Formal Verification of C Systems Code

Tuch, Harvey

doi:10.1007/s10817-009-9120-2

Cited by 22 publications

(3 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The CompCert C memory model [26], CH 2 O memory model [24], and Tuch's C memory model [38] are C memory models formalised in a theorem prover, each focusing on different aspects of verification. Our model mostly draws inspiration from these models, extending such work to support CHERI-C programs.…”

Section: Related Workmentioning

confidence: 99%

A Formal CHERI-C Semantics for Verification

Park

Pai

Melham

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

CHERI-C extends the C programming language by adding hardware capabilities, ensuring a certain degree of memory safety while remaining efficient. Capabilities can also be employed for higher-level security measures, such as software compartmentalization, that have to be used correctly to achieve the desired security guarantees. As the extension changes the semantics of C, new theories and tooling are required to reason about CHERI-C code and verify correctness. In this work, we present a formal memory model that provides a memory semantics for CHERI-C programs. We present a generalised theory with rich properties suitable for verification and potentially other types of analyses. Our theory is backed by an Isabelle/HOL formalisation that also generates an OCaml executable instance of the memory model. The verified and extracted code is then used to instantiate the parametric Gillian program analysis framework, with which we can perform concrete execution of CHERI-C programs. The tool can run a CHERI-C test suite, demonstrating the correctness of our tool, and catch a good class of safety violations that the CHERI hardware might miss.

show abstract

Section: Related Workmentioning

confidence: 99%

A Formal CHERI-C Semantics for Verification

Park

Pai

Melham

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Definition ProtocolVersion ∶= struct { ( " major " , uint8 ) ; ( " minor " , uint8 ) }. Definition Random ∶= struct { ( " gmt_unix_time " , uint32 ) ; ( " random_bytes " , opaque [ 28 ])}. Definition SessionID ∶= opaque < .. 32 > 1.…”

Section: Dealing With Dependent Records In Packet Formatsmentioning

confidence: 99%

“…application to a memory allocator [28]. A trusted C-to-HOL translation is responsible for encoding C types as Isabelle/HOL records together with lemmas [28, §5.3]; padding is encoded in the form of extra fields [28, p.140].…”

Section: Related Workmentioning

confidence: 99%

Towards formal verification of TLS network packet processing written in C

Affeldt

Marti

2013

Proceedings of the 7th Workshop on Programming Languages Meets Program Verification

View full text Add to dashboard Cite

TLS is such a widespread security protocol that errors in its implementation can have disastrous consequences. This responsibility is mostly borne by programmers, caught between specifications with the ambiguities of natural language and error-prone low-level parsing of network packets. We provide new Coq libraries for the formal verification of TLS packet processing written in C. The originality of our encoding of the core subset of C is its use of dependent types to guarantee statically well-formedness of datatypes and correct typing. We further equip this encoding with a Separation logic that enables byte-level reasoning and also provide a logical view of data structures. We also formalize a significant part of the RFC for TLS, again using dependent types to capture succinctly constraints that are left implicit in the prose document. Finally, we apply the above framework to an existing implementation of TLS of which we specify and verify a parsing function for network packets.Though not yet completed, this experiment already led us to spot correctness issues with the RFC and the C source code.

show abstract

Transformations for Generating Type Refinements

Smith

Westfold

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Formal Verification of C Systems Code

Cited by 22 publications

References 41 publications

A Formal CHERI-C Semantics for Verification

A Formal CHERI-C Semantics for Verification

Towards formal verification of TLS network packet processing written in C

Transformations for Generating Type Refinements

Contact Info

Product

Resources

About