Abstract
This paper presents the formal Isabelle/HOL framework we use to prove refinement between an executable, monadic specification and the C implementation of the seL4 microkernel. We describe the refinement framework itself, the automated tactics it supports, and the connection to our previous C verification framework. We also report on our experience in applying the framework to seL4. The characteristics of this microkernel verification are the size of the target (8,700 lines of C code), the treatment of low-level programming constructs, the focus on high performance, and the large subset of the C programming language addressed, which includes pointer arithmetic and type-unsafe code.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andronick, J.: Modélisation et Vérification Formelles de Systèmes Embarqués dans les Cartes à Microprocesseur—Plate-Forme Java Card et Système d’Exploitation. Ph.D thesis, Université Paris-Sud (March 2006)
Andronick, J., Chetali, B., Paulin-Mohring, C.: Formal verification of security properties of smart card embedded source code. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 302–317. Springer, Heidelberg (2005)
Bevier, W.R.: Kit: A study in operating system verification. IEEE Transactions on Software Engineering 15(11), 1382–1396 (1989)
Cock, D.: Bitfields and tagged unions in C: Verification through automatic generation. In: Beckert, B., Klein, G. (eds.) Proc, 5th VERIFY, Sydney, Australia, August 2008. CEUR Workshop Proceedings, vol. 372, pp. 44–55 (2008)
Cock, D., Klein, G., Sewell, T.: Secure microkernels, state monads and scalable refinement. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 167–182. Springer, Heidelberg (2008)
Cohen, E., Moskał, M., Schulte, W., Tobies, S.: A precise yet efficient memory model for C (2008), http://research.microsoft.com/apps/pubs/default.aspx?id=77174
de Roever, W.-P., Engelhardt, K.: Data Refinement: Model-Oriented Proof Methods and their Comparison. Cambridge Tracts in Theoretical Computer Science, vol. 47. Cambridge University Press (1998)
Derrin, P., Elphinstone, K., Klein, G., Cock, D., Chakravarty, M.M.T.: Running the manual: An approach to high-assurance microkernel development. In: Proc. ACM SIGPLAN Haskell WS, Portland, OR, USA (September 2006)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. CACM 18(8), 453–457 (1975)
Elphinstone, K., Klein, G., Derrin, P., Roscoe, T., Heiser, G.: Towards a practical, verified kernel. In: Proc. 11th Workshop on Hot Topics in Operating Systems (2007)
Elphinstone, K., Klein, G., Kolanski, R.: Formalising a high-performance microkernel. In: Leino, R. (ed.) VSTTE, Microsoft Research Technical Report MSR-TR-2006-117, Seattle, USA, August 2006, pp. 1–7 (2006)
Feiertag, R.J., Neumann, P.G.: The foundations of a provably secure operating system (PSOS). In: AFIPS Conf. Proc., 1979 National Comp. Conf., New York, NY, USA, June 1979, pp. 329–334 (1979)
Filliâtre, J.-C., Marché, C.: Multi-prover verification of C programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004)
Frama-C (2008), http://frama-c.cea.fr/
Hohmuth, M., Tews, H.: The VFiasco approach for a verified operating system. In: Proc. 2nd ECOOP-PLOS Workshop, Glasgow, UK (October 2005)
Programming languages—C, ISO/IEC 9899:1999 (1999)
Klein, G.: Operating system verification—An overview. Sādhanā 34(1), 27–69 (2009)
Liedtke, J.: On μ-kernel construction. In: Proc. 15th SOSP (December 1995)
Moy, Y.: Union and cast in deductive verification. In: Proc. C/C++ Verification Workshop, Technical Report ICIS-R07015. Radboud University Nijmegen (2007)
Mürk, O., Larsson, D., Hähnle, R.: KeY-C: A tool for verification of C programs. In: Pfenning, F. (ed.) CADE 2007. LNCS, vol. 4603, pp. 385–390. Springer, Heidelberg (2007)
Nipkow, T., Paulson, L.C., Wenzel, M.T.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)
Open Kernel Labs. OKL4 v2.1 (2008), http://www.ok-labs.com
Schirmer, N.: Verification of Sequential Imperative Programs in Isabelle/HOL. Ph.D thesis, Technische Universität München (2006)
Schirmer, N., Hillebrand, M., Leinenbach, D., Alkassar, E., Starostin, A., Tsyban, A.: Balancing the load — leveraging a semantics stack for systems verification. JAR, special issue on Operating System Verification 42(2-4), 389–454 (2009)
Tuch, H.: Formal Memory Models for Verifying C Systems Code. Ph.D thesis, School Comp. Sci. & Engin., University NSW, Sydney 2052, Australia (August 2008)
Tuch, H.: Formal verification of C systems code: Structured types, separation logic and theorem proving. JAR, special issue on Operating System Verification 42(2–4), 125–187 (2009)
Tuch, H., Klein, G., Norrish, M.: Types, bytes, and separation logic. In: Hofmann, M., Felleisen, M. (eds.) Proc. 34th POPL, pp. 97–108. ACM, New York (2007)
Walker, B., Kemmerer, R., Popek, G.: Specification and verification of the UCLA Unix security kernel. CACM 23(2), 118–131 (1980)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Winwood, S., Klein, G., Sewell, T., Andronick, J., Cock, D., Norrish, M. (2009). Mind the Gap. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds) Theorem Proving in Higher Order Logics. TPHOLs 2009. Lecture Notes in Computer Science, vol 5674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03359-9_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-03359-9_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03358-2
Online ISBN: 978-3-642-03359-9
eBook Packages: Computer ScienceComputer Science (R0)