Abstract
This paper presents the formal Isabelle/HOL framework we use to prove refinement between an executable, monadic specification and the C implementation of the seL4 microkernel. We describe the refinement framework itself, the automated tactics it supports, and the connection to our previous C verification framework. We also report on our experience in applying the framework to seL4. The characteristics of this microkernel verification are the size of the target (8,700 lines of C code), the treatment of low-level programming constructs, the focus on high performance, and the large subset of the C programming language addressed, which includes pointer arithmetic and type-unsafe code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andronick, J.: Modélisation et Vérification Formelles de Systèmes Embarqués dans les Cartes à Microprocesseur—Plate-Forme Java Card et Système d’Exploitation. Ph.D thesis, Université Paris-Sud (March 2006)
Andronick, J., Chetali, B., Paulin-Mohring, C.: Formal verification of security properties of smart card embedded source code. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 302–317. Springer, Heidelberg (2005)
Bevier, W.R.: Kit: A study in operating system verification. IEEE Transactions on Software Engineering 15(11), 1382–1396 (1989)
Cock, D.: Bitfields and tagged unions in C: Verification through automatic generation. In: Beckert, B., Klein, G. (eds.) Proc, 5th VERIFY, Sydney, Australia, August 2008. CEUR Workshop Proceedings, vol. 372, pp. 44–55 (2008)
Cock, D., Klein, G., Sewell, T.: Secure microkernels, state monads and scalable refinement. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 167–182. Springer, Heidelberg (2008)
Cohen, E., Moskał, M., Schulte, W., Tobies, S.: A precise yet efficient memory model for C (2008), http://research.microsoft.com/apps/pubs/default.aspx?id=77174
de Roever, W.-P., Engelhardt, K.: Data Refinement: Model-Oriented Proof Methods and their Comparison. Cambridge Tracts in Theoretical Computer Science, vol. 47. Cambridge University Press (1998)
Derrin, P., Elphinstone, K., Klein, G., Cock, D., Chakravarty, M.M.T.: Running the manual: An approach to high-assurance microkernel development. In: Proc. ACM SIGPLAN Haskell WS, Portland, OR, USA (September 2006)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. CACM 18(8), 453–457 (1975)
Elphinstone, K., Klein, G., Derrin, P., Roscoe, T., Heiser, G.: Towards a practical, verified kernel. In: Proc. 11th Workshop on Hot Topics in Operating Systems (2007)
Elphinstone, K., Klein, G., Kolanski, R.: Formalising a high-performance microkernel. In: Leino, R. (ed.) VSTTE, Microsoft Research Technical Report MSR-TR-2006-117, Seattle, USA, August 2006, pp. 1–7 (2006)
Feiertag, R.J., Neumann, P.G.: The foundations of a provably secure operating system (PSOS). In: AFIPS Conf. Proc., 1979 National Comp. Conf., New York, NY, USA, June 1979, pp. 329–334 (1979)
Filliâtre, J.-C., Marché, C.: Multi-prover verification of C programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004)
Frama-C (2008), http://frama-c.cea.fr/
Hohmuth, M., Tews, H.: The VFiasco approach for a verified operating system. In: Proc. 2nd ECOOP-PLOS Workshop, Glasgow, UK (October 2005)
Programming languages—C, ISO/IEC 9899:1999 (1999)
Klein, G.: Operating system verification—An overview. Sādhanā 34(1), 27–69 (2009)
Liedtke, J.: On μ-kernel construction. In: Proc. 15th SOSP (December 1995)
Moy, Y.: Union and cast in deductive verification. In: Proc. C/C++ Verification Workshop, Technical Report ICIS-R07015. Radboud University Nijmegen (2007)
Mürk, O., Larsson, D., Hähnle, R.: KeY-C: A tool for verification of C programs. In: Pfenning, F. (ed.) CADE 2007. LNCS, vol. 4603, pp. 385–390. Springer, Heidelberg (2007)
Nipkow, T., Paulson, L.C., Wenzel, M.T.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)
Open Kernel Labs. OKL4 v2.1 (2008), http://www.ok-labs.com
Schirmer, N.: Verification of Sequential Imperative Programs in Isabelle/HOL. Ph.D thesis, Technische Universität München (2006)
Schirmer, N., Hillebrand, M., Leinenbach, D., Alkassar, E., Starostin, A., Tsyban, A.: Balancing the load — leveraging a semantics stack for systems verification. JAR, special issue on Operating System Verification 42(2-4), 389–454 (2009)
Tuch, H.: Formal Memory Models for Verifying C Systems Code. Ph.D thesis, School Comp. Sci. & Engin., University NSW, Sydney 2052, Australia (August 2008)
Tuch, H.: Formal verification of C systems code: Structured types, separation logic and theorem proving. JAR, special issue on Operating System Verification 42(2–4), 125–187 (2009)
Tuch, H., Klein, G., Norrish, M.: Types, bytes, and separation logic. In: Hofmann, M., Felleisen, M. (eds.) Proc. 34th POPL, pp. 97–108. ACM, New York (2007)
Walker, B., Kemmerer, R., Popek, G.: Specification and verification of the UCLA Unix security kernel. CACM 23(2), 118–131 (1980)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Winwood, S., Klein, G., Sewell, T., Andronick, J., Cock, D., Norrish, M. (2009). Mind the Gap. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds) Theorem Proving in Higher Order Logics. TPHOLs 2009. Lecture Notes in Computer Science, vol 5674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03359-9_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-03359-9_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03358-2
Online ISBN: 978-3-642-03359-9
eBook Packages: Computer ScienceComputer Science (R0)