Automated proofs of object code for a widely used microprocessor
Automated proofs of object code for a widely used microprocessor
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An axiomatic basis for computer programming
Communications of the ACM
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Certified assembly programming with embedded code pointers
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A very modal model of a modern, major, general type system
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An open framework for foundational proof-carrying code
TLDI '07 Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation
Hoare logic for realistically modelled machine code
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Using XCAP to certify realistic systems code: machine context management
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
On the correctness of operating system kernels
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
Certifying low-level programs with hardware interrupts and preemptive threads
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Pervasive Compiler Verification -- From Verified Programs to Verified Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
Electronic Notes in Theoretical Computer Science (ENTCS)
CVM -- A Verified Framework for Microkernel Programmers
Electronic Notes in Theoretical Computer Science (ENTCS)
Correct Microkernel Primitives
Electronic Notes in Theoretical Computer Science (ENTCS)
Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Combining Domain-Specific and Foundational Logics to Verify Complete Software Systems
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
A Verification Approach for System-Level Concurrent Programs
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
The Verisoft Approach to Systems Verification
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Verified Process-Context Switch for C-Programmed Kernels
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Journal of Automated Reasoning
Certifying Low-Level Programs with Hardware Interrupts and Preemptive Threads
Journal of Automated Reasoning
Proving Fairness and Implementation Correctness of a Microkernel Scheduler
Journal of Automated Reasoning
Certified code development for a microcontroller architecture
Proceedings of the 46th Annual Southeast Regional Conference on XX
VCC: A Practical System for Verifying Concurrent C
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
seL4: formal verification of an operating-system kernel
Communications of the ACM
Using XCAP to certify realistic systems code: machine context management
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Formal pervasive verification of a paging mechanism
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Certification of thread context switching
Journal of Computer Science and Technology
Mostly-automated verification of low-level programs in computational separation logic
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Science of Computer Programming
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Translation validation for a verified OS kernel
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.02 |
Formal, modular, and mechanized verification of realistic systems code is desirable but challenging. Verification of machine context management (a basis of multi-tasking) is one representative example. With context operations occurring hundreds to thousands of times per second on every computer, their correctness deserves careful examination. Given the small and stable code bases, it is a common misunderstanding that the context management code is suitable for informal scrutiny and testing. Unfortunately, after being extensively studied and used for decades, it still proves to be a common source of bugs and confusion. Yet its verification remains difficult due to the machine-level detail, irregular patterns of control flows, and rich application scenarios. This paper reports our experience applying XCAP--a recent theoretical verification framework--to certify a realistic x86 implementation of machine context management. XCAP supports expressive and modular logical specifications, but has only previously been applied on simple idealized machine and code. By applying the XCAP theory to an x86 machine model, building libraries of common proof tactics and lemmas, composing specifications for the context data structures and routines, and proving that the code behave accordingly, we achieved the first formal, modular, and mechanized verification of realistic x86 context management code. Our proofs are fully mechanized in the Coq proof assistant. Our certified library code runs on stock hardware and can be linked with other certified systems and application code. Our technique applies to other variants or extensions of context management (e.g., more complex context, different platforms), provides a solid basis for further verification of thread implementation and concurrent programs, and illustrates how to achieve formal, modular, and mechanized verification of realistic systems code.