Mind the Gap: A Verification Framework for Low-Level C
نویسندگان
چکیده
This paper presents the formal Isabelle/HOL framework we use to prove refinement between an executable, monadic specification and the C implementation of the seL4 microkernel. We describe the refinement framework itself, the automated tactics it supports, and the connection to our previous C verification framework. We also report on our experience in applying the framework to seL4. The characteristics of this microkernel verification are the size of the target (8,700 lines of C code), the treatment of low-level programming constructs, the focus on high performance, and the large subset of the C programming language addressed, which includes pointer arithmetic and type-unsafe code.
منابع مشابه
Mind the Gap: Formal Verification and the Common Criteria (Discussion Paper)
It is a common belief that the rise of standardized software certification schemes like the Common Criteria (CC) would give a boost to formal verification, and that software certification may be a killer application for program verification. However, while formal models are indeed used throughout high-assurance certification, verification of the actual implementation is not required by the CC a...
متن کاملA Framework for the Automatic Formal Verification of Refinement from Cogent to C
Our language Cogent simplifies verification of systems software using a certifying compiler, which produces a proof that the generated C code is a refinement of the original Cogent program. Despite the fact that Cogent itself contains a number of refinement layers, the semantic gap between even the lowest level of Cogent semantics and the generated C code remains large. In this paper we close t...
متن کاملPalarimetric Synthetic Aperture Radar Image Classification using Bag of Visual Words Algorithm
Land cover is defined as the physical material of the surface of the earth, including different vegetation covers, bare soil, water surface, various urban areas, etc. Land cover and its changes are very important and influential on the Earth and life of living organisms, especially human beings. Land cover change monitoring is important for protecting the ecosystem, forests, farmland, open spac...
متن کاملDeveloping a Verification and Training Phantom for Gynecological Brachytherapy System
Introduction Dosimetric accuracy is a major issue in the quality assurance (QA) program for treatment planning systems (TPS). An important contribution to this process has been a proper dosimetry method to guarantee the accuracy of delivered dose to the tumor. In brachytherapy (BT) of gynecological (Gyn) cancer it is usual to insert a combination of tandem and ovoid applicators with a complicat...
متن کاملHealth Policy and Management: In Praise of Political Science; Comment on “On Health Policy and Management (HPAM): Mind the Theory-Policy Practice Gap”
Health systems have entered a third era embracing whole systems thinking and posing complex policy and management challenges. Understanding how such systems work and agreeing what needs to be put in place to enable them to undergo effective and sustainable change are more pressing issues than ever for policy-makers. The theory-policy-practice-gap and its four dimensions, as articulated by Chini...
متن کامل