Secure microkernels, state monads and scalable refinement

Authors

David Cock, Gerwin Klein and Thomas Sewell

    School of Computer Science and Engineering
    University of New South Wales
    Sydney 2052 Australia
    
    NICTA, Sydney, Australia

Abstract

We present a scalable, practical Hoare Logic and refinement calculus for the nondeterministic state monad with exceptions and failure in Isabelle/HOL. The emphasis of this formalisation is on large-scale verification of imperative-style functional programs, rather than expressing monad calculi in full generality. We achieve scalability in two dimensions. The method scales to multiple team members working productively and largely independently on a single proof and also to large programs with large and complex properties. We report on our experience in applying the techniques in an extensive (100,000 lines of proof) case study - the formal verification of an executable model of the seL4 operating system microkernel.

BibTeX Entry

  @inproceedings{Cock_KS_08,
    publisher        = {Springer},
    doi              = {10.1007/978-3-540-71067-7\_16},
    title            = {Secure Microkernels, State Monads and Scalable Refinement},
    series           = {LNCS},
    booktitle        = {21st TPHOLs},
    author           = {David Cock and Gerwin Klein and Thomas Sewell},
    year             = {2008},
    month            = {Aug},
    volume           = {5170},
    editor           = {Otmane Ait Mohamed and C\'{e}sar Mu{\~{n}}oz and Sofi\`{e}ne Tahar},
    address          = {Montreal, Canada},
    pages            = {167--182}
  }

Download

• Cock_KS_08.pdf