Formal memory models for verifying C systems code

Authors

Harvey Tuch

School of Computer Science and Engineering
UNSW
Sydney
Australia

NICTA
Sydney
Australia

Abstract

Systems code is almost universally written in the C programming language or a variant. C has a very low level of type and memory abstraction and formal reasoning about C systems code requires a memory model that is able to capture the semantics of C pointers and types. At the same time, proof-based verification demands abstraction, in particular from the aliasing and frame problems.

In this thesis, we study the mechanisation of a series of models, from semantic to separation logic, for achieving this abstraction when performing interactive theorem-prover based verification of C systems code in higher- order logic. We do not commit common oversimplifications, but correctly deal with C's model of programming language values and the heap, while developing the ability to reason abstractly and efficiently. We validate our work by demonstrating that the models are applicable to real, security- and safety-critical code by formally verifying the memory allocator of the L4 microkernel. All formalisations and proofs have been developed and machine-checked in the Isabelle/HOL theorem prover.

BibTeX Entry

  @phdthesis{Tuch:phd,
    address          = {Sydney, Australia},
    author           = {Harvey Tuch},
    month            = aug,
    paperurl         = {https://trustworthy.systems/publications/papers/Tuch%3Aphd.pdf},
    school           = {UNSW},
    title            = {Formal Memory Models for Verifying {C} Systems Code},
    year             = {2008}
  }

Download

• Full text
• BibTeX