A Flow-Sensitive Refinement Type System for Verifying eBPF Programs (SPLASH 2025 - OOPSLA)

Sun 12 - Sat 18 October 2025 Singapore

co-located with ICFP/SPLASH 2025

Who

Ameer Hamza, Lucas Zavalia, Arie Gurfinkel, Jorge A. Navas, Grigory Fedyukovich

Track

SPLASH 2025 OOPSLA

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT+08:00) Perth.

Use conference time zone: (GMT+08:00) PerthSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 17 Oct 2025 16:00 - 16:15 at Orchid East - Verification 1

Abstract

The Extended Berkeley Packet Filter (eBPF) subsystem within an operating system’s kernel enables userspace programs to extend kernel functionality dynamically. Because of the security risks arising from runtime modification of the OS, eBPF requires all programs to be verified before deploying them inside the kernel. Existing approaches to eBPF verification are monolithic, requiring their entire analysis to be done in a secure environment, resulting in the need for extensive trusted codebases. To reduce the size and complexity of the trusted codebase, we propose a type-based verification approach that automatically infers proof certificates in userspace, while only the proof-checking component needs to be deployed in a secure environment. Moreover, compared to previous techniques, our type system enhances the debuggability of the programs for users through ergonomic type annotations when verification fails. We implemented our type inference algorithm in a tool called VeRefine and evaluated it against an existing eBPF verifier, Prevail. VeRefine outperformed Prevail on most of the industrial benchmarks.

Ameer Hamza

Florida State University

United States

Lucas Zavalia

Florida State University Tallahassee

United States

Arie Gurfinkel

University of Waterloo

Canada

Jorge A. Navas

Certora

United States

Grigory Fedyukovich

Florida State University

United States

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT+08:00) Perth.

Use conference time zone: (GMT+08:00) PerthSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 17 Oct
Displayed time zone: Perth change

16:00 - 17:30	Verification 1OOPSLA at Orchid East

16:00 15m Talk		A Flow-Sensitive Refinement Type System for Verifying eBPF Programs OOPSLA Ameer Hamza Florida State University, Lucas Zavalia Florida State University Tallahassee, Arie Gurfinkel University of Waterloo, Jorge A. Navas Certora, Grigory Fedyukovich Florida State University
16:15 15m Talk		Automatically Verifying Replication-aware Linearizability OOPSLA Vimala Soundarapandian IIT Madras, Kartik Nagar IIT Madras, Aseem Rastogi Microsoft Research, KC Sivaramakrishnan IIT Madras and Tarides
16:30 15m Talk		On the Impact of Formal Verification on Software Development OOPSLA Eric Mugnier University of California San Diego, Zhou Yuanyuan UCSD, Ranjit Jhala University of California at San Diego, Michael Coblenz University of California, San Diego
16:45 15m Talk		Towards Verifying Crash Consistency OOPSLA Keonho Lee University of California, Irvine, Conan Truong University of California, Irvine, Brian Demsky University of California at Irvine
17:00 15m Talk		TraceLinking Implementations with their Verified Designs OOPSLA Finn Hackett University of British Columbia, Ivan Beschastnikh The University of British Columbia Pre-print
17:15 15m Talk		Pyrosome: Verified Compilation for Modular Metatheory OOPSLA Dustin Jamner MIT CSAIL, Gabriel Kammer MIT, Ritam Nag MIT, Adam Chlipala MIT CSAIL