Abstract. One of the challenges in verifying systems level code is the low-level, untyped view of the machine state that operating systems have. We describe a way to faithfully formalise this view while at the same time providing an easy-to-use, abstract and typed view of memory where possible. We have used this formal memory model to verify parts of the virtual memory subsystem of the L4 high-performance microkernel. All formalisations and proofs have been carried out in the theorem prover Isabelle and the verified code has been integrated into the current implementation of L4.
Weak memory models formalize the unexpected behavior that one can expect to observe in multi-threade...
Functional verification of low-level code requires abstractions over the memory model to be effectiv...
Abstract. Primitives are basic means provided by a microkernel to im-plementors of operating system ...
We present a formal model of memory that both captures the lowlevel features of C’s pointers and mem...
AbstractThis paper presents our solutions to some problems we encountered in an ongoing attempt to v...
Systems code is almost universally written in the C programming language or a variant. C has a very ...
Systems code is almost universally written in the C programming language or a variant. C has a very ...
Part 3: VerificationInternational audienceMemory safety plays a crucial role in concurrent hardware/...
Abstract: Functional verification of low-level code requires abstractions over the memory model to b...
Abstract. We report on the first formal pervasive verification of an op-erating system microkernel f...
The ISO C standard does not specify the semantics of many valid programs that use non-portable idiom...
AbstractStructured types, such as C's arrays and structs, present additional challenges in pointer p...
Structured types, such as C’s arrays and structs, present additional challenges in pointer program v...
AbstractPrimitives are basic means provided by a microkernel to implementors of operating system ser...
International audienceCollaboration of verification methods is crucial to tackle the challenging pro...
Weak memory models formalize the unexpected behavior that one can expect to observe in multi-threade...
Functional verification of low-level code requires abstractions over the memory model to be effectiv...
Abstract. Primitives are basic means provided by a microkernel to im-plementors of operating system ...
We present a formal model of memory that both captures the lowlevel features of C’s pointers and mem...
AbstractThis paper presents our solutions to some problems we encountered in an ongoing attempt to v...
Systems code is almost universally written in the C programming language or a variant. C has a very ...
Systems code is almost universally written in the C programming language or a variant. C has a very ...
Part 3: VerificationInternational audienceMemory safety plays a crucial role in concurrent hardware/...
Abstract: Functional verification of low-level code requires abstractions over the memory model to b...
Abstract. We report on the first formal pervasive verification of an op-erating system microkernel f...
The ISO C standard does not specify the semantics of many valid programs that use non-portable idiom...
AbstractStructured types, such as C's arrays and structs, present additional challenges in pointer p...
Structured types, such as C’s arrays and structs, present additional challenges in pointer program v...
AbstractPrimitives are basic means provided by a microkernel to implementors of operating system ser...
International audienceCollaboration of verification methods is crucial to tackle the challenging pro...
Weak memory models formalize the unexpected behavior that one can expect to observe in multi-threade...
Functional verification of low-level code requires abstractions over the memory model to be effectiv...
Abstract. Primitives are basic means provided by a microkernel to im-plementors of operating system ...