Kit: A Study in Operating System Verification
IEEE Transactions on Software Engineering
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An axiomatic basis for computer programming
Communications of the ACM - Special 25th Anniversary Issue
Experience with processes and monitors in Mesa
Communications of the ACM
Monitors: an operating system structuring concept
Communications of the ACM
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
FTRTFT '02 Proceedings of the 7th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems: Co-sponsored by IFIP WG 2.2
Separation and information hiding
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Permission accounting in separation logic
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Modular verification of concurrent assembly code with dynamic thread creation and termination
Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Modular verification of assembly code with stack-based control abstractions
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
An open framework for foundational proof-carrying code
TLDI '07 Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation
A general framework for certifying garbage collectors and their mutators
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Interrupt Verification via Thread Verification
Electronic Notes in Theoretical Computer Science (ENTCS)
On the relationship between concurrent separation logic and assume-guarantee reasoning
ESOP'07 Proceedings of the 16th European conference on Programming
Type-based analysis of deadlock for a concurrent calculus with interrupts
ESOP'07 Proceedings of the 16th European conference on Programming
Local reasoning for storable locks and threads
APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
Using XCAP to certify realistic systems code: machine context management
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Oracle semantics for concurrent separation logic
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
On the correctness of operating system kernels
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
A marriage of rely/guarantee and separation logic
CONCUR'07 Proceedings of the 18th international conference on Concurrency Theory
Ynot: dependent types for imperative programs
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Enhancing Program Verification with Lemmas
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Combining Domain-Specific and Foundational Logics to Verify Complete Software Systems
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Verified Process-Context Switch for C-Programmed Kernels
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Formal Verification of a Reader-Writer Lock Implementation in C
Electronic Notes in Theoretical Computer Science (ENTCS)
Structuring the verification of heap-manipulating programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Safe to the last instruction: automated verification of a type-safe operating system
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Communications of the ACM
The next 700 separation logics
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Trace-based verification of imperative programs with I/O
Journal of Symbolic Computation
Typed assembly language for implementing OS kernels in SMP/multi-core environments with interrupts
SSV'10 Proceedings of the 5th international conference on Systems software verification
Type safety from the ground up
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Certification of thread context switching
Journal of Computer Science and Technology
Mostly-automated verification of low-level programs in computational separation logic
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Modular verification of preemptive OS kernels
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Safe to the last instruction: automated verification of a type-safe operating system
Communications of the ACM
CertiKOS: a certified kernel for secure cloud computing
Proceedings of the Second Asia-Pacific Workshop on Systems
Improving interrupt response time in a verifiable protected microkernel
Proceedings of the 7th ACM european conference on Computer Systems
Completing the automated verification of a small hypervisor - assembler code verification
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Compositional verification of a baby virtual memory manager
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
Hi-index | 0.03 |
Hardware interrupts are widely used in the world's critical software systems to support preemptive threads, device drivers, operating system kernels, and hypervisors. Handling interrupts properly is an essential component of low-level system programming. Unfortunately, interrupts are also extremely hard to reason about: they dramatically alter the program control flow and complicate the invariants in low-level concurrent code (e.g., implementation of synchronization primitives). Existing formal verification techniques---including Hoare logic, typed assembly language, concurrent separation logic, and the assume-guarantee method---have consistently ignored the issues of interrupts; this severely limits the applicability and power of today's program verification systems. In this paper we present a novel Hoare-logic-like framework for certifying low-level system programs involving both hardware interrupts and preemptive threads. We show that enabling and disabling interrupts can be formalized precisely using simple ownership-transfer semantics, and the same technique also extends to the concurrent setting. By carefully reasoning about the interaction among interrupt handlers, context switching, and synchronization libraries, we are able to---for the first time---successfully certify a preemptive thread implementation and a large number of common synchronization primitives. Our work provides a foundation for reasoning about interrupt-based kernel programs and makes an important advance toward building fully certified operating system kernels and hypervisors.