Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20160412024734.GB20359@newbook>
Date: Mon, 11 Apr 2016 19:47:35 -0700
From: Isaac Dunham <ibid.ag@...il.com>
To: musl@...ts.openwall.com
Subject: Re: Formal verification of MUSL

On Mon, Apr 11, 2016 at 06:00:24PM -0700, Joe Duarte wrote:
> >
> > >
> > > I have registered
> > >
> > > https://scan.coverity.com/projects/libc-musl
> >
> > "You are not authorized to access this page."
> > I have no experience with Coverity, but I guess you missed a step to make
> > it public. (The search also comes up empty.)
> >
> 
> ​Yes, I noticed that as well. It gave me the same "not authorized" message.
> Normally, we should be able to add the project to our personal Coverity
> accounts by going to My Dashboard (top), click the Add a New Project
> button, then search for the project. Currently, musl is still not showing
> up in the search – maybe it takes a couple of days to show?
> 
> Nagy, everything you said sounds right. What about unikernels? Long-term,
> I'm more interested in running unikernels than in running Linux, BSD, or
> Windows. I'm thinking of something like OSv, where they built an ELF
> linker from scratch, as well as implementing the Linux system calls:
> https://github.com/cloudius-systems/osv/wiki/Components-of-OSv

OSv uses a (rather old) version of musl, with some changes needed.
If I understand correctly, they essentially changed musl so that rather
than using syscalls, it would directly call the underlying kernel function.

Another unikernel-type project using musl is the ELLCC "Embedded Little
Kernel": 
http://ellcc.org/blog/?tag=elk


And while we're discussing alternate hosts, I might as well mention that
seL4 uses musl for the POSIX libc.

> In their case, they were going for glibc compatibility, and I assume a
> straight musl implementation would be easier. This ultimately gets at the
> separation of OS syscalls and ABIs vs. the libc. What if I have an OS or
> unikernel that doesn't know anything about C or POSIX, where C isn't a
> first-class citizen so much as an honored guest? musl-leveraging C
> applications would presumably be statically compiled in that case (and
> perhaps containerized), but there would also need be an ABI layer that is
> unclear to me. (Maybe this is relevant: How to Run POSIX Apps in a Minimal
> Picoprocess: http://research.microsoft.com/apps/pubs/default.aspx?id=183461
> -- which they might be drawing from in their recently announced bash or
> Ubuntu support. How they emulated the Linux ABI in that paper is very
> interesting.)
> 
> I think the formal verification task would be simplified if we could shrink
> the ABI down in a unikernel or similar context, but I've only just begun to
> think about this.
> 
> On floating point, the C
> ompCert team just published a new paper on verified compilation of floating
> point computations:
> ​ ​
> https://hal.inria.fr/hal-00862689
> ​  ​
> It looks like nice work.
> 
> Cheers,
> 
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.