Fixing Latent Unsound Abstract Operators in the eBPF Verifier of the Linux Kernel (NEAT paper)
This paper describes our experience deploying automated verification techniques for proving the correctness of value tracking components of the eBPF verifier in the Linux Kernel over the last four years. The eBPF verifier uses abstract interpretation with multiple abstract domains for value tracking. The eBPF verifier uses non-standard approaches for refining the results from multiple abstract domains, which necessitated us to design new techniques to show their correctness. During this process, we also discovered that some of the abstract operators are unsound in isolation. The unsoundness of these operators are eventually corrected by a shared refinement operator. The presence of intermediate “latent” unsound abstract operators makes the task of verification harder. We describe our patches to the Linux kernel, which have been upstreamed, that fix these latent errors and make the abstract operators correct in isolation, which enables faster automated verification.
Mon 21 OctDisplayed time zone: Pacific Time (US & Canada) change
14:00 - 15:30 | Quantum and system level analysisSAS at San Gabriel Chair(s): Qirun Zhang Georgia Institute of Technology | ||
14:00 30mShort-paper | Fixing Latent Unsound Abstract Operators in the eBPF Verifier of the Linux Kernel (NEAT paper) SAS Matan Shachnai , Harishankar Vishwanathan , Srinivas Narayana Rutgers University, Santosh Nagarakatte Rutgers University Pre-print | ||
14:30 30mFull-paper | Static Analysis of Quantum Programs SAS Nicola Assolini University of Verona, Alessandra Di Pierro University of Verona, Isabella Mastroeni University of Verona Pre-print | ||
15:00 30mShort-paper | Verifying components of Arm® Confidential Computing Architecture with ESBMC (NEAT paper) SAS Tong Wu , Shale Xiong ARM, Edoardo Manino , Gareth Stockwell ARM, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil Pre-print | ||