Completing the Automated Verification of a Small Hypervisor – Assembler Code Verification

  • Wolfgang Paul
  • Sabine Schmaltz
  • Andrey Shadrin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7504)

Abstract

In [1] the almost complete formal verification of a small hypervisor with the automated C code verifier VCC [2] was reported: the correctness of the C portions of the hypervisor and of the guest simulation was established; the verification of the assembler portions of the code was left as future work. Suitable methodology for the verification of Macro Assembler programs in VCC was given without soundness proof in [3]. A joint semantics of C + Macro Assembler necessary for such a soundness proof was introduced in [4]. In this paper i) we observe that for two instructions (that manipulate stack pointers) of the hypervisor code the C + Macro Assembler semantics does not suffice; therefore we extend it to C + Macro Assembler + assembler, ii) we argue the soundness of the methodology from [3] with respect to this new semantics, iii) we apply the methodology from [3] to formally verify the Macro Assembler + assembler portions of the hypervisor from [1], completing the formal verification of the small hypervisor in the automated tool VCC.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alkassar, E., Hillebrand, M., Paul, W., Petrova, E.: Automated Verification of a Small Hypervisor. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds.) VSTTE 2010. LNCS, vol. 6217, pp. 40–54. Springer, Heidelberg (2010), http://www-wjp.cs.uni-saarland.de/publikationen/AHPP10.pdf CrossRefGoogle Scholar
  2. 2.
    Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: A Practical System for Verifying Concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Maus, S., Moskal, M., Schulte, W.: Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving. In: Meseguer, J., Roşu, G. (eds.) AMAST 2008. LNCS, vol. 5140, pp. 284–298. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Schmaltz, S., Shadrin, A.: Integrated semantics of intermediate-language C and macro-assembler for pervasive formal verification of operating systems and hypervisors from VerisoftXT. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 18–33. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: Proc. 22nd ACM Symposium on Operating Systems Principles (SOSP), pp. 207–220. ACM, Big Sky (2009)CrossRefGoogle Scholar
  6. 6.
    Bevier, W.R.: Kit and the Short Stack. J. Autom. Reasoning 5(4), 519–530 (1989)Google Scholar
  7. 7.
    Feng, X., Shao, Z., Dong, Y., Guo, Y.: Certifying low-level programs with hardware interrupts and preemptive threads. In: 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2008). ACM, New York (2008)Google Scholar
  8. 8.
    Verisoft Consortium: The Verisoft Project, http://www.verisoft.de/
  9. 9.
    Alkassar, E., Paul, W.J., Starostin, A., Tsyban, A.: Pervasive Verification of an OS Microkernel. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds.) VSTTE 2010. LNCS, vol. 6217, pp. 71–85. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Gargano, M., Hillebrand, M., Leinenbach, D., Paul, W.: On the Correctness of Operating System Kernels. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 1–16. Springer, Heidelberg (2005), http://www-wjp.cs.uni-sb.de/publikationen/GHLP05.pdf CrossRefGoogle Scholar
  11. 11.
    Tews, H., Weber, T., Völp, M., Poll, E., Eekelen, M., Rossum, P.: Nova micro-hypervisor verification formal, machine-checked verification of one module of the kernel source code (Robin deliverable d.13) (2008), http://robin.tudos.org/
  12. 12.
    Dahlin, M., Johnson, R., Krug, R.B., McCoyd, M., Young, W.D.: Toward the verification of a simple hypervisor. In: Hardin, D., Schmaltz, J. (eds.) ACL2. EPTCS, vol. 70 (2011)Google Scholar
  13. 13.
    Leinenbach, D., Santen, T.: Verifying the Microsoft Hyper-V Hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Tverdyshev, S.: Formal Verification of Gate-Level Computer Systems. PhD thesis, Saarland University, Computer Science Department (2009)Google Scholar
  15. 15.
    Tsyban, A.: Formal Verification of a Framework for Microkernel Programmes. PhD thesis, Saarland University, Computer Science Department (2009)Google Scholar
  16. 16.
    Alkassar, E., Cohen, E., Hillebrand, M., Kovalev, M., Paul, W.: Verifying shadow page table algorithms. In: Formal Methods in Computer Aided Design, FMCAD 2010, pp. 267–270. IEEE, Lugano (2010)Google Scholar
  17. 17.
    Maus, S.: Verification of Hypervisor Subroutines written in Assembler. PhD thesis, Freiburg University, Computer Science Department (2011)Google Scholar
  18. 18.
    Shadrin, A.: Mixed Low- and High Level Programming Language Semantics and Automated Verification of a Small Hypervisor. PhD thesis, Saarland University, Computer Science Department (to appear, 2012)Google Scholar
  19. 19.
    Leinenbach, D.: Compiler Verification in the Context of Pervasive System Verification. PhD thesis, Saarland University, Computer Science Department (2007)Google Scholar
  20. 20.
    Leroy, X.: Formal verification of a realistic compiler. Communications of the ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  21. 21.
    Degenbaev, U.: Formal Specification of the x86 Instruction Set Architecture. PhD thesis, Saarland University, Computer Science Department (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Wolfgang Paul
    • 1
  • Sabine Schmaltz
    • 1
  • Andrey Shadrin
    • 1
  1. 1.Saarland UniversityGermany

Personalised recommendations