Integrated Semantics of Intermediate-Language C and Macro-Assembler for Pervasive Formal Verification of Operating Systems and Hypervisors from VerisoftXT

Pervasive formal verification of operating systems and hypervisors is, due to their safety-critical aspects, a highly relevant area of research. Many implementations consist of both assembler and C functions. Formal verification of their correctness must consider the correct interaction of code written in these languages, which is, in practice, ensured by using matching application binary interfaces (ABIs). Also, these programs must be able to interact with hardware. We present an integrated operational small-step semantics model of intermediate-language C and Macro-Assembler code execution for pervasive operating systems and hypervisor verification. Our semantics is based on a compiler calling convention that defines callee- and caller-save registers. We sketch a theory connecting this semantic layer with an ISA-model executing the compiled code for use in a pervasive verification context. This forms a basis for soundness proofs of tools used in the VerisoftXT project and is a crucial step towards arguing formal correctness of execution of the verified code on a gate-level hardware model.

[1]  Wolfram Schulte,et al.  Vx86: x86 Assembler Simulated in C Powered by Automated Theorem Proving , 2008, AMAST.

[2]  Norbert Schirmer,et al.  A Better Reduction Theorem for Store Buffers , 2009, ArXiv.

[3]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[4]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[5]  Elena Petrova,et al.  Pervasive Compiler Verification - From Verified Programs to Verified Systems , 2008, Electron. Notes Theor. Comput. Sci..

[6]  Alex K. Simpson,et al.  Computational Adequacy in an Elementary Topos , 1998, CSL.

[7]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[8]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[9]  Xavier Leroy,et al.  Types in Compilation , 1998, Lecture Notes in Computer Science.

[10]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[11]  Yuri Gurevich,et al.  The Semantics of the C Programming Language , 1992, CSL.

[12]  Andrew W. Appel,et al.  Verified Software Toolchain , 2012, NASA Formal Methods.

[13]  Zhong Shao,et al.  Using XCAP to Certify Realistic Systems Code: Machine Context Management , 2007, TPHOLs.

[14]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[15]  Mark A. Hillebrand,et al.  Automated Verification of a Small Hypervisor , 2010, VSTTE.

[16]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[17]  Yu Guo,et al.  Certifying Low-Level Programs with Hardware Interrupts and Preemptive Threads , 2009, Journal of Automated Reasoning.

[18]  Zhong Shao,et al.  Certified assembly programming with embedded code pointers , 2006, POPL '06.

[19]  Nikolaos Papaspyrou,et al.  A Formal Semantics for the C Programming Language , 2000 .