formal methods for critical systems
play

Formal Methods for Critical Systems: A verified implementation of - PowerPoint PPT Presentation

Feb 20, 2023 •258 likes •980 views

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan Crolard 1 ICAR15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2.

  1. Formal Methods for Critical Systems: A verified implementation of nested procedures ⋆ Tristan Crolard 1 ICAR’15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2. INRIA / Gallium team 3. UPMC / LIP6 / Whisper team ⋆ Research project funded by AdaCore, the GNAT Pro Company

  2. 1 Formal Methods for Critical Systems: Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  3. 1 Formal Methods for Critical Systems: based on a mathematical formalism Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  4. 1 Formal Methods for Critical Systems: based on a life -critical or mathematical safety -critical formalism Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  5. 1 Formal Methods for Critical Systems: based on a life -critical or embedded mathematical safety -critical systems formalism Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  6. 1 Formal Methods for Critical Systems: based on a life -critical or embedded mathematical safety -critical systems formalism Formal methods are about: � formal specifications � mathematical proofs of properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  7. 1 Formal Methods for Critical Systems: based on a life -critical or embedded mathematical safety -critical systems formalism machine - Formal methods are about: checked � formal specifications � mathematical proofs of properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  8. Machine-checked mathematical proofs 2 You might want to prove: � some safety and security properties of your system � the full correctness of your implementation with respect to its specification � only the partial correctness of your implementation (no buffer overflow, for instance) In any case, you need a formal specification of your system. Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  9. Machine-checked mathematical proofs 2 You might want to prove: � some safety and security properties of your system � the full correctness of your implementation with respect to its specification � only the partial correctness of your implementation (no buffer overflow, for instance) In any case, you need a formal specification of your system. Of course, testing is still allowed and a formal specification is also required in this case (when mixing tests and proofs). Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  10. Formal Methods: logics and tools 3 expressive Higher-order logics full correctness First-order logics partial correctness decidable Specialized logics specific properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  11. Formal Methods: logics and tools 3 interactive expressive Higher-order logics Proof assistants full correctness First-order logics Provers and solvers partial correctness automatic decidable Specialized logics Model checkers specific properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  12. Formal Methods: logics and tools 3 interactive expressive Higher-order logics Proof assistants full correctness Program logics First-order logics Provers and solvers partial correctness automatic decidable Specialized logics Model checkers specific properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  13. Limits of formal methods 4 “The correspondence between our formal models of programs and the actual behavior of real systems is limited by three factors: � the behavior of the programming language, � the operating system, � and the underlying hardware. For safety-critical systems, these limitations are crucially important and we cannot assume that a program is correct just because it has been proved.” Seven Myths of Formal Methods Anthony Hall, Praxis Sytems, September 1990 Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  14. Two success stories about formal methods 5 � The seL4 project developed at NICTA (SSRG). – seL4 is a formally-verified microkernel – Developed since 2006. – First public release in 2011 (open source since 2014). � The CompCert project developed at INRIA (Gallium team). – CompCert is a formally-verified C compiler – Developed since 2004. – First public release in 2008. Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  15. The seL4 project 6 seL4 is a high-performance general-purpose microkernel, that provides address spaces, threads, IPC and authorisation capabilities � Formal proof of correctness down to binary level � Developed for ARM and Intel processors � The fastest existing microkernel (faster than L4) � 10,000 lines of code � 200,000 lines of proof � about 30 person.years Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  16. The CompCert project 7 A formally-verified optimizing standard C compiler � Formal proof of correctness down to binary level � Developed for PowerPC, ARM and Intel processors � Generated code only 20% slower than gcc -O2 � 15,000 lines of code � 100,000 lines of proof � about 6 person.years Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  17. Proof Architecture 8 Specification correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  18. Proof Architecture 8 Specification correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  19. Proof Architecture 8 proof assistant Specification (Isabelle/HOL, Coq, ...) correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  20. Proof Architecture 8 proof assistant Specification (Isabelle/HOL, Coq, ...) correctness “pure” language Prototype (Haskell, pure ML, pure Prolog, ...) correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  21. Proof Architecture 8 proof assistant Specification (Isabelle/HOL, Coq, ...) correctness “pure” language Prototype (Haskell, pure ML, pure Prolog, ...) correctness mainstream language Implementation (C, Ada, ...) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  22. Proof Architecture: seL4 9 Specification correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  23. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  24. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness “pure” language: Prototype Haskell correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  25. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness “pure” language: Prototype Haskell correctness mainstream language: Implementation C (compiled with gcc) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  26. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness generation “pure” language: Prototype Haskell correctness mainstream language: Implementation C (compiled with gcc) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  27. Proof Architecture: CompCert 10 Specification correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  28. Proof Architecture: CompCert 10 proof assistant: Specification Coq correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  29. Proof Architecture: CompCert 10 proof assistant: Specification Coq correctness “pure” language: Prototype pure ML (OCaml) correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  30. Proof Architecture: CompCert 10 proof assistant: Specification Coq correctness “pure” language: Prototype pure ML (OCaml) correctness mainstream language: Implementation OCaml (native compiler) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

Recommend

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin 2000 Andrew Butterfield c Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS 2003, Rros, June 7th 2003)

1.02k views • 16 slides
Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems design Marc Pantel and many others IRIT - ACADIE ENSEEIHT - INPT - Universit de Toulouse Institute of Cybernetics Institute Tallinn

1.58k views • 110 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department -- RATP/ING/STF/QS/AQL Evguenia DMITRIEVA / Oct 16 2014, Toulouse Plan 1. Industrial Context 2. Formal methods for software safety assessment : PERF 3.

498 views • 32 slides
Formal analysis of security models for critical systems: Virtualization platforms and mobile

Formal analysis of security models for critical systems: Virtualization platforms and mobile

Formal analysis of security models for critical systems: Virtualization platforms and mobile devices Carlos Luna Grupo de Seguridad Inform atica, InCo Facultad de Ingenier a, Universidad de la Rep ublica, Uruguay Formal analysis

751 views • 56 slides
Safe Reinforcement Learning via Formal Methods Nathan Fulton and Andr Platzer Carnegie Mellon

Safe Reinforcement Learning via Formal Methods Nathan Fulton and Andr Platzer Carnegie Mellon

Safe Reinforcement Learning via Formal Methods Nathan Fulton and Andr Platzer Carnegie Mellon University Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing

568 views • 55 slides
Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic

Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic

2nd School of Theoretical Computer Science and Formal Methods Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic in Maude Universidade Federal Fluminense s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2

1.07k views • 72 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges in Barrelfish. System configuration using SAT. Tracing and online invariant checking. Better languages for Systems. 18 January 2016

359 views • 18 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research

Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research

Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research Center Overview Background Verification and Certification Aircraft self-separation Runtime verification Formal-Methods for numerical

812 views • 50 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor:

Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor:

Formal Methods in Resilient Systems Design using a Flexible Contract Approach Sponsor: OUSD(R&E) | CCDC By Dr. Azad Madni 11 th Annual SERC Sponsor Research Review November 19, 2019 FHI 360 CONFERENCE CENTER 1825 Connecticut Avenue NW, 8

374 views • 34 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides

More recommend