Skip to content

proof: starting support for e-acsl runtime assertion as advanced security mode #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
PThierry wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

proof: starting support for e-acsl runtime assertion as advanced security mode #34

PThierry wants to merge 8 commits into from

Conversation

@PThierry
Copy link
Contributor

@PThierry PThierry commented Jun 17, 2025
edited
Loading

This PR enables the support for generated annotated C code using e-acsl based on the various ACSL assertions written in the input C file.
The ability to add e-acsl annotations is supported kernel-wide and is made to be enabled easily.

By now, the kernel zlib's string.c implementation of memset/memcpy/strnlen do support e-acsl annotations.

Triggering the annotated C code generation and inclusion is made based on the CONFIG_SECU_ENABLE_EACSL kconfig trigger (default n).
In that very case, Frama-C, including the e-acsl plugin and the e-acsl-gcc.sh tool, generates annotated sources that allow automatically runtime assertion checks baed on static frama-C assertions, that have been proven as valid in a sound model.

As a consequence, any invalid runtime assertion can't be triggered through a valid logical path and is the consequence of an external event (EM, fault).

runtime annotations increase the kernel size, and is deactivated by default. By now, only the string memory manipulation library is protected (as already validated as correct in a sound envionrment), but such runtime assertions can be generated to any code part that is already demonstrated as correct without risk.

NOTE: need CEA support on this, ass the e-acsl plugin C symbols implementation library need to be compiled and linked

@PThierry PThierry force-pushed the functional-proof/e-acsl-support branch 3 times, most recently from 76108da to e3ff20e Compare June 23, 2025 14:20
@PThierry PThierry changed the title proof: starting support for e-acsl runtime assertion in autotesting mode proof: starting support for e-acsl runtime assertion as advanced security mode Jun 23, 2025
@PThierry PThierry force-pushed the functional-proof/e-acsl-support branch from e3ff20e to 6ffbc91 Compare June 23, 2025 14:37
@PThierry PThierry added question Further information is requested build-system build-system related fixes framac:contract formal correctness (contracts) labels Jul 3, 2025
@PThierry PThierry added this to the v0.6.0 milestone Jul 16, 2025
@PThierry PThierry force-pushed the functional-proof/e-acsl-support branch from f3878bb to 2b0ab26 Compare October 4, 2025 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build-system build-system related fixes framac:contract formal correctness (contracts) question Further information is requested

Projects

Sentry kernel roadmap
Status: Todo

Milestone

v0.6.0

Development

Successfully merging this pull request may close these issues.

1 participant

@PThierry