On construction of a library of formally verified low-level arithmetic functions

Abstract. The GNU Multi-Precision library is a widely used, safetycritical, library for arbitrary-precision arithmetic. Its source code is written in C and assembly, and includes intricate state-of-the-art algorithms for the sake of high performance. Formally verifying the functional behavior of such highly optimized code, not designed with verification in mind, is challenging. We present a fully verified library designed using the Why3 program verifier. The use of a dedicated memory model makes it possible to have the Why3 code be very similar to the original GMP code. This library is extracted to C and is compatible and performancecompetitive with GMP.

show abstract

“…Affeldt verified a binary GCD algorithm and the functions it depends on [2]. Neither multiplications nor divisions are present.…”

Section: Related Workmentioning

confidence: 99%

How to Get an Efficient yet Verified Arbitrary-Precision Integer Library

Rieu-Helft

Marché

Melquiond

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Affeldt used Coq to verify a binary extended GCD algorithm implemented in a variant of MIPS assembly [1], as well as the basic arithmetic functions the algorithm depends on. The work uses GMP's number representation and a memory model based on separation logic.…”

Section: Related Workmentioning

confidence: 99%

“…As such, GMP has had its share of bugs. 1 We advocate using formal verification to ensure memory safety and the absence of correctness bugs for all inputs. GMP features several layers, each one handling different kinds of numbers.…”

Section: Introductionmentioning

confidence: 99%

WhyMP, a formally verified arbitrary-precision integer library

Melquiond

Rieu-Helft²

2023

Journal of Symbolic Computation

View full text Add to dashboard Cite

“…The most closely related work on verified implementation of arithmetic functions is that of Affeldt [2], Fischer [6], Berghofer [4] and Moore [11]. We will also compare with the first author's early poster on this topic [13], and reflect on recent trends in programming logics for assembly verification.…”

Section: Related Workmentioning

confidence: 99%

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

Myreen

Curello

2013

Certified Programs and Proofs

View full text Add to dashboard Cite

Abstract. Verification of machine code can easily deteriorate into an endless clutter of low-level details. This paper presents a case study which shows that machine-code verification does not necessitate ghastly lowlevel proofs. The case study we describe is the construction of an x86-64 implementation of arbitrary-precision integer arithmetic. Compared with closely related work, our proofs are shorter and, more importantly, the reasoning is at a more convenient high level of abstraction, e.g. pointer reasoning is largely avoided. We achieve this improvement as a result of using an abstraction for arrays and previously developed tools, namely, a proof-producing decompiler and compiler. The work presented in this paper has been developed in the HOL4 theorem prover. The case study resulted in 800 lines of verified 64-bit x86 machine code.

show abstract

On construction of a library of formally verified low-level arithmetic functions

Cited by 12 publications

References 13 publications

How to Get an Efficient yet Verified Arbitrary-Precision Integer Library

How to Get an Efficient yet Verified Arbitrary-Precision Integer Library

WhyMP, a formally verified arbitrary-precision integer library

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

Contact Info

Product

Resources

About