Gillian: A Multi-Language Platform for Unified Symbolic Analysis

Maksimović, P.; Santos, José Augusto Rodrigues dos; Ayoun, Sacha-Élie; Gardner, Philippa

doi:10.48550/arxiv.2105.14769

Cited by 2 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then we observe that (H, W C f , ea C ) forms an execution memory model. We note that Properties 3.1 and 3.2 in [29] are satisfied, and Property 3.6 is trivial in that operations that return errors do not return an updated heap. We also note that the memory model also conforms to a compositional memory model, as we have the PCM (H, ⊎, µ 0 ) along with the well-formedness property being compositioncompatible.…”

Section: The Predicate Action Execution Function Eamentioning

confidence: 99%

“…So far, CompCert C and JavaScript have both been instantiated for Gillian, giving birth to Gillian-C and Gillian-JS. The underlying theoretical foundation of Gillian has its essential correctness properties like soundness and completeness already proven [20,29]. Thus, users who instantiate the tool only need to prove the correctness of the implementation of their compiler and memory models to ensure the correctness of the entire tool.…”

Section: Gillianmentioning

confidence: 99%

“…The executional memory model states properties a memory model must have for whole-program execution, and the compositional memory model states properties a memory model must have for separation logic based symbolic verification. Each paper in the Gillian literature states slightly different definitions for the memory models [20,28,29,37]-in Definitions 1 and 2 below, we present unified, consistent definitions for each of the memory model properties. We ignore contexts, as there exists only one context in concrete memories, which is the GIL boolean value true.…”

Section: Gillianmentioning

confidence: 99%

“…First, we note that for concrete execution, Gillian also uses the return type R in the action execution function ea. 4 For W f defined in Definition 1, the main properties that must be satisfied are Properties 3.1, 3.2, and 3.6 in [29].…”

Section: The Predicate Action Execution Function Eamentioning

confidence: 99%

See 3 more Smart Citations

A Formal CHERI-C Semantics for Verification

Park

Pai

Melham

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

CHERI-C extends the C programming language by adding hardware capabilities, ensuring a certain degree of memory safety while remaining efficient. Capabilities can also be employed for higher-level security measures, such as software compartmentalization, that have to be used correctly to achieve the desired security guarantees. As the extension changes the semantics of C, new theories and tooling are required to reason about CHERI-C code and verify correctness. In this work, we present a formal memory model that provides a memory semantics for CHERI-C programs. We present a generalised theory with rich properties suitable for verification and potentially other types of analyses. Our theory is backed by an Isabelle/HOL formalisation that also generates an OCaml executable instance of the memory model. The verified and extracted code is then used to instantiate the parametric Gillian program analysis framework, with which we can perform concrete execution of CHERI-C programs. The tool can run a CHERI-C test suite, demonstrating the correctness of our tool, and catch a good class of safety violations that the CHERI hardware might miss.

show abstract

Section: The Predicate Action Execution Function Eamentioning

confidence: 99%

Section: Gillianmentioning

confidence: 99%

Section: Gillianmentioning

confidence: 99%

Section: The Predicate Action Execution Function Eamentioning

confidence: 99%

See 2 more Smart Citations

A Formal CHERI-C Semantics for Verification

Park

Pai

Melham

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Finally, we mention the Gillian project, a language-independent framework based on separation logic for the development of compositional symbolic analysis tools, including tools for whole-program symbolic execution, verification of annotated code, as well as bi-abduction [35,34,29,28]. The works on Gillian concentrate on the generic framework it develops, and the published description of the supported bi-abductive analysis, perhaps most discussed in [34], is unfortunately not very detailed.…”

Section: Introductionmentioning

confidence: 99%

Low-Level Bi-Abduction

Holík¹,

Peringer²,

Rogalewicz³

et al. 2022

Preprint

View full text Add to dashboard Cite

The paper proposes a new static analysis designed to handle open programs, i.e., fragments of programs, with dynamic pointer-linked data structures-in particular, various kinds of lists-that employ advanced low-level pointer operations. The goal is to allow such programs be analysed without a need of writing analysis harnesses that would first initialise the structures being handled. The approach builds on a special flavour of separation logic and the approach of bi-abduction. The code of interest is analyzed along the call tree, starting from its leaves, with each function analysed just once without any call context, leading to a set of contracts summarizing the behaviour of the analysed functions. In order to handle the considered programs, methods of abduction existing in the literature are significantly modified and extended in the paper. The proposed approach has been implemented in a tool prototype and successfully evaluated on not large but complex programs.

show abstract

Gillian: A Multi-Language Platform for Unified Symbolic Analysis

Cited by 2 publications

References 0 publications

A Formal CHERI-C Semantics for Verification

A Formal CHERI-C Semantics for Verification

Low-Level Bi-Abduction

Contact Info

Product

Resources

About