Combining Domain-Specific and Foundational Logics to Verify Complete Software Systems

A major challenge for verifying completesoftware systems is their complexity. A complete software system consists of program modules that use many language features and span different abstraction levels (e.g. user code and run-time system code). It is extremely difficult to use one verification system (e.g. type system or Hoare-style program logic) to support all these features and abstraction levels. In our previous work, we have developed a new methodology to solve this problem. We apply specialized "domain-specific" verification systems to verify individual program modules and then link the modules in a foundational open logical framework to compose the verified complete software package. In this paper, we show how this new methodology is applied to verify a software package containing implementations of preemptive threads and a set of synchronization primitives. Our experience shows that domain-specific verification systems can greatly simplify the verification process of low-level software, and new techniques for combining domain-specific and foundational logics are critical for the successful verification of complete software systems.

[1]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[2]  Yu Guo,et al.  An open framework for foundational proof-carrying code , 2007, TLDI '07.

[3]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[4]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[5]  Zhong Shao,et al.  Certified self-modifying code , 2007, PLDI '07.

[6]  Hugo Herbelin,et al.  The Coq proof assistant : reference manual, version 6.1 , 1997 .

[7]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[8]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[9]  Sam Lindley,et al.  Extensional Rewriting with Sums , 2007, TLCA.

[10]  Mark A. Hillebrand,et al.  On the Correctness of Operating System Kernels , 2005, TPHOLs.

[11]  Zhong Shao,et al.  Certified assembly programming with embedded code pointers , 2006, POPL '06.

[12]  Long Li,et al.  A general framework for certifying garbage collectors and their mutators , 2007, PLDI '07.

[13]  Xinyu Feng,et al.  Modular verification of assembly code with stack-based control abstractions , 2006, PLDI '06.

[14]  Zhong Shao,et al.  Using XCAP to Certify Realistic Systems Code: Machine Context Management , 2007, TPHOLs.

[15]  Yu Guo,et al.  Certifying Low-Level Programs with Hardware Interrupts and Preemptive Threads , 2009, Journal of Automated Reasoning.

[16]  Christine Paulin-Mohring,et al.  Inductive Definitions in the system Coq - Rules and Properties , 1993, TLCA.

[17]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[18]  J Strother Moore System verification , 2004, Journal of Automated Reasoning.

[19]  William R. Bevier,et al.  Kit: A Study in Operating System Verification , 1989, IEEE Trans. Software Eng..

[20]  Gernot Heiser,et al.  Towards a Practical, Verified Kernel , 2007, HotOS.