Provably trustworthy systems

Klein, Gerwin; Andronick, June; Keller, Gabriele; Matichuk, Daniel; Murray, Toby; O’Connor, Liam

doi:10.1098/rsta.2015.0404

Cited by 7 publications

(9 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Functional verification of file systems belongs to systems verification in general. Klein et al (2017) gives a more thorough overview of the work in this area. Some major achievements are the comprehensive verification of the seL4 microkernel (Klein et al, 2009), the verification stack of the Verisoft project (Alkassar et al, 2009(Alkassar et al, , 2010, the increase of verification productivity in CertiKOS (Gu et al, 2011(Gu et al, , 2015 and the full end-to-end application verification in Ironclad (Hawblitzel et al, 2014), which builds on a modified verified Verve kernel (Yang & Hawblitzel, 2010) and the aforementioned Dafny language.…”

Section: Safe File Systemsmentioning

confidence: 99%

Cogent: uniqueness types and certifying compilation

O’Connor¹,

Chen²,

Rizkallah³

et al. 2021

J. Funct. Prog.

Self Cite

View full text Add to dashboard Cite

This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations.

show abstract

Section: Safe File Systemsmentioning

confidence: 99%

Cogent: uniqueness types and certifying compilation

O’Connor¹,

Chen²,

Rizkallah³

et al. 2021

J. Funct. Prog.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Constructing specifications and proofs for complex software and hardware increases the directly incurred development time and requires a suitable workforce. Putting a precise cost on this effort is as difficult as is the case for traditional validation methodologies, but article [18] of this volume contains some current estimates from the seL4 project.…”

Section: (B) Economic Feasibility (I) Costs and Trade-offsmentioning

confidence: 99%

“…In language semantics, researchers have developed formal specifications of most of JavaScript [11] and ML [12]. In operating systems, the CertiKOS project [13][14][15][16] has built a new, fully verified and secure hypervisor kernel including formal specifications not just of the system-call APIs (application programming interfaces) but also of all of the kernel's internal abstraction layers, while the seL4 project has specified and verified both functional correctness and security properties of a microkernel in the popular L4 family [17,18]. In networking, there has been work to verify TCP/IP [19] and Software-Defined Networks [20].…”

Section: The Need For Deep Specificationsmentioning

confidence: 99%

Position paper: the science of deep specification

Appel

Beringer

Chlipala

et al. 2017

Phil. Trans. R. Soc. A.

View full text Add to dashboard Cite

We introduce our efforts within the project 'The science of deep specification' to work out the key formal underpinnings of industrial-scale formal specifications of software and hardware components, anticipating a world where large verified systems are routinely built out of smaller verified components that are also used by many other projects. We identify an important class of specification that has already been used in a few experiments that connect strong component-correctness theorems across the work of different teams. To help popularize the unique advantages of that style, we dub it , and we say that it encompasses specifications that are, , and (terms that we define in the article). Our core team is developing a proof-of-concept system (based on the Coq proof assistant) whose specification and verification work is divided across largely decoupled subteams at our four institutions, encompassing hardware microarchitecture, compilers, operating systems and applications, along with cross-cutting principles and tools for effective specification. We also aim to catalyse interest in the approach, not just by basic researchers but also by users in industry.This article is part of the themed issue 'Verified trustworthy software systems'.

show abstract

“…developed the verified reference implementation, miTLS, for the TLS protocol; -Kathleen Fisher [2] from Tufts University, USA, who created the DARPA project HACMS; -Neil White [3], head of engineering at Altran UK; -Daniel Kroening [4] from Oxford, who built the CBMC model-checker, and is the CEO and founder of the start-up DiffBlue; -Gerwin Klein [5] from Data61 and the University of New South Wales in Australia, who developed the verified kernel seL4, which underpins the HACMS project, with his colleague Gernot Heisser; -Nickolai Zeldovich from MIT, who has developed a verified operating system with his colleague Adam Chlipala [6] from the DeepSpec project; -Mark Batty [7] from the University of Kent, who has developed weak memory models for x86, Power and ARM CPUs, and has significantly influenced the C11 language specification with Peter Sewell at Cambridge; -Peter O'Hearn from Facebook London and University College London, who leads the team working on the Facebook Infer static analysis tool; -Philippa Gardner from Imperial College London, who works on the fundamental theory and prototype tools for the specification and verification of concurrent and web programs; In this publication, some of the speakers and their co-authors describe their current and future research ideas, aiming to make their papers accessible to a general audience interested in software verification. There are some absolute gems.…”

Section: Verified Trustworthy Software Systems Philippa Gardnermentioning

confidence: 99%

“…-Sir Tony Hoare FRS from Microsoft Research (MSR), Cambridge, a founder of the field of program verification, who opened and closed the meeting; -J Strother Moore [1] from the University of Texas, who pioneered tractable verification in industry by developing ACL2 and used it to verify floating-point arithmetic in AMD processors; -Cédric Fournet from MSR Cambridge and the MSR-INRIA Joint Centre in Paris, who developed the verified reference implementation, miTLS, for the TLS protocol; -Kathleen Fisher [2] from Tufts University, USA, who created the DARPA project HACMS; -Neil White [3], head of engineering at Altran UK; -Daniel Kroening [4] from Oxford, who built the CBMC model-checker, and is the CEO and founder of the start-up DiffBlue; -Gerwin Klein [5] from Data61 and the University of New South Wales in Australia, who developed the verified kernel seL4, which underpins the HACMS project, with his colleague Gernot Heisser; -Nickolai Zeldovich from MIT, who has developed a verified operating system with his colleague Adam Chlipala [6] from the DeepSpec project; -Mark Batty [7] from the University of Kent, who has developed weak memory models for x86, Power and ARM CPUs, and has significantly influenced the C11 language specification with Peter Sewell at Cambridge; -Peter O'Hearn from Facebook London and University College London, who leads the team working on the Facebook Infer static analysis tool; -Philippa Gardner from Imperial College London, who works on the fundamental theory and prototype tools for the specification and verification of concurrent and web programs;…”

mentioning

confidence: 99%

Verified trustworthy software systems

Gardner¹

2017

Phil. Trans. R. Soc. A.

View full text Add to dashboard Cite

Provably trustworthy systems

Cited by 7 publications

References 50 publications

Cogent: uniqueness types and certifying compilation

Cogent: uniqueness types and certifying compilation

Position paper: the science of deep specification

Verified trustworthy software systems

Contact Info

Product

Resources

About