Abstract
Hypervisors are system software programs that virtualize the architecture they run on. They are typically small, safety-critical, and hard to debug, which makes them a feasible and interesting target for formal verification. Previous functional verifications of system software were all based on interactive theorem proving, requiring substantial human effort complemented by expert prover knowledge. In this paper we present the first functional verification of a small hypervisor using VCC, an automatic verifier for (suitably annotated) C developed at Microsoft. To achieve this goal we introduce necessary system verification techniques, such as accurate modeling of software/hardware interaction and simulation proofs in a first-order logic setting.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alkassar, E., Hillebrand, M.A., Leinenbach, D.C., Schirmer, N.W., Starostin, A., Tsyban, A.: Balancing the load: Leveraging a semantics stack for systems verification. JAR 42(2-4), 389–454 (2009)
Alkassar, E., Paul, W., Starostin, A., Tsyban, A.: Pervasive verification of an OS microkernel: Inline assembly, memory consumption, concurrent devices. In: Leavens, G.T., O’Hearn, P., Rajamani, S. (eds.) VSTTE 2010. LNCS, vol. 6217, pp. 71–85. Springer, Heidelberg (2010)
Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)
Bevier, W.R.: Kit and the short stack. JAR 5(4), 519–530 (1989)
Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: A practical system for verifying concurrent C. In: Urban, C. (ed.) TPHOLs 2009. LNCS, vol. 5674, pp. 1–22. Springer, Heidelberg (2009)
Cohen, E., Moskal, M., Schulte, W., Tobies, S.: A precise yet efficient memory model for C. In: SSV 2009. ENTCS, vol. 254, pp. 85–103. Elsevier, Amsterdam (2009)
de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Feng, X., Shao, Z., Guo, Y., Dong, Y.: Certifying low-level programs with hardware interrupts and preemptive threads. JAR 42(2-4), 301–347 (2009)
Klein, G., Elphinstone, K., Heiser, G., et al.: seL4: Formal verification of an OS kernel. In: SOSP 2009, pp. 207–220. ACM, New York (2009)
Leinenbach, D., Santen, T.: Verifying the Microsoft Hyper-V Hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)
Microsoft Corp. VCC: A C Verifier, http://vcc.codeplex.com/
Tews, H., Völp, M., Weber, T.: Formal memory models for the verification of low-level operating-system code. JAR 42(2-4), 189–227 (2009)
The Verisoft Project (2003), http://www.verisoft.de/
The Verisoft XT Project (2007), http://www.verisoftxt.de/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alkassar, E., Hillebrand, M.A., Paul, W., Petrova, E. (2010). Automated Verification of a Small Hypervisor. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds) Verified Software: Theories, Tools, Experiments. VSTTE 2010. Lecture Notes in Computer Science, vol 6217. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15057-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-15057-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15056-2
Online ISBN: 978-3-642-15057-9
eBook Packages: Computer ScienceComputer Science (R0)