Fall 2014 SEI Research Review Verifying Evolving Software

Similar documents
ARINC653 AADL Annex Update

2013 US State of Cybercrime Survey

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Cyber Threat Prioritization

Current Threat Environment

Components and Considerations in Building an Insider Threat Program

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

Empirically Based Analysis: The DDoS Case

DoD Common Access Card Information Brief. Smart Card Project Managers Group

Verifying Periodic Programs with Priority Inheritance Locks

Multi-Modal Communication

Service Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003

COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)

4. Lessons Learned in Introducing MBSE: 2009 to 2012

Architectural Implications of Cloud Computing

Using Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland

FUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.

Dana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:

Accuracy of Computed Water Surface Profiles

Kathleen Fisher Program Manager, Information Innovation Office

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

High-Assurance Security/Safety on HPEC Systems: an Oxymoron?

Running CyberCIEGE on Linux without Windows

Using Templates to Support Crisis Action Mission Planning

Information, Decision, & Complex Networks AFOSR/RTC Overview

The C2 Workstation and Data Replication over Disadvantaged Tactical Communication Links

CENTER FOR ADVANCED ENERGY SYSTEM Rutgers University. Field Management for Industrial Assessment Centers Appointed By USDOE

Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED

SINOVIA An open approach for heterogeneous ISR systems inter-operability

Washington University

Space and Missile Systems Center

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

A Review of the 2007 Air Force Inaugural Sustainability Report

Towards a Formal Pedigree Ontology for Level-One Sensor Fusion

Model-Driven Verifying Compilation of Synchronous Distributed Applications

WAITING ON MORE THAN 64 HANDLES

Use of the Polarized Radiance Distribution Camera System in the RADYO Program

ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD

Monte Carlo Techniques for Estimating Power in Aircraft T&E Tests. Todd Remund Dr. William Kitto EDWARDS AFB, CA. July 2011

ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)

Architecting for Resiliency Army s Common Operating Environment (COE) SERC

SURVIVABILITY ENHANCED RUN-FLAT

A Distributed Parallel Processing System for Command and Control Imagery

75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS

C2-Simulation Interoperability in NATO

Office of Global Maritime Situational Awareness

Technological Advances In Emergency Management

Web Site update. 21st HCAT Program Review Toronto, September 26, Keith Legg

MODELING AND SIMULATION OF LIQUID MOLDING PROCESSES. Pavel Simacek Center for Composite Materials University of Delaware

Basing a Modeling Environment on a General Purpose Theorem Prover

ATCCIS Replication Mechanism (ARM)

Concept of Operations Discussion Summary

Edwards Air Force Base Accelerates Flight Test Data Analysis Using MATLAB and Math Works. John Bourgeois EDWARDS AFB, CA. PRESENTED ON: 10 June 2010

Wireless Connectivity of Swarms in Presence of Obstacles

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs

Topology Control from Bottom to Top

Preventing Insider Sabotage: Lessons Learned From Actual Attacks

Using the SORASCS Prototype Web Portal

Fall 2014 SEI Research Review FY14-03 Software Assurance Engineering

Setting the Standard for Real-Time Digital Signal Processing Pentek Seminar Series. Digital IF Standardization

Guide to Windows 2000 Kerberos Settings

AFRL-ML-WP-TM

U.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

HEC-FFA Flood Frequency Analysis

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

Ross Lazarus MB,BS MPH

DoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation

Shallow Ocean Bottom BRDF Prediction, Modeling, and Inversion via Simulation with Surface/Volume Data Derived from X-Ray Tomography

Distributed Real-Time Embedded Video Processing

Dynamic Information Management and Exchange for Command and Control Applications

Space and Missile Systems Center

DEVELOPMENT OF A NOVEL MICROWAVE RADAR SYSTEM USING ANGULAR CORRELATION FOR THE DETECTION OF BURIED OBJECTS IN SANDY SOILS

2011 NNI Environment, Health, and Safety Research Strategy

Headquarters U.S. Air Force. EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS

Exploring the Query Expansion Methods for Concept Based Representation

By Derrick H. Karimi Member of the Technical Staff Emerging Technology Center. Open Architectures in the Defense Intelligence Community

Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024

Title: An Integrated Design Environment to Evaluate Power/Performance Tradeoffs for Sensor Network Applications 1

BUPT at TREC 2009: Entity Track

CASE STUDY: Using Field Programmable Gate Arrays in a Beowulf Cluster

An Efficient Architecture for Ultra Long FFTs in FPGAs and ASICs

Introducing I 3 CON. The Information Interpretation and Integration Conference

Corrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011

LARGE AREA, REAL TIME INSPECTION OF ROCKET MOTORS USING A NOVEL HANDHELD ULTRASOUND CAMERA

Next generation imager performance model

Requirements for Scalable Application Specific Processing in Commercial HPEC

Energy Security: A Global Challenge

Spacecraft Communications Payload (SCP) for Swampworks

Lessons Learned in Adapting a Software System to a Micro Computer

US Army Industry Day Conference Boeing SBIR/STTR Program Overview

Parallelization of a Electromagnetic Analysis Tool

Col Jaap de Die Chairman Steering Committee CEPA-11. NMSG, October

Use of the Polarized Radiance Distribution Camera System in the RADYO Program

Enhanced Predictability Through Lagrangian Observations and Analysis

Application of Hydrodynamics and Dynamics Models for Efficient Operation of Modular Mini-AUVs in Shallow and Very-Shallow Waters

Automation Middleware and Algorithms for Robotic Underwater Sensor Networks

David W. Hyde US Army Engineer Waterways Experiment Station Vicksburg, Mississippi ABSTRACT

Data Warehousing. HCAT Program Review Park City, UT July Keith Legg,

Transcription:

Fall 2014 SEI Research Review Verifying Evolving Software Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel October 28, 2014

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 28 OCT 2014 4. TITLE AND SUBTITLE Verifying Evolving Software 6. AUTHOR(S) Gurfinkel /Arie 2. REPORT TYPE N/A 3. DATES COVERED 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release, distribution unlimited. 13. SUPPLEMENTARY NOTES The original document contains color images. 14. ABSTRACT 15. SUBJECT TERMS 11. SPONSOR/MONITOR S REPORT NUMBER(S) 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified 18. NUMBER OF PAGES 13 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0001792 2

Team: Verifying Evolving Software SEI team members Dr. Arie Gurfinkel Dr. Sagar Chaki Collaborators Dr. Anton Belov (Synopsys) Dr. Nikolaj Bjorner (Microsoft Research) Grigory Fedyukovich (Univ. of Lugano) Dr. Pierre-Loic Garoche (Onera) Dr. Alexander Ivrii (IBM) Dr. Temesghen Kahsai (NASA Ames) Prof. Natasha Sharygina (University of Lugano) Prof. Ofer Strichman (Technion) 3

Overview Problem: Scalable verification of evolving software reduce re-verification effort close semantic gap between compiler and verifier enable safe use of compiler optimizations in safety-critical code Related Work: Current solutions are limited by effectiveness (syntactic slicing, regression verification) high-maintenance cost (translation validation) narrow applicability (upgrade checking) Key Idea: Propagate verification certificates across evolution boundaries generate verification certificates using proof-based verification techniques iteratively guess the mapping between original and evolved program propagate certificates and strengthen using incremental inductive verification IIV is a new verification technique co-developed by us 4

Model Problem: Certifying Compiler for C Property Program Frontend Replay Trace Embed Cex P Simplify S Verify Cert(P) Adapt Cert(S) Legend P prog in IR S simplified C selfcertified IR Certified C Compile Executable Validate Yes No 5

Research Tasks Verifying instcomine and simplifycfg optimizations of LLVM with Prof. Natasha Sharygina and Grigory Fedyukovich (Univ. of Lugano) Closing the semantic gap between Compiler and Verifier with Dr. Anton Belov (Synopsys) and J. Marques-Silva (UCD) Minimizing verification certificates with Dr. Anton Belov (Synopsys) and Dr. Alexander Ivrii (IBM) Certifying compiler for Luster with Dr. Temesghen Kahsai (NASA Ames) and Dr. PL. Garoche (Onera) Polyhedral Verification Certificates with Dr. Nikolaj Bjorner (Microsoft Research) 6

Our Approach 1. Compute a verification certificate C 1 for program P 1 2. Evolve program P 1 to a program P 2 P 2 is obtained by compiler optimization, user change, semantics change, etc. 3. Adapt C 1 to certificate C 2 for P 2 4. Strengthen C 2 if necessary Enabled Enabled by our by our recent breakthroughs in Inductive Incremental Verification that produces and uses verification certificates 7

Research Tasks Verifying instcomine and simplifycfg optimizations of LLVM with Prof. Natasha Sharygina and Grigory Fedyukovich (Univ. of Lugano) Closing the semantic gap between Compiler and Verifier with Dr. Anton Belov (Synopsys) and J. Marques-Silva (UCD) Minimizing verification certificates with Dr. Anton Belov (Synopsys) and Dr. Alexander Ivrii (IBM) Certifying compiler for Luster with Dr. Temesghen Kahsai (NASA Ames) and Dr. PL. Garoche (Onera) Polyhedral Verification Certificates with Dr. Nikolaj Bjorner (Microsoft Research) 8

Compiler and Verifier Semantic Gap Source Code int x, a; x=2*a; Machine Code %x=mul i32 2, %a (= x 0 (mul 2 a 0 )) Arithmetic Constraints semantic gap Compiler Verifier 9

MISPER: Synthesizing Safe Bit-Precise Invariants source code constraints int x, a; x=2*a; (= x 0 (mul 2 a 0 )) Scalable Verifier Precise certificate Arithmetic certificate machine code %x=mul i32 2, %a Precise Verifier Precise Invariant Adapt Certificate 10

FrankenBit: Bit-Precise Verification w/ Many Bits MISPER to synthesize bit-precise invariants LLBMC to search for counterexamples Silver and Bronze medals at SV-COMP 2014 http://sv-comp.sosy-lab.org/2014/results/index.php 11

Outcomes Tools FrankenBit bit-precise verifier for C Niagara validator for LLVM compiler optimizations Zuster verifier for Luster programs Publications Synthesizing Safe Bit-Precise Invariants. TACAS 2014 FrankenBit: Bit-Precise Verification with Many Bits (Tool paper). TACAS 2014 Incremental Verification of Compiler Optimizations. NASA FM 2014 Synthesizing Modular Invariants for Synchronous Code. HCVS 2014 Small Inductive Safe Invariants. FMCAD 2014 Property Directed Polyhedral Abstraction. VMCAI 2015 Automated Discovery of Simulation Between Programs. Submitted to TACAS 2015 12

Contact Information Arie Gurfinkel Sr. Researcher SSD Telephone: +1 412-268-5800 Email: arie@sei.cmu.edu U.S. Mail Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA 15213-2612 USA Web www.sei.cmu.edu/staff/arie www.sei.cmu.edu/contact.cfm Customer Relations Email: info@sei.cmu.edu Telephone: +1 412-268-5800 SEI Phone: +1 412-268-5800 SEI Fax: +1 412-268-6257 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback