Abstract
The GNU Multi-Precision library is a widely used, safety-critical, library for arbitrary-precision arithmetic. Its source code is written in C and assembly, and includes intricate state-of-the-art algorithms for the sake of high performance. Formally verifying the functional behavior of such highly optimized code, not designed with verification in mind, is challenging. We present a fully verified library designed using the Why3 program verifier. The use of a dedicated memory model makes it possible to have the Why3 code be very similar to the original GMP code. This library is extracted to C and is compatible and performance-competitive with GMP.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Look for ‘division’ at https://gmplib.org/gmp5.0.html.
- 3.
- 4.
References
Abrial, J.R.: The B-Book, Assigning Programs to Meaning. Cambridge University Press, Cambridge (1996)
Affeldt, R.: On construction of a library of formally verified low-level arithmetic functions. Innov. Syst. Softw. Eng. 9(2), 59–77 (2013)
Berghofer, S.: Verification of dependable software using SPARK and Isabelle. In: Brauer, J., Roveri, M., Tews, H. (eds.) 6th International Workshop on Systems Software Verification. OpenAccess Series in Informatics (OASIcs), Dagstuhl, Germany, vol. 24, pp. 15–31 (2012)
Bertot, Y., Magaud, N., Zimmermann, P.: A proof of GMP square root. J. Autom. Reason. 29(3–4), 225–252 (2002)
Bobot, F., Filliâtre, J.-C., Marché, C., Paskevich, A.: Why3: Shepherd your herd of provers. In: Boogie 2011: First International Workshop on Intermediate Verification Languages, Wrocław, Poland, pp. 53–64, August 2011. https://hal.inria.fr/hal-00790310
Bobot, F., Filliâtre, J.-C., Marché, C., Paskevich, A.: Let’s verify this with Why3. Int. J. Softw. Tools Technol. Transf. (STTT) 17(6), 709–727 (2015). See also http://toccata.lri.fr/gallery/fm2012comp.en.html
Bornat, R.: Proving pointer programs in Hoare logic. In: Backhouse, R., Oliveira, J.N. (eds.) MPC 2000. LNCS, vol. 1837, pp. 102–126. Springer, Heidelberg (2000). https://doi.org/10.1007/10722010_8
Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_16
Filliâtre, J.-C.: One logic to use them all. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38574-2_1
Filliâtre, J.-C., Gondelman, L., Paskevich, A.: A pragmatic type system for deductive verification. Research report, Université Paris Sud (2016). https://hal.archives-ouvertes.fr/hal-01256434v3
Filliâtre, J.-C., Gondelman, L., Paskevich, A.: The spirit of ghost code. Formal Methods Syst. Des. 48(3), 152–174 (2016)
Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_21
Filliâtre, J.-C., Paskevich, A.: Why3 — where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8
Fischer, S.: Formal verification of a big integer library. In: DATE Workshop on Dependable Software Systems (2008). http://www-wjp.cs.uni-sb.de/publikationen/Fi08DATE.pdf
Fumex, C., Dross, C., Gerlach, J., Marché, C.: Specification and proof of high-level functional properties of bit-level programs. In: Rayadurgam, S., Tkachuk, O. (eds.) NFM 2016. LNCS, vol. 9690, pp. 291–306. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40648-0_22
International Organization for Standardization: ISO/IEC 9899:1999: Programming Languages - C (2000)
Klein, G., Andronick, J., Elphinstone, K., Heiser, G., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. Commun. ACM 53(6), 107–115 (2010)
Kosmatov, N., Marché, C., Moy, Y., Signoles, J.: Static versus dynamic verification in Why3, Frama-C and SPARK 2014. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 461–478. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_32
Leino, K.R.M., Moskal, M.: Usable auto-active verification. In: Usable Verification Workshop, Redmond, WA, USA, November 2010. http://fm.csl.sri.com/UV10/
Moller, N., Granlund, T.: Improved division by invariant integers. IEEE Trans. Comput. 60(2), 165–175 (2011)
Myreen, M.O., Curello, G.: Proof pearl: a verified bignum implementation in x86-64 machine code. In: Gonthier, G., Norrish, M. (eds.) CPP 2013. LNCS, vol. 8307, pp. 66–81. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03545-1_5
Zinzindohoué, J.K., Bartzia, E.I., Bhargavan, K.: A verified extensible library of elliptic curves. In: Hicks, M., Köpf, B. (eds.) 29th IEEE Computer Security Foundations Symposium (CSF), Lisbon, Portugal, pp. 296–309, June 2016
Acknowledgments
We gratefully thank Pascal Cuoq, Jean-Christophe Filliâtre and Mário Pereira for their comments on preliminary versions of this article.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Rieu-Helft, R., Marché, C., Melquiond, G. (2017). How to Get an Efficient yet Verified Arbitrary-Precision Integer Library. In: Paskevich, A., Wies, T. (eds) Verified Software. Theories, Tools, and Experiments. VSTTE 2017. Lecture Notes in Computer Science(), vol 10712. Springer, Cham. https://doi.org/10.1007/978-3-319-72308-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-72308-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72307-5
Online ISBN: 978-3-319-72308-2
eBook Packages: Computer ScienceComputer Science (R0)