Lee Pike
ABSTRACT
A verifying compiler is one that emits both object code and a proof of correspondence between object and source code.1 We report the use of ACL2 in building a verifying compiler for μCryptol, a stream-based language for encryption algorithm specification that targets Rockwell Collins' AAMP7 microprocessor (and is designed to compile efficiently to hardware, too). This paper reports on our success in verifying the "core" transformations of the compiler -- those transformations over the sub-language of μCryptol that begin after "higher-order" aspects of the language are compiled away, and finish just before hardware or software specific transformations are exercised. The core transformations are responsible for aggressive optimizations. We have written an ACL2 macro that automatically generates both the correspondence theorems and their proofs. The compiler also supplies measure functions that ACL2 uses to automatically prove termination of μCryptol programs, including programs with mutually-recursive cliques of streams. Our verifying compiler has proved the correctness of its core transformations for multiple algorithms, including TEA, RC6, and AES. Finally, we describe an ACL2 book of primitive operations for the general specification and verification of encryption algorithms.
- H. P. Barendregt. The Lambda Calculus. Number 103 in Studies in Logic and the Foundations of Mathematics. North-Holland, revised edition, 1991.Google Scholar
- S. Blazy, Z. Dargaye, and X. Leroy. Formal verification of a c compiler front-end. In Proceedings of Formal Methods, 2006. Accepted. Available at http://pauillac.inria.fr/~xleroy/. Google ScholarDigital Library
- Common Criteria for Information Technology Security Evaluation (CCITSE), Mar. 1999. Available at http://www.radium.ncsc.mil/tpep/library/ccitse/ccitse.html.Google Scholar
- M. A. Dave. Compiler verification: a bibliography. SIGSOFT Software Engineering Notes, 28(6):2--2, 2003. Google ScholarDigital Library
- Federal Information Processing Standards Publication. Specification for the advanced encryption standard (AES). Technical Report 197, National Institute of Standards and Technology, Nov. 2001. Available at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google Scholar
- R. T. C. for Aeronautics (RTCA). DO-178b: Software considerations in airborne systems and equipment certification, Dec. 1992.Google Scholar
- A. C. J. Fox. Formal specification and verification of ARM6. In Theorem Proving in Higher-Order Logics (TPHOLs), pages 25--40, 2003.Google ScholarCross Ref
- D. Greve, R. Richards, and M. Wilding. A summary of intrinsic partitioning verification. In In Proceedings of the Fifth International Workshop on the ACL2 Theorem Prover and Its Applications (ACL2), Austin, TX, Nov. 2004.Google Scholar
- D. S. Hardin, E. W. Smith, and W. D. Young. A Robust Machine Code Proof Framework for Highly Secure Applications. In Proceedings of the 2006 ACL2 Workshop, August 2006. Accepted. Google ScholarDigital Library
- T. Hoare. The verifying compiler: A grand challenge for computing research. Journal of the ACM, 50(1):63--69, 2003. Google ScholarDigital Library
- S. D. Johnson. Synthesis of Digital Design from Recursive Equations. MIT Press, 1984. Google ScholarDigital Library
- M. Kaufmann, P. Manolios, and J. S. Moore. Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, June 2000. ISBN 0792377443. Google ScholarDigital Library
- M. Kaufmann, P. Manolios, and J. S. Moore, editors. Computer Aided Reasoning: ACL2 Case Studies, chapter Chapter 8: High-Speed, Analyzable Simulators. Self-Published, Aug. 2002.Google Scholar
- X. Leroy. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Principles of Programming Languages (POPL '06), pages 42--54, 2006. Google ScholarDigital Library
- X. Leroy, D. Doligez, J. Garrigue, D. Rémy, and J. Vouillon. The Objective Caml system: Documentation and user's manual. Available at http://caml.inria.fr/pub/docs/manual-ocaml/index.html, 2005.Google Scholar
- J. R. Lewis and W. B. Martin. Cryptol: High assurance, retargetable crypto development and validation. In Proceedings of the IEEE/AFCEA Conference on Military Communications (MILCOM), Boston, MA, Oct. 2003. Available at http://www.galois.com/files/milcom.pdf. Google ScholarDigital Library
- J. Matthews, J. S. Moore, S. Ray, and D. Vroon. Verification condition generation via theorem proving. Submitted, Mar. 2006.Google ScholarDigital Library
- J. S. Moore. A mechanically verified language implementation. Journal of Automated Reasoning, 5(4):461--492, 1989. Google ScholarDigital Library
- J. S. Moore. A grand challenge proposal for formal methods: A verified stack. In 10th Anniversary Colloquium of UNU/IIST, pages 161--172, 2002.Google Scholar
- T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL --- A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS. Springer, 2002. Google ScholarDigital Library
- S. L. Peyton Jones. Implementing lazy functional languages on stock hardware: The Spineless Tagless G-machine. Journal of Functional Programming, 2(2):127--202, Apr. 1992.Google ScholarCross Ref
- S. L. Peyton-Jones, editor. Haskell 98 Language and Libraries: The Revised Report. Cambridge University Press, 2003. Available at http://www.haskell.org/definition/haskell98-report.ps.gz.Google Scholar
- R. L. Rivest1, M. J. B. Robshaw, R. Sidney, and Y. L. Yin. The security of the rc6 block cipher. Technical report, RSA Security, 1998.Google Scholar
- M. Sheeran. Designing regular array architectures using higher order functions. In J.-P. Jouannaud, editor, Proceedings of the International Conference on Functional Programming Languages and Computer Architecture (FPCA), Nancy, France, volume 201 of LNCS, pages 220--237. Springer, 1985. Google ScholarDigital Library
- M. Shields. A language for symmetric-key cryptographic algorithms and its implementation. Available at http://www.cartesianclosed.com/pub/mcryptol/, Jan. 2006.Google Scholar
- M. B. Shields. μCryptol Reference Manual, Nov. 2005. Available at http://www.galois.com/files/mCryptol_refman-0.9.pdf.Google Scholar
- K. Slind, G. Li, and S. Owens. A proof-producing software compiler for a subset of higher order logic. Available at http://www.cs.utah.edu/~slind/sw-compiler/, 2006.Google Scholar
- K. Slind, S. Owens, J. Iyoda, and M. Gordon. Proof producing synthesis of arithmetic and cryptographic hardware. In Seventh International Workshop on Designing Correct Circuits DCC: Participants' Proceedings, 2006. Satellite Event of ETAPS.Google Scholar
- D. J. Wheeler and R. M. Needham. TEA, a tiny encryption algorithm. In B. Preneel, editor, Proceedings of the 1994 Workshop on Fast Software Encryption (FSE), Belgium, volume 1008 of LNCS, pages 363--366. Springer, 1995.Google Scholar
Index Terms
- A verifying core for a cryptographic language compiler
Recommendations
A robust machine code proof framework for highly secure applications
ACL2 '06: Proceedings of the sixth international workshop on the ACL2 theorem prover and its applicationsSecurity-critical applications at the highest Evaluation Assurance Levels (EAL) require formal proofs of correctness in order to achieve certification. To support secure application development at the highest EALs, we have developed techniques to ...
A Certifying Compiler for Clike Subset of C Language
TASE '10: Proceedings of the 2010 4th IEEE International Symposium on Theoretical Aspects of Software EngineeringProof-carrying code (PCC) is a technique that allows code consumers to check whether the code is safe to execute or not through a formal safety proof provided by the code producer. And a certifying compiler makes PCC practical by compiling annotated ...
Verifying Whiley Programs with Boogie
AbstractThe quest to develop increasingly sophisticated verification systems continues unabated. Tools such as Dafny, Spec#, ESC/Java, SPARK Ada and Whiley attempt to seamlessly integrate specification and verification into a programming language, in a ...
Comments