9,976 research outputs found
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation
Compartmentalization is good security-engineering practice. By breaking a
large software system into mutually distrustful components that run with
minimal privileges, restricting their interactions to conform to well-defined
interfaces, we can limit the damage caused by low-level attacks such as
control-flow hijacking. When used to defend against such attacks,
compartmentalization is often implemented cooperatively by a compiler and a
low-level compartmentalization mechanism. However, the formal guarantees
provided by such compartmentalizing compilation have seen surprisingly little
investigation.
We propose a new security property, secure compartmentalizing compilation
(SCC), that formally characterizes the guarantees provided by
compartmentalizing compilation and clarifies its attacker model. We reconstruct
our property by starting from the well-established notion of fully abstract
compilation, then identifying and lifting three important limitations that make
standard full abstraction unsuitable for compartmentalization. The connection
to full abstraction allows us to prove SCC by adapting established proof
techniques; we illustrate this with a compiler from a simple unsafe imperative
language with procedures to a compartmentalized abstract machine.Comment: Nit
TRX: A Formally Verified Parser Interpreter
Parsing is an important problem in computer science and yet surprisingly
little attention has been devoted to its formal verification. In this paper, we
present TRX: a parser interpreter formally developed in the proof assistant
Coq, capable of producing formally correct parsers. We are using parsing
expression grammars (PEGs), a formalism essentially representing recursive
descent parsing, which we consider an attractive alternative to context-free
grammars (CFGs). From this formalization we can extract a parser for an
arbitrary PEG grammar with the warranty of total correctness, i.e., the
resulting parser is terminating and correct with respect to its grammar and the
semantics of PEGs; both properties formally proven in Coq.Comment: 26 pages, LMC
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
Robust Hyperproperty Preservation for Secure Compilation (Extended Abstract)
We map the space of soundness criteria for secure compilation based on the
preservation of hyperproperties in arbitrary adversarial contexts, which we
call robust hyperproperty preservation. For this, we study the preservation of
several classes of hyperproperties and for each class we propose an equivalent
"property-free" characterization of secure compilation that is generally better
tailored for proofs. Even the strongest of our soundness criteria, the robust
preservation of all hyperproperties, seems achievable for simple
transformations and provable using context back-translation techniques
previously developed for showing fully abstract compilation. While proving the
robust preservation of hyperproperties that are not safety requires such
powerful context back-translation techniques, for preserving safety
hyperproperties robustly, translating each finite trace prefix back to a source
context seems to suffice.Comment: PriSC'18 final versio
Formal Reasoning Using an Iterative Approach with an Integrated Web IDE
This paper summarizes our experience in communicating the elements of
reasoning about correctness, and the central role of formal specifications in
reasoning about modular, component-based software using a language and an
integrated Web IDE designed for the purpose. Our experience in using such an
IDE, supported by a 'push-button' verifying compiler in a classroom setting,
reveals the highly iterative process learners use to arrive at suitably
specified, automatically provable code. We explain how the IDE facilitates
reasoning at each step of this process by providing human readable verification
conditions (VCs) and feedback from an integrated prover that clearly indicates
unprovable VCs to help identify obstacles to completing proofs. The paper
discusses the IDE's usage in verified software development using several
examples drawn from actual classroom lectures and student assignments to
illustrate principles of design-by-contract and the iterative process of
creating and subsequently refining assertions, such as loop invariants in
object-based code.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
- …