Periodic Reporting for period 2 - VESTA (VErified STAtic analysis platform)
Periodo di rendicontazione: 2020-03-01 al 2021-08-31
Computer software pervades our life but far too much of it contains programming errors (bugs). Software is more and more complex and such errors are unavoidable if programmers are not accompanied with some tools that help auditing software codes. Static analysis is an increasingly popular technique that aims at automatically compute properties of software. These properties then help finding bugs, or proving absence of them. Industrial static analysers are flourishing. Facebook, Google, Microsoft develop their own static analysis tools to help maintaining their huge code base. Critical software industry (aircraft, railways, nuclear, etc.) has embraced the use of advanced static analysis tool as Astrée to companion and sometimes, ligthen their traditional software validation campaigns based on meticulous testing and reviews. Unfortunately, designing advanced static analyses like Astrée requires a very rare expertise in Abstract Interpretation, a foundational landmark in the research area, and implementing these ideas efficiently and correctly is specially tricky.
The VESTA project propose guidance and tool-support to the designers of static analysis, in order to build advanced but reliable static analysis tools. We focus on analyzing low-level softwares written in C, leveraging on the CompCert verified compiler. This compiler toolchain is fully verified in the Coq proof assistant.
Verasco is a verified static analyser that I have architected. It analyses C programs and follows many of the advanced abstract interpretation technique developped for Astrée, but it is formally verified. The outcome of the VESTA project will be a platform that help designing other verified advanced abstract interpreters like Verasco, without starting from a white page. We will apply this technique to develop security analyses for C programs. The platform will be open-source and will help the adoption of abstract interpretation techniques.
The VESTA project propose guidance and tool-support to the designers of static analysis, in order to build advanced but reliable static analysis tools. We focus on analyzing low-level softwares written in C, leveraging on the CompCert verified compiler. This compiler toolchain is fully verified in the Coq proof assistant.
Verasco is a verified static analyser that I have architected. It analyses C programs and follows many of the advanced abstract interpretation technique developped for Astrée, but it is formally verified. The outcome of the VESTA project will be a platform that help designing other verified advanced abstract interpreters like Verasco, without starting from a white page. We will apply this technique to develop security analyses for C programs. The platform will be open-source and will help the adoption of abstract interpretation techniques.
We have performed work in several directions.
WP1: We study cost analysis that try to predict the cost of a program. We give a rigorous cost model and perform an analysis that can predict a bound on this cost. This is a work in progress. The code analysis has not been published yet but one its underlying component has lead to a new discovery in static analysis.
WP2: We study the security property of cryptographic constant-time. We provide provably a correct analysis that can verify this property.
WP3: We prove that the CompCert compiler can preserve the previous security property during compilation.
WP4: We study new challenging verification problems where extraction of efficient code is necessary. The current focus is on extracting a verified JIT compiler.
WP5: We study how to automatise more the design and the proof of correctness of a static analysis. The current achievement is a mostly automatic proof of correctness for a small abstract interpreter, using the F* prover.
WP1: We study cost analysis that try to predict the cost of a program. We give a rigorous cost model and perform an analysis that can predict a bound on this cost. This is a work in progress. The code analysis has not been published yet but one its underlying component has lead to a new discovery in static analysis.
WP2: We study the security property of cryptographic constant-time. We provide provably a correct analysis that can verify this property.
WP3: We prove that the CompCert compiler can preserve the previous security property during compilation.
WP4: We study new challenging verification problems where extraction of efficient code is necessary. The current focus is on extracting a verified JIT compiler.
WP5: We study how to automatise more the design and the proof of correctness of a static analysis. The current achievement is a mostly automatic proof of correctness for a small abstract interpreter, using the F* prover.
1) Verified compilation of JIT is a clear progress in the state of the art (POPL'21)
2) Preserving a security property like cryptographic constant-time is a clear progress in the state of the art (POPL'20)
3) Significative proof effort reduction in verified static analysis (SAS'2021)
2) Preserving a security property like cryptographic constant-time is a clear progress in the state of the art (POPL'20)
3) Significative proof effort reduction in verified static analysis (SAS'2021)