313 research outputs found
Embedded Program Annotations for WCET Analysis
We present __builtin_ais_annot(), a user-friendly, versatile way to transfer annotations (also known as flow facts) written on the source code level to the machine code level. To do so, we couple two tools often used during the development of safety-critical hard real-time systems, the formally verified C compiler CompCert and the static WCET analyzer aiT. CompCert stores the AIS annotations given via __builtin_ais_annot() in a special section of the ELF binary, which can later be extracted automatically by aiT
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
CompCert - A Formally Verified Optimizing Compiler
International audienceCompCert is the first commercially available optimizing compiler that is formally verified, using machine-assisted mathematical proofs, to be exempt from mis-compilation. The executable code it produces is proved to behave exactly as specified by the semantics of the source C program. This article gives an overview of the design of CompCert and its proof concept and then focuses on aspects relevant for industrial application. We briefly summarize practical experience and give an overview of recent CompCert development aiming at industrial usage. CompCert's intended use is the compilation of life-critical and mission-critical software meeting high levels of assurance. In this context tool qualification is of paramount importance. We summarize the confidence argument of CompCert and give an overview of relevant qualification strategies
First steps towards the certification of an ARM simulator using Compcert
The simulation of Systems-on-Chip (SoC) is nowadays a hot topic because,
beyond providing many debugging facilities, it allows the development of
dedicated software before the hardware is available. Low-consumption CPUs such
as ARM play a central role in SoC. However, the effectiveness of simulation
depends on the faithfulness of the simulator. To this effect, we propose here
to prove significant parts of such a simulator, SimSoC. Basically, on one hand,
we develop a Coq formal model of the ARM architecture while on the other hand,
we consider a version of the simulator including components written in
Compcert-C. Then we prove that the simulation of ARM operations, according to
Compcert-C formal semantics, conforms to the expected formal model of ARM. Size
issues are partly dealt with using automatic generation of significant parts of
the Coq model and of SimSoC from the official textual definition of ARM.
However, this is still a long-term project. We report here the current stage of
our efforts and discuss in particular the use of Compcert-C in this framework.Comment: First International Conference on Certified Programs and Proofs 7086
(2011
Formally verified optimizing compilation in ACG-based flight control software
International audienceThis work presents an evaluation of the CompCert formally specified and verified optimizing compiler for the development of DO-178 level A flight control software. First, some fundamental characteristics of flight control software are presented and the case study program is described. Then, the use of CompCert is justified: its main point is to allow optimized code generation by relying on the formal proof of correctness and additional compilation information instead of the current un-optimized generation required to produce predictable assembly code patterns. The evaluation of its performance (measured using WCET and code size) is presented and the results are compared to those obtained with the currently used compiler
Specifying and Executing Optimizations for Parallel Programs
Compiler optimizations, usually expressed as rewrites on program graphs, are
a core part of all modern compilers. However, even production compilers have
bugs, and these bugs are difficult to detect and resolve. The problem only
becomes more complex when compiling parallel programs; from the choice of graph
representation to the possibility of race conditions, optimization designers
have a range of factors to consider that do not appear when dealing with
single-threaded programs. In this paper we present PTRANS, a domain-specific
language for formal specification of compiler transformations, and describe its
executable semantics. The fundamental approach of PTRANS is to describe program
transformations as rewrites on control flow graphs with temporal logic side
conditions. The syntax of PTRANS allows cleaner, more comprehensible
specification of program optimizations; its executable semantics allows these
specifications to act as prototypes for the optimizations themselves, so that
candidate optimizations can be tested and refined before going on to include
them in a compiler. We demonstrate the use of PTRANS to state, test, and refine
the specification of a redundant store elimination optimization on parallel
programs.Comment: In Proceedings GRAPHITE 2014, arXiv:1407.767
Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code.
We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standard- ized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of as- sembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.ONR -Office of Naval Research(N000141210914
Mechanized semantics for the Clight subset of the C language
This article presents the formal semantics of a large subset of the C
language called Clight. Clight includes pointer arithmetic, "struct" and
"union" types, C loops and structured "switch" statements. Clight is the source
language of the CompCert verified compiler. The formal semantics of Clight is a
big-step operational semantics that observes both terminating and diverging
executions and produces traces of input/output events. The formal semantics of
Clight is mechanized using the Coq proof assistant. In addition to the
semantics of Clight, this article describes its integration in the CompCert
verified compiler and several ways by which the semantics was validated.Comment: Journal of Automated Reasoning (2009
A Formal C Memory Model for Separation Logic
The core of a formal semantics of an imperative programming language is a
memory model that describes the behavior of operations on the memory. Defining
a memory model that matches the description of C in the C11 standard is
challenging because C allows both high-level (by means of typed expressions)
and low-level (by means of bit manipulation) memory accesses. The C11 standard
has restricted the interaction between these two levels to make more effective
compiler optimizations possible, on the expense of making the memory model
complicated.
We describe a formal memory model of the (non-concurrent part of the) C11
standard that incorporates these restrictions, and at the same time describes
low-level memory operations. This formal memory model includes a rich
permission model to make it usable in separation logic and supports reasoning
about program transformations. The memory model and essential properties of it
have been fully formalized using the Coq proof assistant
- âŠ