coq-club AT inria.fr

Subject: The Coq mailing list

List archive

[Coq-Club] VST release 2.0

From: Andrew Appel <appel AT CS.Princeton.EDU>
To: coq-club AT inria.fr
Subject: [Coq-Club] VST release 2.0
Date: Mon, 22 Jan 2018 09:13:09 -0500 (EST)
Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=appel AT CS.Princeton.EDU; spf=Pass smtp.mailfrom=appel AT cs.princeton.edu; spf=None smtp.helo=postmaster AT greenlight.cs.princeton.edu
Ironport-phdr: 9a23:btWPRR/QvNSaRv9uRHKM819IXTAuvvDOBiVQ1KB32+0cTK2v8tzYMVDF4r011RmVBdyds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+54Dfbx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mRhHohikZNDA37W7YhdBxjKxcvBKsvAZwz5LIb46OLvdyYqHQcNUHTmRBRMZRUClBD5ugYosJEuUBJ/hXrofgrFYStRu+HRejBOfywTJPnHD2xbU63PolEQzdwgEuAsgCvm7OrNX0MqcdTf66zLXPzTXFdf9Y1jnz54bRfx0nvPqCU7Vwcc/LxkkuEQPIlk+fppDgPz+P0eQNqWeb4/J9Wu2xlWEnsxpxoiCxycgwkIXJgZgVyl/c+SVh2oY1JNu4R1Jlbt64F5tQsTuWOJVrTcM/W21opT06xaMAuZ66cykG0pMnxwTQa/GBboOG4QrjWf6MLTtmh39pYq+ziwus/US61+HxWMi53ExIoyZbitXAq38A2wDJ5sSaSfZx4l2t1SiA2g3d8O1IPEE5mKrDJ5I83LI9lYAfvVneEiPogkn6kaGbe0c+9uWn9ujqZKjtqIWGOI9ukA7+N7wjmsyhDuQ8NQgDR2eb+f6i27L9+035RLRKjvI2kqnFqpzVOd8bqrShAw9P04Yj7QqwACm60NQfm3kLNkxKdw+aj4TxOlHOJu73DeunjlixjjtmxOrKMqD8DpnTNHTPjbnscLdn50Ne1gY/1dVf6IhVCrEFLvLzQEjxtNnAAxAjKwy02/joCNFm24wCQmKDGLeZMLnTsV+O+u0gPfWMZIgTuDrnNfcq+uPugWcjmVABZampwYcXaHegE/t6JEWZeGPgjcsFEWcXpQUzV/fqiV2HUT5LfXm+RaM85jchCIKnF4jPXI6tgKbSlBu8S5ZRfyVNDk2GOXbubYSNHfkWOwyIJco0uzoIT7W+A6Y5zRyq/Fvz06JqKsL/wWsgr5Pl39Vp4OuVuD0Po28nR/+B2n2AGjkn1lgDQCU7ifgm8B5Nj2yb2K09uMR2UNla5vdHSAA/bM6OxPc8E8rzXAnMYtCPDluqX4f/WG1jfpcK29YLJn1FNZC6lBmaj3iBOPktjb2ND5Eo9aSa8lTMdZ4kliT2kZI5hlxjefNhcG2rgqklplrcHYPElUGYmKa2M68HmjbX9WGIwHaJugdVXBMiCag=

I am pleased to announce release 2.0 of the Verified Software Toolchain.

This release includes the Verifiable C program logic, compatible with
the recently released CompCert 3.2 and Coq 8.7.1.

Verifiable C is a program logic based on higher-order separation logic
for the C programming language. Users work interactively in Coq
to verify their C programs (as parsed by the front end of CompCert),
applying "symbolic execution" proof-automation tactics. VST is
proved sound with respect to the operational semantics of CompCert
Clight -- so if you compile the rest of the way with CompCert you
get a machine-checked guarantee that the assembly language program
conforms to the functional specification you proved. But you can
also compile with gcc or clang, and it's compatible (though not provably).

Since the last major release, there have been many improvements in usability
and in proof automation. The user manual has been rewritten and improved.

VST has been used to verify the following C programs:

SHA-256 cryptographic hashing (from openSSL)
HMAC cryptographic authentication (from openSSL)
HMAC-DRBG crypto random number generation (from mbedTLS)
Other crypto primitives: HKDF, tweetnacl, AES encryption
Sensor/controller concurrent messaging system (installed in an autonomous heavy truck)
Small example programs included with distribution: linked lists, queues, binary search trees, arrays, etc.

Several other C-program verifications are underway in California, Pennsylvania, Singapore, Netherlands, and New Jersey.

[Coq-Club] VST release 2.0, Andrew Appel, 01/22/2018