software Is Worth Verifying?mentioning

confidence: 99%

“… artefact size dev. time performance seL4 [ 33 ] 10K LoC, 480K LoP 13 PY 206 versus 227 cycles CompCert [ 46 ] 42K LoC+P 3 PY 2× speed of 7% slower than 12% slower than FSCQ File System [ 38 ] 24K LoC+P <5 PY 80% of xv6 file system certiKOS Hypervisor [ 35 ] 2K LoC, 18.5K LoP 1 PY <2× slowdown on most benchmarks SHA-256/HMAC [ 43 ] 407 LoC, 14.4K LoP n.a. equivalent to OpenSSL 0.9.1c Rocksalt Sandbox [ 41 ] 100 LoC, 10K LoP <2 PY 1M instructions per second faster than Google’s checker Nucleus GC [ 44 ] 6K LoC+P 0.75 PY ‘competitive’ Quark Web Browser [ 40 ] 5.5K LoC+P 0.5 PY 24% overhead w.r.t.…”

Section: Impedimentsmentioning

confidence: 99%

See 1 more Smart Citation

The HACMS program: using formal methods to eliminate exploitable bugs

Fisher

Launchbury

Richards

2017

Phil. Trans. R. Soc. A.

View full text Add to dashboard Cite

For decades, formal methods have offered the promise of verified software that does not have exploitable bugs. Until recently, however, it has not been possible to verify software of sufficient complexity to be useful. Recently, that situation has changed. SeL4 is an open-source operating system microkernel efficient enough to be used in a wide range of practical applications. Its designers proved it to be fully functionally correct, ensuring the absence of buffer overflows, null pointer exceptions, use-after-free errors, etc., and guaranteeing integrity and confidentiality. The CompCert Verifying C Compiler maps source C programs to provably equivalent assembly language, ensuring the absence of exploitable bugs in the compiler. A number of factors have enabled this revolution, including faster processors, increased automation, more extensive infrastructure, specialized logics and the decision to co-develop code and correctness proofs rather than verify existing artefacts. In this paper, we explore the promise and limitations of current formal-methods techniques. We discuss these issues in the context of DARPA’s HACMS program, which had as its goal the creation of high-assurance software for vehicles, including quadcopters, helicopters and automobiles.This article is part of the themed issue ‘Verified trustworthy software systems’.

show abstract

Section: What Software Is Worth Verifying?mentioning

confidence: 99%

Section: Impedimentsmentioning

confidence: 99%

The HACMS program: using formal methods to eliminate exploitable bugs

Fisher

Launchbury

Richards

2017

Phil. Trans. R. Soc. A.

View full text Add to dashboard Cite

show abstract

“…Flint created a new logic programming language known as VeriML Stampoulis ( 2012) with a strong formal description and safety, and studied verification methods of programs and systems in a concurrent environment Wang et al (2019); Gu et al (2018;. Flint used separation logic to verify the accuracy of memory sharing and data abstraction (Koenig and Shao 2018;Gu et al 2015). Meanwhile, virtual timeline was used to specify and reason for preemptive scheduling, and a novel compositional framework is proposed for reasoning Liu et al (2020).…”

Section: Related Workmentioning

confidence: 99%

Formal design and verification of system task in intelligent transportation systems based on micro-kernel architecture

Qian

Jin

Sun

et al. 2021

J Ambient Intell Human Comput

View full text Add to dashboard Cite

The accuracy of design and implementation of an operating system in intelligent transportation systems is difficult to describe and validate because of its complexity. In this paper, we describe an OS in intelligent transportation systems with automaton theory and establish an OS state model. Based on this model, we construct an isomorphic model in Isabelle/HOL, describe the work objects and operational semantics of the system, and verify the system at the assembly level. We use a micro-kernel OS prototype (VSOS) for intelligent transportation systems as an example to illustrate our method and verify the correctness of design and implementation in VSOS with Isabelle/HOL. Verification shows that the proposed method is feasible.

show abstract

“…Various techniques for more general compositional compilation in CompCert have been proposed. Notable examples include Compositional CompCert Stewart 2015], CompCertX [Gu et al 2015], CASCompCert [Jiang et al 2019] and CompCertM [Song et al 2020]. All these extensions compile only to CompCert's assembly language.…”

Section: Related Workmentioning

confidence: 99%

CompCertELF: verified separate compilation of C programs into ELF object files

Wang

Wilke

et al. 2020

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

We present CompCertELF, the first extension to CompCert that supports verified compilation from C programs all the way to a standard binary file format, i.e., the ELF object format. Previous work on Stack-Aware CompCert provides a verified compilation chain from C programs to assembly programs with a realistic machine memory model. We build CompCertELF by modifying and extending this compilation chain with a verified assembler which further transforms assembly programs into ELF object files.CompCert supports large-scale verification via verified separate compilation: C modules can be written and compiled separately, and then linked together to get a target program that refines the semantics of the program linked from the source modules. However, verified separate compilation in CompCert only works for compilation to assembly programs, not to object files. For the latter, the main difficulty is to bridge the two different views of linking: one for CompCert's programs that allows arbitrary shuffling of global definitions by linking and the other for object files that treats blocks of encoded definitions as indivisible units.We propose a lightweight approach that solves the above problem without any modification to CompCert's framework for verified separate compilation: by introducing a notion of syntactical equivalence between programs and proving the commutativity between syntactical equivalence and the two different kinds of linking, we are able to transit from the more abstract linking operation in CompCert to the more concrete one for ELF object files. By applying this approach to CompCertELF, we obtain the first compiler that supports verified separate compilation of C programs into ELF object files.

show abstract

Deep Specifications and Certified Abstraction Layers

Cited by 32 publications

References 29 publications

The HACMS program: using formal methods to eliminate exploitable bugs

The HACMS program: using formal methods to eliminate exploitable bugs

Formal design and verification of system task in intelligent transportation systems based on micro-kernel architecture

CompCertELF: verified separate compilation of C programs into ELF object files

Contact Info

Product

Resources

About