Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Formal Verification for Fun and Profit

Tim Taubert
December 07, 2016

Formal Verification for Fun and Profit

Cryptol and SAW allow to automatically prove correctness of C/C++/Rust implementations of algorithms. This way you can find bugs in UTF-16 to UTF-8 converters, MPEG decoders, cryptographic algorithms, etc. at development time, and after your implementation proved correct, use the specification to prevent future regressions.

Tim Taubert

December 07, 2016
Tweet

More Decks by Tim Taubert

Other Decks in Programming

Transcript

  1. Tim Taubert
    @ttaubert
    Formal Verification for
    Fun and Profit
    Finding bugs with Cryptol and SAW
    December 2016, Hawaii

    View full-size slide

  2. What is Formal Verification?
    “[…] Formal verification is the act of proving or
    disproving the correctness of intended algorithms
    […] using formal methods of mathematics.”

    View full-size slide

  3. Example: f(x) = (x == 0) [Cryptol]
    is_zero : [64] -> [1]
    is_zero x = if x == 0 then 1 else 0

    View full-size slide

  4. Example: f(x) = (x == 0) [C99]
    bool is_zero(uint64_t x) {
    return x == 0U;
    }

    View full-size slide

  5. Example: f(x) = (x == 0) [C99, maybe const-time]
    bool is_zero(uint64_t x) {
    bool nz = false;
    for (size_t i = 0; i < sizeof(x) * 8; ++i) {
    nz |= x >> i & 1;
    }
    return !nz;
    }

    View full-size slide

  6. Example: f(x) = (x == 0) [Rust]
    fn is_zero(x: u64) -> bool {
    return x == 0;
    }
    (Compile to LLVM IR)
    $ rustc --emit=llvm-ir -o is_zero.bc is_zero.rs

    View full-size slide

  7. Case Study: UTF-16 to UTF-8 Encoder
    1) Compute the length of the target buffer.
    2) Fill the target buffer with UTF-8.

    View full-size slide

  8. Thanks!
    Cryptol: http://cryptol.net/
    SAW: http://saw.galois.com/

    View full-size slide