Refinement Modeling and Verification of RISC-V Assembly Using Knuckledragger
4 days ago
- #RISC-V
- #symbolic-execution
- #binary-verification
- Binary verification is essential for low-level assembly code, performance optimization, and catching compiler bugs.
- The author developed a Python-based binary verification tool using pypcode Ghidra semantics to refine and verify RISC-V assembly.
- A key challenge was simplifying the output of symbolic execution for easier debugging and interactive proof using the 'knuckledragger' system.
- The tool allows specifying a high-level model of the program's behavior, which is easier to work with than raw assembly.
- A bisimulation checker verifies that the high-level model accurately represents the low-level assembly execution.
- Examples include verifying a simple RISC-V program and a memory copy function, uncovering a bug related to zero-length input.
- The tool supports bounded model checking and symbolic execution to find counterexamples and verify invariants.
- Future improvements could include better countermodel output, support for larger examples, and integration with formal verification tools like Lean.