formal methods and systems
play

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 - PowerPoint PPT Presentation

Aug 20, 2022 •178 likes •359 views

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges in Barrelfish. System configuration using SAT. Tracing and online invariant checking. Better languages for Systems. 18 January 2016

  1. Formal Methods and Systems David Cock, ETH Zürich 18/01/16

  2. Overview ● Correctness challenges in Barrelfish. ● System configuration using SAT. ● Tracing and online invariant checking. ● Better languages for Systems. 18 January 2016 Industry Retreat 2016 2

  3. The State of the Fish 7 architectures: OMAP44xx, ● ARMv7/GEM5, X-Gene 1, ARMv8/GEM5, Xeon Phi, x86-64, x86-32 42 applications + 51 test apps ● 9 languages ● 32 committers ● 9 years old ● > 1.1M lines of code ● This is no longer a small research project! We're starting to see the engineering challenges of a large system. 18 January 2016 Industry Retreat 2016 3

  4. Getting It Right A lesson from history: It's easier to prove code correct, if it actually is correct! ● We embarked on a new port last year: ARMv8. ● This forced us to face some codebase “challenges”. ● We now support fewer platforms, more thoroughly. ● We now make a core vs. non-core distribution. ● Proper debugging is coming (more later). 18 January 2016 Industry Retreat 2016 4

  5. SAT Solving and the SKB 18 January 2016 Industry Retreat 2016 5

  6. Handling OS complexity ● System Knowledge Base Hardware data and specifjcation – Hardware info – Runtime state ● Rich semantic model – Represent the hardware – Reason about it CLP solver CLP solver – Embed policy choices (Prolog + (Prolog + constraints) constraints) Runtime system information 18 January 2016 Industry Retreat 2016 6

  7. What goes in? ● Hardware resource discovery – E.g. PCI enumeration, ACPI, CPUID… ● Online hardware profiling CLP solver CLP solver (Prolog + (Prolog + constraints) constraints) – Inter-core all-pairs latency, cache measurements… ● Operating system state – Locks, process placement, etc. ● “Things we just know” – SoC specs, assertions from data sheets, etc. 18 January 2016 Industry Retreat 2016 7

  8. Current SKB applications ● General name server / service registry ● Coordination service / lock manager ● Device management CLP solver CLP solver (Prolog + (Prolog + constraints) constraints) – Driver startup / hotplug ● PCIe bridge configuration – A surprisingly hard CSAT problem! ● Intra-machine routing – Efficient multicast tree construction ● Cache-aware thread placement – Used by e.g. databases for query planning 18 January 2016 Industry Retreat 2016 8

  9. Prolog + SAT ● There are limits to what Prolog will efficiently solve. ● Address allocation under alignment constraints e.g. PCI, is better expressed in terms of bits. ● SAT solvers have gotten really good lately. ● Can we express PCI bridge config as SAT ( yes! ). ● Can we put a SAT solver in the SKB ( research! ). 18 January 2016 Industry Retreat 2016 9

  10. Tracing for Invariants 18 January 2016 Industry Retreat 2016 10

  11. HW Tracing for Correctness Are HW operatjons right? 5Gb/s unmap(pa); cleanDCache(); flushTLB(); Filter at line rate ● Real time pipeline trace on ARM. ● Can halt and inspect caches. ● HW has “errata” (bugs). ● Check that it actually works! ● Catch transient and race bugs. Check temporal Log & process offmine assertjons 18 January 2016 Industry Retreat 2016 11

  12. HW Tracing for Performance • Should see N coherency messages. 5Gb/s • Do we? ‐ The HW knows! Filter at line rate Is URPC optjmal? Cache 0 x 1 1 INVAL(0) URPC[0]= x; READ(1) URPC[1]= 1; … x Core 0 Cache 1 while(!URPC[1]); x= URPC[0]; Log & process offmine 2 18 January 2016 Industry Retreat 2016 12 Core 1 12

  13. Online Example: LTL to Büchi ● LTL(-ish) formula: A store on core 1 is eventually visible on core 2. ● Think regular expressions for infinite streams. ● As for REs, we compile a checking automaton. ● Run the automaton in real time and look for violations. 18 January 2016 Industry Retreat 2016 13

  14. Could We Trace a Rack? ● Barrelfish is aiming for rack-scale single- image systems. ● We'll rely on a lot of coordination and consensus algorithms. ● It would be really useful to debug these noninvasively. ● 64 SoCs x 5Gb/s = 320Gb/s trace output. ● That'll need some data reduction, but it's very feasible. ● Online checkers (e.g. automata) will be essential at this scale and up. 18 January 2016 Industry Retreat 2016 14

  15. Languages

  16. Languages and Formal Methods ● Practical kernels are C/C++/ASM ● Some things we might like: – First-class messaging (Go) – Specifying layout (Rust) The hard part about reasoning about “C”, is that we keep stepping outside the language.

  17. What Should We Write Kernels In? ● Some languages have some of what we want: – No runtime, high performance (C) – Predictable resource usage (C, Rust) – Clear and clean semantics (Haskell, Rust?) ● No languages have everything (yet): – Enough expressive power: Can you enable the MMU, or thread switch without breaking the language rules? ● We should experiment with this: start with Clang/LLVM, drop the ugly parts?

  18. Poster on HW tracing this evening. 18 January 2016 Industry Retreat 2016 18

Recommend

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan Crolard 1 ICAR15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2.

980 views • 71 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin 2000 Andrew Butterfield c Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS 2003, Rros, June 7th 2003)

1.02k views • 16 slides
Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor:

Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor:

Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor: OUSD(R&E) | CCDC By Dr. Azad Madni 11 th Annual SERC Sponsor Research Review November 19, 2019 FHI 360 CONFERENCE CENTER 1825 Connecticut Avenue NW, 8

374 views • 34 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra

Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra

Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web:

1.36k views • 94 slides
Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Almost-certain termination Mu-calculus, temporal

927 views • 73 slides
Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level

1 Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Almost-certain termination Hermans Graph

985 views • 66 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
CS6480: Systems and Formal Methods Robbert van Renesse Cornell University Course Overview

CS6480: Systems and Formal Methods Robbert van Renesse Cornell University Course Overview

CS6480: Systems and Formal Methods Robbert van Renesse Cornell University Course Overview Course Outline Some lectures by me specifica7on, Hoare logic, Dafny tutorial, refinement Paper reading by us Addi7onal lectures by you

550 views • 44 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides

More recommend