This paper gives a high-level introduction to the topic of formal, interactive, machine-
checked software verification in general, and the verification of operating systems code in …

The interfaces between layers of a system are susceptible to bugs if developers of adjacent
layers proceed under subtly different assumptions. Formal verification of two layers against …

Low level code is challenging: It lacks structure, it uses jumps and symbolic addresses, the
control flow is often highly optimized, and registers and memory locations may be reused in …

We introduce Pancake, a new language for verifiable, low-level systems programming,
especially device drivers. Pancake eschews complex type systems to make the language …

We address the problem of computing simulation relations over tree automata. In particular,
we consider downward and upward simulations on tree automata, which are, loosely …

We have developed a stack of semantics for a high-level C-like language and low-level
assembly code, which has been carefully crafted to support the pervasive verification of …

Memory virtualization by means of demand paging is a crucial component of every modern
operating system. The formal verification is challenging since reasoning about the page fault …

We report on the formal functional verification of a simple device driver for an ATAPI hard
disk in Isabelle/HOL. The proof is based on a functional model of the hard disk, which has …

We report in this paper on the formal verification of a simple compiler for the C-like
programming language C0. The compiler correctness proof meets the special requirements …

Computer systems do not exist in isolation: they must interact with the world through I/O
devices. Our work, which focuses on constrained embedded systems, provides a framework …