Abstract
We present a methodology and tool for verifying and certifying systems code. The verification is based on the lazy-abstraction paradigm for intertwining the following three logical steps: construct a predicate abstraction from the code, model check the abstraction, and automatically refine the abstraction based on counterexample analysis. The certification is based on the proof-carrying code paradigm. Lazy abstraction enables the automatic construction of small proof certificates. The methodology is implemented in Blast, the Berkeley Lazy Abstraction Software verification Tool. We describe our experience applying Blast to Linux and Windows device drivers. Given the C code for a driver and for a temporal-safety monitor, Blast automatically generates an easily checkable correctness certificate if the driver satisfies the specification, and an error trace otherwise.
This work was supported in part by the NSF ITR grants CCR-0085949, CCR-0081588, the NSF Career grant CCR-9875171, the DARPA PCES grant F33615-00-C-1693, the MARCO GSRC grant 98-DT-660, the SRC contract 99-TJ-683, a Microsoft fellowship, and gifts from AT&T Research and Microsoft Research.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
T. Ball, R. Majumdar, T. Millstein, and S.K. Rajamani. Automatic predicate abstraction of C programs. Conf. Programming Language Design and Implementation, pp. 203–213. ACM, 2001.
T. Ball and S.K. Rajamani. Personal communication.
T. Ball and S.K. Rajamani. The Slast project: debugging system software via static analysis. Symp. Principles of Programming Languages, pp. 1–3. ACM, 2002.
D. Blei, C. Harrelson, R. Jhala, R. Majumdar, G.C. Necula, S.P. Rahul, W. Weimer, and D. Weitz. Vampyre: A Proof-generating Theorem Prover. http://www.eecs.berkeley.edu/~rupak/Vampyre.
A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler. An empirical study of operating system bugs. Symp. Operating System Principles, pp. 78–81. ACM, 2001.
E.M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. Computer-Aided Verification, LNCS 1855, pp. 154–169. Springer-Verlag, 2000.
J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera: extracting finite-state models from Java source code. Int. Conf. Software Engineering, pp. 439–448. ACM, 2000.
S. Das, D. L. Dill, and S. Park. Experience with predicate abstraction. Computer-Aided Verification, LNCS 1633, pp. 160–171. Springer-Verlag, 1999.
D. Detlefs, G. Nelson, and J. Saxe. The Simplify Theorem Prover. http://research.compaq.com/SRC/esc/Simplify.html.
E. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.
M.D. Ernst. Dynamically Discovering Likely Program Invariants. Ph.D. Thesis. University of Washington, Seattle, 2000.
J.S. Foster, T. Terauchi, and A. Aiken. Flow sensitive type qualifiers. Conf. Programming Languages Design and Implementation (to appear), ACM, 2002.
S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. Computer-Aided Verification, LNCS 1254, pp. 72–83. Springer-Verlag, 1997.
R. Harper, F. Honsell, and G. Plotkin. A framework for defining logics. Journal of the ACM, 40:143–184, 1993.
T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. Symp. Principles of Programming Languages, pp. 58–70. ACM, 2002.
G. Holzmann. Logic verification of ANSI-C code with Spin. SPIN Workshop, LNCS 1885, pp. 131–147. Springer-Verlag, 2000.
K. Namjoshi. Certifying model checkers. Computer-Aided Verification, LNCS 2102, pp. 2–13. Springer-Verlag, 2001.
G.C. Necula. Proof carrying code. Symp. Principles of Programming Languages, pp. 106–119. ACM, 1997.
G. Necula and S.P. Rahul. Oracle-based checking of untrusted software. Symp. Principles of Programming Languages, pp. 142–154. ACM, 2001.
G.C. Necula and P. Lee. Efficient representation and validation of proofs. Symp. Logic in Computer Science, pp. 93–104. IEEE Computer Society, 1998.
G.C. Necula, S. McPeak, S.P. Rahul, and W. Weimer. CIL: intermediate language and tools for analysis and transformation of C programs. Compiler Construction, LNCS 2304, pp. 213–228. Springer-Verlag, 2002.
D. Peled and L. Zuck. From model checking to a temporal proof. SPIN Workshop, LNCS 2057, pp. 1–14. Springer-Verlag, 2001.
F. Pfenning. Computation and Deduction. Lecture notes, CMU, 1997.
F. Somenzi. Colorado University Decision Diagram Package. http://vlsi.colorado.edu/pub.
W. Visser, K. Havelund, G. Brat, and S. Park. Model Checking Programs. Conf. Automated Software Engineering, pp. 3–12. IEEE, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Henzinger, T.A., Necula, G.C., Jhala, R., Sutre, G., Majumdar, R., Weimer, W. (2002). Temporal-Safety Proofs for Systems Code. In: Brinksma, E., Larsen, K.G. (eds) Computer Aided Verification. CAV 2002. Lecture Notes in Computer Science, vol 2404. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45657-0_45
Download citation
DOI: https://doi.org/10.1007/3-540-45657-0_45
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43997-4
Online ISBN: 978-3-540-45657-5
eBook Packages: Springer Book Archive