Gillian, Part II: Real-World Verification for JavaScript and C

Maksimovic, Petar; Ayoun, Sacha-Élie; Santos, José Augusto Rodrigues dos; Gardner, Philippa

doi:10.1007/978-3-030-81688-9_38

Cited by 9 publications

(6 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also note that the current heap design keeps track of negative resources [28], which may potentially be useful for incorrectness logic based verification [33].…”

Section: Propertiesmentioning

confidence: 99%

“…Gillian is a high-level analysis framework, theoretically capable of analysing a wide range of languages. The framework allows concrete and symbolic execution, verification based on Separation Logic, and bi-abduction [28]. The crux of the framework lies in its parametricity, where the tool can be instantiated by simply providing a compiler front end and OCaml-based memory models of the language.…”

Section: Gillianmentioning

confidence: 99%

“…assumptions, and generation of symbolic variables. For separation logic based verification, the GIL grammar is further extended to support core predicates and user-defined predicates [28] that can be utilised to form separation logic based assertions. Furthermore, function specifications in the Hoare-triple form {P }f (x){Q} can be provided, where P and Q are separation logic based assertions.…”

Section: Gillianmentioning

confidence: 99%

“…The executional memory model states properties a memory model must have for whole-program execution, and the compositional memory model states properties a memory model must have for separation logic based symbolic verification. Each paper in the Gillian literature states slightly different definitions for the memory models [20,28,29,37]-in Definitions 1 and 2 below, we present unified, consistent definitions for each of the memory model properties. We ignore contexts, as there exists only one context in concrete memories, which is the GIL boolean value true.…”

Section: Gillianmentioning

confidence: 99%

See 3 more Smart Citations

A Formal CHERI-C Semantics for Verification

Park

Pai

Melham

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

CHERI-C extends the C programming language by adding hardware capabilities, ensuring a certain degree of memory safety while remaining efficient. Capabilities can also be employed for higher-level security measures, such as software compartmentalization, that have to be used correctly to achieve the desired security guarantees. As the extension changes the semantics of C, new theories and tooling are required to reason about CHERI-C code and verify correctness. In this work, we present a formal memory model that provides a memory semantics for CHERI-C programs. We present a generalised theory with rich properties suitable for verification and potentially other types of analyses. Our theory is backed by an Isabelle/HOL formalisation that also generates an OCaml executable instance of the memory model. The verified and extracted code is then used to instantiate the parametric Gillian program analysis framework, with which we can perform concrete execution of CHERI-C programs. The tool can run a CHERI-C test suite, demonstrating the correctness of our tool, and catch a good class of safety violations that the CHERI hardware might miss.

show abstract

“…We also note that the current heap design keeps track of negative resources [28], which may potentially be useful for incorrectness logic based verification [33].…”

Section: Propertiesmentioning

confidence: 99%

Section: Gillianmentioning

confidence: 99%

Section: Gillianmentioning

confidence: 99%

Section: Gillianmentioning

confidence: 99%

See 2 more Smart Citations

A Formal CHERI-C Semantics for Verification

Park

Pai

Melham

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Finally, we mention the Gillian project, a language-independent framework based on separation logic for the development of compositional symbolic analysis tools, including tools for whole-program symbolic execution, verification of annotated code, as well as bi-abduction [35,34,29,28]. The works on Gillian concentrate on the generic framework it develops, and the published description of the supported bi-abductive analysis, perhaps most discussed in [34], is unfortunately not very detailed.…”

Section: Introductionmentioning

confidence: 99%

Low-Level Bi-Abduction

Holík¹,

Peringer²,

Rogalewicz³

et al. 2022

Preprint

View full text Add to dashboard Cite

The paper proposes a new static analysis designed to handle open programs, i.e., fragments of programs, with dynamic pointer-linked data structures-in particular, various kinds of lists-that employ advanced low-level pointer operations. The goal is to allow such programs be analysed without a need of writing analysis harnesses that would first initialise the structures being handled. The approach builds on a special flavour of separation logic and the approach of bi-abduction. The code of interest is analyzed along the call tree, starting from its leaves, with each function analysed just once without any call context, leading to a set of contracts summarizing the behaviour of the analysed functions. In order to handle the considered programs, methods of abduction existing in the literature are significantly modified and extended in the paper. The proposed approach has been implemented in a tool prototype and successfully evaluated on not large but complex programs.

show abstract