Improved Tool Support for Machine-Code Decompilation in HOL4

Fox, Anthony

doi:10.1007/978-3-319-22102-1_12

Cited by 21 publications

(32 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the recent years, Fox et al have created ISA models for x86-64, MIPS, several versions of ARM and other architectures [8,7]. The instruction sets are modelled based on ocial documentations and on the abstraction level of the programmer's view, thus being agnostic to internals like pipelines.…”

Section: Isa Modelsmentioning

confidence: 99%

“…The instruction sets are modelled based on ocial documentations and on the abstraction level of the programmer's view, thus being agnostic to internals like pipelines. The newest models are produced in the domain-specic language L3 [7] and can be exported to the interactive theorem prover HOL4. Our analysis targets those purely-functional HOL4 models for single-core systems.…”

Section: Isa Modelsmentioning

confidence: 99%

“…Normalization and abstraction are described below. For the rst three steps we reuse evaluation machinery from [7] and extend it, mainly to add support for automated subtransition identication and recursion. Preconditions, for example on the privilege level, allow to reduce rewriting time and the size of the result.…”

Section: Rewriting Towards An Evaluated Formmentioning

confidence: 99%

“…Step Library The ISA models are provided together with so-called step libraries, specic to every architecture [7]. They include a database of precomputed rewrite theorems, connecting transitions to their evaluated forms.…”

Section: Rewriting Towards An Evaluated Formmentioning

confidence: 99%

“…We employ the framework on ISA models developed by Fox et al [7] and verify noninterference, that is, that secret (high ) components can not inuence public (low ) components. Besides an ISA model, the input consists of desired conditions (such as a specic privilege mode) and a candidate labelling, specifying which system components are already to be considered as low (such as the program counter) and, implicitly, which components might possibly be high.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Automatic Derivation of Platform Noninterference Properties

Schwarz

Dam

2016

Software Engineering and Formal Methods

View full text Add to dashboard Cite

Abstract. For the verication of system software, information ow properties of the instruction set architecture (ISA) are essential. They show how information propagates through the processor, including sometimes opaque control registers. Thus, they can be used to guarantee that user processes cannot infer the state of privileged system components, such as secure partitions. Formal ISA models -for example for the HOL4 theorem prover -have been available for a number of years. However, little work has been published on the formal analysis of these models. In this paper, we present a general framework for proving information ow properties of a number of ISAs automatically, for example for ARM. The analysis is represented in HOL4 using a direct semantical embedding of noninterference, and does not use an explicit type system, in order to (i) minimize the trusted computing base, and to (ii) support a large degree of context-sensitivity, which is needed for the analysis. The framework determines automatically which system components are accessible at a given privilege level, guaranteeing both soundness and accuracy.

show abstract

Section: Isa Modelsmentioning

confidence: 99%

Section: Isa Modelsmentioning

confidence: 99%

Section: Rewriting Towards An Evaluated Formmentioning

confidence: 99%

Section: Rewriting Towards An Evaluated Formmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Automatic Derivation of Platform Noninterference Properties

Schwarz

Dam

2016

Software Engineering and Formal Methods

View full text Add to dashboard Cite

show abstract

An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor

Hóu

Sanán

Tiu

et al. 2016

FM 2016: Formal Methods

View full text Add to dashboard Cite

The SPARCv8 instruction set architecture (ISA) has been used in various processors for workstations, embedded systems, and space missions. However, there are no publicly available formal models for the SPARCv8 ISA. In this work, we give the first formal model for the integer unit of SPARCv8 ISA in Isabelle/HOL. We capture the operational semantics of the instructions using monadic definitions. Our model is a detailed model, which covers many features specific to SPARC processors, such as delayed-write for control registers, windowed general registers, and more complex memory access. Our model is also general, as we retain an abstract layer of the model which allows it to be instantiated to support all SPARCv8 compliant processors. We extract executable code from our formalisation, giving us the first systematically verified executable semantics for the SPARCv8 ISA. We have tested our model extensively against a LEON3 simulation board, covering both single-step executions and sequential execution of programs. We prove some important properties for our formal model, including a non-interference property for the LEON3 processor.

show abstract

Bidirectional Grammars for Machine-Code Decoding and Encoding

Tan

Morrisett

2017

J Autom Reasoning

View full text Add to dashboard Cite

Improved Tool Support for Machine-Code Decompilation in HOL4

Cited by 21 publications

References 10 publications

Automatic Derivation of Platform Noninterference Properties

Automatic Derivation of Platform Noninterference Properties

An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor

Bidirectional Grammars for Machine-Code Decoding and Encoding

Contact Info

Product

Resources

About