Machine-Code Verification for Multiple Architectures - An Application of Decompilation into Logic

Myreen, Magnus O.; Gordon, Mike; Slind, Konrad

doi:10.1109/fmcad.2008.ecp.24

Cited by 50 publications

(51 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• The correctness of each code snippets is expressed as a machine-code Hoare triple [15]: { pre * pc p } p : code { post * pc (p + exit) }.…”

Section: Methodsmentioning

confidence: 99%

“…• For cons and equal we used previously developed proof automation [15], which allows for proof reuse in between different machine languages.…”

Section: Methodsmentioning

confidence: 99%

“…The correctness of the above implementations of car and plus is expressed formally by the two ARM Hoare triples [15] below. Here…”

Section: Specification Of Primitive Operationsmentioning

confidence: 99%

“…Since then a decompiler [15] and compiler [16] have been developed to aid this project, which produced in total some 4,580 lines of proof automation and 16,130 lines of interactive proofs and definitions, excluding the definitions of the instruction set models [5,9,18]. Running through all of the proofs takes approximately 2.5 hours in HOL4 using PolyML.…”

Section: Quantitative Datamentioning

confidence: 99%

“…This proof makes use of the following five proof rules derived from the definition of our machine-code Hoare triple, developed in previous work [15]. Formal definitions and detailed explanations are given in the first author's PhD thesis [14].…”

Section: A Definition Of Lisp Inv In Hol4mentioning

confidence: 99%

See 4 more Smart Citations

Verified LISP Implementations on ARM, x86 and PowerPC

Myreen

Gordon

2009

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. This paper reports on a case study, which we believe is the first to produce a formally verified end-to-end implementation of a functional programming language running on commercial processors. Interpreters for the core of McCarthy's LISP 1.5 were implemented in ARM, x86 and PowerPC machine code, and proved to correctly parse, evaluate and print LISP s-expressions. The proof of evaluation required working on top of verified implementations of memory allocation and garbage collection. All proofs are mechanised in the HOL4 theorem prover.

show abstract

“…• The correctness of each code snippets is expressed as a machine-code Hoare triple [15]: { pre * pc p } p : code { post * pc (p + exit) }.…”

Section: Methodsmentioning

confidence: 99%

“…• For cons and equal we used previously developed proof automation [15], which allows for proof reuse in between different machine languages.…”

Section: Methodsmentioning

confidence: 99%

“…The correctness of the above implementations of car and plus is expressed formally by the two ARM Hoare triples [15] below. Here…”

Section: Specification Of Primitive Operationsmentioning

confidence: 99%

Section: Quantitative Datamentioning

confidence: 99%

Section: A Definition Of Lisp Inv In Hol4mentioning

confidence: 99%

See 3 more Smart Citations

Verified LISP Implementations on ARM, x86 and PowerPC

Myreen

Gordon

2009

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

Formal Verification of Memory Preservation of x86-64 Binaries

Bockenek

Verbeek

Lammich

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Formal verification of a binary can provide high software assurance, even when the source code is unavailable. It is, however, inherently hard due to the low level of abstraction involved; instead of verifying typed and structured source code, one has to verify machine code or reconstructed assembly. This paper presents a semi-automated methodology for formally verifying memory preservation, as well as register preservation, over disassembled binaries. The methodology is based on formal symbolic execution and Floyd-style verification. We show that the methodology is compositional on the function level, which is crucial for scalability. The methodology works for loops, recursion, and both optimized and non-optimized code. It can be used to expose preconditions required for non-exceptional behavior. We demonstrate applicability by verifying a set of functions from the HermitCore unikernel library.

show abstract

Highly Automated Formal Proofs over Memory Usage of Assembly Code

Verbeek

Bockenek

Ravindran

2020

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

We present a methodology for generating a characterization of the memory used by an assembly program, as well as a formal proof that the assembly is bounded to the generated memory regions. A formal proof of memory usage is required for compositional reasoning over assembly programs. Moreover, it can be used to prove low-level security properties, such as integrity of the return address of a function. Our verification method is based on interactive theorem proving, but provides automation by generating pre- and postconditions, invariants, control-flow, and assumptions on memory layout. As a case study, three binaries of the Xen hypervisor are disassembled. These binaries are the result of a complex build-chain compiling production code, and contain various complex and nested loops, large and compound data structures, and functions with over 100 basic blocks. The methodology has been successfully applied to 251 functions, covering 12,252 assembly instructions.

show abstract

Machine-Code Verification for Multiple Architectures - An Application of Decompilation into Logic

Cited by 50 publications

References 24 publications

Verified LISP Implementations on ARM, x86 and PowerPC

Verified LISP Implementations on ARM, x86 and PowerPC

Formal Verification of Memory Preservation of x86-64 Binaries

Highly Automated Formal Proofs over Memory Usage of Assembly Code

Contact Info

Product

Resources

About