Results 1  10
of
24
Types, Bytes and Separation Logic
, 2007
"... We present a formal model of memory that both captures the lowlevel features of C’s pointers and memory, and that forms the basis for an expressive implementation of separation logic. At the low level, we do not commit common oversimplifications, but correctly deal with C’s model of programming lan ..."
Abstract

Cited by 83 (24 self)
 Add to MetaCart
We present a formal model of memory that both captures the lowlevel features of C’s pointers and memory, and that forms the basis for an expressive implementation of separation logic. At the low level, we do not commit common oversimplifications, but correctly deal with C’s model of programming language values and the heap. At the level of separation logic, we are still able to reason abstractly and efficiently. We implement this framework in the theorem prover Isabelle/HOL and demonstrate it on two case studies. We show that the divide between detailed and abstract does not impose undue verification overhead, and that simple programs remain easy to verify. We also show that the framework is applicable to real, security and safetycritical code by formally verifying the memory allocator of the L4 microkernel.
Formal verification of a Clike memory model and its uses for verifying program transformations
 JOURNAL OF AUTOMATED REASONING
"... ..."
Beyond reachability: Shape abstraction in the presence of pointer arithmetic
 In SAS’06: Static Analysis Symposium, 2006. M. Colón
, 2001
"... Abstract. Previous shape analysis algorithms use a memory model where the heap is composed of discrete nodes that can be accessed only via access paths built from variables and field names, an assumption that is violated by pointer arithmetic. In this paper we show how this assumption can be removed ..."
Abstract

Cited by 33 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Previous shape analysis algorithms use a memory model where the heap is composed of discrete nodes that can be accessed only via access paths built from variables and field names, an assumption that is violated by pointer arithmetic. In this paper we show how this assumption can be removed, and pointer arithmetic embraced, by using an analysis based on separation logic. We describe an abstract domain whose elements are certain separation logic formulae, and an abstraction mechanism that automatically transits between a lowlevel RAM view of memory and a higher, fictional, view that abstracts from the representation of nodes and multiword linkedlists as certain configurations of the RAM. A widening operator is used to accelerate the analysis. We report experimental results obtained from running our analysis on a number of classic algorithms for dynamic memory management. 1
Abstracting Allocation: The New new Thing
 In Computer Science Logic
, 2006
"... Abstract. We introduce a FloydHoarestyle framework for specification and verification of machine code programs, based on relational parametricity (rather than unary predicates) and using both stepindexing and a novel form of separation structure. This yields compositional, descriptive and extensi ..."
Abstract

Cited by 20 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce a FloydHoarestyle framework for specification and verification of machine code programs, based on relational parametricity (rather than unary predicates) and using both stepindexing and a novel form of separation structure. This yields compositional, descriptive and extensional reasoning principles for many features of lowlevel sequential computation: independence, ownership transfer, unstructured control flow, firstclass code pointers and address arithmetic. We demonstrate how to specify and verify the implementation of a simple memory manager and, independently, its clients in this style. The work has been fully machinechecked within the Coq proof assistant. 1
The Ramifications of Sharing in Data Structures
"... Programs manipulating mutable data structures with intrinsic sharing present a challenge for modular verification. Deep aliasing inside data structures dramatically complicates reasoning in isolation over parts of these objects because changes to one part of the structure (say, the left child of a d ..."
Abstract

Cited by 13 (7 self)
 Add to MetaCart
Programs manipulating mutable data structures with intrinsic sharing present a challenge for modular verification. Deep aliasing inside data structures dramatically complicates reasoning in isolation over parts of these objects because changes to one part of the structure (say, the left child of a dag node) can affect other parts (the right child or some of its descendants) that may point into it. The result is that finding intuitive and compositional proofs of correctness is usually a struggle. We propose a compositional proof system that enables local reasoning in the presence of sharing. While the AI “frame problem ” elegantly captures the reasoning required to verify programs without sharing, we contend that natural reasoning about programs with sharing instead requires an answer to a different and more challenging AI problem, the “ramification problem”: reasoning about the indirect consequences of actions. Accordingly, we present a RAMIFY proof rule that attacks the ramification problem headon and show how to reason with it. Our framework is valid in any separation logic and permits sound compositional and local reasoning in the context of both specified and unspecified sharing. We verify the correctness of a number of examples, including programs that manipulate dags, graphs, and overlaid data structures in nontrivial ways.
Practical tactics for separation logic
 In TPHOLs, volume 5674 of LNCS
, 2009
"... Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard logic of a proof assistant. We have developed tactics for the simplification, rearranging, splitting, matching and rewriting of separation logic assertions as well as the discharging of a program verification condition using a separation logic description of the machine state. We have implemented our tactics in the Coq proof assistant, applying them to a deep embedding of Cminor, a Clike intermediate language used by Leroy’s verified CompCert compiler. We have used our tactics to verify the safety and completeness of a Cheney copying garbage collector written in Cminor. Our ideas should be applicable to other substructural logics and imperative languages. 1
Formal proof of provable security by gameplaying in a proof assistant
 In ProvSec 2007
, 2007
"... Abstract. Gameplaying is an approach to write security proofs that are easy to verify. In this approach, security definitions and intractable problems are written as programs called games and reductionist security proofs are sequences of game transformations. This bias towards programming languages ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Gameplaying is an approach to write security proofs that are easy to verify. In this approach, security definitions and intractable problems are written as programs called games and reductionist security proofs are sequences of game transformations. This bias towards programming languages suggests the implementation of a tool based on compiler techniques (syntactic program transformations) to build security proofs, but it also raises the question of the soundness of such a tool. In this paper, we advocate the formalization of gameplaying in a proof assistant as a tool to build security proofs. In a proof assistant, starting from just the formal definition of a probabilistic programming language, all the properties required in gamebased security proofs can be proved internally as lemmas whose soundness is ensured by proof theory. Concretely, we show how to formalize the gameplaying framework of Bellare and Rogaway in the Coq proof assistant, how to prove formally reusable lemmas such as the fundamental lemma of gameplaying, and how to use them to formally prove the PRP/PRF Switching Lemma. 1
A certified verifier for a fragment of Separation logic
 In JSSST Workshop on Programming and Programming Languages (PPL’07). Japan Society for Software Science and Technology
, 2007
"... Separation logic is an extension of Hoare logic to verify imperative programs with pointers and mutable datastructures. Although there exist several implementations of verifiers for separation logic, none of them has actually been itself verified. In this paper, we present a verifier for a fragment ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Separation logic is an extension of Hoare logic to verify imperative programs with pointers and mutable datastructures. Although there exist several implementations of verifiers for separation logic, none of them has actually been itself verified. In this paper, we present a verifier for a fragment of separation logic that is verified inside the Coq proof assistant. This verifier is implemented as a Coq tactic by reflection to verify separation logic triples. Thanks to the extraction facility to OCaml, we can also derive a certified, standalone and efficient verifier for separation logic. 1
An Approach to Formal Verification of Arithmetic Functions in Assembly—Proof Scripts. http://staff.aist.go.jp/ reynald.affeldt/seplog/asian2006
"... Abstract. It is customary to write performancecritical parts of arithmetic functions in assembly: this enables finelytuned algorithms that use specialized processor instructions. However, such optimizations make formal verification of arithmetic functions technically challenging, mainly because of ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. It is customary to write performancecritical parts of arithmetic functions in assembly: this enables finelytuned algorithms that use specialized processor instructions. However, such optimizations make formal verification of arithmetic functions technically challenging, mainly because of many bitlevel manipulations of data. In this paper, we propose an approach for formal verification of arithmetic functions in assembly. It consists in the implementation in the Coq proof assistant of (1) a Hoare logic for assembly programs augmented with loops and (2) a certified translator to readytorun assembly with jumps. To properly handle formal verification of bitlevel manipulations of data, we propose an original encoding of machine integers. For concreteness, we use the SmartMIPS assembly language, an extension of the MIPS instruction set for smartcards, and we explain the formal verification of an optimized implementation of the Montgomery multiplication, a de factostandard for the implementation of many cryptosystems. 1
Certifying Assembly with Formal Security Proofs: the Case of BBS
, 2011
"... With today’s dissemination of embedded systems manipulating sensitive data, it has become important to equip lowlevel programs with strong security guarantees. Unfortunately, security proofs as done by cryptographers are about algorithms, not about concrete implementations running on hardware. In t ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
With today’s dissemination of embedded systems manipulating sensitive data, it has become important to equip lowlevel programs with strong security guarantees. Unfortunately, security proofs as done by cryptographers are about algorithms, not about concrete implementations running on hardware. In this article, we show how to perform security proofs to guarantee the security of assembly language implementations of cryptographic primitives. Our approach is based on a framework in the Coq proof assistant that integrates correctness proofs of assembly programs with gameplaying proofs of provable security. We demonstrate the usability of our approach using the BlumBlumShub pseudorandom number generator, for which a MIPS implementation for smartcards is shown cryptographically secure.