The foundation of a generic theorem prover
Journal of Automated Reasoning
Science of Computer Programming
Term rewriting and beyond - theorem proving in Isabelle
Formal Aspects of Computing
The C programming language
The development of the C language
HOPL-II The second ACM SIGPLAN conference on History of programming languages
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The pointer assertion logic engine
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Type Classes and Overloading in Higher-Order Logic
TPHOLs '97 Proceedings of the 10th International Conference on Theorem Proving in Higher Order Logics
A Semantic Basis for Local Reasoning
FoSSaCS '02 Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Proving Pointer Programs in Hoare Logic
MPC '00 Proceedings of the 5th International Conference on Mathematics of Program Construction
The logic of aliasing
Proving pointer programs in higher-order logic
Information and Computation - Special issue: 19th international conference on automated deduction (CADE-19)
Types, bytes, and separation logic
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems
Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations
Journal of Automated Reasoning
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Separation logic for small-step cminor
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Beyond reachability: shape abstraction in the presence of pointer arithmetic
SAS'06 Proceedings of the 13th international conference on Static Analysis
A HOL theory of euclidean space
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
A decidable fragment of separation logic
FSTTCS'04 Proceedings of the 24th international conference on Foundations of Software Technology and Theoretical Computer Science
Mechanical verification of recursive procedures manipulating pointers using separation logic
FM'06 Proceedings of the 14th international conference on Formal Methods
Types, Maps and Separation Logic
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
A Precise Yet Efficient Memory Model For C
Electronic Notes in Theoretical Computer Science (ENTCS)
Experiences in applying formal verification in robotics
SAFECOMP'10 Proceedings of the 29th international conference on Computer safety, reliability, and security
Formal verification of object layout for c++ multiple inheritance
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lyrebird: assigning meanings to machines
SSV'10 Proceedings of the 5th international conference on Systems software verification
A precise memory model for low-level bounded model checking
SSV'10 Proceedings of the 5th international conference on Systems software verification
Verifying security properties of internet protocol stacks: The split verification approach
Journal of Systems Architecture: the EUROMICRO Journal
A case study in verification of embedded network software
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Towards formal verification of TLS network packet processing written in C
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
Translation validation for a verified OS kernel
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.00 |
Systems code is almost universally written in the C programming language or a variant. C has a very low level of type and memory abstraction and formal reasoning about C systems code requires a memory model that is able to capture the semantics of C pointers and types. At the same time, proof-based verification demands abstraction, in particular from the aliasing and frame problems. In this paper we present a study in the mechanisation of two proof abstractions for pointer program verification in the Isabelle/HOL theorem prover, based on a low-level memory model for C. The language's type system presents challenges for the multiple independent typed heaps (Burstall-Bornat) and separation logic proof techniques. In addition to issues arising from explicit value size/alignment, padding, type-unsafe casts and pointer address arithmetic, structured types such as C's arrays and structs are problematic due to the non-monotonic nature of pointer and lvalue validity in the presence of the unary &-operator. For example, type-safe updates through pointers to fields of a struct break the independence of updates across typed heaps or 驴*-conjuncts. We provide models and rules that are able to cope with these language features and types, eschewing common over-simplifications and utilising expressive shallow embeddings in higher-order logic. Two case studies are provided that demonstrate the applicability of the mechanised models to real-world systems code; a working of the standard in-place list reversal example and an overview of the verification of the L4 microkernel's memory allocator.