Download PDFOpen PDF in browserAutomatic Bit- and Memory-Precise Verification of eBPF Code24 pages•Published: May 26, 2024AbstractWe propose a translation from eBPF (extended Berkeley Packet Filter) code to CHC (Constrained Horn Clause sets) over the combined theory of bitvectors and arrays. eBPF is in particular used in the Linux kernel where user code is executed under kernel privileges. In order to protect the kernel, a well-known verifier statically checks the code for any harm and a number of research efforts have been performed to secure and improve the performance of the verifier. This paper is about verifying the functional properties of the eBPF code itself. Our translation procedure bpfverify is precise and covers almost all details of the eBPF language. Functional properties are automatically verified using z3. We prove termination of the procedure and show by real world eBPF code examples that full-fledged automatic verification is actually feasible.Keyphrases: constrained horn clauses, ebpf, program verification In: Nikolaj Bjørner, Marijn Heule and Andrei Voronkov (editors). Proceedings of 25th Conference on Logic for Programming, Artificial Intelligence and Reasoning, vol 100, pages 198-221.
|