Formal Specification and Verification of ARM6

Fox, Anthony

doi:10.1007/10930755_2

Cited by 58 publications

(48 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Since then a decompiler [15] and compiler [16] have been developed to aid this project, which produced in total some 4,580 lines of proof automation and 16,130 lines of interactive proofs and definitions, excluding the definitions of the instruction set models [5,9,18]. Running through all of the proofs takes approximately 2.5 hours in HOL4 using PolyML.…”

Section: Quantitative Datamentioning

confidence: 99%

See 1 more Smart Citation

Verified LISP Implementations on ARM, x86 and PowerPC

Myreen

Gordon

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper reports on a case study, which we believe is the first to produce a formally verified end-to-end implementation of a functional programming language running on commercial processors. Interpreters for the core of McCarthy's LISP 1.5 were implemented in ARM, x86 and PowerPC machine code, and proved to correctly parse, evaluate and print LISP s-expressions. The proof of evaluation required working on top of verified implementations of memory allocation and garbage collection. All proofs are mechanised in the HOL4 theorem prover.

show abstract

Section: Quantitative Datamentioning

confidence: 99%

“…We thank Anthony Fox, Xavier Leroy and Susmit Sarkar et al for allowing us to use their processor models for this work [5,9,18]. We also thank Thomas Tuerk, Joe Hurd, Konrad Slind and John Matthews for comments and discussions.…”

mentioning

confidence: 99%

Verified LISP Implementations on ARM, x86 and PowerPC

Myreen

Gordon

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Duan and Regehr [4] describe a general device model framework integrated with the HOL4 model for ARM6 by Anthony Fox [6] in a lock-step manner. They provide a proof of concept for a UART device and its driver, presenting statements on functionality, (memory) safety and timing.…”

Section: Related Workmentioning

confidence: 99%

Formal Verification of Secure User Mode Device Execution with DMA

Schwarz

Dam

2014

Hardware and Software: Verification and Testing

View full text Add to dashboard Cite

Abstract. Separation between processes on top of an operating system or between guests in a virtualized environment is essential for establishing security on modern platforms. A key requirement of the underlying hardware is the ability to support multiple partitions executing on the shared hardware without undue interference. For modern processor architectures -with hardware support for memory management, several modes of operation and I/O interfaces -this is a delicate issue requiring deep analysis at both instruction set and processor implementation level. In a first attempt to rigorously answer this type of questions we introduced in previous work an information flow analysis of user program execution on an ARMv7 platform with hardware supported memory protection, but without I/O. The analysis was performed as a semi-automatic proof search procedure on top of an ARMv7 ISA model implemented in the Cambridge HOL4 theorem prover by Fox et al. The restricted platform functionality, however, makes the analysis of limited practical value. In this paper we add support for devices, including DMA, to the analysis. To this end, we propose an approach to device modeling based on the idea of executing devices nondeterministically in parallel with the (single-core) deterministic processor, covering a fine granularity of interactions between the model components. Based on this model and taking the ARMv7 ISA as an example, we provide HOL4 proofs of several noninterference-oriented isolation properties for a partition executing in the presence of devices which potentially use DMA or interrupts.

show abstract

“…Consequently, formal specifications can be written in a functional programming style using syntax roughly similar to that of ML. For example, in the HOL4 model of the ARMv4 architecture (see [3]), a typical definition is of the following form:…”

Section: Monadic Specificationmentioning

confidence: 99%

“…The ARM specification presented here has its origins in work on verifying the ARM6 processor to the RTL level, see [3]. The specification of the architecture (then version 3) has been almost completely rewritten in the process of upgrading to a monadic specification for architecture versions 4-7.…”

Section: Related Workmentioning

confidence: 99%

A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture

Fox

Myreen

2010

Interactive Theorem Proving

Self Cite

105

View full text Add to dashboard Cite

Abstract. This paper presents a new HOL4 formalization of the current ARM instruction set architecture, ARMv7. This is a modern RISC architecture with many advanced features. The formalization is detailed and extensive. Considerable tool support has been developed, with the goal of making the model accessible and easy to work with. The model and supporting tools are publicly available -we wish to encourage others to make use of this resource. This paper explains our monadic specification approach and gives some details of the endeavours that have been made to ensure that the sizeable model is valid and trustworthy. A novel and efficient testing approach has been developed, based on automated forward proof and communication with ARM development boards.

show abstract

Formal Specification and Verification of ARM6

Cited by 58 publications

References 21 publications

Verified LISP Implementations on ARM, x86 and PowerPC

Verified LISP Implementations on ARM, x86 and PowerPC

Formal Verification of Secure User Mode Device Execution with DMA

A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture

Contact Info

Product

Resources

About