Chapter

Computer Aided Verification

Volume 2404 of the series Lecture Notes in Computer Science pp 526-538

Date:

Temporal-Safety Proofs for Systems Code

  • Thomas A. HenzingerAffiliated withEECS Department, University of California
  • , George C. NeculaAffiliated withEECS Department, University of California
  • , Ranjit JhalaAffiliated withEECS Department, University of California
  • , Grégoire SutreAffiliated withLaBRI, Université de Bordeaux
  • , Rupak MajumdarAffiliated withEECS Department, University of California
  • , Westley WeimerAffiliated withEECS Department, University of California

* Final gross prices may vary according to local VAT.

Get Access

Abstract

We present a methodology and tool for verifying and certifying systems code. The verification is based on the lazy-abstraction paradigm for intertwining the following three logical steps: construct a predicate abstraction from the code, model check the abstraction, and automatically refine the abstraction based on counterexample analysis. The certification is based on the proof-carrying code paradigm. Lazy abstraction enables the automatic construction of small proof certificates. The methodology is implemented in Blast, the Berkeley Lazy Abstraction Software verification Tool. We describe our experience applying Blast to Linux and Windows device drivers. Given the C code for a driver and for a temporal-safety monitor, Blast automatically generates an easily checkable correctness certificate if the driver satisfies the specification, and an error trace otherwise.