Hostname: page-component-7d684dbfc8-v2qlk Total loading time: 0 Render date: 2023-09-28T18:40:30.074Z Has data issue: false Feature Flags: { "corePageComponentGetUserInfoFromSharedSession": true, "coreDisableEcommerce": false, "coreDisableSocialShare": false, "coreDisableEcommerceForArticlePurchase": false, "coreDisableEcommerceForBookPurchase": false, "coreDisableEcommerceForElementPurchase": false, "coreUseNewShare": true, "useRatesEcommerce": true } hasContentIssue false
  • English
  • Français

Cogent: uniqueness types and certifying compilation

Part of: Secure Compilation

Published online by Cambridge University Press:  27 October 2021

LIAM O’CONNOR Open the ORCID record for LIAM O’CONNOR [Opens in a new window] ,
ZILIN CHEN ,
CHRISTINE RIZKALLAH ,
VINCENT JACKSON ,
SIDNEY AMANI ,
GERWIN KLEIN ,
TOBY MURRAY ,
THOMAS SEWELL  and
GABRIELE KELLER
LIAM O’CONNOR
Affiliation:
School of Informatics, University of Edinburgh, UK (e-mail: l.oconnor@ed.ac.uk)
ZILIN CHEN
Affiliation:
School of Computer Science and Engineering, UNSW Sydney, Australia (e-mail: zilin.chen@student.unsw.edu.au)
CHRISTINE RIZKALLAH
Affiliation:
School of Computer Science and Engineering, UNSW Sydney, Australia (e-mail: c.rizkallah@unsw.edu.au)
VINCENT JACKSON
Affiliation:
School of Computer Science and Engineering, UNSW Sydney, Australia (e-mail: v.jackson@unsw.edu.au)
SIDNEY AMANI
Affiliation:
Canva, Sydney NSW, Australia (e-mail: sidney.amani@gmail.com)
GERWIN KLEIN
Affiliation:
School of Computer Science and Engineering, UNSW Sydney, Australia Proofcraft, Kensington, Australia (e-mail: kleing@cse.unsw.edu.au)
TOBY MURRAY
Affiliation:
School of Computing and Information Systems, University of Melbourne, Australia (e-mail: toby.murray@unimelb.edu.au)
THOMAS SEWELL
Affiliation:
Department of Computer Science and Technology, University of Cambridge, UK (e-mail: tals4@cam.ac.uk)
GABRIELE KELLER
Affiliation:
Department of Information and Computing Sciences, Utrecht University, Utrecht, The Netherlands (e-mail: g.k.keller@uu.nl)
Rights & Permissions [Opens in a new window]

Abstract

Core share and HTML view are not possible as this article does not have html content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations.

Type
Research Article
Information
Journal of Functional Programming , Volume 31 , 2021 , e25
Check for updates
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.
Copyright
© The Author(s), 2021. Published by Cambridge University Press

References

Alkassar, E., Böhme, S., Mehlhorn, K. and Rizkallah, C. (2014) A framework for the verification of certifying computations. J. Autom. Reasoning 52(3), 241273.CrossRefGoogle Scholar
Alkassar, E., Hillebrand, M., Leinenbach, D., Schirmer, N., Starostin, A. and Tsyban, A. (2009) Balancing the load — leveraging a semantics stack for systems verification. J. Autom. Reasoning Spec. Issue Operating Syst. Verif. 42(2–4), 389454.CrossRefGoogle Scholar
Alkassar, E., Paul, W., Starostin, A. and Tsyban, A. (2010) Pervasive verification of an OS microkernel: Inline assembly, memory consumption, concurrent devices. In Verified Software: Theories, Tools and Experiments. Lecture Notes in Computer Science, vol. 6217. Springer, pp. 7185.Google Scholar
Amani, S. (2016) A Methodology for Trustworthy File Systems. PhD thesis, University of New South Wales.Google Scholar
Amani, S., Andronick, J., Bortin, M., Lewis, C., Rizkallah, C. and Tuong, J. (2017) COMPLX: A verification framework for concurrent imperative programs. In Certified Programs and Proofs. ACM, pp. 138150.CrossRefGoogle Scholar
Amani, S., Hixon, A., Chen, Z., Rizkallah, C., Chubb, P., O’Connor, L., Beeren, J., Nagashima, Y., Lim, J., Sewell, T., Tuong, J., Keller, G., Murray, T., Klein, G. and Heiser, G. (2016) Cogent: Verifying high-assurance file system implementations. In Architectural Support for Programming Languages and Operating Systems, pp. 175188.CrossRefGoogle Scholar
Amani, S. and Murray, T. (2015) Specifying a realistic file system. In Workshop on Models for Formal Analysis of Real Systems, pp. 19.CrossRefGoogle Scholar
Andronick, J. (2006) Formally proved anti-tearing properties of embedded C code. In Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation. Invited Speaker, pp. 129136.CrossRefGoogle Scholar
Arkoudas, K., Zee, K., Kuncak, V. and Rinard, M. C. (2004) Verifying a file system implementation. In Conference on Formal Engineering Methods. Lecture Notes in Computer Science, vol. 3308. Springer, pp. 373390.CrossRefGoogle Scholar
Barendsen, E. and Smetsers, S. (1993) Conventional and uniqueness typing in graph rewrite systems. In Foundations of Software Technology and Theoretical Computer Science. Lecture Notes in Computer Science, vol. 761, pp. 4151.CrossRefGoogle Scholar
Beringer, L., Petcher, A., Ye, K. Q. and Appel, A. W. (2015) Verified correctness and security of OpenSSL HMAC. In Security Symposium. USENIX, pp. 207221.Google Scholar
Bernardy, J.-P., Boespflug, M., Newton, R. R., Peyton Jones, S. and Spiwack, A. (2017) Linear Haskell: Practical linearity in a higher-order polymorphic language. In Principles of Programming Languages. ACM, pp. 5:1–5:29.Google Scholar
Bevier, W., Cohen, R. and Turner, J. (1995) A Specification for the Synergy File System. Tech. rept. Technical Report 120. Computational Logic Inc., Austin, Texas, USA.Google Scholar
Blum, M. and Kannan, S. (1995) Designing programs that check their work. J. ACM 42(1), 269291.CrossRefGoogle Scholar
Brady, E. (2013) Idris, a general-purpose dependently typed programming language: Design and implementation. J. Funct. Program. 23(9), 552593.CrossRefGoogle Scholar
Breitner, J., Spector-Zabusky, A., Li, Y., Rizkallah, C., Wiegley, J., Cohen, J. and Weirich, S. (2021) Ready, Set, Verify! Applying hs-to-coq to real-world Haskell code. J. Funct. Program. 31, e5.CrossRefGoogle Scholar
Bright, J. D., Sullivan, G. F. and Masson, G. M. (1997) A formally verified sorting certifier. IEEE Trans. Comput. 46(12), 13041312.CrossRefGoogle Scholar
Charguéraud, A. (2010) Program verification through characteristic formulae. In International Conference on Functional Programming. ACM, pp. 321332.CrossRefGoogle Scholar
Charguéraud, A. (2011) Characteristic formulae for the verification of imperative programs. In International Conference on Functional Programming. ACM, pp. 418430.CrossRefGoogle Scholar
Chen, H., Ziegler, D., Chajed, T., Chlipala, A., Kaashoek, M. F. and Zeldovich, N. (2015) Using Crash Hoare logic for certifying the FSCQ file system. In Symposium on Operating Systems Principles. ACM, pp. 1837.CrossRefGoogle Scholar
Chen, Z., Di Meglio, M., O’Connor, L., Susarla Ajay, P., Rizkallah, C. and Keller, G. (2019) A Data Layout Description Language for Cogent (extended abstract). http://ssrg.nicta.com/publications/csiro_full_text/Chen_DOSRK_19.pdf. At Principles of Secure Compilation (PriSC).Google Scholar
Chen, Z., O’Connor, L., Keller, G., Klein, G. and Heiser, G. (2017) The Cogent case for property-based testing. In Programming Languages and Operating Systems. ACM, pp. 17.CrossRefGoogle Scholar
Cheung, L., O’Connor, L. and Rizkallah, C. (2021) Overcoming restraint: Modular refinement using cogent’s principled foreign function interface. CoRR abs/2102.09920. Under submission.Google Scholar
Chlipala, A. (2015) An optimizing compiler for a purely functional web application language. In International Conference on Functional Programming. ACM, pp. 1021.CrossRefGoogle Scholar
Claessen, K. and Hughes, J. (2000) Quickcheck: A lightweight tool for random testing of haskell programs. In International Conference on Functional Programming. ACM, pp. 268279.CrossRefGoogle Scholar
Cock, D., Klein, G. and Sewell, T. (2008) Secure microkernels, state monads and scalable refinement. In International Conference on Theorem Proving in Higher Order Logics, vol. 5170. Springer-Verlag, pp. 167182.CrossRefGoogle Scholar
Cogent. Cogent source code and Isabelle/HOL formalisation. Accessed March 11, 2021. Available at :https://github.com/NICTA/cogent.Google Scholar
Coquand, T. and Paulin, C. (1988) Inductively defined types. In International Conference on Computer Logic, pp. 5066.Google Scholar
Coutts, D., Leshchinskiy, R. and Stewart, D. (2007) Stream fusion: From lists to streams to nothing at all. In International Conference on Functional Programming. ACM, pp. 315326.CrossRefGoogle Scholar
Damchoom, K., Butler, M. and Abrial, J.-R. (2008) Modelling and proof of a tree-structured file system in Event-B and Rodin. In Conference on Formal Engineering Methods. Lecture Notes in Computer Science, vol. 5256. Springer, pp. 2544.CrossRefGoogle Scholar
Dang, V. (2020) Flogent: An Information Flow Security Feature for Cogent. Honours thesis, UNSW Sydney, Computer Science & Engineering.Google Scholar
de Amorim, A. A., Hritcu, C. and Pierce, B. C. (2018) The meaning of memory safety. In Principles of Security and Trust - 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14–20, 2018, Proceedings, Bauer, L. & Küsters, R. (eds). Lecture Notes in Computer Science, vol. 10804. Springer, pp. 79105.Google Scholar
DeLine, R. and Fähndrich, M. (2001) Enforcing high-level protocols in low-level software. In Programming Language Design and Implementation, pp. 5969.CrossRefGoogle Scholar
de Roever, W. P. and Engelhardt, K. (1998) Data Refinement: Model-oriented Proof Theories and their Comparison . Cambridge Tracts in Theoretical Computer Science, vol. 46. Cambridge University Press.Google Scholar
de Vries, E., Plasmeijer, R. and Abrahamson, D. M. (2008) Uniqueness typing simplified. In Implementation and Application of Functional Languages.CrossRefGoogle Scholar
Dezani-Ciancaglini, M. and de’Liguoro, U. (2010) Sessions and session types: An overview. In Web Services and Formal Methods. Springer, pp. 128.Google Scholar
Dijkstra, E. W. (1997) A Discipline of Programming, 1st ed. Prentice Hall PTR.Google Scholar
Ennals, R., Sharp, R. and Mycroft, A. (2004) Linear types for packet processing. In European Symposium on Programming. Springer, pp. 204218.CrossRefGoogle Scholar
Ernst, G., Schellhorn, G., Haneberg, D., Pfähler, J. and Reif, W. (2013) Verification of a virtual filesystem switch. In Verified Software: Theories, Tools and Experiments. Lecture Notes in Computer Science, vol. 8164. Springer, pp. 242261.Google Scholar
Freeman, T. and Pfenning, F. (1991) Refinement types for ML. In Programming Language Design and Implementation. ACM, pp. 268277.CrossRefGoogle Scholar
Girard, J.-Y. (1971) Une extension de l’interprétation de Gödel à l’analyse, et son application à l’élimination de coupures dans l’analyse et la théorie des types. In Scandinavian Logic Symposium. North-Holland, pp. 6392.CrossRefGoogle Scholar
Goguen, J. A. and Meseguer, J. (1982) Security policies and security models. In 1982 IEEE Symposium on Security and Privacy, Oakland, CA, USA, April 26–28, 1982. IEEE Computer Society, pp. 1120.CrossRefGoogle Scholar
Greenaway, D., Andronick, J. and Klein, G. (2012) Bridging the gap: Automatic verified abstraction of C. In International Conference on Interactive Theorem Proving. Springer, pp. 99115.CrossRefGoogle Scholar
Greenaway, D., Lim, J., Andronick, J. and Klein, G. (2014) Don’t sweat the small stuff: Formal verification of C code without the pain. In Programming Language Design and Implementation. ACM, pp. 429439.CrossRefGoogle Scholar
Gu, L., Vaynberg, A., Ford, B., Shao, Z. and Costanzo, D. (2011) CertiKOS: A certified kernel for secure cloud computing. In Asia-Pacific Workshop on Systems.CrossRefGoogle Scholar
Gu, R., Koenig, J., Ramananandro, T., Shao, Z., Wu, X. N., Weng, S., Zhang, H. and Guo, Y. (2015) Deep specifications and certified abstraction layers. In Principles of Programming Languages. ACM, pp. 595608.Google Scholar
Gu, R., Shao, Z., Chen, H., Wu, X. N., Kim, J., Sjöberg, V. and Costanzo, D. (2016) CertiKOS: An extensible architecture for building certified concurrent OS kernels. In Operating Systems Design and Implementation. ACM.Google Scholar
Gunawi, H. S., Rajimwale, A., Arpaci-Dusseau, A. C. and Arpaci-Dusseau, R. H. (2008) SQCK: A declarative file system checker. In Operating Systems Design and Implementation. USENIX Association, pp. 131146.Google Scholar
Harper, R. and Morrisett, G. (1995) Compiling polymorphism using intensional type analysis. In Principles of Programming Languages. ACM, pp. 130141.Google Scholar
HASP project. (2010) The Habit Programming Language: The Revised Preliminary Report. Tech. rept. http://hasp.cs.pdx.edu/habit-report-Nov2010.pdf. Department of Computer Science, Portland State University, Portland, OR, USA.Google Scholar
Hawblitzel, C., Howell, J., Lorch, J. R., Narayan, A., Parno, B., Zhang, D. and Zill, B. (2014) Ironclad apps: End-to-end security via automated full-system verification. In Operating Systems Design and Implementation, pp. 165181.Google Scholar
Heartbleed. (2014) The Heartbleed Bug. http://heartbleed.com, Accessed March 2015. Available at: https://www.openssl.org/news/secadv_20140407.txt.Google Scholar
Hesselink, W. H. and Lali, M. I. (2009) Formalizing a hierarchical file system. In BCS-FACS Refinement Workshop. Electronic Notes in Theoretical Computer Science, vol. 259, pp. 6785.CrossRefGoogle Scholar
Hofmann, M. (2000) A type system for bounded space and functional in-place update. In European Symposium on Programming. Lecture Notes in Computer Science, vol. 1782, pp. 165179.Google Scholar
Jim, T., Morrisett, J. G., Grossman, D., Hicks, M. W., Cheney, J. and Wang, Y. (2002) Cyclone: A safe dialect of c. In USENIX Annual Technical Conference. USENIX, pp. 275288.Google Scholar
Keller, G., Murray, T., Amani, S., O’Connor, L., Chen, Z., Ryzhyk, L., Klein, G. and Heiser, G. (2013) File systems deserve verification too! In Programming Languages and Operating Systems, pp. 17.Google Scholar
Klein, G., Andronick, J., Keller, G., Matichuk, D., Murray, T. and O’Connor, L. (2017) Provably trustworthy systems. Philos. Trans. R. Soc. A 375, 123.CrossRefGoogle ScholarPubMed
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H. and Winwood, S. (2009) seL4: Formal verification of an os kernel. In Symposium on Operating Systems Principles. ACM, pp. 207220.CrossRefGoogle Scholar
Kumar, R., Myreen, M., Norrish, M. and Owens, S. (2014) CakeML: A verified implementation of ML. In Principles of Programming Languages. ACM, pp. 179191.Google Scholar
Lammich, P. (2019) Generating verified LLVM from Isabelle/HOL. In International Conference on Interactive Theorem Proving. LIPIcs, vol. 141. Schloss Dagstuhl, pp. 22:1–22:19.Google Scholar
Leinenbach, D. (2010) Compiler Verification in the Context of Pervasive System Verification. PhD thesis, Saarland University.Google Scholar
Leroy, X. (2009a) Formal verification of a realistic compiler. Commun. ACM 52(7), 107115.CrossRefGoogle Scholar
Leroy, X. (2009b) A formally verified compiler back-end. J. Autom. Reasoning 43(4), 363446.CrossRefGoogle Scholar
Lollipop. (2014) Memory Leak in Android Lollipop’s rendering engine. Accessed March 2015. Available at: https://code.google.com/p/android/issues/detail?id=79729#c177.Google Scholar
Maric, O. and Sprenger, C. (2014) Verification of a transactional memory manager under hardware failures and restarts. In International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 8442. Springer, pp. 449464.Google Scholar
Marlow, S. (2010) Haskell 2010 Language Report.Google Scholar
McConnell, R. M., Mehlhorn, K., Näher, S. and Schweitzer, P. (2011) Certifying algorithms. Comput. Sci. Rev. 5(2), 119161.CrossRefGoogle Scholar
McCreight, A., Chevalier, T. and Tolmach, A. (2010) A certified framework for compiling and executing garbage-collected languages. In International Conference on Functional Programming. ACM, pp. 273284.CrossRefGoogle Scholar
Morgan, C. and Sufrin, B. (1984) Specification of the UNIX filing system. IEEE Trans. Softw. Eng. 10(2), 128142.CrossRefGoogle Scholar
Murray, E. (2019) Recursive Types For Cogent. Honours thesis, UNSW Sydney, Computer Science & Engineering.Google Scholar
Necula, G. C., Condit, J., Harren, M., McPeak, S. and Weimer, W. (2005) CCured: Type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27(3), 477526.CrossRefGoogle Scholar
Nipkow, T., Wenzel, M. and Paulson, L. C. (2002) Isabelle/HOL: A Proof Assistant for Higher-order Logic. Springer-Verlag.CrossRefGoogle Scholar
Noschinski, L., Rizkallah, C. and Mehlhorn, K. (2014) Verification of certifying computations through autocorres and simpl. In NASA Formal Methods. Lecture Notes in Computer Science, vol. 8430. Springer, pp. 4661.CrossRefGoogle Scholar
ntfs3g. POSIX Filesystem Test Project. Accessed January, 2016. Available at: http://sourceforge.net/p/ntfs-3g/pjd-fstest/ci/master/tree/.Google Scholar
O’Connor, L. (2019) Type Systems for Systems Types. PhD thesis, University of New South Wales.Google Scholar
O’Connor, L., Chen, Z., Rizkallah, C., Amani, S., Lim, J., Murray, T., Nagashima, Y., Sewell, T. and Klein, G. (2016) Refinement through restraint: Bringing down the cost of verification. In International Conference on Functional Programming.CrossRefGoogle Scholar
O’Connor, L., Chen, Z., Susaria, P., Rizkallah, C., Klein, G. and Keller, G. (2018) Bringing effortless refinement of data layouts to Cogent. In International Symposium on Leveraging Applications of Formal Methods, Verification and Validation. Springer, pp. 134149.CrossRefGoogle Scholar
Odersky, M. (1992) Observers for linear types. In European Symposium on Programming. Springer-Verlag, pp. 390407.CrossRefGoogle Scholar
OpenSSL. (2014) Apple’s SSL/TLS bug. Accessed March 2015. Available at: https://www.imperialviolet.org/2014/02/22/applebug.html.Google Scholar
Owicki, S. and Gries, D. (1976) An axiomatic proof technique for parallel programs. Acta Informatica 6(4), 319340.CrossRefGoogle Scholar
Palix, N., Thomas, G., Saha, S., Calvès, C., Lawall, J. and Muller, G. (2011a) Faults in Linux: Ten years later. In Architectural Support for Programming Languages and Operating Systems. ACM, pp. 305318.Google Scholar
Palix, N., Thomas, G., Saha, S., Calvès, C., Lawall, J. L. and Muller, G. (2011b) Faults in Linux: Ten years later. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2011, Newport Beach, CA, USA, March 5–11, 2011, Gupta, R. & Mowry, T. C. (eds). ACM, pp. 305318.CrossRefGoogle Scholar
Pike, L., Hickey, P., Bielman, J., Elliott, T., DuBuisson, T. and Launchbury, J. (2014) Programming languages for high-assurance autonomous vehicles: Extended abstract. In Programming Languages Meets Program Verification. ACM, pp. 12.CrossRefGoogle Scholar
Pnueli, A., Siegel, M. and Singerman, E. (1998a) Translation validation. In Tools and Algorithms for the Construction and Analysis of Systems. Springer, pp. 151166.CrossRefGoogle Scholar
Pnueli, A., Shtrichman, O. and Siegel, M. (1998b) Translation validation for synchronous languages. In International Colloquium on Automata, Languages and Programming. Springer-Verlag, pp. 235246.CrossRefGoogle Scholar
Reif, W., Schellhorn, G., Stenzel, K. and Balser, M. (1998) Structured specifications and interactive proofs with KIV. In Automated Deduction – A Basis for Applications. Applied Logic Series, vol. 9. Springer, pp. 1339.Google Scholar
Reynolds, J. C. (1974) Towards a theory of type structure. In Programming Symposium, Proceedings Colloque Sur La Programmation. Springer-Verlag, pp. 408423.CrossRefGoogle Scholar
Rideau, S. and Leroy, X. (2010) Validating register allocation and spilling. In International Conference on Compiler Construction. Springer, pp. 224243.CrossRefGoogle Scholar
Rizkallah, C. (2015) Verification of Program Computations. PhD thesis, Saarland University.Google Scholar
Rizkallah, C., Lim, J., Nagashima, Y., Sewell, T., Chen, Z., O’Connor, L., Murray, T., Keller, G. and Klein, G. (2016) A framework for the automatic formal verification of refinement from Cogent to C. In International Conference on Interactive Theorem Proving.CrossRefGoogle Scholar
Rubio-González, C. and Liblit, B. (2011) Defective error/pointer interactions in the Linux kernel. In International Symposium on Software Testing and Analysis. ACM, pp. 111121.CrossRefGoogle Scholar
Rust. (2014) The Rust Language. Accessed October 5, 2014. Available at: http://rust-lang.org.Google Scholar
Rustan, K. and Leino, M. (2010) Dafny: An automatic program verifier for functional correctness. In Logic for Programming, Artificial Intelligence, and Reasoning. Springer, pp. 348370.Google Scholar
Sabry, A. and Felleisen, M. (1992) Reasoning about programs in continuation passing style. In Conference on LISP and Functional Programming. ACM, pp. 288298.CrossRefGoogle Scholar
Saha, S., Lawall, J. L. and Muller, G. (2011) An approach to improving the structure of error-handling code in the Linux kernel. In Proceedings of the ACM SIGPLAN/SIGBED 2011 Conference on Languages, Compilers, and Tools for Embedded Systems, LCTES 2011, Chicago, IL, USA, April 11–14, 2011, Vitek, J. & Sutter, B. D. (eds). ACM, pp. 4150.Google Scholar
Schellhorn, G., Ernst, G., Pfähler, J., Haneberg, D. and Reif, W. (2014) Development of a verified flash file system. In International Conference on Abstract State Machines, Alloy, B, TLA, VDM, and Z. Lecture Notes in Computer Science, vol. 8477. Springer, pp. 924.CrossRefGoogle Scholar
Schierl, A., Schellhorn, G., Haneberg, D. and Reif, W. (2009) Abstract specification of the UBIFS file system for flash memory. In World Congress on Formal Methods. Lecture Notes in Computer Science, vol. 5850. Springer, pp. 190206.CrossRefGoogle Scholar
Schirmer, N. (2005) A verification environment for sequential imperative programs in Isabelle/HOL. In Logic for Programming, AI, and Reasoning. Springer, pp. 398414.CrossRefGoogle Scholar
Sewell, T., Myreen, M. and Klein, G. (2013) Translation validation for a verified OS kernel. In Programming Language Design and Implementation. ACM, pp. 471481.CrossRefGoogle Scholar
Shang, Z. (2020) An LLVM Backend of the Cogent Compiler. Project report, UNSW Sydney, Computer Science & Engineering.Google Scholar
Sison, R. and Murray, T. (2019) Verifying that a compiler preserves concurrent value-dependent information-flow security. In 10th International Conference on Interactive Theorem Proving, ITP 2019, September 9–12, 2019, Portland, OR, USA, Harrison, J., O’Leary, J. & Tolmach, A. (eds). LIPIcs 141. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, pp. 27:1–27:19.Google Scholar
Spector-Zabusky, A., Breitner, J., Rizkallah, C. and Weirich, S. (2018) Total haskell is reasonable coq. In Certified Programs and Proofs. ACM, pp. 1427.CrossRefGoogle Scholar
Sullivan, G. F. and Masson, G. M. (1990) Using certification trails to achieve software fault tolerance. In Fault-Tolerant Computing Symposium. IEEE Computer Society, pp. 423431.CrossRefGoogle Scholar
Szekeres, L., Payer, M., Wei, T. and Song, D. (2013) Sok: Eternal war in memory. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19–22, 2013. IEEE Computer Society, pp. 4862.CrossRefGoogle Scholar
Tofte, M. and Talpin, J.-P. (1994) Implementation of the typed call-by-value λ-calculus using a stack of regions. In Principles of Programming Languages. ACM, pp. 188201.Google Scholar
Torlak, E. and Bodik, R. (2014) A lightweight symbolic virtual machine for solver-aided host languages. In Programming Language Design and Implementation. ACM, pp. 530541.CrossRefGoogle Scholar
Tuch, H., Klein, G. and Norrish, M. (2007) Types, bytes, and separation logic. In Principles of Programming Languages. ACM, pp. 97108.Google Scholar
Wadler, P. (1990) Linear types can change the world! In Programming Concepts and Methods.Google Scholar
Yang, J. and Hawblitzel, C. (2010) Safe to the last instruction: Automated verification of a type-safe operating system. In Programming Language Design and Implementation. ACM, pp. 99110.CrossRefGoogle Scholar
Yang, J., Sar, C. and Engler, D. (2006) EXPLODE: A lightweight, general system for finding serious storage system errors. In Operating Systems Design and Implementation, pp. 131146.Google Scholar
Zhao, J., Nagarakatte, S., Martin, M. M. and Zdancewic, S. (2012) Formalizing the LLVM intermediate representation for verified program transformations. In Principles of Programming Languages. ACM, pp. 427440.Google Scholar
Submit a response

Discussions

No Discussions have been published for this article.