Hoare Logic for Realistically Modelled Machine Code

This paper presents a mechanised Hoare-style programming logic framework for assembly level programs. The framework has been designed to fit on top of operational semantics of realistically modelled machine code. Many ad hoc restrictions and features present in real machine-code are handled, including finite memory, data and code in the same memory space, the behavior of status registers and hazards of corrupting special purpose registers (e.g. the program counter, procedure return register and stack pointer). Despite accurately modeling such low level details, the approach yields concise specifications for machine-code programs without using common simplifying assumptions (like an unbounded state space). The framework is based on a flexible state representation in which functional and resource usage specifications are written in a style inspired by separation logic. The presented work has been formalised in higher-order logic, mechanised in the HOL4 system and is currently being used to verify ARM machine-code implementations of arithmetic and cryptographic operations.

[1]  T. Lewis,et al.  Proceedings of the ACM SIGMINI/SIGPLAN interface meeting on Programming systems in the small processor environment , 1976 .

[2]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[3]  Michael A. Arbib,et al.  Proof rules for gotos , 1979, Acta Informatica.

[4]  Tarmo Uustalu,et al.  A compositional natural semantics and Hoare logic for low-level languages , 2007, Theor. Comput. Sci..

[5]  D. L. Clutterbuck,et al.  The verification of low-level code , 1988, Softw. Eng. J..

[6]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[7]  Magnus O. Myreen,et al.  Hoare logic for ARM machine code , 2007, FSEN'07.

[8]  William D. Young,et al.  A robust machine code proof framework for highly secure applications , 2006, ACL2 '06.

[9]  Andrew W. Appel,et al.  A Compositional Logic for Control Flow , 2006, VMCAI.

[10]  W. D. Maurer Proving the correctness of a flight-director program for an airborne minicomputer , 1976, SIGMINI '76.

[11]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[12]  Robert S. Boyer,et al.  Automated proofs of object code for a widely used microprocessor , 1996, JACM.

[13]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[14]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[15]  Robert S. Boyer,et al.  A verified operating system kernel , 1987 .

[16]  Farhad Arbab,et al.  International Symposium on Fundamentals of Software Engineering, International Symposium, FSEN 2007, Tehran, Iran, April 17-19, 2007, Proceedings , 2007, FSEN.

[17]  Alex K. Simpson,et al.  Computational Adequacy in an Elementary Topos , 1998, CSL.

[18]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[19]  David Seal,et al.  ARM Architecture Reference Manual , 2001 .