Applying source-code verification to a microkernel -- The VFiasco project

Applying source-code verification to a microkernel -- The VFiasco project (2002)

Cached

Download Links

by Michael Hohmuth , Hendrik Tews , Shane G. Stephens

Citations:

BibTeX

@MISC{Hohmuth02applyingsource-code,
    author = {Michael Hohmuth and Hendrik Tews and Shane G. Stephens},
    title = {Applying source-code verification to a microkernel -- The VFiasco project},
    year = {2002}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Source-code verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply source-code verification to a complete operating-system kernel written in C++. The aim of the VFiasco project is to establish security relevant properties of the Fiasco microkernel using source code verification. The project's main challenges are to develop a clean semantics for the subset of C++ used by the kernel and to enable high-level reasoning about typed data starting from only low-level knowledge about the hardware. In this paper we present our ideas for tackling these challenges. We sketch a semantics of C++ and develop a type-safe object store for reasoning about C++ programs. This object store is based on a hardware model that closely resembles the IA32 virtual-memory architecture, and on guarantees provided by the kernel itself.

Citations

1412	The Temporal Logic of Reactive and Concurrent Systems - Manna, Pnueli - 1992
1016	Proof-carrying code - NECULA - 1997
1009	Temporal and modal logic - Emerson - 1990
381	Safe Kernel Extensions without Run-time Checking - Necula, Lee
315	Checking System rules using System-specific, Programmer-written Compiler Extensions - Engler, Chelf, et al. - 2000
245	Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code - Engler, Chen, et al. - 2001
135	Implementing mathematics with the Nuprl proof development system - Constable, Allen, et al. - 1986
133	Isabelle: A Generic Theorem - Paulson - 1994
132	Proofs and Types, volume 7 of Cambridge Tracts - Girard, Lafont, et al. - 1988
104	LCLint: A tool for using specifications to check code - Evans, Guttag, et al. - 1994
68	Building reliable, high-performance communication systems from components - Liu, Kreitz, et al. - 1999
58	Java program verification via a Hoare logic with abrupt termination - Huisman, Jacobs - 2000
36	Pragmatic nonblocking synchronization for real-time systems - Hohmuth, Hartig - 2001
36	Interface and execution models in the fluke kernel - Ford, Hibler, et al. - 1999
26	A machine-checked theory of floating point arithmetic - Harrison - 1690
20	A type-theoretic memory model for verification of sequential Java programs - Berg, Huisman, et al. - 1999
20	A case study in class library verification: Java's Vector class - Huisman, Jacobs, et al. - 2000
19	Formal methods: A practical tool for OS implementors - Tullmann, Turner, et al. - 1997
17	Modelling and verification of a multiprocessor realtime OS kernel - Cattel - 1994
14	Exercises in coalgebraic specification - Jacobs - 2002
12	Elements of Distributed Algorithms - Reisig - 1998
4	The Objective Caml system, 2001. Available at URL http://caml.inria.fr/ocaml - Leroy, Doligez, et al.
4	Verification and abstraction of flow-graph programs with pointers and computed jumps - Wahab - 1998
3	Modeling and verification of the RUBIS -kernel with SPIN - Duval, Julliand - 1995
1	Modeling and verification of the RUBIS-kernel with SPIN - Duval, Julliand - 1995