Formal Verification of the Heap Manager of an Operating System Using Separation Logic

Abstract: In order to ensure memory properties of an operating system, it is important to verify the implementation of its heap manager. In the case of an existing operating system, such a verification is a difficult task because the heap manager is usually written in a low-level language that makes use of pointers, and it is usually not written with verification in mind. Our main contribution in this paper is to verify the heap manager of an existing operating system, namely Topsy. For this purpose, we use separation l… Show more

“…This will not prevent us from formalizing the connectives of separation logic (see Sect. 4.5) in such a way that the frame rule is provable (following [MAY06]). The properties of states are specified using a shallow embedding of the logical connectives, i.e., assertions are functions from states (a pair of a store and a heap) to the type Prop of propositions in Coq: assertion def = store ⇒ heap ⇒ Prop.…”

“…5.1) also relies on a formalization of separation logic, including the frame rule, the key lemma that allows us to compose code snippets. This formalization is essentially taken from [AM06] and [MAY06] and is orthogonal to the formalization of [SU07] that we carried out in the previous sections. The formalization of the connectives of separation logic takes advantage of the fact that the assertions are shallow-embedded.…”

Certifying assembly with formal security proofs: The case of BBS

“…This will not prevent us from formalizing the connectives of separation logic (see Sect. 4.5) in such a way that the frame rule is provable (following [MAY06]). The properties of states are specified using a shallow embedding of the logical connectives, i.e., assertions are functions from states (a pair of a store and a heap) to the type Prop of propositions in Coq: assertion def = store ⇒ heap ⇒ Prop.…”

“…5.1) also relies on a formalization of separation logic, including the frame rule, the key lemma that allows us to compose code snippets. This formalization is essentially taken from [AM06] and [MAY06] and is orthogonal to the formalization of [SU07] that we carried out in the previous sections. The formalization of the connectives of separation logic takes advantage of the fact that the assertions are shallow-embedded.…”

Certifying assembly with formal security proofs: The case of BBS

“…Central to these approaches is the separating conjunction P * Q, which guarantees that the logical assertions P and Q talk about disjoint areas of the memory state. Examples of use of separation logic include correctness proofs for memory allocators and garbage collectors [17,18]. It is possible, but not very useful, to define a separation logic on top of our memory model, where in a separating conjunction P * Q, every memory block is wholly owned by either P or Q but not both.…”

Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations

“…As a result, there have been a number of theorem prover formalisations of separation logic [1,4,9,11] and tactics for dealing with separation logic-style reasoning in theorem provers [2,5,10].…”

Separation Logic Adapted for Proofs by Rewriting