2019
DOI: 10.1145/3356903
|View full text |Cite
|
Sign up to set email alerts
|

Building certified concurrent OS kernels

Abstract: Operating system (OS) kernels form the backbone of system software. They can have a significant impact on the resilience and security of today's computers. Recent efforts have demonstrated the feasibility of formally verifying simple general-purpose kernels, but they have ignored the important issues of concurrency, which include not just user and I/O concurrency on a single core, but also multicore parallelism with fine-grained locking. In this work, we present CertiKOS, a novel compositional framework for bu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
15
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
4

Relationship

0
8

Authors

Journals

citations
Cited by 33 publications
(15 citation statements)
references
References 19 publications
0
15
0
Order By: Relevance
“…Related and future work Certified Abstraction Layers (CAL, [24,26]) are used in the CertiKOS project [25] to verify feature-rich operating system kernels and hypervisors in Coq. CAL permits horizontal and vertical composition of components, and establishes full abstraction between the imports and exports.…”
Section: Discussionmentioning
confidence: 99%
“…Related and future work Certified Abstraction Layers (CAL, [24,26]) are used in the CertiKOS project [25] to verify feature-rich operating system kernels and hypervisors in Coq. CAL permits horizontal and vertical composition of components, and establishes full abstraction between the imports and exports.…”
Section: Discussionmentioning
confidence: 99%
“…In particular, the verification of an OCaml-style garbage collector by Wang et al [2019a] extends CompCert with external functions specific for pointer-tagging. The verification of OS kernels and hypervisors by Gu et al [2019] and Li et al [2021] sidesteps integer-pointer casts altogether by using array indexing into a global array in which the kernel's allocatable data structures are stored. In contrast, with RefinedC-VIP, we have aimed to develop a verification tool that accounts for the integer-pointer cast idioms found in the wild, while also being sound under a realistic semantics.…”
Section: Related Workmentioning
confidence: 99%
“…It is possible to work around this limitation by restricting to certain coding patterns. For example, CertiKOS [Gu et al 2015[Gu et al , 2018[Gu et al , 2019 and SeKVM [Li et al 2021] model all allocatable data structures as a large array (sharing a single allocation identifier), and can thus replace some operations that usually require integer-pointer casts by simple pointer arithmetic, and Wang et al [2019a] use hardwired support for tag bits. However, in this paper, we target real-world code that does not generally adhere to such coding patterns.…”
Section: Introductionmentioning
confidence: 99%
“…There is also a vast body of prior work on Coq-based Proof Frameworks for program correctness. Systems like YNot [Malecha et al 2011], based on Hoare Type Theory, Iris [Jung et al 2016], VST [Appel 2014], and FCSL [Sergey et al 2015], all based on concurrent separation logic, and CertiKOS [Gu et al 2016] [Gu et al 2019], which uses certified abstraction layers, have had major success in the field of large scale program verification. Those models typically rely on smallstep, relationally-specified operational semantics, and are especially useful for reasoning about concurrent programsÐa domain that is still being explored for ITrees.…”
Section: Related Workmentioning
confidence: 99%