At the very base of every software system lies an operating system. In a recent landmark achievement, the L4.verified project from NICTA, demonstrated that it is possibly to prove strong safety and security properties of a general-purpose operating system [SOSP´09]. Like all other systems verification projects, they made a number of simplifying assumptions, e.g. the C compiler is trusted, inlined assembly is assumed to be correct and the boot code is right. The proposed project will establish new approaches for the construction and verification of reliable systems software, which will allow future systems verification projects to avoid many of the current simplifying assumptions. The plan is to enable this by modelling the actual behaviour of computer hardware and providing proof methods which scale to the point where functional correctness of operating systems can be mathematically proven down to the level of machine code, not just C code. Ultimately, the aim is to have systems where every hardware peripheral has been specified and every single machine instruction is part of the verification. In order to make sure that all reasoning strictly follows the rules of a formal logic, we will develop this work within the HOL4 theorem prover, a readily programmable higher-order logic prover; and in order to ensure relevance and impact of this work, I will continue and deepen my collaboration with the high-profile L4.verified project.
Docent vid Software Technology (Chalmers)
Funding years 2014–2017