seL4
seL4: formal verification of an OS kernel. Complete formal verification is the only known way to guarantee that a system is free of programming errors. We present our experience in performing the formal, machine-checked verification of the seL4 microkernel from an abstract specification down to its C implementation. We assume correctness of compiler, assembly code, and hardware, and we used a unique design approach that fuses formal and operating systems techniques. To our knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel. Functional correctness means here that the implementation always strictly follows our high-level abstract specification of kernel behaviour. This encompasses traditional design and implementation safety properties such as the kernel will never crash, and it will never perform an unsafe operation. It also proves much more: we can predict precisely how the kernel will behave in every possible situation. seL4, a third-generation microkernel of L4 provenance, comprises 8,700 lines of C code and 600 lines of assembler. Its performance is comparable to other high-performance L4 kernels.
Keywords for this software
References in zbMATH (referenced in 90 articles , 1 standard article )
Showing results 1 to 20 of 90.
Sorted by year (- Cook, Byron; Khazem, Kareem; Kroening, Daniel; Tasiran, Serdar; Tautschnig, Michael; Tuttle, Mark R.: Model checking boot code from AWS data centers (2021)
- Cristiá, Maximiliano; Rossi, Gianfranco: An automatically verified prototype of the Tokeneer ID station specification (2021)
- Cristiá, Maximiliano; Rossi, Gianfranco: Automated proof of Bell-LaPadula security properties (2021)
- Foster, Simon; Nemouchi, Yakoub; Gleirscher, Mario; Wei, Ran; Kelly, Tim: Integration of formal proof into unified assurance cases with Isabelle/SACM (2021)
- Kohlhase, Michael; Rabe, Florian: Experiences from exporting major proof assistant libraries (2021)
- Popescu, Andrei; Lammich, Peter; Hou, Ping: CoCon: a conference management system with formally verified document confidentiality (2021)
- Lundberg, Didrik; Guanciale, Roberto; Lindner, Andreas; Dam, Mads: Hoare-style logic for unstructured programs (2020)
- Perez, Ivan; Goodloe, Alwyn E.: Fault-tolerant functional reactive programming (extended version) (2020)
- Syeda, Hira Taqdees; Klein, Gerwin: Formal reasoning under cached address translation (2020)
- Vasilyev, A. A.; Mutilin, V. S.: Predicate extension of symbolic memory graphs for the analysis of memory safety correctness (2020)
- Zhang, Xingyuan; Urban, Christian; Wu, Chunhan: Priority inheritance protocol proved correct (2020)
- Barthe, Gilles; Betarte, Gustavo; Campo, Juan Diego; Luna, Carlos: System-level non-interference of constant-time cryptography. I: Model (2019)
- Miller, Dale: Mechanized metatheory revisited (2019)
- Paulson, Lawrence C.; Nipkow, Tobias; Wenzel, Makarius: From LCF to Isabelle/HOL (2019)
- Rahli, Vincent; Bickford, Mark; Cohen, Liron; Constable, Robert L.: Bar induction is compatible with constructive type theory (2019)
- Straßburger, Lutz: The problem of proof identity, and why computer scientists should care about Hilbert’s 24th problem (2019)
- Achermann, Reto; Humbel, Lukas; Cock, David; Roscoe, Timothy: Physical addressing on real hardware in Isabelle/HOL (2018)
- Alex A. Alemi, Francois Chollet, Niklas Een, Geoffrey Irving, Christian Szegedy, Josef Urban: DeepMath - Deep Sequence Models for Premise Selection (2018) arXiv
- Avigad, Jeremy (ed.); Blanchette, Jasmin Christian (ed.); Klein, Gerwin (ed.); Paulson, Lawrence (ed.); Popescu, Andrei (ed.); Snelting, Gregor (ed.): Introduction to “Milestones in interactive theorem proving” (2018)
- Bancerek, Grzegorz; Byliński, Czesław; Grabowski, Adam; Korniłowicz, Artur; Matuszewski, Roman; Naumowicz, Adam; Pąk, Karol: The role of the Mizar mathematical library for interactive proof development in Mizar (2018)