Extended Berkeley Packet Filter(BPF)is an in-kernel, register-based virtual machine in the Linux operating system that allows non-superusers to execute code at specific points within the Linux kernel. To ensure that such user code is safe within the kernel, BPF relies on an in-kernel static analyzer that proves properties such as bounded memory access and the absence of illegal operations. This static analyzer uses an abstract domain, which it calls tnums (tristate numbers), to over-approximate the set of values that a variable may store. This abstract domain is implemented efficiently with bitwise and arithmetic operations. This paper formalizes the semantics and various properties of tnums and provides the first proofs of soundness and precision of arithmetic and logical operations with tnums. We describe a novel sound algorithm for multiplying two tnums that is more precise and efficient (runs 55% faster on average) than the Linux kernel's tnum multiplication.

中文翻译：

---

三态数的语义，验证和有效实现

扩展的Berkeley数据包筛选器（BPF）是Linux操作系统中基于内核的基于寄存器的虚拟机，它允许非超级用户在Linux内核中的特定位置执行代码。为了确保此类用户代码在内核中是安全的，BPF依赖于内核内静态分析器，该分析器可证明诸如受限内存访问和不存在非法操作之类的属性。该静态分析器使用一个抽象域（称为tnums（三态数））来过度逼近变量​​可能存储的一组值。该抽象域通过按位和算术运算有效地实现。本文对tnum的语义和各种性质进行了形式化，并为tnum的算术和逻辑运算的正确性和准确性提供了第一个证明。