Verified Low-Level Programming Embedded in F*
- Jonathan Protzenko ,
- Jean Karim Zinzindohoue ,
- Aseem Rastogi ,
- Tahina Ramananandro ,
- Peng Wang ,
- Santiago Zanella-Béguelin ,
- Antoine Delignat-Lavaud ,
- Cătălin Hriţcu ,
- Karthikeyan Bhargavan ,
- Cédric Fournet ,
- Nikhil Swamy
22nd International Conference on Functional Programming (ICFP 2017) |
Published by ACM SIGPLAN
We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependently- typed variant of ML aimed at program verification. Departing from ML, Low* does not involve any garbage collection or implicit heap allocation; instead, it has a structured memory model à la CompCert, and it provides the control required for writing efficient low-level security-critical code.
By virtue of typing, any Low* program is memory safe. In addition, the programmer can make full use of the verification power of F* to write high-level specifications and verify the functional correctness of Low* code using a combination of SMT automation and sophisticated manual proofs. At extraction time, specifications and proofs are erased, and the remaining code enjoys a predictable translation to C. We prove that this translation preserves semantics and side-channel resistance.
We provide a new compiler back-end from Low* to C and, to evaluate our approach, we implement and verify various cryptographic algorithms, constructions, and tools for a total of about 28,000 lines of code. We show that our Low* code delivers performance competitive with existing (unverified) C cryptographic libraries, suggesting our approach may be applicable to larger-scale low-level software.
In cooperation with: INRIA Paris, Team Prosecco; and MIT, CSAIL.
Docker image (opens in new tab) submitted to the ICFP 2017 artifact evaluation.
Téléchargements de publications
FStar
juin 26, 2019
F*: Verification system for effectful programs
KReMLin
mai 17, 2018
KreMLin is a tool that extracts an F* program to readable C code. If the F* program verifies against a low-level memory model that talks about the stack and the heap; if it is first-order; if it obeys certain restrictions (e.g. non-recursive data types) then KreMLin will turn it into C. KreMLin compiles the entire Project Everest software stack.