Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving

  • Stefan Maus
  • Michał Moskal
  • Wolfram Schulte
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5140)


Vx86 is the first static analyzer for sequential Intel x86 assembler code using automated deductive verification. It proves the correctness of assembler code against function contracts, which are expressed in terms of pre-, post-, and frame conditions using first-order predicates. Vx86 takes the annotated assembler code, translates it into C code simulating the processor, and then uses an existing C verifier to either prove the correctness of the assembler program or find errors in it. First experiments on applying Vx86 on the Windows Hypervisor code base are encouraging. Vx86 verified the Windows Hypervisor’s memory safety, arithmetic safety, call safety and interrupt safety.


Assembler Code Loop Invariant Assembler Instruction Virtualization Instruction Assembler Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Bevier, W.R., Hunt Jr., W.A., Stroher Moore, J., Young, W.D.: An approach to systems verification. Journal of Automated Reasoning 5(4), 411–428 (1989)Google Scholar
  3. 3.
    Boyer, R.S., Yu, Y.: Automated correctness proofs of machine code programs for a commercial microprocessor. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 416–430. Springer, Heidelberg (1992)Google Scholar
  4. 4.
    Cohen, E.: Validating the Microsoft Hypervisor. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, p. 81. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Cohen, E., Hillebrand, M.A., Leinenbach, D., der Rieden, T.I., Moskal, M., Paul, W., Santen, T., Schirmer, N., Schulte, W., Tobies, S., Wolff, B.: The Microsoft Hypervisor verification project (to be published, 2008)Google Scholar
  6. 6.
    Crary, K., Gregory Morrisett, J.: Type structure for low-level programming languages. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 40–54. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Daum, M., Maus, S., Schirmer, N., Seghir, M.N.: Integration of a software model checker into Isabelle. In: Sutcliff, G., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3835, pp. 381–395. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    de Moura, L., Bjøner, N.: Z3: An efficient SMT solver. In: TACAS (2008)Google Scholar
  9. 9.
    De Line, R., Leino, K.R.M.: BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report 70, Microsoft Research (May 2005)Google Scholar
  10. 10.
    Dörrenbächer, J.: Vamos microkernel: formal models and verification. In: International Workshop on System Verification (2006)Google Scholar
  11. 11.
    Filliâtre, J.-C., Marché, C.: Multi-prover verification of C programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Gargano, M., Hillebrand, M.A., Leinenbach, D., Paul, W.J.: On the correctness of operating system kernels. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  13. 13.
    Heiser, G., Elphinstone, K., Kuz, I., Klein, G., Petters, S.M.: Towards trustworthy computing systems: Taking microkernels to the next level (2007)Google Scholar
  14. 14.
    Leinenbach, D., Paul, W.J., Petrova, E.: Towards the formal verification of a C0 compiler: Code generation and implementation correctness. In: Aichernig, B.K., Beckert, B. (eds.) SEFM, pp. 2–12. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  15. 15.
    Liedtke, J.: On microkernel construction. In: Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP-15), Copper Mountain Resort, CO (December 1995)Google Scholar
  16. 16.
    Moskal, M., Schulte, W., Venter, H.: Bits, words and types: Memory models for a Verifying C Compiler (2008)Google Scholar
  17. 17.
    Mürk, O., Larsson, D., Hähnle, R.: KeY-C: A tool for verification of C programs. In: Pfenning, F. (ed.) CADE 2007. LNCS (LNAI), vol. 4603, pp. 385–390. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Necula, G.C.: Proof-carrying code. In: POPL, pp. 106–119 (1997)Google Scholar
  19. 19.
    Ni, Z., Yu, D., Shao, Z.: Using XCAP to certify realistic systems code: Machine context management. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 189–206. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Schirmer, N.: Verification of Sequential Imperative Programs in Isabelle/HOL. PhD thesis, Technische Universität München (2006)Google Scholar
  21. 21.
    Tuch, H., Klein, G., Norrish, M.: Types, bytes, and separation logic. In: Hoffmann, M., Felleisen, M. (eds.) POPL, pp. 97–108. ACM, New York (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Stefan Maus
    • 1
  • Michał Moskal
    • 2
  • Wolfram Schulte
    • 3
  1. 1.Universität FreiburgFreiburgGermany
  2. 2.European Microsoft Innovation Center AachenGermany
  3. 3.Microsoft Research RedmondUSA

Personalised recommendations