|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Automated Reasoning Group Lunches > Using the Cambridge ARM model to verify the concrete machine code of seL4
Using the Cambridge ARM model to verify the concrete machine code of seL4Add to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact William Denman. The L4.verified project has proved functional correctness of C code which implements a general-purpose operating system. The C code is about 10,000 lines long and is designed to run on ARM processors. The 200,000-line L4.verified proof currently bottoms out at the level of C code, i.e. the C compiler is currently a trusted component in the intended workflow. In this talk, we will describe how we are using the Cambridge model of the ARM instruction set architecture (ISA) to remove the C compiler from the trusted computing base. That is, we are extending the existing L4.verified proof downwards so that it bottoms out at a much lower level, namely, the concrete ARM machine code which runs directly on ARM hardware. The L4.verified project and the Cambridge ARM project have for years been developed independently of one another. The main challenge is now: how do we bridge the gap between these separate projects? Our solution is to apply a technology, which we call, decompilation into logic. Our tool, a decompiler, translates ARM machine code into functional programs that are automatically verified to be functionally equivalent with respect to the Cambridge model of the ARM ISA . We apply our decompiler to the output of the C compiler to turn the seL4 binary into a large functional program. A connection can then be proved semi-automatically between this functional program and the semantics of the C code used in the L4.verified proof. This talk describes ongoing work which, when complete, will remove the need to trust the C compiler and the C semantics. The new proof will instead have the Cambridge ARM model as a trusted component. This is joint work with Thomas Sewell, Michael Norrish and Gerwin Klein of NICTA , Australia. This talk is part of the Computer Laboratory Automated Reasoning Group Lunches series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsDAMTP Fluids TalksOther talksThermodynamics de-mystified? /Thermodynamics without Ansätze? MEASUREMENT SYSTEMS AND INSTRUMENTATION IN THE OIL AND GAS INDUSTRY Prices of peers: identifying endogenous price effects between real assets The Anne McLaren Lecture: CRISPR-Cas Gene Editing: Biology, Technology and Ethics Future of Games in Engineering Education New approaches to old problems: controlling pathogenic protozoan parasites of poultry Single Cell Seminars (August) Migration in Science 'Honouring Giulio Regeni: a plea for research in risky environments' 'Cambridge University, Past and Present' The ‘Easy’ and ‘Hard’ Problems of Consciousness |
Thursday 28 April 2011, 13:15-14:00