Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CN specs to MKM #142

Open
wants to merge 42 commits into
base: main
Choose a base branch
from
Open

Add CN specs to MKM #142

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
218a2f2
add client-reduced, update cn_stubs
septract Dec 18, 2024
405d646
Migrate CN memory safety specs into client.c
septract Dec 19, 2024
de0ba91
mkm: Prove memory safety for remaining fns
septract Dec 20, 2024
4f4b81e
mkm: make proof use CN standard predicates
septract Dec 20, 2024
f2cb2d9
mkm: handle array slices properly in read/write
septract Dec 21, 2024
c7f87d3
Remove old test file client-reduced.c
septract Dec 21, 2024
093dd29
mkm: add state machine to client_event spec
septract Dec 21, 2024
b7c4a19
mkm: guard CN-specific ghost code with a macro
septract Dec 21, 2024
faaa2ef
mkm: clean up proof
septract Dec 27, 2024
6fa262f
mkm: add script to split files, make client.h and others work with it
septract Dec 27, 2024
b50dd49
mkm: Add test script for `cn test`, modify other files to make it work
septract Dec 28, 2024
6a59c43
mkm: minor proof cleanup
septract Dec 28, 2024
c520554
mkm: make cn test work for most of the mkm fns
septract Dec 31, 2024
adb30eb
mkm: minor proof tidy up
septract Dec 31, 2024
e0f081f
mkm: made testing work with malloc / free fns, various cleanup
septract Dec 31, 2024
8466469
mkm: integrated possibly-failing malloc()
septract Jan 1, 2025
c44975b
mkm: fix test demo pauses, support can-fail malloc in cn test flow
septract Jan 3, 2025
59e7337
mkm: test script now needs legacy --with-static-hack flag
septract Jan 3, 2025
aa65423
mkm: match Rust Option type naming
septract Jan 3, 2025
a55fcb5
mkm: use `default` in definitions (depends on cerberus PR #814)
septract Jan 5, 2025
c8c7d93
mkm: initial work verifying policy.c
septract Jan 7, 2025
2d49909
Add testing to CI job
septract Jan 16, 2025
bdcb111
mps: add mkm proof GH action
septract Jan 16, 2025
1a75a5b
mkm: fix typo, add cn test workflow
septract Jan 16, 2025
e9e6211
mkm: Address @podhrmic comments
septract Jan 16, 2025
76862a7
mkm: prove / test functions in policy.c modulo hacks
septract Jan 18, 2025
7696586
Do not use stdio in cn exec
peterohanley Jan 31, 2025
35fbced
Disable the struct definition only in cn exec
peterohanley Jan 31, 2025
53495b1
mkm: uncomment hmac call in policy.c
spernsteiner Jan 31, 2025
625ec77
Fix frama-c proofs
podhrmic Feb 7, 2025
702f5ca
install missing deps in frama-c image
podhrmic Feb 7, 2025
249d53d
Try different way of writing the steps
podhrmic Feb 7, 2025
022142e
Try to debug the frama-c invocation
podhrmic Feb 7, 2025
bdd35b7
Fix path
podhrmic Feb 7, 2025
60d8f1f
Skip docker-run action
podhrmic Feb 7, 2025
d0e7057
Fix container definition:
podhrmic Feb 7, 2025
f5b0dab
Revert the frama-c job changes
podhrmic Feb 7, 2025
ead7d69
Install frama-C from a distro package
podhrmic Feb 7, 2025
a153764
Revert frama-c job to what is in main
podhrmic Feb 7, 2025
43f3033
Switch to a different docker-run action
podhrmic Feb 7, 2025
f9aaeeb
mkm: resolved TODOs or converted to NOTE
septract Feb 11, 2025
bc27384
One more TODO
septract Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions components/include/cn_memory.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,31 @@ ensures
take i = each(u64 j; j >= 0u64 && j < n) {Block<uint8_t>(array_shift<uint8_t>(return, j))};
$*/

/*$
datatype OptionMemory {
podhrmic marked this conversation as resolved.
Show resolved Hide resolved
SomeMemory {{u64 base, u64 size} al, map<u64, u8> bu},
NothingMemory {}
}
predicate (datatype OptionMemory) MallocResult(pointer p, u64 n)
{
if (is_null(p)) {
return NothingMemory {};
} else {
take log = Alloc(p);
assert(allocs[(alloc_id)p] == log);
assert(log.base == (u64) p);
assert(log.size == n);
take i = each(u64 j; j >= 0u64 && j < n) {Block<uint8_t>(array_shift<uint8_t>(p, j))};
return SomeMemory { al : log, bu : i};
}
}
$*/

void *_malloc_canfail(size_t n);
/*$
spec _malloc_canfail(u64 n);
requires true;
ensures take Out = MallocResult(return, n);
$*/

#endif // CN_MEMCPY_H_
7 changes: 7 additions & 0 deletions components/mission_key_management/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))

$(opam env)
CN=cn verify --magic-comment-char-dollar --include=$(ROOT_DIR)/../include/wars.h -I $(ROOT_DIR)/../include -I $(OPAM_SWITCH_PREFIX)/lib/cerberus/runtime/libc/include/posix

ifeq ($(TARGET),x86_64)
CC = x86_64-linux-gnu-gcc
CXX = x86_64-linux-gnu-g++
Expand Down Expand Up @@ -34,3 +37,7 @@ $(BUILD_DIR)/%.o: $(ROOT_DIR)/%.c
.PHONY: clean
clean:
rm -rf build/ build.*/

.PHONY: cn_proof
cn_proof:
$(CN) client.c
Loading