Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code
نویسندگان
چکیده
Verification of machine code can easily deteriorate into an endless clutter of low-level details. This paper presents a case study which shows that machine-code verification does not necessitate ghastly lowlevel proofs. The case study we describe is the construction of an x86-64 implementation of arbitrary-precision integer arithmetic. Compared with closely related work, our proofs are shorter and, more importantly, the reasoning is at a more convenient high level of abstraction, e.g. pointer reasoning is largely avoided. We achieve this improvement as a result of using an abstraction for arrays and previously developed tools, namely, a proof-producing decompiler and compiler. The work presented in this paper has been developed in the HOL4 theorem prover. The case study resulted in 800 lines of verified 64-bit x86 machine code.
منابع مشابه
Verified LISP Implementations on ARM, x86 and PowerPC
This paper reports on a case study, which we believe is the first to produce a formally verified end-to-end implementation of a functional programming language running on commercial processors. Interpreters for the core of McCarthy’s LISP 1.5 were implemented in ARM, x86 and PowerPC machine code, and proved to correctly parse, evaluate and print LISP s-expressions. The proof of evaluation requi...
متن کاملOCamlJIT 2.0 - Faster Objective Caml
This paper presents the current state of an ongoing research project to improve the performance of theOCaml byte-code interpreter using Just-In-Time native code generation. Our JIT engine OCamlJit2 currently runs on x86-64 processors, mimicing precisely the behavior of the OCaml virtual machine. Its design and implementation is described, and performance measures are given.
متن کاملA Verified Runtime for a Verified Theorem Prover
Theorem provers, such as ACL2, HOL, Isabelle and Coq, rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem prover. Our runtime consists of 7,500 lines of...
متن کاملAggrandizing the beast's limbs: patulous code reuse attack on ARM architecture
Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...
متن کاملMIvmm: A micro VMM for development of a trusted code base
In this paper, we describe the implementation of a hardware assisted virtual machine monitor (VMM) for building security applications MIvmm for the Intel x86 64 platform. MIvmm was conceptualized and implemented without the use or inspection of any existing virtualization software. The minimal code base of MIvmm allows it to be trustworthy. MIvmm is launched after the OS has booted as a device ...
متن کامل