How Can You Trust Formally Verified Software?
|
|
- Bernice Lindsey
- 5 years ago
- Views:
Transcription
1 How Can You Trust Formally Verified Software? Alastair Reid Arm
2 2
3 Buffer over-read vulnerabilities 3
4 Buffer over-read vulnerabilities Logic error vulnerabilities 3
5 Buffer over-read vulnerabilities Logic error vulnerabilities Null Buffer pointer over-read dereference vulnerabilities 3
6 Buffer over-read vulnerabilities Use after free Logic error vulnerabilities Null Buffer pointer over-read dereference vulnerabilities 3
7 Buffer over-read vulnerabilities Use after free s e i t i l i b a r e n l u v r o r r e Logic Buffer overflow vulnerabilities Null pointer dereference Buffer over-read vulnerabilities 3
8 Formal verification Of libraries and apps Of compilers Of operating systems 4
9 Fonseca et al., An Empirical Study on the Correctness of Formally Verified Distributed Systems, Eurosys 17 Formally Verified Software 5
10 Fonseca et al., An Empirical Study on the Correctness of Formally Verified Distributed Systems, Eurosys 17 Formally Verified Software Verification Tool Shim Code Formal Specifications 5
11 Takeaway #1: 3 key questions to ask 1. What specifications does your proof rely on? 2. Why do you trust those specifications? 3. Does anybody else use these specifications? 6
12 Takeaway #2: Specifications must have multiple uses 7
13 Takeaway #2: Specifications must have multiple uses 8
14 How can you trust formally verified software? How can you trust formally verified software? Specifications are part of the TCB 3 key questions Specifications must have multiple users How can you trust formal specifications? Testing specifications Verifying processors Verifying specifications How can you trust formally verified software? 9
15 Trustworthy Specifications of the ARM v8-a and v8-m architecture, FMCAD 2016 Creating trustworthy specifications
16 The state of most processor specifications Large (1000s of pages) Broad (10+ years of implementations, multiple manufacturers) Complex (exceptions, weak memory, ) Informal (mostly English prose) We are all just learning how to (retrospectively) formalize specifications 11
17 Arm Processor Specifications A-class (phones, tablets, servers, ) 6,000 pages 40,000 line formal specification Instructions (32/64-bit) Exceptions / Interrupts Memory protection Page tables Multiple privilege levels System control registers Debug / trace M-class (microcontrollers, IoT) 1,200 pages 15,000 line formal specification Instructions (32-bit) Exceptions / Interrupts Memory protection Page tables Multiple privilege levels System control registers Debug / trace 12
18 English prose 13
19 Pseudocode 14
20 Arm Architecture Specification Language (ASL) Indentation-based syntax Imperative First-order Strongly typed (type inference, polymorphism, dependent types) Bit-vectors Unbounded integers Infinite precision reals Arrays, Records, Enumerations Exceptions 15
21 ASL Spec Lexer Parser Typecheck C Backend Interpreter 16
22 Architectural Conformance Suite Processor architectural compliance sign-off Large v8-a 11,000 test programs, > 2 billion instructions v8-m 3,500 test programs, > 250 million instructions Thorough Tests dark corners of specification 17
23 Testing Pass Rate (Artists Impression) ISA Supervisor Hypervisor/Security Time 18 18
24 v8-m 100% 75% 50% 25% 0% 19 19
25 Measuring architecture coverage of tests Untested: op1*op2 == -3.0, FPCR.RND=-Inf 20
26 21
27 End to End Verification of ARM processors with ISA Formal, CAV 2016 Formal verification of processors
28 Checking an instruction ADD ARMResearch 23
29 Checking an instruction CMP LDR ADD STR BNE Context ARMResearch 23
30 IF ID EX MEM WB Fetch Decode R0 - R15 R0 - R15 Memory 24
31 IF ID EX MEM WB Fetch Decode R0 - R15 R0 - R15 Memory πpost πpre 24
32 IF ID EX MEM WB Fetch Decode R0 - R15 R0 - R15 Memory πpost Post_cp πpre Pre Post_spe Spec ==? 24
33 Architecture Specification ASL to Verilog Combinational Verilog Specialize Monomorphize Constant Propagation Width Analysis Exception Handling ARMResearch 25
34 Arm CPUs verified with ISA-Formal A-class Cortex-A53 Cortex-A32 Cortex-A35 Cortex-A55 Next generation R-class Cortex-R52 Next generation M-class Cortex-M4 Cortex-M7 Cortex-M33 Next generation Cambridge Projects Rolling out globally to other design centres 26 Sophia, France - Cortex-A75 (partial) Austin, USA - TBA Chandler, USA - TBA
35 27
36 Who guards the guards? Formal Validation of ARM v8-m Specifications OOPSLA 2017 Formal validation of specifications
37 Suppose Last year: audited all accesses to privileged registers Specification: Added missing privilege checks Testsuite: Added new tests to test every privilege check Formal testbench: Verify every check This year: add new instruction but accidentally omit privilege check How many tests in the test suite will fail on new specification? 29
38 Executable Specification Defines what is allowed Animation Check spec matches expectation Testable Compare spec against implementation 30
39 Executable Specification Defines what is allowed Animation Check spec matches expectation Testable Compare spec against implementation Does not define what is not allowed e.g., Impossible states, impossible actions/transitions, security properties No redundancy Problem when extending specification 30
40 Creating a specification of disallowed behaviour Where to get a list of disallowed behaviour? How to formalise this list? How to formally validate specification against spec of disallowed behaviour? 31
41 Rule JRJC Exit from lockup is by any of the following: A Cold reset. A Warm reset. Entry to Debug state. Preemption by a higher priority processor exception. 32
42 Rule R JRJC Exit State from Change lockup X is by any of the following: Event A Cold A reset. Event A Warm B reset. State Entry to Change Debug C state. Event Preemption D by a higher priority processor exception. 32
43 Rule R JRJC Exit State from Change lockup X is by any of the following: Event A Cold A reset. Event A Warm B reset. State Entry to Change Debug C state. Event Preemption D by a higher priority processor exception. And cannot happen any other way 32
44 Rule R JRJC Exit State from Change lockup X is by any of the following: Event A Cold A reset. Event A Warm B reset. State Entry to Change Debug C state. Event Preemption D by a higher priority processor exception. And cannot happen any other way Rule R: X A B C D 32
45 State Change X Exit from lockup Fell(LockedUp) Event A A Cold reset Called(TakeColdReset) Event B A Warm reset Called(TakeReset) State Change C Entry to Debug state Rose(Halted) Event D Preemption by a higher priority processor exception Called(ExceptionEntry) 33
46 Rule JRJC Exit from lockup is by any of the following: A Cold reset. A Warm reset. Entry to Debug state. Preemption by a higher priority processor exception. 34
47 Rule JRJC Exit from lockup is by any of the following: A Cold reset. A Warm reset. Entry to Debug state. Preemption by a higher priority processor exception. Fell(LockedUp) Called(TakeColdReset) Called(TakeReset) Rose(Halted) Called(ExceptionEntry) 34
48 Rule JRJC Exit from lockup is by any of the following: A Cold reset. A Warm reset. Entry to Debug state. Preemption by a higher priority processor exception. Fell(LockedUp) Called(TakeColdReset) Called(TakeReset) Rose(Halted) Called(ExceptionEntry) Called_TakeColdReset = FALSE; Called_TakeReset = FALSE; Called_TakeExceptionEntry = FALSE; Past_LockedUp = LockedUp; Past_Halted = Halted; 34 assert(( Past_LockedUp > LockedUp) ==> ( Called_TakeColdReset Called_TakeReset Past_Halted < Halted Called_ExceptionEntry));
49 Rule VGNW Entry to lockup from an exception causes Any Fault Status Registers associated with the exception to be updated. No update to the exception state, pending or active. The PC to be set to 0xEFFFFFFE. EPSR.IT to become UNKNOWN. In addition, HFSR.FORCED is not set to 1. 35
50 Rule VGNW Entry to lockup from an exception causes Any Fault Status Registers associated with the exception to be updated. Out of date No update to the exception state, pending or active. Misleading The PC to be set to 0xEFFFFFFE. Untestable EPSR.IT to become UNKNOWN. Ambiguous In addition, HFSR.FORCED is not set to 1. 35
51 Arm Specification Language Arithmetic operations Boolean operations Bit Vectors Arrays Functions Local Variables Statements Assignments If-statements Loops Exceptions SMT Arithmetic operations Boolean operations Bit Vectors Arrays Functions Local Variables Statements Assignments If-statements Loops Exceptions 36
52 Formally Validating Specifications v8-m Spec Property Verification CEX Bug in Spec Proof 37
53 Formally Validating Specifications 12 Bugs v8-m Spec Verification CEX Found Bug in Spec so far Property Proof 37
54 38
55 ARM Test Suite C Backend Test Coverage ASL Spec Lexer Parser Typechecker Interpreter Verilog Backend Arm Processor Simulation Trace Bounded Model Architecture Properties SMT Backend SMT Solver 39
56 Public release of machine readable Arm specification Enable formal verification of software and tools Releases April 2017: v8.2 July 2017: v8.3 Working with Cambridge University REMS group to convert to SAIL Backends for HOL, OCaml, Memory model, (hopefully Coq too) Tools: Talk to me about how I can help you use it 40
57 Potential uses of processor specifications Verifying compilers Verifying OS page table / interrupt / boot code Verifying processor pipelines Verification and discovery of peephole optimizations Automatic generation of binary translators Automatic generation of test cases Decompilation of binaries Abstract interpretation of binaries etc. 41
58 How can you trust formally verified software?
59 How can you trust formal specifications? Test the specifications you depend on Ensure specifications have multiple uses Create meta-specifications 43 Hiring in Security and Correctness group contact me
60 Thank You! Danke! Merci! ありがとう! Gracias! Kiitos! Trustworthy Specifications of the ARM v8-a and v8-m architecture, FMCAD 2016 End to End Verification of ARM processors with ISA Formal, CAV 2016 Who guards the guards? Formal Validation of ARM v8-m Specifications, OOPSLA
How Can You Trust Formally Verified Software?
How Can You Trust Formally Verified Software? Alastair Reid Arm Research @alastair_d_reid Formal verification Of libraries and apps Of compilers Of operating systems 2 Fonseca et al., An Empirical Study
More informationHow Can You Trust Formally Verified Software?
How Can You Trust Formally Verified Software? Alastair Reid Arm Research @alastair_d_reid Buffer over-read vulnerabilities Use after free s e i t i l i b a r e n l u v r o r r e c Logi Buffer overflow
More informationSpecifications: The Next Verification Bottleneck
Specifications: The Next Verification Bottleneck Alastair Reid Arm Research @alastair_d_reid Overview 1. What specifications do we need? 2. ARM s formal processor specifications 3. Three steps I took to
More informationHow Can You Trust Formally Verified Software?
34 th Chaos Communication Congress How Can You Trust Formally Verified Software? Alastair Reid @alastair_d_reid ARM Research Arm Processor Architecture Widely used in many different areas: phones, tablets,
More informationVerification by the book: ISA Formal at ARM
Verification by the book: ISA Formal at ARM Will Keen Senior Engineer, CPU Group ARM Ltd TVS Formal Verification Conference 27/06/2017 Roadmap Problem: CPU verification is really hard! Verification by
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More information2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee
2017 Arm Limited How to design an IoT SoC and get Arm CPU IP for no upfront license fee An enhanced Arm DesignStart Building on a strong foundation Successfully used by 1000s of designers, researchers
More informationAccelerating intelligence at the edge for embedded and IoT applications
Accelerating intelligence at the edge for embedded and IoT applications Arm Tech Symposia 2017 Agenda The emergence of intelligence at the edge Requirements for intelligent edge computing IP and technologies
More informationOptimize HPC - Application Efficiency on Many Core Systems
Meet the experts Optimize HPC - Application Efficiency on Many Core Systems 2018 Arm Limited Florent Lebeau 27 March 2018 2 2018 Arm Limited Speedup Multithreading and scalability I wrote my program to
More informationImplementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited
Implementing debug and trace access through functional I/O Alvin Yang Staff FAE Arm Tech Symposia 2017 Agenda Debug and trace access limitations A new approach Protocol based Bare metal vs mission mode
More informationFormal for Everyone Challenges in Achievable Multicore Design and Verification. FMCAD 25 Oct 2012 Daryl Stewart
Formal for Everyone Challenges in Achievable Multicore Design and Verification FMCAD 25 Oct 2012 Daryl Stewart 1 ARM is an IP company ARM licenses technology to a network of more than 1000 partner companies
More informationBeyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationArm TrustZone Armv8-M Primer
Arm TrustZone Armv8-M Primer Odin Shen Staff FAE Arm Arm Techcon 2017 Security Security technologies review Application Level Security Designed with security in mind: authentication and encryption Privilege
More informationTranslation Validation for a Verified OS Kernel
To appear in PLDI 13 Translation Validation for a Verified OS Kernel Thomas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 1 NICTA, Australia 2 University of Cambridge, UK L4.verified sel4 = a formally verified
More informationImprove the container image compatibility on Arm
Improve the container image compatibility on Arm Wei.Chen@arm.com Penny.Zheng@arm.com Edinburgh, UK / Open Source Summit Europe 2018 2018-10-24 Agenda Background Why image compatibility on Arm is an issue
More informationUsing Virtual Platforms To Improve Software Verification and Validation Efficiency
Using Virtual Platforms To Improve Software Verification and Validation Efficiency Odin Shen Staff FAE Arm Arm Tech Symposia Taiwan 2017 Software complexity and best practices Software Costs Increasing
More informationBeyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
More informationArm crossplatform. VI-HPS platform October 16, Arm Limited
Arm crossplatform tools VI-HPS platform October 16, 2018 An introduction to Arm Arm is the world's leading semiconductor intellectual property supplier We license to over 350 partners: present in 95% of
More informationJob Posting (Aug. 19) ECE 425. ARM7 Block Diagram. ARM Programming. Assembly Language Programming. ARM Architecture 9/7/2017. Microprocessor Systems
Job Posting (Aug. 19) ECE 425 Microprocessor Systems TECHNICAL SKILLS: Use software development tools for microcontrollers. Must have experience with verification test languages such as Vera, Specman,
More informationMemory Models. Registers
Memory Models Most machines have a single linear address space at the ISA level, extending from address 0 up to some maximum, often 2 32 1 bytes or 2 64 1 bytes. Some machines have separate address spaces
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationBuilding firmware update: The devil is in the details
Building firmware update: The devil is in the details Atsushi Haruta, IoT Services Group, Arm Arm Tech Symposia Japan 2017 Arm Mbed: Secure device management Application Cloud Mbed Cloud Secure, scalable,
More informationDesign Process. in an embedded system. Kasper Ornstein Mecklenburg SW/HW development engineer Arm Limited
Design Process in an embedded system Kasper Ornstein Mecklenburg SW/HW development engineer Arm in Lund Two offices; one at Ideon and one downtown (old Mistbase) Graphics, video and wireless SW, digital
More informationWAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited
WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Artificial Intelligence Fifth wave Data-driven computing era IoT Generating data 5G 5G Transporting
More informationA Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture. Anthony Fox and Magnus O. Myreen University of Cambridge
A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture Anthony Fox and Magnus O. Myreen University of Cambridge Background Instruction set architectures play an important role in
More informationGerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
More informationLecture 2: Big-Step Semantics
Lecture 2: Big-Step Semantics 1 Representing Abstract Syntax These are examples of arithmetic expressions: 2 * 4 1 + 2 + 3 5 * 4 * 2 1 + 2 * 3 We all know how to evaluate these expressions in our heads.
More informationVolume II, Section 5 Table of Contents
Volume II, Section 5 Table of Contents 5...5-1 5.1 Scope...5-1 5.2 Basis of...5-1 5.3 Initial Review of Documentation...5-2 5.4 Source Code Review...5-2 5.4.1 Control Constructs...5-3 5.4.1.1 Replacement
More informationProgram verification. Generalities about software Verification Model Checking. September 20, 2016
Program verification Generalities about software Verification Model Checking Laure Gonnord David Monniaux September 20, 2016 1 / 43 The teaching staff Laure Gonnord, associate professor, LIP laboratory,
More informationRandomised testing of a microprocessor model using SMT-solver state generation
Randomised testing of a microprocessor model using SMT-solver state generation Brian Campbell Ian Stark LFCS, School of Informatics, University of Edinburgh, UK Rigorous Engineering for Mainstream Systems
More informationTowards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
More informationCS 550 Operating Systems Spring Interrupt
CS 550 Operating Systems Spring 2019 Interrupt 1 Revisit -- Process MAX Stack Function Call Arguments, Return Address, Return Values Kernel data segment Kernel text segment Stack fork() exec() Heap Data
More informationDPDK on Arm64 Status Review & Plan
DPDK on Arm64 Status Review & Plan Song.zhu@arm.com Yi.He@arm.com Herbert.Guan@arm.com 19/03/2018 2018 Arm Limited DPDK Overview Data Plane Development Kit A set of libraries and drivers for fast packet
More informationCompute solutions for mass deployment of autonomy
Compute solutions for mass deployment of autonomy Rod Watt Director of Vehicle Architecture and System Analysis Introduction 2 From inception to now 1990 Joint venture between Acorn Computers and Apple.
More informationSoftware Ecosystem for Arm-based HPC
Software Ecosystem for Arm-based HPC CUG 2018 - Stockholm Florent.Lebeau@arm.com Ecosystem for HPC List of components needed: Linux OS availability Compilers Libraries Job schedulers Debuggers Profilers
More informationHow to Build Optimized ML Applications with Arm Software
How to Build Optimized ML Applications with Arm Software Arm Technical Symposia 2018 ML Group Overview Today we will talk about applied machine learning (ML) on Arm. My aim for today is to show you just
More informationVerification at ARM. Overview 1/18/18
Verification at ARM Alan Hunter Overview The focus will be on CPU cores Arm then and now How we think about DV DV history A side note on complexity So we just need to boot an OS right? What a real project
More informationEE 457 Unit 8. Exceptions What Happens When Things Go Wrong
1 EE 457 Unit 8 Exceptions What Happens When Things Go Wrong 2 What are Exceptions? Exceptions are rare events triggered by the hardware and forcing the processor to execute a software handler HW Interrupts
More informationOperating System Control Structures
Operating System Control Structures Information about the current status of each process and resource Tables are constructed for each entity the operating system manages 26 Memory Tables Allocation of
More informationHow to Build Optimized ML Applications with Arm Software
How to Build Optimized ML Applications with Arm Software Arm Technical Symposia 2018 Arm K.K. Senior FAE Ryuji Tanaka Overview Today we will talk about applied machine learning (ML) on Arm. My aim for
More informationVerification by Static Analysis
Verification by Static Analysis Intelligent Testing Conference Bristol, 17 th March 2014 Verification overview Software Verification is The process of evaluating software during or at the end of the development
More informationHomework #2. If (your ID number s last two digits % 6) = 0: 6, 12, 18
2005/Sep/19 1 Homework #2 Chapter 1: Exercises 7, 9 with modifications: for Exercise 7.a: 20 and 32 are changed as your ID number s last two digits and 60. for Exercise 9: 47x25 are change as 47x(your
More informationASSEMBLY LANGUAGE MACHINE ORGANIZATION
ASSEMBLY LANGUAGE MACHINE ORGANIZATION CHAPTER 3 1 Sub-topics The topic will cover: Microprocessor architecture CPU processing methods Pipelining Superscalar RISC Multiprocessing Instruction Cycle Instruction
More informationApplied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code. Anthony Fox University of Cambridge, Computer Laboratory
Applied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code Anthony Fox University of Cambridge, Computer Laboratory Overview This talk will mainly focus on 1. Specifying instruction
More informationHECTOR: Formal System-Level to RTL Equivalence Checking
ATG SoC HECTOR: Formal System-Level to RTL Equivalence Checking Alfred Koelbl, Sergey Berezin, Reily Jacoby, Jerry Burch, William Nicholls, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2008
More informationChapter 12. CPU Structure and Function. Yonsei University
Chapter 12 CPU Structure and Function Contents Processor organization Register organization Instruction cycle Instruction pipelining The Pentium processor The PowerPC processor 12-2 CPU Structures Processor
More informationIdentifying Security Critical Properties for the Dynamic Verification of a Processor
Identifying Security Critical Properties for the Dynamic Verification of a Processor Rui Zhang, Natalie Stanley, Christopher Griggs, Andrew Chi, Cynthia Sturton 04-12-2017, ASLOS XI AN CHINA 1 Processor
More informationBeyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited
Beyond TrustZone PSA Rob Coombs Security Director Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary
More informationTZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12
TZMP-1 Software Reference Implementation Ken Liu 2018-Mar-12 2018 Arm Limited Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference
More informationVerifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
More informationA Practical Approach to Programming With Assertions
A Practical Approach to Programming With Assertions Ken Bell Christian-Albrechts Universität Kiel Department of Computer Science and Applied Mathematics Real-Time Systems and Embedded Systems Group July
More informationWhat are Exceptions? EE 457 Unit 8. Exception Processing. Exception Examples 1. Exceptions What Happens When Things Go Wrong
8. 8.2 What are Exceptions? EE 457 Unit 8 Exceptions What Happens When Things Go Wrong Exceptions are rare events triggered by the hardware and forcing the processor to execute a software handler Similar
More informationConnect your IoT device: Bluetooth 5, , NB-IoT
Connect your IoT device: Bluetooth 5, 802.15.4, NB-IoT Prithi Ramakrishnan Arm TechTalk 2017 IoT connectivity technologies Multiple standards, different applications Throughput Unlicensed >100Mbps Wi-Fi
More informationIntegrating verification in programming languages
Integrating verification in programming languages Thomas Jensen, INRIA Seminar INRIA Rennes, 04/11/2015 Collège de France Chaire Algorithmes, machines et langages x / y Types For division to make sense,
More informationAvoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Völp, Adam Lackorzynski *, Jérémie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Veríssimo University
More informationRandomised testing of a HOL 4 microprocessor model
Randomised testing of a HOL 4 microprocessor model Brian Campbell REMS project LFCS, University of Edinburgh 31st January 2014 1 / 41 Why are we testing a processor model? Want a good model for: Cost-lifting
More informationA framework for verification of Program Control Unit of VLIW processors
A framework for verification of Program Control Unit of VLIW processors Santhosh Billava, Saankhya Labs, Bangalore, India (santoshb@saankhyalabs.com) Sharangdhar M Honwadkar, Saankhya Labs, Bangalore,
More information18-349: Embedded Real-Time Systems Lecture 2: ARM Architecture
18-349: Embedded Real-Time Systems Lecture 2: ARM Architecture Anthony Rowe Electrical and Computer Engineering Carnegie Mellon University Basic Computer Architecture Embedded Real-Time Systems 2 Memory
More informationUnleash the DSP performance of Arm Cortex processors
Unleash the DSP performance of Arm Cortex processors Arm Tech Symposia 2017 Lionel Belnet Senior Product Manager Agenda Unleash the DSP performance of Cortex processors 1 Introducing Arm Cortex technology
More informationBringing Intelligence to Enterprise Storage Drives
Bringing Intelligence to Enterprise Storage Drives Neil Werdmuller Director Storage Solutions Arm Santa Clara, CA 1 Who am I? 28 years experience in embedded Lead the storage solutions team Work closely
More informationCertitude Functional Qualification with Formal Verification. Jean-Marc Forey November 2012
Certitude Functional Qualification with Formal Verification Jean-Marc Forey November 2012 Springsoft Proprietary Topics Case study presentation Why Verification Verification efficiency Formal verification
More informationCPU Structure and Function
Computer Architecture Computer Architecture Prof. Dr. Nizamettin AYDIN naydin@yildiz.edu.tr nizamettinaydin@gmail.com http://www.yildiz.edu.tr/~naydin CPU Structure and Function 1 2 CPU Structure Registers
More informationDirections in ISA Specification. Anthony Fox. Computer Laboratory, University of Cambridge, UK
Directions in ISA Specification Anthony Fox Computer Laboratory, University of Cambridge, UK Abstract. This rough diamond presents a new domain-specific language (DSL) for producing detailed models of
More informationCSE 410. Operating Systems
CSE 410 Operating Systems Handout: syllabus 1 Today s Lecture Course organization Computing environment Overview of course topics 2 Course Organization Course website http://www.cse.msu.edu/~cse410/ Syllabus
More informationChapter 5. Introduction ARM Cortex series
Chapter 5 Introduction ARM Cortex series 5.1 ARM Cortex series variants 5.2 ARM Cortex A series 5.3 ARM Cortex R series 5.4 ARM Cortex M series 5.5 Comparison of Cortex M series with 8/16 bit MCUs 51 5.1
More informationRuntime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationGaps in Static Analysis Tool Capabilities. Providing World-Class Services for World-Class Competitiveness
Gaps in Static Analysis Tool Capabilities 1 Overview Gaps in Static Analysis tools as identified during the evaluation of five (5) commercially available static analysis tools Collaborative effort between
More informationChapter 2: Algorithm Discovery and Design. Invitation to Computer Science, C++ Version, Fourth Edition
Chapter 2: Algorithm Discovery and Design Invitation to Computer Science, C++ Version, Fourth Edition Objectives In this chapter, you will learn about Representing algorithms Examples of algorithmic problem
More informationImproving Interrupt Response Time in a Verifiable Protected Microkernel
Improving Interrupt Response Time in a Verifiable Protected Microkernel Bernard Blackham Yao Shi Gernot Heiser The University of New South Wales & NICTA, Sydney, Australia EuroSys 2012 Motivation The desire
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationAdopt-a-JSR July Meeting
Adopt-a-JSR July Meeting Special Guest: Arun Gupta Bruno Souza, Heather VanCura, Martijn Verburg 1 July 2013 Welcome! You expanded wiki into eight languages: Arabic, Chinese, English, French, German, Portuguese,
More informationCycle Approximate Simulation of RISC-V Processors
Cycle Approximate Simulation of RISC-V Processors Lee Moore, Duncan Graham, Simon Davidmann Imperas Software Ltd. Felipe Rosa Universidad Federal Rio Grande Sul Embedded World conference 27 February 2018
More informationThe Changing Face of Edge Compute
The Changing Face of Edge Compute 2018 Arm Limited Alvin Yang Nov 2018 Market trends acceleration of technology deployment 26 years 4 years 100 billion chips shipped 100 billion chips shipped 1 Trillion
More informationHardware- Software Co-design at Arm GPUs
Hardware- Software Co-design at Arm GPUs Johan Grönqvist MCC 2017 - Uppsala About Arm Arm Mali GPUs: The World s #1 Shipping Graphics Processor 151 Total Mali licenses 21 Mali video and display licenses
More informationInterrupts (Exceptions) Gary J. Minden September 11, 2014
Interrupts (Exceptions) Gary J. Minden September 11, 2014 1 Interrupts Motivation Implementation Material from Stellaris LM3S1968 Micro-controller Datasheet Sections 2.5 and 2.6 2 Motivation Our current
More informationA New Security Platform for High Performance Client SoCs
A New Security Platform for High Performance Client SoCs Udi Maor, Sr. Product manager, Client Line of Business October 2018 udi.maor@arm.com Agenda What are Client devices? Arm s approach to Trusted Execution
More informationCombining program verification with component-based architectures. Alexander Senier BOB 2018 Berlin, February 23rd, 2018
Combining program verification with component-based architectures Alexander Senier BOB 2018 Berlin, February 23rd, 2018 About Componolit 2 What happens when we use what's best? 3 What s Best? Mid-90ies:
More informationThe Low-Level Bounded Model Checker LLBMC
The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Carsten Sinz Stephan Falke Florian Merz October 7, 2010 VERIFICATION MEETS ALGORITHM ENGINEERING KIT University of the State of
More informationRunning Applications
Running Applications Computer Hardware Central Processing Unit (CPU) CPU PC IR MAR MBR I/O AR I/O BR To exchange data with memory Brain of Computer, controls everything Few registers PC (Program Counter):
More informationInception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati
Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati (EURECOM) Aurélien Francillon (EURECOM) 08/15/18 Embedded
More informationAND SOLUTION FIRST INTERNAL TEST
Faculty: Dr. Bajarangbali P.E.S. Institute of Technology( Bangalore South Campus) Hosur Road, ( 1Km Before Electronic City), Bangalore 560100. Department of Electronics and Communication SCHEME AND SOLUTION
More informationProgramming Languages and Compilers Qualifying Examination. Answer 4 of 6 questions.
Programming Languages and Compilers Qualifying Examination Fall 2017 Answer 4 of 6 questions. GENERAL INSTRUCTIONS 1. Answer each question in a separate book. 2. Indicate on the cover of each book the
More informationInformation Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo
Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE The University of Tokyo furuse@yl.is.s.u-tokyo.ac.jp e-society MEXT project toward secure and reliable software
More informationMutable References. Chapter 1
Chapter 1 Mutable References In the (typed or untyped) λ-calculus, or in pure functional languages, a variable is immutable in that once bound to a value as the result of a substitution, its contents never
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationRevolutioni W zi h Wn e hgn e n F a Mi i s liu lsir u e ro e Cri I ti s Ic N al o t V A e n ri n O fi p c ti a o ti n oo
Formal Verification Revolutionizing Mission Critical Verification When Failure Is Not An Option Formal-based Security Verification www.onespin.com March 2016 HW Security Issues More Common Than Thought
More informationInterrupts (Exceptions) (From LM3S1968) Gary J. Minden August 29, 2016
Interrupts (Exceptions) (From LM3S1968) Gary J. Minden August 29, 2016 1 Interrupts Motivation Implementation Material from Stellaris LM3S1968 Micro-controller Datasheet Sections 2.5 and 2.6 2 Motivation
More informationShuntaint: Emulation-based Security Testing for Formal Verification
Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz ramosblc@gmail.com Abstract. This paper describes an emulated approach to collect traces of program states, in order to verify
More informationWilliam Stallings Computer Organization and Architecture. Chapter 11 CPU Structure and Function
William Stallings Computer Organization and Architecture Chapter 11 CPU Structure and Function CPU Structure CPU must: Fetch instructions Interpret instructions Fetch data Process data Write data Registers
More informationStatic, multiple-issue (superscaler) pipelines
Static, multiple-issue (superscaler) pipelines Start more than one instruction in the same cycle Instruction Register file EX + MEM + WB PC Instruction Register file EX + MEM + WB 79 A static two-issue
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationHi Hsiao-Lung Chan, Ph.D. Dept Electrical Engineering Chang Gung University, Taiwan
ARM Programmers Model Hi Hsiao-Lung Chan, Ph.D. Dept Electrical Engineering Chang Gung University, Taiwan chanhl@maili.cgu.edu.twcgu Current program status register (CPSR) Prog Model 2 Data processing
More informationARM Cortex A9. ARM Cortex A9
ARM Cortex A9 Four dedicated registers are used for special purposes. The IP register works around the limitations of the ARM functional call instruction (BL) which cannot fully address all of its 2 32
More informationVerified compilers. Guest lecture for Compiler Construction, Spring Magnus Myréen. Chalmers University of Technology
Guest lecture for Compiler Construction, Spring 2015 Verified compilers Magnus Myréen Chalmers University of Technology Mentions joint work with Ramana Kumar, Michael Norrish, Scott Owens and many more
More informationProcess Description and Control. Major Requirements of an Operating System
Process Description and Control Chapter 3 1 Major Requirements of an Operating System Interleave the execution of several processes to maximize processor utilization while providing reasonable response
More informationMajor Requirements of an Operating System Process Description and Control
Major Requirements of an Operating System Process Description and Control Chapter 3 Interleave the execution of several processes to maximize processor utilization while providing reasonable response time
More informationVerasco: a Formally Verified C Static Analyzer
Verasco: a Formally Verified C Static Analyzer Jacques-Henri Jourdan Joint work with: Vincent Laporte, Sandrine Blazy, Xavier Leroy, David Pichardie,... June 13, 2017, Montpellier GdR GPL thesis prize
More information1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.
1. true / false By a compiler we mean a program that translates to code that will run natively on some machine. 2. true / false ML can be compiled. 3. true / false FORTRAN can reasonably be considered
More informationTurning proof assistants into programming assistants
Turning proof assistants into programming assistants ST Winter Meeting, 3 Feb 2015 Magnus Myréen Why? Why combine proof- and programming assistants? Why proofs? Testing cannot show absence of bugs. Some
More information