Completing the automated verification of a small hypervisor - assembler code verification

Authors:
Wolfgang Paul;Sabine Schmaltz;Andrey Shadrin
Affiliations:
Saarland University, Germany;Saarland University, Germany;Saarland University, Germany
Venue:
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Year:
2012

Citing 12
Cited 2

Kit and the short stack

Journal of Automated Reasoning
Certifying low-level programs with hardware interrupts and preemptive threads

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving

AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Formal verification of a realistic compiler

Communications of the ACM - Barbara Liskov: ACM's A.M. Turing Award Winner
VCC: A Practical System for Verifying Concurrent C

TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
seL4: formal verification of an OS kernel

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Verifying the Microsoft Hyper-V Hypervisor with VCC

FM '09 Proceedings of the 2nd World Congress on Formal Methods
Automated verification of a small hypervisor

VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Pervasive verification of an OS microkernel: inline assembly, memory consumption, concurrent devices

VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Verifying shadow page table algorithms

Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
On the correctness of operating system kernels

TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
Integrated semantics of intermediate-language c and macro-assembler for pervasive formal verification of operating systems and hypervisors from VerisoftXT

VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments

Formal verification of information flow security for a simple arm-based separation kernel

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Machine code verification of a tiny ARM hypervisor

Proceedings of the 3rd international workshop on Trustworthy embedded devices

Quantified Score

Hi-index	0.00

Visualization

Abstract

In [1] the almost complete formal verification of a small hypervisor with the automated C code verifier VCC [2] was reported: the correctness of the C portions of the hypervisor and of the guest simulation was established; the verification of the assembler portions of the code was left as future work. Suitable methodology for the verification of Macro Assembler programs in VCC was given without soundness proof in [3]. A joint semantics of C + Macro Assembler necessary for such a soundness proof was introduced in [4]. In this paper i) we observe that for two instructions (that manipulate stack pointers) of the hypervisor code the C + Macro Assembler semantics does not suffice; therefore we extend it to C + Macro Assembler + assembler, ii) we argue the soundness of the methodology from [3] with respect to this new semantics, iii) we apply the methodology from [3] to formally verify the Macro Assembler + assembler portions of the hypervisor from [1], completing the formal verification of the small hypervisor in the automated tool VCC.