Formal Verification for Fun and Profit - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Tim Taubert @ttaubert Formal Veriﬁcation for Fun and Proﬁt Finding bugs with Cryptol and SAW December 2016, Hawaii

Slide 2

Slide 2 text

What is Formal Veriﬁcation? “[…] Formal veriﬁcation is the act of proving or disproving the correctness of intended algorithms […] using formal methods of mathematics.”

Slide 3

Slide 3 text

Example: f(x) = (x == 0) [Cryptol] is_zero : [64] -> [1] is_zero x = if x == 0 then 1 else 0

Slide 4

Slide 4 text

Example: f(x) = (x == 0) [C99] bool is_zero(uint64_t x) { return x == 0U; }

Slide 5

Slide 5 text

Example: f(x) = (x == 0) [C99, maybe const-time] bool is_zero(uint64_t x) { bool nz = false; for (size_t i = 0; i < sizeof(x) * 8; ++i) { nz |= x >> i & 1; } return !nz; }

Slide 6

Slide 6 text

Example: f(x) = (x == 0) [Rust] fn is_zero(x: u64) -> bool { return x == 0; } (Compile to LLVM IR) $ rustc --emit=llvm-ir -o is_zero.bc is_zero.rs

Slide 7

Slide 7 text

Case Study: UTF-16 to UTF-8 Encoder 1) Compute the length of the target buﬀer. 2) Fill the target buﬀer with UTF-8.

Slide 8

Slide 8 text

Thanks! Cryptol: http://cryptol.net/ SAW: http://saw.galois.com/