How Can You Trust Formally Verified Software?
|
|
- Berniece Walsh
- 5 years ago
- Views:
Transcription
1 How Can You Trust Formally Verified Software? Alastair Reid Arm
2 Formal verification Of libraries and apps Of compilers Of operating systems 2
3 Fonseca et al., An Empirical Study on the Correctness of Formally Verified Distributed Systems, Eurosys 17 Formally Verified Software 3
4 Fonseca et al., An Empirical Study on the Correctness of Formally Verified Distributed Systems, Eurosys 17 Formally Verified Software Verification Tool Shim Code Formal Specifications 3
5 Takeaway #1: 3 key questions to ask 1. What specifications does your proof rely on? 2. Why do you trust those specifications? 3. Does anybody else use these specifications? 4
6 Takeaway #2: Specifications must have multiple uses 5
7 Takeaway #2: Specifications must have multiple uses 6
8 How can you trust formally verified software? How can you trust formally verified software? Specifications are part of the TCB 3 key questions Specifications must have multiple users How can you trust formal specifications? Testing specifications Verifying processors Verifying specifications How can you trust formally verified software? 7
9 Trustworthy Specifications of the ARM v8-a and v8-m architecture, FMCAD 2016 Creating trustworthy specifications
10 Arm Architecture Reference Manual (ARMARM) Pages bit / 64-bit Instructions Exceptions / Interrupts Privilege / Security Virtual Memory System registers Debug / Trace Profiling 9
11 English prose 10
12 Pseudocode 11
13 Arm Architecture Specification Language (ASL) Indentation-based syntax Imperative First-order Strongly typed (type inference, polymorphism, dependent types) Bit-vectors Unbounded integers Infinite precision reals Arrays, Records, Enumerations Exceptions 12
14 ASL Spec Lexer Parser Typechecker C Backend Interpreter 13
15 Architectural Conformance Suite Processor architectural compliance sign-off Large v8-a 11,000 test programs, > 2 billion instructions v8-m 3,500 test programs, > 250 million instructions Thorough Tests dark corners of specification 14
16 Tesfng Pass Rate (Arfsts Impression) ISA Supervisor Hypervisor/Security Time 15 15
17 v8-m 100% 75% 50% 25% 0% 16 16
18 Measuring architecture coverage of tests Untested: op1*op2 == -3.0, FPCR.RND=-Inf 17
19 18
20 End to End Verification of ARM processors with ISA Formal, CAV 2016 Formal verification of processors
21 Checking an instrucfon ADD ARMResearch 20
22 Checking an instrucfon CMP LDR ADD STR BNE Context ARMResearch 20
23 IF ID EX MEM WB Fetch Decode R0 - R15 R0 - R15 Memory 21
24 IF ID EX MEM WB Fetch Decode R0 - R15 R0 - R15 Memory πpost πpre 21
25 IF ID EX MEM WB Fetch Decode R0 - R15 R0 - R15 Memory πpost Post_cpu πpre Pre Post_spec Spec ==? 21
26 Architecture Specification ASL to Verilog Combinational Verilog Specialize Monomorphize Constant Propagation Width Analysis Exception Handling ARMResearch 22
27 Arm CPUs verified with ISA-Formal A-class Cortex-A53 Cortex-A32 Cortex-A35 Cortex-A55 Next generation R-class Cortex-R52 Next generation M-class Cortex-M4 Cortex-M7 Cortex-M33 Next generation Cambridge Projects Rolling out globally to other design centres 23 Sophia, France - Cortex-A75 (partial) Austin, USA - TBA Chandler, USA - TBA
28 24
29 Who guards the guards? Formal Validation of ARM v8-m Specifications OOPSLA 2017 Formal validation of specifications
30 Suppose Last year: audited all accesses to privileged registers Specification: Added missing privilege checks Testsuite: Added new tests to test every privilege check Formal testbench: Verify every check This year: add new instruction but accidentally omit privilege check How many tests in the test suite will fail on new specification? 26
31 Can we formally verify specification? Specification of the specification Disallowed behaviour Invariants Cross-cutting properties Tools that can prove properties of ASL specifications 27
32 28
33 State change 28
34 State change Event 28
35 29
36 Input Output State State 29
37 Input ExceptionEntry Output State State 29
38 Input ExceptionEntry Output State TakeReset State 29
39 rule lockup_exit assume Fell(LockedUp); Called(TakeColdReset) Called(TakeReset) Rose(InDebugState()) Called(ExceptionEntry); 30
40 Converting ASL to SMT Functions Local Variables Statements Assignments If-statements Exceptions Arithmetic operations Boolean operations Bit Vectors Arrays Functions Local Variables Statements Assignments If-statements Exceptions Arithmetic operations Boolean operations Bit Vectors Arrays 31
41 Formally Validating Specifications v8-m Spec Property Verification CEX Bug in Spec Proof 32
42 Formally Validating Specifications 12 Bugs v8-m Spec Verification CEX Found Bug in Spec so far Property Proof 32
43 33
44 33 rule lockup entry assume Rose(LockedUp); assume Called(TakeReset); property a HaveMainExt() CFSR!= 0; property b1 Stable(ExnPending); property b2 Stable(ExnActive); property c PC == 0xEFFFFFFE; property e HFSR.FORCED == 0;
45 33 rule lockup entry assume Rose(LockedUp); assume Called(TakeReset); property a HaveMainExt() CFSR!= 0; property b1 Stable(ExnPending); property b2 Stable(ExnActive); property c PC == 0xEFFFFFFE; property e HFSR.FORCED == 0; Stable(HFSR.FORCED);
46 33 Debug view of is not changed. rule lockup entry assume Rose(LockedUp); assume Called(TakeReset); property a HaveMainExt() CFSR!= 0; property b1 Stable(ExnPending); property b2 Stable(ExnActive); property c PC == 0xEFFFFFFE; property e HFSR.FORCED == 0; Stable(HFSR.FORCED);
47 34
48 ARM Test Suite C Backend Test Coverage ASL Spec Lexer Parser Typechecker Interpreter Verilog Backend Simulation Trace Bounded Model Checker Arm Processor Architecture Properties SMT Backend SMT Solver 35
49 Public release of machine readable Arm specification Enable formal verificafon of somware and tools Releases April 2017: v8.2 July 2017: v8.3 Working with Cambridge University REMS group to convert to SAIL Backends for HOL, OCaml, Memory model, (hopefully Coq too) Tools: hops://github.com/alastairreid/mra_tools Talk to me about how I can help you use it 36
50 Potential uses of processor specifications Verifying compilers Verifying OS page table / interrupt / boot code Verifying processor pipelines Verification and discovery of peephole optimizations Automatic generation of binary translators Automatic generation of test cases Decompilation of binaries Abstract interpretation of binaries etc. 37
51 How can you trust formally verified software?
52 How can you trust formal specifications? Test the specifications you depend on Ensure specifications have multiple uses Create meta-specifications 39
53 Thank You! Danke! 谢谢! ありがとう! Gracias! Kiitos! Trustworthy Specifications of the ARM v8-a and v8-m architecture, FMCAD 2016 End to End Verification of ARM processors with ISA Formal, CAV 2016 Who guards the guards? Formal Validation of ARM v8-m Specifications OOPSLA
How Can You Trust Formally Verified Software?
How Can You Trust Formally Verified Software? Alastair Reid Arm Research @alastair_d_reid Buffer over-read vulnerabilities Use after free s e i t i l i b a r e n l u v r o r r e c Logi Buffer overflow
More informationHow Can You Trust Formally Verified Software?
How Can You Trust Formally Verified Software? Alastair Reid Arm Research @alastair_d_reid https://www.theguardian.com/business/2015/may/01/us-aviation-authority-boeing-787-dreamliner-bug-could-cause-loss-of-control
More informationSpecifications: The Next Verification Bottleneck
Specifications: The Next Verification Bottleneck Alastair Reid Arm Research @alastair_d_reid Overview 1. What specifications do we need? 2. ARM s formal processor specifications 3. Three steps I took to
More informationHow Can You Trust Formally Verified Software?
34 th Chaos Communication Congress How Can You Trust Formally Verified Software? Alastair Reid @alastair_d_reid ARM Research Arm Processor Architecture Widely used in many different areas: phones, tablets,
More informationVerification by the book: ISA Formal at ARM
Verification by the book: ISA Formal at ARM Will Keen Senior Engineer, CPU Group ARM Ltd TVS Formal Verification Conference 27/06/2017 Roadmap Problem: CPU verification is really hard! Verification by
More information2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee
2017 Arm Limited How to design an IoT SoC and get Arm CPU IP for no upfront license fee An enhanced Arm DesignStart Building on a strong foundation Successfully used by 1000s of designers, researchers
More informationAccelerating intelligence at the edge for embedded and IoT applications
Accelerating intelligence at the edge for embedded and IoT applications Arm Tech Symposia 2017 Agenda The emergence of intelligence at the edge Requirements for intelligent edge computing IP and technologies
More informationOptimize HPC - Application Efficiency on Many Core Systems
Meet the experts Optimize HPC - Application Efficiency on Many Core Systems 2018 Arm Limited Florent Lebeau 27 March 2018 2 2018 Arm Limited Speedup Multithreading and scalability I wrote my program to
More informationFormal for Everyone Challenges in Achievable Multicore Design and Verification. FMCAD 25 Oct 2012 Daryl Stewart
Formal for Everyone Challenges in Achievable Multicore Design and Verification FMCAD 25 Oct 2012 Daryl Stewart 1 ARM is an IP company ARM licenses technology to a network of more than 1000 partner companies
More informationImprove the container image compatibility on Arm
Improve the container image compatibility on Arm Wei.Chen@arm.com Penny.Zheng@arm.com Edinburgh, UK / Open Source Summit Europe 2018 2018-10-24 Agenda Background Why image compatibility on Arm is an issue
More informationImplementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited
Implementing debug and trace access through functional I/O Alvin Yang Staff FAE Arm Tech Symposia 2017 Agenda Debug and trace access limitations A new approach Protocol based Bare metal vs mission mode
More informationBuilding firmware update: The devil is in the details
Building firmware update: The devil is in the details Atsushi Haruta, IoT Services Group, Arm Arm Tech Symposia Japan 2017 Arm Mbed: Secure device management Application Cloud Mbed Cloud Secure, scalable,
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationBeyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationHECTOR: Formal System-Level to RTL Equivalence Checking
ATG SoC HECTOR: Formal System-Level to RTL Equivalence Checking Alfred Koelbl, Sergey Berezin, Reily Jacoby, Jerry Burch, William Nicholls, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2008
More informationUsing Virtual Platforms To Improve Software Verification and Validation Efficiency
Using Virtual Platforms To Improve Software Verification and Validation Efficiency Odin Shen Staff FAE Arm Arm Tech Symposia Taiwan 2017 Software complexity and best practices Software Costs Increasing
More informationArm crossplatform. VI-HPS platform October 16, Arm Limited
Arm crossplatform tools VI-HPS platform October 16, 2018 An introduction to Arm Arm is the world's leading semiconductor intellectual property supplier We license to over 350 partners: present in 95% of
More informationDesign Process. in an embedded system. Kasper Ornstein Mecklenburg SW/HW development engineer Arm Limited
Design Process in an embedded system Kasper Ornstein Mecklenburg SW/HW development engineer Arm in Lund Two offices; one at Ideon and one downtown (old Mistbase) Graphics, video and wireless SW, digital
More informationA Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture. Anthony Fox and Magnus O. Myreen University of Cambridge
A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture Anthony Fox and Magnus O. Myreen University of Cambridge Background Instruction set architectures play an important role in
More informationTranslation Validation for a Verified OS Kernel
To appear in PLDI 13 Translation Validation for a Verified OS Kernel Thomas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 1 NICTA, Australia 2 University of Cambridge, UK L4.verified sel4 = a formally verified
More informationVerification at ARM. Overview 1/18/18
Verification at ARM Alan Hunter Overview The focus will be on CPU cores Arm then and now How we think about DV DV history A side note on complexity So we just need to boot an OS right? What a real project
More informationDPDK on Arm64 Status Review & Plan
DPDK on Arm64 Status Review & Plan Song.zhu@arm.com Yi.He@arm.com Herbert.Guan@arm.com 19/03/2018 2018 Arm Limited DPDK Overview Data Plane Development Kit A set of libraries and drivers for fast packet
More informationArm TrustZone Armv8-M Primer
Arm TrustZone Armv8-M Primer Odin Shen Staff FAE Arm Arm Techcon 2017 Security Security technologies review Application Level Security Designed with security in mind: authentication and encryption Privilege
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationWAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited
WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Artificial Intelligence Fifth wave Data-driven computing era IoT Generating data 5G 5G Transporting
More informationHow to Build Optimized ML Applications with Arm Software
How to Build Optimized ML Applications with Arm Software Arm Technical Symposia 2018 Arm K.K. Senior FAE Ryuji Tanaka Overview Today we will talk about applied machine learning (ML) on Arm. My aim for
More informationLecture 2: Big-Step Semantics
Lecture 2: Big-Step Semantics 1 Representing Abstract Syntax These are examples of arithmetic expressions: 2 * 4 1 + 2 + 3 5 * 4 * 2 1 + 2 * 3 We all know how to evaluate these expressions in our heads.
More informationA New Security Platform for High Performance Client SoCs
A New Security Platform for High Performance Client SoCs Udi Maor, Sr. Product manager, Client Line of Business October 2018 udi.maor@arm.com Agenda What are Client devices? Arm s approach to Trusted Execution
More informationAdopt-a-JSR July Meeting
Adopt-a-JSR July Meeting Special Guest: Arun Gupta Bruno Souza, Heather VanCura, Martijn Verburg 1 July 2013 Welcome! You expanded wiki into eight languages: Arabic, Chinese, English, French, German, Portuguese,
More informationHow to Build Optimized ML Applications with Arm Software
How to Build Optimized ML Applications with Arm Software Arm Technical Symposia 2018 ML Group Overview Today we will talk about applied machine learning (ML) on Arm. My aim for today is to show you just
More informationTZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12
TZMP-1 Software Reference Implementation Ken Liu 2018-Mar-12 2018 Arm Limited Content DRM Applications and Secure Video Path Regular Secure Video Path Design with Trustzone TZMP1 Design Concepts Reference
More informationBeyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
More informationA Proposal for a More Generic, More Accountable, Verilog DCC 2010
A Proposal for a More Generic, More Accountable, Verilog Cherif Salama Walid Taha DCC 2010 Technology Gap Verilog/VHDL progress vs. manufacturing technology progress 2 Technology Gap Verilog/VHDL progress
More informationRandomised testing of a microprocessor model using SMT-solver state generation
Randomised testing of a microprocessor model using SMT-solver state generation Brian Campbell Ian Stark LFCS, School of Informatics, University of Edinburgh, UK Rigorous Engineering for Mainstream Systems
More informationConnect your IoT device: Bluetooth 5, , NB-IoT
Connect your IoT device: Bluetooth 5, 802.15.4, NB-IoT Prithi Ramakrishnan Arm TechTalk 2017 IoT connectivity technologies Multiple standards, different applications Throughput Unlicensed >100Mbps Wi-Fi
More informationUnleash the DSP performance of Arm Cortex processors
Unleash the DSP performance of Arm Cortex processors Arm Tech Symposia 2017 Lionel Belnet Senior Product Manager Agenda Unleash the DSP performance of Cortex processors 1 Introducing Arm Cortex technology
More informationBringing Intelligence to Enterprise Storage Drives
Bringing Intelligence to Enterprise Storage Drives Neil Werdmuller Director Storage Solutions Arm Santa Clara, CA 1 Who am I? 28 years experience in embedded Lead the storage solutions team Work closely
More informationDirections in ISA Specification. Anthony Fox. Computer Laboratory, University of Cambridge, UK
Directions in ISA Specification Anthony Fox Computer Laboratory, University of Cambridge, UK Abstract. This rough diamond presents a new domain-specific language (DSL) for producing detailed models of
More informationHardware- Software Co-design at Arm GPUs
Hardware- Software Co-design at Arm GPUs Johan Grönqvist MCC 2017 - Uppsala About Arm Arm Mali GPUs: The World s #1 Shipping Graphics Processor 151 Total Mali licenses 21 Mali video and display licenses
More informationSoftware Ecosystem for Arm-based HPC
Software Ecosystem for Arm-based HPC CUG 2018 - Stockholm Florent.Lebeau@arm.com Ecosystem for HPC List of components needed: Linux OS availability Compilers Libraries Job schedulers Debuggers Profilers
More informationRuntime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
More informationThe Changing Face of Edge Compute
The Changing Face of Edge Compute 2018 Arm Limited Alvin Yang Nov 2018 Market trends acceleration of technology deployment 26 years 4 years 100 billion chips shipped 100 billion chips shipped 1 Trillion
More informationBrowser Security Guarantees through Formal Shim Verification
Browser Security Guarantees through Formal Shim Verification Dongseok Jang Zachary Tatlock Sorin Lerner UC San Diego Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:
More informationCSE 410. Operating Systems
CSE 410 Operating Systems Handout: syllabus 1 Today s Lecture Course organization Computing environment Overview of course topics 2 Course Organization Course website http://www.cse.msu.edu/~cse410/ Syllabus
More informationApplied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code. Anthony Fox University of Cambridge, Computer Laboratory
Applied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code Anthony Fox University of Cambridge, Computer Laboratory Overview This talk will mainly focus on 1. Specifying instruction
More information2. [3 marks] Show your work in the computation for the following questions involving CPI and performance.
CS230 Spring 2018 Assignment 3 Due Date: Wednesday, July 11, 2017, 11:59 p.m. Weight: 7% of the course grade 1. (a) [3 marks] Write a MIPS program that takes a string as input from the user. Assume that
More informationAccelerate Ceph By SPDK on AArch64
Accelerate Ceph By on AArch64 Jun He, jun.he@arm.com 2018 Arm Limited Tone Zhang, tone.zhang@arm.com 2018/3/9 2018 Arm Limited What s? Storage Performance Development Kit A set of tools and libraries to
More informationArm s Latest CPU for Laptop-Class Performance
Arm s Latest CPU for Laptop-Class Performance 2018 Arm Limited Aditya Bedi Arm Tech Symposia India Untethered. Connected. Immersive. Innovation continues to drive growth and performance demands on our
More informationPart II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
More informationComprehensive Arm Solutions for Innovative Machine Learning (ML) and Computer Vision (CV) Applications
Comprehensive Arm Solutions for Innovative Machine Learning (ML) and Computer Vision (CV) Applications Helena Zheng ML Group, Arm Arm Technical Symposia 2017, Taipei Machine Learning is a Subset of Artificial
More informationDirections in ISA Specification
Directions in ISA Specification Anthony Fox Computer Laboratory, University of Cambridge, UK Abstract. This rough diamond presents a new domain-specific language (DSL) for producing detailed models of
More informationProof Pearl: The Termination Analysis of Terminator
Proof Pearl: The Termination Analysis of Terminator Joe Hurd Computing Laboratory Oxford University joe.hurd@comlab.ox.ac.uk Abstract. Terminator is a static analysis tool developed by Microsoft Research
More informationAdvanced IP solutions enabling the autonomous driving revolution
Advanced IP solutions enabling the autonomous driving revolution Chris Turner Director, Emerging Technology & Strategy, Embedded & Automotive Arm Shanghai, Beijing, Shenzhen Arm Tech Symposia 2017 Agenda
More informationCycle Approximate Simulation of RISC-V Processors
Cycle Approximate Simulation of RISC-V Processors Lee Moore, Duncan Graham, Simon Davidmann Imperas Software Ltd. Felipe Rosa Universidad Federal Rio Grande Sul Embedded World conference 27 February 2018
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationCombining program verification with component-based architectures. Alexander Senier BOB 2018 Berlin, February 23rd, 2018
Combining program verification with component-based architectures Alexander Senier BOB 2018 Berlin, February 23rd, 2018 About Componolit 2 What happens when we use what's best? 3 What s Best? Mid-90ies:
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationConnect Your IoT Device: Bluetooth 5, , NB-IoT
Connect Your IoT Device: Bluetooth 5, 802.15.4, NB-IoT Craig Tou Business Development Manager, Arm Arm Tech Symposia 2017, Taipei IoT Devices - Everything Connects New classes of connectivity for a new
More informationVerifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
More informationBeyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited
Beyond TrustZone PSA Rob Coombs Security Director Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary
More informationJob Posting (Aug. 19) ECE 425. ARM7 Block Diagram. ARM Programming. Assembly Language Programming. ARM Architecture 9/7/2017. Microprocessor Systems
Job Posting (Aug. 19) ECE 425 Microprocessor Systems TECHNICAL SKILLS: Use software development tools for microcontrollers. Must have experience with verification test languages such as Vera, Specman,
More informationVerasco: a Formally Verified C Static Analyzer
Verasco: a Formally Verified C Static Analyzer Jacques-Henri Jourdan Joint work with: Vincent Laporte, Sandrine Blazy, Xavier Leroy, David Pichardie,... June 13, 2017, Montpellier GdR GPL thesis prize
More informationIntegrating verification in programming languages
Integrating verification in programming languages Thomas Jensen, INRIA Seminar INRIA Rennes, 04/11/2015 Collège de France Chaire Algorithmes, machines et langages x / y Types For division to make sense,
More informationVerified compilers. Guest lecture for Compiler Construction, Spring Magnus Myréen. Chalmers University of Technology
Guest lecture for Compiler Construction, Spring 2015 Verified compilers Magnus Myréen Chalmers University of Technology Mentions joint work with Ramana Kumar, Michael Norrish, Scott Owens and many more
More informationVerdi: A Framework for Implementing and Formally Verifying Distributed Systems
Verdi: A Framework for Implementing and Formally Verifying Distributed Systems Key-value store VST James R. Wilcox, Doug Woos, Pavel Panchekha, Zach Tatlock, Xi Wang, Michael D. Ernst, Thomas Anderson
More informationAutomated Verification of RISC-V Kernel Code. Antoine Kaufmann
Automated Verification of RISC-V Kernel Code Antoine Kaufmann Big Picture Micro/exokernels can be viewed as event-driven Initialize, enter application, get interrupt/syscall, repeat Interrupt/syscall handlers
More informationConfessions of a security hardware driver maintainer
Confessions of a security hardware driver maintainer Gilad Ben-Yossef Principal Software Engineer About me My name is Gilad Ben-Yossef. I work on upstream Linux kernel cryptography and security in genera,l
More informationTowards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
More informationTurning proof assistants into programming assistants
Turning proof assistants into programming assistants ST Winter Meeting, 3 Feb 2015 Magnus Myréen Why? Why combine proof- and programming assistants? Why proofs? Testing cannot show absence of bugs. Some
More informationCMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics
Recall Architecture of Compilers, Interpreters CMSC 330: Organization of Programming Languages Source Scanner Parser Static Analyzer Operational Semantics Intermediate Representation Front End Back End
More informationTrickle: Automated Infeasible Path
Trickle: Automated Infeasible Path Detection Using All Minimal Unsatisfiable Subsets Bernard Blackham, Mark Liffiton, Gernot Heiser School of Computer Science & Engineering, UNSW Software Systems Research
More informationCompute solutions for mass deployment of autonomy
Compute solutions for mass deployment of autonomy Rod Watt Director of Vehicle Architecture and System Analysis Introduction 2 From inception to now 1990 Joint venture between Acorn Computers and Apple.
More informationIn Our Last Exciting Episode
In Our Last Exciting Episode #1 Lessons From Model Checking To find bugs, we need specifications What are some good specifications? To convert a program into a model, we need predicates/invariants and
More informationCyber Physical System Verification with SAL
Cyber Physical System Verification with July 22, 2013 Cyber Physical System Verification with Outline 1 2 3 4 5 Cyber Physical System Verification with Table of Contents 1 2 3 4 5 Cyber Physical System
More informationAbstract Interpretation
Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis
More informationEnd-to-end formal ISA verification of RISC-V processors with riscv-formal. Clifford Wolf
End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About RISC-V RISC-V is an Open Instruction Set Architecture (ISA) Can be freely used for any purpose Many implementations
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationMemory Models. Registers
Memory Models Most machines have a single linear address space at the ISA level, extending from address 0 up to some maximum, often 2 32 1 bytes or 2 64 1 bytes. Some machines have separate address spaces
More informationENGN1640: Design of Computing Systems Topic 06: Advanced Processor Design
ENGN1640: Design of Computing Systems Topic 06: Advanced Processor Design Professor Sherief Reda http://scale.engin.brown.edu Electrical Sciences and Computer Engineering School of Engineering Brown University
More informationIdentifying Security Critical Properties for the Dynamic Verification of a Processor
Identifying Security Critical Properties for the Dynamic Verification of a Processor Rui Zhang, Natalie Stanley, Christopher Griggs, Andrew Chi, Cynthia Sturton 04-12-2017, ASLOS XI AN CHINA 1 Processor
More informationWhat is gem5 and where do I get it?
What is gem5 and where do I get it? Andreas Sandberg & Nikos Nikoleris ARM Research Why gem5? Runs real workloads Runs complex workloads like Android & ChromeOS System-level insights Device interactions
More informationVerification at ARM. Overview. Alan Hunter
2. Industry Verification Flow 1 Verification at ARM Alan Hunter Overview The focus will be on CPU cores ARM then and now How we think about DV DV history A side note on complexity So we just need to boot
More informationCryptol version 2 Syntax
Cryptol version 2 Syntax Contents Layout 2 Comments 2 Identifiers 2 Keywords and Built-in Operators 3 Numeric Literals 3 Bits 4 If Then Else with Multiway 4 Tuples and Records 5 Sequences 6 Functions 7
More informationType Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.
Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationA framework for verification of Program Control Unit of VLIW processors
A framework for verification of Program Control Unit of VLIW processors Santhosh Billava, Saankhya Labs, Bangalore, India (santoshb@saankhyalabs.com) Sharangdhar M Honwadkar, Saankhya Labs, Bangalore,
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More informationCCIX: a new coherent multichip interconnect for accelerated use cases
: a new coherent multichip interconnect for accelerated use cases Akira Shimizu Senior Manager, Operator relations Arm 2017 Arm Limited Arm 2017 Interconnects for different scale SoC interconnect. Connectivity
More informationOutline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference
Type Checking Outline General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationXuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata
BACH: Path-oriented Reachability Checker of Linear Hybrid Automata Xuandong Li Department of Computer Science and Technology, Nanjing University, P.R.China Outline Preliminary Knowledge Path-oriented Reachability
More informationScope and Introduction to Functional Languages. Review and Finish Scoping. Announcements. Assignment 3 due Thu at 11:55pm. Website has SML resources
Scope and Introduction to Functional Languages Prof. Evan Chang Meeting 7, CSCI 3155, Fall 2009 Announcements Assignment 3 due Thu at 11:55pm Submit in pairs Website has SML resources Text: Harper, Programming
More informationStatic and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012
Static and User-Extensible Proof Checking Antonis Stampoulis Zhong Shao Yale University POPL 2012 Proof assistants are becoming popular in our community CompCert [Leroy et al.] sel4 [Klein et al.] Four-color
More informationFormal Specification of RISC-V Systems Instructions
Formal Specification of RISC-V Systems Instructions Arvind Andy Wright, Sizhuo Zhang, Thomas Bourgeat, Murali Vijayaraghavan Computer Science and Artificial Intelligence Lab. MIT RISC-V Workshop, MIT,
More informationHi Hsiao-Lung Chan, Ph.D. Dept Electrical Engineering Chang Gung University, Taiwan
ARM Programmers Model Hi Hsiao-Lung Chan, Ph.D. Dept Electrical Engineering Chang Gung University, Taiwan chanhl@maili.cgu.edu.twcgu Current program status register (CPSR) Prog Model 2 Data processing
More informationComprehensive Exams COMPUTER ARCHITECTURE. Spring April 3, 2006
Comprehensive Exams COMPUTER ARCHITECTURE Spring 2006 April 3, 2006 ID Number 1 /15 2 /20 3 /20 4 /20 Total /75 Problem 1. ( 15 points) Logic Design: A three-input switching function is expressed as f(a,
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationS2W: Verification using Small and Short Worlds
: Verification using Small and Short Worlds Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit Seshia, David Wagner http://uclid.eecs.berkeley.edu/s2w University of California, Berkeley October 23,
More informationStatic, multiple-issue (superscaler) pipelines
Static, multiple-issue (superscaler) pipelines Start more than one instruction in the same cycle Instruction Register file EX + MEM + WB PC Instruction Register file EX + MEM + WB 79 A static two-issue
More information(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt
Verification (See related materials in textbook.) Outline What are the goals of verification? What are the main approaches to verification? What kind of assurance do we get through testing? How can testing
More informationWhy. an intermediate language for deductive program verification
Why an intermediate language for deductive program verification Jean-Christophe Filliâtre CNRS Orsay, France AFM workshop Grenoble, June 27, 2009 Jean-Christophe Filliâtre Why tutorial AFM 09 1 / 56 Motivations
More informationFormal Methods at Scale in Microsoft
Formal Methods at Scale in Microsoft Thomas Ball http://research.microsoft.com/rise Microsoft Research 4 October 2017 Code Integ. Tests Unit Test Testing-based Development Commit, Build Review Web app
More information