Comments (7)
mansky1
commented on September 27, 2024
Hi! I'm excited to hear that you're interested in this topic; I've been thinking about looking into eBPF verification myself recently. VST doesn't ship with Clightgen for copyright reasons, so you should install CompCert separately (if you're using OPAM, this is as simple as opam install coq-compcert; otherwise, you can download it from compcert.org and build it from source) to get access to Clightgen. If you just want to apply VST to the generated programs, that's all you need to do; if you're looking at building VST from source or modifying it, see the build instructions for how to build VST on top of an external CompCert installation. Please let me know if you run into any more questions or problems, and more generally, I'd love to hear how your project progresses!
Best,
William
from vst.
swarnpriya
commented on September 27, 2024
Thank you William @mansky1 for the response. I solved the issue of Clightgen. I still need to figure out how to configure VST with my version of CompCert that targets BPF bytecode instead of x86 or ARM. I will keep you posted about my progress and once I get myself familiar with using VST, we can chat more.
On another note, I have worked with Coq proof assistant in several projects. How difficult is the learning curve for VST and do you have some suggestions about any other good document to follow apart from Software Foundation and the VerifiableC manual.
from vst.
mansky1
commented on September 27, 2024
VST works on the Clight output of Clightgen, so the question is whether your modified CompCert does something different at the Clight level or only further down the chain.
I think VST is not too bad to learn if you work through the Verifiable C volume of Software Foundations (as distinct from the manual, which is quite hard to learn from if you don't already understand VST). But if you have questions, we do have a VST-user mailing list.
from vst.
swarnpriya
commented on September 27, 2024
Can we reason about termination in VST? If yes, is there any specific example or papers you have in mind that would give me some better understanding about how it does? I am still wondering that proving functional correctness for eBPF programs won't be enough as we need to deal with helper functions properties and properties like termination, stack usage etc.
from vst.
andrew-appel
commented on September 27, 2024
We cannot reason about termination in VST.
from vst.
Salamari
commented on September 27, 2024
Even from a theoretical standpoint, it's not clear the models in VST can reason about termination. The only work that was done in this direction was a paper that Rob Dockins and I wrote many years ago, "Verifying Time Bounds for General Function Pointers", published in MFPS 2012 I believe. We tried to prove total correctness, and ended up proving explicit time bounds (which are really a kind of partial correctness).
In any event, it's not an easy problem.
Aquinas
…________________________________
From: Andrew Appel ***@***.***>
Sent: Monday, September 2, 2024 7:31 PM
To: PrincetonUniversity/VST ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [PrincetonUniversity/VST] Trying to prove properties about eBPF programs (Clightgen issue) (Issue #792)
⚠ Caution: External sender
We cannot reason about termination in VST.
—
Reply to this email directly, view it on GitHub<#792 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ACAMK5A27FZ4P67VUMFZOQDZUSVHFAVCNFSM6AAAAABNEJ5ZIGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRVGE4DMMRRHA>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
from vst.
Related Issues (20)
- overbroad match in try_conjuncts
- Function pointer comparison apparently not supported
- solve_load_rule_evaluation @proj_reptype HOT 3
- data_at_int_or_ptr_int share
- forward_call takes a long time HOT 2
- Improvements in deadvars
- solve_store_rule_evaluation HOT 1
- localize / entailer_for_load_tac / unlocalize / Coq 8.17 HOT 11
- Please create a tag for Coq 8.19 in Coq Platform 2024.01 HOT 4
- inhabited_value doesn't really work well
- mkVSU external function check does not give useful error message HOT 3
- cstring should not need a compspecs argument HOT 2
- verif_incr should prove that it restores an uninitialized counter HOT 1
- IPM proof fails in lib/proof body_release, succeeds in atomics body_release HOT 1
- check_parameter_vals should have lazymatch
- In VST 3.0beta2, normalize1 tactic HOT 6
- CompCert planned change: adding a `Mbool` memory chunk HOT 6
- mailbox broken: typedef with/without * HOT 2
- repr_inj_signed64 has incorrect bounds.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vst.