applying language based static verification in an arm
play

Applying Language-based Static Verification in an ARM Operating - PowerPoint PPT Presentation

Feb 07, 2023 •104 likes •370 views

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston University md@bu.edu 9 May 2013 What do we want? Correctness Flexibility Responsiveness Practicality Predictability What do we want?

  1. Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston University md@bu.edu 9 May 2013

  2. What do we want? Correctness Flexibility Responsiveness Practicality Predictability

  3. What do we want? Correctness Flexibility Responsiveness General Purpose OS Real Time OS Practicality Predictability

  4. What do we want? Correctness Flexibility Responsiveness General Purpose OS Real Time OS Practicality Predictability

  5. "Partial specifications" T ypes Language OS Programming Languages and Types ◮ Choosing or designing languages for systems ◮ Unix: C ◮ SPIN: Modula-3 ◮ Singularity: Sing# ◮ seL4: Isabelle, Haskell and C ◮ House: Haskell

  6. Programming Languages and Types ◮ Choosing or designing languages for systems ◮ Unix: C ◮ SPIN: Modula-3 ◮ Singularity: Sing# ◮ seL4: Isabelle, Haskell and C ◮ House: Haskell "Partial specifications" T ypes Language OS

  7. Advanced types Singularity House seL4 SPIN Unix Low level efficiency

  8. Advanced types Singularity House seL4 SPIN Unix Low level efficiency Can we have more advanced types and low level efficiency?

  9. ATS ◮ ML-like, strong C integration, LF-style theorem proving ◮ Linear types (a.k.a. view types), dependent types ◮ Separation of proof-world and program-world, (proof | program) ◮ Practical, functional programming in system setting

  10. Terrier OS ◮ ARM, TI OMAP4 MP-core, SMP, USB support ◮ Exploring advanced types in assisting OS development ◮ Compact and uncluttered design, with message-passing ◮ Work in progress

  11. Challenges ◮ Bringing high level functional programming into OS ◮ Using advanced types to tackle common problems ◮ Interfacing with the low level code where needed ◮ Avoiding performance impacts

  12. Functional programming ◮ Nested functions ◮ Tail recursion elimination ◮ Higher order functions ◮ Style

  13. Resource management ◮ Linear reasoning: avoid memory leaks ◮ “Must be used once and exactly once” ◮ Typical pattern: allocate, transform, and release let val ( proof_var | pointer_var ) = alloc ( ) val x = do_something ( proof_var | pointer_var ) in free ( proof_var | pointer_var )

  14. Synchronization ◮ Linear reasoning for synchronization ◮ Ensure proper lock management ◮ Correct sequencing of steps let val ( outer | _ ) = outer_lock ( ) in let val ( inner | _ ) = inner_lock ( outer | ) in ... let val ( outer | _ ) = inner_unlock ( inner | ) in outer_unlock ( outer | )

  15. Safe use of pointers ◮ Concept: “value of type t is stored at address l ” ◮ ATS “ @ -view”: type @ address fun alloc_pair ( ) : [ l: addr ] ( ( int, int ) @ l | ptr l ) fun free_pair { l: addr } ( pf: ( int, int ) @ l | p: ptr l ) ◮ Pointers: a “dependent type” i.e. a type indexed by a value ◮ In this case: the value is the address ◮ The “ @ -view” validates the pointer

  16. Array bounds checking ◮ Integer constraint solver ◮ Automatic bounds checks ◮ array : dependent type indexed by length ◮ Array access must be within 0 ≤ i < n fun f { n: int | n > 3 } ( A: array ( int, n ) , len: int n ) : int = let val x = A [ 0 ] in if len > 4 then x + A [ 4 ] else x

  17. Integer constraints ◮ Not just limited to arrays ◮ Example from scheduler ◮ “exists tick t such that t > now ” val [ now: int ] now: tick now = timer_32k_value ( ) fun is_earlier_than { n, m: nat } ( tn: tick n, tm: tick m ) : bool ( n < m ) ... val future: [ t: int | t > now ] tick t = ...

  18. Avoiding overhead ◮ Erasure of statics ◮ Flat types, C data representation ◮ Templates

  19. ATS integration ATS file atsopt Generated C C file gcc gcc Object file Object file ld Linked Kernel ◮ ATS acts as preprocessor ◮ No run-time and minimal static support ◮ ATS in both kernel and program components

  20. Protection C B A B C A Virtual Address Physical Address ◮ Hardware memory protection optional ◮ Can rely on hardware protections when needed ◮ Or can switch to static verification when ready

  21. Protection C B A B C A Virtual Address Physical Address ◮ All programs take advantage of ELF features for relocation ◮ Kernel has load-time linker which rewrites binary ◮ Can rewrite binaries into the two different memory models

  22. Putting it together ◮ The role of type systems in OS development ◮ Application of advanced types for better assurance ◮ Incremental approach to verification ◮ Straightforward machine translation to C ◮ Depends on compiler and hardware correctness

  23. Advanced types Singularity House seL4 SPIN Unix Low level efficiency

  24. Advanced types T errier Singularity House seL4 SPIN Unix Low level efficiency

  25. seL4 and Terrier seL4 Terrier ◮ Haskell prototype, ◮ Written directly in Isabelle specification, C/ATS mix, ATS types refinement proof between ◮ Flexible, selective effort specification and C ◮ Bottom-up ◮ Entire kernel, big effort ◮ Top-down

  26. Future work ◮ Writing more proofs ◮ Adding further hardware support ◮ Deploying on an experiment

Recommend

Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation Jacques-Henri Jourdan, Vincent Laporte Sandrine Blazy, Xavier Leroy , David Pichardie Inria / U. Rennes 1 / ENS Rennes Workshop on Realistic Program

885 views • 63 slides
COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static

COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static

COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static verification Find defects early Work on incomplete components Work on non-executable items N.B. Testing and debugging cannot start until executable

498 views • 21 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Static program checking and verification Correctness class ArraySet implements Set { class

Static program checking and verification Correctness class ArraySet implements Set { class

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

445 views • 18 slides
Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo

Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo

Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien

375 views • 21 slides
Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary for a complete verification tool Allows objects in the verification environment to be extended Needs to express constraints Coverage

946 views • 80 slides
Course outline: the four hours 1. Language-Based Security: motivation 2. Language-Based

Course outline: the four hours 1. Language-Based Security: motivation 2. Language-Based

Course outline: the four hours 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 1 Dimensions of

449 views • 30 slides
Natural language is a programming language: Applying natural language processing to software

Natural language is a programming language: Applying natural language processing to software

Natural language is a programming language: Applying natural language processing to software development Michael D. Ernst Presented by: Tomas Geffner, Subendhu Rongali &amp; Natcha Simsiri Before we start, what is software? Not just code/AST

438 views • 23 slides
SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification now hot Used here in Sweden since 1989 mostly in safety critical applications (railway control program verification) Bounded Model Checking a

468 views • 25 slides
A Static Aspect Language for Modelica Models Malte Lochau (lochau@ips.cs.tu-bs.de) Henning

A Static Aspect Language for Modelica Models Malte Lochau (lochau@ips.cs.tu-bs.de) Henning

Institute for Programming and Reactive Systems TU Braunschweig, Germany 2nd International Workshop on Equation-Based Object-Oriented Languages and Tools at ECOOP 2008, July 8, Paphos, Cyprus A Static Aspect Language for Modelica Models Malte

432 views • 26 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 5. Tracking information flow in web

641 views • 30 slides
Applying CEFR to teaching and assessing Applying CEFR to teaching and assessing Chinese as a

Applying CEFR to teaching and assessing Applying CEFR to teaching and assessing Chinese as a

University Language Centres: Going for Gold Overcoming Hurdles Applying CEFR to teaching and assessing Applying CEFR to teaching and assessing Chinese as a foreign language Chinese as a foreign language A proposal from the EBCL Project

580 views • 21 slides
Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90: Software Security Symbolic Execution Ahmed Rezine Hoare Triples and Deductive Reasoning IDA, Linkpings Universitet Hsttermin 2014 Static

373 views • 6 slides
Rigorous Timing, Static occam , and Classic CSP: Formal Verification for IoT A Fringe

Rigorous Timing, Static occam , and Classic CSP: Formal Verification for IoT A Fringe

Rigorous Timing, Static occam , and Classic CSP: Formal Verification for IoT A Fringe Presentation for CPA2017 by Lawrence J. Dickson Space Sciences Corporation Lemitar, NM, USA Jeremy M. R. Martin Lloyds London, UK Ground Truth

359 views • 20 slides
Applying for Financial Aid National College Fair 2018 Applying for Financial Aid Begin- as

Applying for Financial Aid National College Fair 2018 Applying for Financial Aid Begin- as

Applying for Financial Aid National College Fair 2018 Applying for Financial Aid Begin- as early as possible Get your FSA ID File the FAFSA/MN Dream Act Application Work with the financial aid office to complete verification or

430 views • 15 slides
A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 ,

A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 ,

A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 , Nicholas Ng 2 , Bernardo Toninho 3 , Nobuko Yoshida 2 1 University of Kent 2 Imperial College London 3 Universidade Nova de Lisboa 1 /26 Julien

507 views • 47 slides
Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy Inria Paris-Rocquencourt TYPES meeting, 2014-05-14 X. Leroy (Inria) Verified static analyzer 2014-05-14 1 / 57 In memoriam Radhia Cousot, 2014

647 views • 63 slides
The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische Universit at Darmstadt Department of Computer Science, Software Engineering Group Dagstuhl Seminar 16131: Language Based Verification Tools for

1.01k views • 68 slides
SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta

SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta

SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta agupta@nec-labs.com NEC Laboratories America Princeton, U.S.A. Acknowledgements: Pranav Ashar, Malay Ganai, Zijiang Yang, Chao Wang, Akira Mukaiyama,

1.31k views • 118 slides
Applying Formal Verification to Reflective Reasoning R. Kumar 1 B. Fallenstein 2 1 Data61, CSIRO

Applying Formal Verification to Reflective Reasoning R. Kumar 1 B. Fallenstein 2 1 Data61, CSIRO

Applying Formal Verification to Reflective Reasoning R. Kumar 1 B. Fallenstein 2 1 Data61, CSIRO and UNSW ramana@intelligence.org 2 Machine Intelligence Research Institute benya@intelligence.org Artificial Intelligence for Theorem Proving,

1.43k views • 47 slides

More recommend