Proceedings ArticleDOI
Deep Specifications and Certified Abstraction Layers
Ronghui Gu,Jérémie Koenig,Tahina Ramananandro,Zhong Shao,Xiongnan (Newman) Wu,Shu-Chun Weng,Haozhong Zhang,Yu Guo +7 more
- Vol. 50, Iss: 1, pp 595-608
TLDR
This paper presents a new layer calculus showing how to formally specify, program, verify, and compose abstraction layers and shows that they correspond to a strong form of abstraction over a particularly rich class of specifications which they call deep specifications.Abstract:
Modern computer systems consist of a multitude of abstraction layers (e.g., OS kernels, hypervisors, device drivers, network protocols), each of which defines an interface that hides the implementation details of a particular set of functionality. Client programs built on top of each layer can be understood solely based on the interface, independent of the layer implementation. Despite their obvious importance, abstraction layers have mostly been treated as a system concept; they have almost never been formally specified or verified. This makes it difficult to establish strong correctness properties, and to scale program verification across multiple layers. In this paper, we present a novel language-based account of abstraction layers and show that they correspond to a strong form of abstraction over a particularly rich class of specifications which we call deep specifications. Just as data abstraction in typed functional languages leads to the important representation independence property, abstraction over deep specification is characterized by an important implementation independence property: any two implementations of the same deep specification must have contextually equivalent behaviors. We present a new layer calculus showing how to formally specify, program, verify, and compose abstraction layers. We show how to instantiate the layer calculus in realistic programming languages such as C and assembly, and how to adapt the CompCert verified compiler to compile certified C layers such that they can be linked with assembly layers. Using these new languages and tools, we have successfully developed multiple certified OS kernels in the Coq proof assistant, the most realistic of which consists of 37 abstraction layers, took less than one person year to develop, and can boot a version of Linux as a guest.read more
Citations
More filters
Proceedings ArticleDOI
IronFleet: proving practical distributed systems correct
Chris Hawblitzel,Jon Howell,Manos Kapritsos,Jacob R. Lorch,Bryan Parno,Michael L. Roberts,Srinath Setty,Brian Zill +7 more
TL;DR: A methodology for building practical and provably correct distributed systems based on a unique blend of TLA-style state-machine refinement and Hoare-logic verification is described, which proves that each obeys a concise safety specification, as well as desirable liveness requirements.
Proceedings ArticleDOI
CertiKOS: an extensible architecture for building certified concurrent OS kernels
Ronghui Gu,Zhong Shao,Hao Chen,Xiongnan (Newman) Wu,Jieung Kim,Vilhelm Sjöberg,David Costanzo +6 more
TL;DR: This work has successfully developed a practical concurrent OS kernel and verified its (contextual) functional correctness in Coq, and is the first proof of functional correctness of a complete, general-purpose concurrent OS kernels with fine-grained locking.
Proceedings ArticleDOI
Using Crash Hoare logic for certifying the FSCQ file system
Haogang Chen,Daniel M. Ziegler,Tej Chajed,Adam Chlipala,M. Frans Kaashoek,Nickolai Zeldovich +5 more
TL;DR: The Crash Hoare logic (CHL), which extends traditionalHoare logic with a crash condition, a recovery procedure, and logical address spaces for specifying disk states at different abstraction levels, is introduced, which reduces the proof effort for developers through proof automation.
Proceedings Article
Using Crash Hoare Logic for Certifying the {FSCQ} File System
Haogang Chen,Daniel M. Ziegler,Tej Chajed,Adam Chlipala,M. Frans Kaashoek,Nickolai Zeldovich +5 more
TL;DR: Crash Hoare Logic (CHL) as mentioned in this paper extends traditional Hoare logic with a crash condition, a recovery procedure, and logical address spaces for specifying disk states at different levels of abstraction.
The Definition Of Standard Ml Revised
TL;DR: The the definition of standard ml revised is universally compatible with any devices to read and is available in the digital library an online access to it is set as public so you can get it instantly.
References
More filters
Book
The Z notation: a reference manual
TL;DR: Tutorial introduction background the Z language the mathematical tool-kit sequential systems syntax summary and how to use it to solve sequential systems problems.
Book
Types and Programming Languages
TL;DR: This text provides a comprehensive introduction both to type systems in computer science and to the basic theory of programming languages, with a variety of approaches to modeling the features of object-oriented languages.
Book
The Definition of Standard ML
TL;DR: This book provides a formal definition of Standard ML for the benefit of all concerned with the language, including users and implementers, and the authors have defined their semantic objects in mathematical notation that is completely independent of StandardML.