Skip to Content.
Sympa Menu

coq-club - Re: [Coq-Club] [isabelle] formal models of peripheral devices like GIC, NIC

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] [isabelle] formal models of peripheral devices like GIC, NIC


Chronological Thread 
  • From: Hira Taqdees Syeda <hira AT chalmers.se>
  • To: Abhishek Anand <abhishek.anand.iitg AT gmail.com>
  • Cc: coq-club <coq-club AT inria.fr>, "cl-isabelle-users AT lists.cam.ac.uk" <cl-isabelle-users AT lists.cam.ac.uk>
  • Subject: Re: [Coq-Club] [isabelle] formal models of peripheral devices like GIC, NIC
  • Date: Tue, 12 May 2020 10:23:31 +0000
  • Accept-language: en-US, sv-SE
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=hira AT chalmers.se; spf=None smtp.mailfrom=hira AT chalmers.se; spf=None smtp.helo=postmaster AT greyjoy.ita.chalmers.se
  • Ironport-phdr: 9a23:DfZiFBVyZwI9c1ix50yNjTAuy2TV8LGtZVwlr6E/grcLSJyIuqrYZRSFvqdThVPEFb/W9+hDw7KP9fy5BCpRu93b6zgrS99lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBoKevrB4Xck9q41/yo+53Ufg5EmCexbal9IRmrrQjdrM0bjZVtJqovxBbCv2dFdflRyW50P1yYggzy5t23/J5t8iRQv+wu+stdWqjkfKo2UKJVAi0+P286+MPkux/DTRCS5nQHSWUZjgBIAwne4x7kWJr6rzb3ufB82CmeOs32UKw0VDG/5KplVBPklCEKPCM//WrKiMJ/kbhbrQqhqRJh3oDUfI+bOvlwfqzffNMVWWVOU91LWCBdB4OxdZcDA/YDMOtesoLzp0EOrRy7BQS0Bu3vyyVIiWXr1qMkyeshCBzJ0xI+ENIVrX/asdX0O7kPXu+v0aLFyjXDb/JM2Tjn84XHbhAhruuIXbJ1b8XR01IvGxnejlqOsIHoOS6e2esRvWaB9eVgSf6vhHA9qwF3ujWiyMMhh5fGiI8a1lzJ+yt0zYI6K9C6VEJ2YMKoHIZOuy+UKYZ7TM0vTmVstSs+ybALpZC2cicKxpk5yBPSZOCKfo6V6RztU+aRJC13hHNjeL+nmRm961Ogy+3gWcm0yllKrzBFnsPLtnAX2Bzf8tOHSuNn/keg3zaP2B7c6vteLU8okqrbLoYtwqM2lpoIv0XPBDH5l1jrjKOMbEok5/Ck6+vmYrX6pp+cKpR7hhviPaQpn8yzGfg3Mg8UX2id5+u80Lnj8VfnT7pXk/07lLTSvpPCJckDu6K1HQtY3pw+5xu+FTuqzsoUkHgdIF5Ydh+KjZDlN0zQLP38F/uznlWhnC12y/zaJLHtHJrAI3jbnLv8Y7pw71RQxBcywNxF+Z5YFLAMLOjuVkL/tNHVCAIyPRauzOb9Etp905sTWWKRDa+dN6PfqVCI5vgxLOiMZo8Vvzb8J+Ik5/7yl3A1g0MSfamz0psTbXC3AO5mI16DbXr3nNgNCWYKvgwgQ+z2kFCOTCBfanKoU64h5zw3EpyqAZnCS4y3nbCM0iW2EoVTZm9cC1CMFXnod5+DW/cJcC+SIs5hkiYeWrW6V4Ah1QuhtAv/y7V5NOrU4TcUtYn929Rt/e3ciQky9SBoD8Say2yCU2Z0nnoRSzAq2KB/vFdyx0yY0al4hvxYDcZc6+lIUgc8L57czvZ1B8r8WgLbLZ+1TwOPSNWnGjE8TZoYxdYIbw4pEt+ijwvD0insCrkckbDNBZ0o/YrT2nHwI4B2zHOQh4c7iFxzYspVPCWaj7dz+gXIT7XYnkmQ3/KqdL4V9CXN/WOGwHCV+lpVBl0jGZ7ZVGwSMxOF5e/y4VnPGuf3VeYXdzBZwMvHEZNkL8XzhAwdFvzjMdDbbniq3Xy9V07Rm+G8KbHycmBY5x3zTUgJlwdJoCSJLwUvBCCw5WPCBXplFVvrZk726q9lpSHjFx5m/0Sxd0RkkoGN1FsQjP2YRekU2+tf6iwhojFxEUymmcnbWYKN
Hi Abhishek, 

Has someone built formal models of peripheral devices like Arm's Generic
Interrupt Controller (GIC), network interface cards that could be suitable
for proving correctness properties of software driving them (e.g. OS,
network driver)?

Not ARM’s peripheral devices, but I have, in my PhD, developed a formal model (in Isabelle/HOL) of 
ARMv7-A translation lookaside buffer (TLB) based on the reference manual. I have then soundly 
abstracted this model using data refinement to extract an abstract model that is easier to reason about 
from software point of view. Using the abstract TLB+page tables as the memory model, I have 
further developed a logic for reasoning about low-level programs in the presence of cached 
address translation, and have with ease extracted invariants for user and kernel level code, 
including context switch and page table manipulations. 

Here are some links:

Publications: 
in chronological order 
1. Reasoning about Translation Lookaside Buffers, LPAR17.
https://easychair-www.easychair.org/publications/paper/gNH

2. Program verification in the presence of cached address translation, ITP18
https://link.springer.com/chapter/10.1007/978-3-319-94821-8_32

3. Formal Reasoning Under Cached Address Translation, JAR20
https://link.springer.com/article/10.1007/s10817-019-09539-7

PhD thesis:
https://unsworks.unsw.edu.au/fapi/datastream/unsworks:60079/SOURCE02?view=true

Ongoing work: to develop a formally verified TLB-aware compiler. 

Isabelle Theories: https://github.com/SEL4PROJ/tlb

Hope this helps,
Thanks
Hira



On 11 May 2020, at 22:27, Abhishek Anand <abhishek.anand.iitg AT gmail.com> wrote:

Has someone built formal models of peripheral devices like Arm's Generic
Interrupt Controller (GIC), network interface cards that could be suitable
for proving correctness properties of software driving them (e.g. OS,
network driver)?
I'd be grateful for pointers to such work. The models need not be in
Coq/Isabelle, as long as there is a plausible way to convert them to
Coq/Isabelle models that describe the behavior of such devices.

Thanks,
-- Abhishek
http://www.cs.cornell.edu/~aa755/


Archive powered by MHonArc 2.6.18.

Top of Page