LMS-Verify: abstraction without regret for verified systems programming

Amin, Nada; Rompf, Tiark

doi:10.1145/3093333.3009867

Cited by 2 publications

(4 citation statements)

References 82 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A key element that enables this is the level of abstraction of the NF spec and a technique to bridge the spec to the implementation. (2) We verify the entire software stack, reducing the trusted computing base (TCB) to the hardware, the Clang and GCC compilers, a small piece of OS startup code, and our verification toolchain. A key element that enables this is a domain-specific operating system we built and a mechanism that verifies just those parts of the stack that are required by the NF in question.…”

Section: Vignat Left Three Questions Openmentioning

confidence: 99%

“…libVig also provides primitives for reading system time and parsing packet headers. With some further engineering, verified crypto primitives [51] and verified regexp parsing primitives [2] can be added to complete the library. As shown in §6.4, it is reasonable to expect that such an expanded version of libVig would be sufficient for building most NFs.…”

Section: Specification Vs Implementationmentioning

confidence: 99%

“…This is because, the less "primitive" a primitive is, the more likely it is to require changes in order to be useful to a new NF. Once we add verified crypto primitives from HACL* [51] and regexp primitives from LMS [2], libVig will have all the data structures needed to write all the 18 NFs. At that point, NF developers should be able to write any NF they wish in Vigor, push a button, and verify it all the way down to the hardware.…”

Section: Does Verification Compromise Productivity?mentioning

confidence: 99%

“…As a result, we cannot verify NFs that need such primitives, e.g., deep packet inspection or intrusion detection systems. We can fix this by incorporating into libVig verified open-source libraries like LMS [2] for regular expression matching and HACL* [51] for cryptographic primitives.…”

Section: Limitationsmentioning

confidence: 99%

See 3 more Smart Citations

Verifying software network functions with no verification expertise

Zaostrovnykh

Pirelli

Iyer

et al. 2019

Proceedings of the 27th ACM Symposium on Operating Systems Principles

View full text Add to dashboard Cite

We present the design and implementation of Vigor, a software stack and toolchain for building and running software network middleboxes that are guaranteed to be correct, while preserving competitive performance and developer productivity. Developers write the core of the middlebox-the network function (NF)-in C, on top of a standard packet-processing framework, putting persistent state in data structures from Vigor's library; the Vigor toolchain then automatically verifies that the resulting software stack correctly implements a specification, which is written in Python. Vigor has three key features: network function developers need no verification expertise, and the verification process does not require their assistance (push-button verification); the entire software stack is verified, down to the hardware (full-stack verification); and verification can be done in a payas-you-go manner, i.e., instead of investing upfront a lot of time in writing and verifying a complete specification, one can specify one-off properties in a few lines of Python and verify them without concern for the rest. We developed five representative NFs-a NAT, a Maglev load balancer, a MAC-learning bridge, a firewall, and a traffic policer-and verified with Vigor that they satisfy standardsderived specifications, are memory-safe, and do not crash or hang. We show that they provide competitive performance.

show abstract

Section: Vignat Left Three Questions Openmentioning

confidence: 99%

Section: Specification Vs Implementationmentioning

confidence: 99%

Section: Does Verification Compromise Productivity?mentioning

confidence: 99%

Section: Limitationsmentioning

confidence: 99%

See 2 more Smart Citations

Verifying software network functions with no verification expertise

Zaostrovnykh

Pirelli

Iyer

et al. 2019

Proceedings of the 27th ACM Symposium on Operating Systems Principles

View full text Add to dashboard Cite

show abstract

Compiling symbolic execution with staging and algebraic effects

Wei

Bračevac

Tan

et al. 2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Building effective symbolic execution engines poses challenges in multiple dimensions: an engine must correctly model the program semantics, provide flexibility in symbolic execution strategies, and execute them efficiently. This paper proposes a principled approach to building correct, flexible, and efficient symbolic execution engines, directly rooted in the semantics of the underlying language in terms of a high-level definitional interpreter. The definitional interpreter induces algebraic effects to abstract over semantic variants of symbolic execution, e.g., collecting path conditions as a state effect and path exploration as a nondeterminism effect. Different handlers of these effects give rise to different symbolic execution strategies, making execution strategies orthogonal to the symbolic execution semantics, thus improving flexibility. Furthermore, by annotating the symbolic definitional interpreter with binding-times and specializing it to the input program via the first Futamura projection, we obtain a "symbolic compiler", generating efficient instrumented code having the symbolic execution semantics. Our work reconciles the interpretation- and instrumentation-based approaches to building symbolic execution engines in a uniform framework. We illustrate our approach on a simple imperative language step-by-step and then scale up to a significant subset of LLVM IR. We also show effect handlers for common path selection strategies. Evaluating our prototype's performance shows speedups of 10~30x over the unstaged counterpart, and ~2x over KLEE, a state-of-the-art symbolic interpreter for LLVM IR.

show abstract

LMS-Verify: abstraction without regret for verified systems programming

Cited by 2 publications

References 82 publications

Verifying software network functions with no verification expertise

Verifying software network functions with no verification expertise

Compiling symbolic execution with staging and algebraic effects

Contact Info

Product

Resources

About