Verve (operating system)

Verve is a research operating system developed by Microsoft Research.

Verve consists of a small Nucleus, which acts as a minimal hardware abstraction layer, and a Kernel, which uses primitives provided by the Nucleus to expose a more traditional interface to applications. All components of the system other than the Nucleus are written in managed C# and compiled by Bartok (originally developed for the Singularity project) into typed assembly language, which is verified by a TAL checker.

The Nucleus implements a memory allocator and garbage collection, support for stack switching, and managing interrupt handlers. It is written in BoogiePL, which serves as input to MSR's Boogie verifier, which proves the Nucleus correct using the Z3 SMT solver. The Nucleus relies on the Kernel to implement threads, scheduling, synchronization, and to provide most interrupt handlers. Even though the Kernel is not formally verified, so, for example, a bug in scheduling could cause the system to hang, it cannot violate type or memory safety, and thus cannot directly cause undefined behavior. If it attempts to make invalid requests to the Nucleus, formal verification guarantees that the Nucleus handles the situation in a controlled manner.

Verve's trusted computing base is limited to: Boogie/Z3 for verifying the Nucleus's correctness; BoogieASM for translating it into x86 assembly; the BoogiePL specification of how the Nucleus should behave; the TAL verifier; the assembler and linker; and the bootloader. Notably, neither the C# compiler/runtime nor the Bartok compiler are part of the TCB.

References

• http://research.microsoft.com/pubs/122884/pldi117-yang.pdf
• http://channel9.msdn.com/Shows/Going+Deep/Verve-A-Type-Safe-Operating-System
• http://www.osnews.com/story/24115/Verve_A_Type_Safe_Operating_System
• http://www.infoq.com/news/2010/12/verve-msft