English
Related papers

Related papers: A Formal CHERI-C Semantics for Verification

200 papers

Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating…

CHERI (Capability Hardware Enhanced RISC Instructions) is a novel hardware designed to address memory safety issues. By replacing traditional pointers with hardware capabilities, it enhances security in modern software systems. A Virtual…

Programming Languages · Computer Science 2026-03-09 Hanhaotian Liu , Tetsuro Yamazaki , Tomoharu Ugawa

In recent years, a number of lightweight programs have been deployed in critical domains, such as in smart contracts based on blockchain technology. Therefore, the security and reliability of such programs should be guaranteed by the most…

Programming Languages · Computer Science 2018-03-28 Zheng Yang , Hang Lei

Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from uninitialized variables. This work addresses the prevalence and lack of adequate software mitigations for uninitialized memory issues, proposing architectural…

Cryptography and Security · Computer Science 2025-10-14 Merve Gülmez , Håkan Englund , Jan Tobias Mühlberg , Thomas Nyman

Ensuring the correct functionality of systems software, given its safety-critical and low-level nature, is a primary focus in formal verification research and applications. Despite advances in verification tooling, conventional programmers…

Programming Languages · Computer Science 2025-04-04 Yiyuan Cao , Jiayi Zhuang , Houjin Chen , Jinkai Fan , Wenbo Xu , Zhiyi Wang , Di Wang , Qinxiang Cao , Yingfei Xiong , Haiyan Zhao , Zhenjiang Hu

Capability machines such as CHERI provide memory capabilities that can be used by compilers to provide security benefits for compiled code (e.g., memory safety). The existing C to CHERI compiler, for example, achieves memory safety by…

Programming Languages · Computer Science 2021-05-05 Akram El-Korashy , Stelios Tsampas , Marco Patrignani , Dominique Devriese , Deepak Garg , Frank Piessens

The core of a formal semantics of an imperative programming language is a memory model that describes the behavior of operations on the memory. Defining a memory model that matches the description of C in the C11 standard is challenging…

Logic in Computer Science · Computer Science 2015-09-14 Robbert Krebbers

The CHERI architecture equips conventional RISC ISAs with significant architectural extensions that provide a hardware-enforced mechanism for memory protection and software compartmentalisation. Architectural capabilities replace…

Hardware Architecture · Computer Science 2025-02-10 Louis-Emile Ploix , Alasdair Armstrong , Tom Melham , Ray Lin , Haolong Wang , Anastasia Courtney

This technical report describes a new extension to capability machines. Capability machines are a special type of processors that include better security primitives at the hardware level. In capability machines, every word has an associated…

Programming Languages · Computer Science 2020-06-03 Sander Huyghebaert , Thomas Van Strydonck , Steven Keuchel , Dominique Devriese

Formal verification of memory-manipulating programs critically depends on precise function specifications that capture memory states written by experts. This requirement has become a major bottleneck as large language models (LLMs)…

Software Engineering · Computer Science 2026-03-17 Liao Zhang , Tong Chen , Xiwei Wu , Qi Liu , Xiyu Zhai , Xinqi Wang , Qinxiang Cao

A digital security-by-design computer architecture, like CHERI, lets you program without fear of buffer overflows or other memory safety errors, but CHERI also rewrites some of the assumptions about how C works and how fundamental types…

Cryptography and Security · Computer Science 2025-07-01 Maysara Alhindi , Joseph Hallett

We present a formal model of Checked C, a dialect of C that aims to enforce spatial memory safety. Our model pays particular attention to the semantics of dynamically sized, potentially null-terminated arrays. We formalize this model in…

Programming Languages · Computer Science 2022-02-01 Liyi Li , Yiyun Liu , Deena L. Postol , Leonidas Lampropoulos , David Van Horn , Michael Hicks

We describe how to verify security properties of C code for cryptographic protocols by using a general-purpose verifier. We prove security theorems in the symbolic model of cryptography. Our techniques include: use of ghost state to attach…

Cryptography and Security · Computer Science 2013-12-24 François Dupressoir , Andrew D. Gordon , Jan Jürjens , David A. Naumann

Multiple successful compositional symbolic execution (CSE) tools and platforms exploit separation logic (SL) for compositional verification and/or incorrectness separation logic (ISL) for compositional bug-finding, including VeriFast,…

Programming Languages · Computer Science 2025-08-28 Andreas Lööw , Seung Hoon Park , Daniele Nantes-Sobrinho , Sacha-Élie Ayoun , Opale Sjöstedt , Philippa Gardner

The increased technological complexity and demand for software reliability require organizations to formally design and verify their safety-critical programs to minimize systematic failures. Formal methods are recommended by functional…

Software Engineering · Computer Science 2025-02-27 Ignacio D. Lopez-Miguel , Borja Fernández Adiego , Matias Salinas , Christine Betz

Although Secure Multiparty Computation (SMC) has seen considerable development in recent years, its use is challenging, resulting in complex code which obscures whether the security properties or correctness guarantees hold in practice. For…

Programming Languages · Computer Science 2023-06-02 Amy Rathore , Marina Blanton , Marco Gaboardi , Lukasz Ziarek

A key feature in trusted computing is attestation, which allows encapsulated components (enclaves) to prove their identity to (local or remote) distrusting components. Reasoning about software that uses the technique requires tracking how…

Programming Languages · Computer Science 2026-04-17 June Rousseau , Denis Carnier , Thomas Van Strydonck , Steven Keuchel , Dominique Devriese , Lars Birkedal

OCaml is particularly well-fitted for formal verification. On one hand, it is a multi-paradigm language with a well-defined semantics, allowing one to write clean, concise, type-safe, and efficient code. On the other hand, it is a language…

Logic in Computer Science · Computer Science 2021-09-07 Mário Pereira , António Ravara

Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current automatic verification tools and usually involves intricate mathematical theorems. Certifying algorithms…

Logic in Computer Science · Computer Science 2013-02-01 Eyad Alkassar , Sascha Böhme , Kurt Mehlhorn , Christine Rizkallah

Formal verification provides strong guarantees of correctness of software, which are especially important in safety or security critical systems. Hoare logic is a widely used formalism for rigorous verification of software against…

Programming Languages · Computer Science 2021-03-11 Jayaraj Poroor
‹ Prev 1 2 3 10 Next ›