Scaling symbolic evaluation for automated verification of systems code with Serval

@article{Nelson2019ScalingSE,
  title={Scaling symbolic evaluation for automated verification of systems code with Serval},
  author={Luke Nelson and James Bornholt and Ronghui Gu and Andrew Baumann and Emina Torlak and Xi Wang},
  journal={Proceedings of the 27th ACM Symposium on Operating Systems Principles},
  year={2019}
}
This paper presents Serval, a framework for developing automated verifiers for systems software. Serval provides an extensible infrastructure for creating verifiers by lifting interpreters under symbolic evaluation, and a systematic approach to identifying and repairing verification performance bottlenecks using symbolic profiling and optimizations. Using Serval, we build automated verifiers for the RISC-V, x86--32, LLVM, and BPF instruction sets. We report our experience of retrofitting… 
Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel
TLDR
The results show that it is possible to build a verified component within a large, unverified system with careful design of specification and proof strategy and an automated proof strategy that scales to practical implementations.
Integration verification across software and hardware for a simple embedded system
TLDR
This work reports on the first verification of a realistic embedded system, with its application software, device drivers, compiler, and RISC-V processor represented inside the Coq proof assistant as one mathematical object, with a machine-checked proof of functional correctness.
Building Certified Software Systems
  • Computer Science
  • 2019
TLDR
My research goal is to make critical software systems truly reliable and secure through formal verification through developing scalable tools to verify concurrent OS kernels that are formally proved to be error-free and secure.
Finding code that explodes under symbolic evaluation
TLDR
Symbolic profiling, a new approach to identifying and diagnosing performance bottlenecks in programs under symbolic evaluation, is presented and 8 previously undiagnosed performance issues are discovered.
Semantics, Verification, and Efficient Implementations for Tristate Numbers
TLDR
A novel sound algorithm for multiplying two tnums is described that is more precise and efficient than the Linux kernel’s tnum multiplication and provides the first proofs of soundness and precision of arithmetic and logical operations with tnum.
Automated Verification of Network Function Binaries
TLDR
An automated technique to verify NF binaries is described, making verification usable by network operators even on proprietary code, and introduces a universal type to specify both NFs and their data structures, the “ghost map”.
Verified programs can party: optimizing kernel extensions via post-verification merging
TLDR
KFuse is presented, a framework that dynamically and automatically merges chains of BPF programs by transforming indirect jumps into direct jumps, unrolling loops, and saving memory accesses, without loss of security or flexibility.
Verifying concurrent , crash-safe systems with Perennial Tej Chajed
TLDR
A crash-safe, concurrent mail server is implemented using Perennial and Goose that achieves speedup on multiple cores and the Coq proof assistant, and the mail server and the framework's proofs are machine checked.
Contract-based verification of a realistic quantum compiler
In this paper, we present CertiQ, a mostly-automated verification framework for the Qiskit quantum compiler. To our knowledge, CertiQ is the first effort to apply formal verification and SMT
CirC: Compiler infrastructure for proof systems, software verification, and more
TLDR
This work shows that building shared compiler infrastructure for compiling to constraint representations is possible, and shows that this shared infrastructure is useful, because it allows compilers for proof systems to benefit from decades of work on constraint compilation techniques for software verification.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 96 REFERENCES
Translation validation for a verified OS kernel
TLDR
An approach for proving refinement between the formal semantics of a program on the C source level and its formal semantics on the binary level, thus checking the validity of compilation, including some optimisations, and linking, and extending static properties proved of the source code to the executable is presented.
-OVERIFY: Optimizing Programs for Fast Verification
TLDR
This work proposes that compilers support a new kind of switch, -OVERIFY, that generates code optimized for the needs of verification tools, and implemented this idea for one class of verification (symbolic execution) and found that it reduces verification time by up to 95×.
Dafny: An Automatic Program Verifier for Functional Correctness
TLDR
A tour of the language and verifier Dafny, which has been used to verify the functional correctness of a number of challenging pointer-based programs, is given and the full functional specification of the Schorr-Waite algorithm is shown.
ISA semantics for ARMv8-a, RISC-v, and CHERI-MIPS
TLDR
This paper presents rigorous semantic models for the sequential behaviour of large parts of the mainstream ARMv8-A, RISC-V, and MIPS architectures, and the research CHERI-MIPS architecture, that are complete enough to boot operating systems, variously Linux, FreeBSD, or seL4.
Refinement through restraint: bringing down the cost of verification
TLDR
A framework aimed at significantly reducing the cost of verifying certain classes of systems software, such as file systems, and allowing for equational reasoning about systems code written in Cogent, a restricted, polymorphic, higher-order, and purely functional language with linear types.
seL4: formal verification of an OS kernel
TLDR
To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel.
Safe to the last instruction: automated verification of a type-safe operating system
TLDR
Verve is the first operating system mechanically verified to guarantee both type and memory safety, and its approach demonstrates a practical way to mix high-level typed code with low-level untyped code in a verifiably safe manner.
seL4: From General Purpose to a Proof of Information Flow Enforcement
TLDR
This is the first complete, formal, machine-checked verification of information flow security for the implementation of a general-purpose microkernel; namely seL4, and describes precisely how the general purpose kernel should be configured to enforce isolation and mandatory information flow control.
Comprehensive formal verification of an OS microkernel
TLDR
An in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel, and the experience in maintaining this evolving formally verified code base.
Finding code that explodes under symbolic evaluation
TLDR
Symbolic profiling, a new approach to identifying and diagnosing performance bottlenecks in programs under symbolic evaluation, is presented and 8 previously undiagnosed performance issues are discovered.
...
1
2
3
4
5
...