formal verification of a state of the art integer square
play

Formal Verification of a State-of-the-Art Integer Square Root - PowerPoint PPT Presentation

Jul 04, 2023 •320 likes •766 views

Introduction Fixed-point Proof Conclusion Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el Rieu-Helft Inria, TrustInSoft, Universit e Paris-Saclay June 11th, 2019 Melquiond, Rieu-Helft

  1. Introduction Fixed-point Proof Conclusion Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha¨ el Rieu-Helft Inria, TrustInSoft, Universit´ e Paris-Saclay June 11th, 2019 Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 1/18

  2. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow Arbitrary-Precision Integer Arithmetic The GNU Multiple Precision arithmetic library (GMP) Free software, widely used. State-of-the-art algorithms, unmatched performances. Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 2/18

  3. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow Arbitrary-Precision Integer Arithmetic The GNU Multiple Precision arithmetic library (GMP) Free software, widely used. State-of-the-art algorithms, unmatched performances. Highly intricate algorithms written in low-level C and ASM. Ill-suited for random testing. GMP 5.0.4: “Two bugs in multiplication [. . . ] with extremely low probability [. . . ]. Two bugs in the gcd code [. . . ] For uniformly distributed random operands, the likelihood is infinitesimally small.” Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 2/18

  4. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow Arbitrary-Precision Integer Arithmetic The GNU Multiple Precision arithmetic library (GMP) Free software, widely used. State-of-the-art algorithms, unmatched performances. Highly intricate algorithms written in low-level C and ASM. Ill-suited for random testing. GMP 5.0.4: “Two bugs in multiplication [. . . ] with extremely low probability [. . . ]. Two bugs in the gcd code [. . . ] For uniformly distributed random operands, the likelihood is infinitesimally small.” Objectives Produce a verified library compatible with GMP. Attain performances comparable to a no-assembly GMP. Focus on the low-level mpn layer. Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 2/18

  5. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s Square Root mp_size_t mpn_sqrtrem (mp_ptr sp , mp_ptr rp , mp_srcptr np , mp_size_t n); takes a number np[ n − 1 ] ... np[ 0 ] (with np[ n − 1 ] � = 0), stores its square root into sp[ ⌈ n / 2 ⌉ − 1 ] ... sp[ 0 ] , stores the remainder into rp[ n − 1 ] ... rp[ 0 ] , returns the actual size of the remainder. Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 3/18

  6. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s Square Root mp_size_t mpn_sqrtrem (mp_ptr sp , mp_ptr rp , mp_srcptr np , mp_size_t n); takes a number np[ n − 1 ] ... np[ 0 ] (with np[ n − 1 ] � = 0), stores its square root into sp[ ⌈ n / 2 ⌉ − 1 ] ... sp[ 0 ] , stores the remainder into rp[ n − 1 ] ... rp[ 0 ] , returns the actual size of the remainder. Three sub-algorithms (assuming a normalized input) divide and conquer for n > 2, an ad-hoc specialization for n = 2, a bit-fiddling algorithm for n = 1. Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 3/18

  7. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s Square Root mp_size_t mpn_sqrtrem (mp_ptr sp , mp_ptr rp , mp_srcptr np , mp_size_t n); takes a number np[ n − 1 ] ... np[ 0 ] (with np[ n − 1 ] � = 0), stores its square root into sp[ ⌈ n / 2 ⌉ − 1 ] ... sp[ 0 ] , stores the remainder into rp[ n − 1 ] ... rp[ 0 ] , returns the actual size of the remainder. Three sub-algorithms (assuming a normalized input) divide and conquer for n > 2, (proved in Coq in 2002) an ad-hoc specialization for n = 2, a bit-fiddling algorithm for n = 1. (actually intricate) Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 3/18

  8. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s 64-bit Square Root mp_limb_t mpn_sqrtrem1 (mp_ptr rp , mp_limb_t a0) { mp_limb_t a1 , x0 , t2 , t, x2; unsigned abits = a0 >> ( GMP_LIMB_BITS - 1 - 8); x0 = 0x100 | invsqrttab[abits - 0x80]; /* x0 is now an 8 bits approximation of 1/ sqrt(a0) */ a1 = a0 >> ( GMP_LIMB_BITS - 1 - 32); t = ( mp_limb_signed_t ) (CNST_LIMB (0 x2000000000000 ) - 0x30000 - a1 * x0 * x0) >> 16; x0 = (x0 < <16) + (( mp_limb_signed_t ) (x0 * t) >> (16+2)); /* x0 is now a 16 bits approximation of 1/ sqrt(a0) */ t2 = x0 * (a0 >> (32 -8)); t = t2 >> 25; t = (( mp_limb_signed_t )((a0 < <14) - t*t - MAGIC) >>(32-8)); x0 = t2 + (( mp_limb_signed_t ) (x0 * t) >> 15); x0 >>= 32; /* x0 is now a full limb approximation of sqrt(a0) */ x2 = x0 * x0; if (x2 + 2*x0 <= a0 - 1) { x2 += 2*x0 + 1; x0++; } *rp = a0 - x2; return x0; } Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 4/18

  9. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s 64-bit Square Root mp_limb_t mpn_sqrtrem1 (mp_ptr rp , mp_limb_t a0) { mp_limb_t a1 , x0 , t2 , t, x2; unsigned abits = a0 >> ( GMP_LIMB_BITS - 1 - 8); x0 = 0x100 | invsqrttab[abits - 0x80]; /* x0 is an 8 bits approximation of 1/ sqrt(a0) */ a1 = a0 >> ( GMP_LIMB_BITS - 1 - 32); t = ( mp_limb_signed_t ) (CNST_LIMB (0 x2000000000000 ) - 0x30000 - a1 * x0 * x0) >> 16; x0 = (x0 < <16) + (( mp_limb_signed_t )(x0*t)> >(16+2)); /* x0 is a 16 bits approximation of 1/ sqrt(a0) */ ... Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 5/18

  10. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s 64-bit Square Root mp_limb_t mpn_sqrtrem1 (mp_ptr rp , mp_limb_t a0) { mp_limb_t a1 , x0 , t2 , t, x2; unsigned abits = a0 >> ( GMP_LIMB_BITS - 1 - 8); x0 = 0x100 | invsqrttab[abits - 0x80]; /* x0 is an 8 bits approximation of 1/ sqrt(a0) */ a1 = a0 >> ( GMP_LIMB_BITS - 1 - 32); t = ( mp_limb_signed_t ) (CNST_LIMB (0 x2000000000000 ) - 0x30000 - a1 * x0 * x0) >> 16; x0 = (x0 < <16) + (( mp_limb_signed_t )(x0*t)> >(16+2)); /* x0 is a 16 bits approximation of 1/ sqrt(a0) */ ... Table lookup, Newton iteration toward 1 / √ a , modified Newton iteration toward a / √ a , correcting step. Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 5/18

  11. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s 64-bit Square Root mp_limb_t mpn_sqrtrem1 (mp_ptr rp , mp_limb_t a0) { mp_limb_t a1 , x0 , t2 , t, x2; unsigned abits = a0 >> ( GMP_LIMB_BITS - 1 - 8); x0 = 0x100 | invsqrttab[abits - 0x80]; /* x0 is an 8 bits approximation of 1/ sqrt(a0) */ a1 = a0 >> ( GMP_LIMB_BITS - 1 - 32); t = ( mp_limb_signed_t ) (CNST_LIMB (0 x2000000000000 ) - 0x30000 - a1 * x0 * x0) >> 16; x0 = (x0 < <16) + (( mp_limb_signed_t )(x0*t)> >(16+2)); /* x0 is a 16 bits approximation of 1/ sqrt(a0) */ ... Table lookup, Newton iteration toward 1 / √ a , modified Newton iteration toward a / √ a , correcting step. Hand-coded fixed-point arithmetic. Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 5/18

  12. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow GMP’s 64-bit Square Root mp_limb_t mpn_sqrtrem1 (mp_ptr rp , mp_limb_t a0) { mp_limb_t a1 , x0 , t2 , t, x2; unsigned abits = a0 >> ( GMP_LIMB_BITS - 1 - 8); x0 = 0x100 | invsqrttab[abits - 0x80]; /* x0 is an 8 bits approximation of 1/ sqrt(a0) */ a1 = a0 >> ( GMP_LIMB_BITS - 1 - 32); t = ( mp_limb_signed_t ) (CNST_LIMB (0 x2000000000000 ) - 0x30000 - a1 * x0 * x0) >> 16; x0 = (x0 < <16) + (( mp_limb_signed_t )(x0*t)> >(16+2)); /* x0 is a 16 bits approximation of 1/ sqrt(a0) */ ... Table lookup, Newton iteration toward 1 / √ a , modified Newton iteration toward a / √ a , correcting step. Hand-coded fixed-point arithmetic. Intentional overflow: (a0<<14) - t*t . Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 5/18

  13. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow The Why3 Workflow GMP library Specification WhyML library Why3 Verified Verification C library conditions SMT solvers Coq Gappa Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 6/18

  14. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow The Why3 Workflow GMP library Specification WhyML library Why3 Verified Verification C library conditions SMT solvers Coq Gappa Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 6/18

  15. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow The Why3 Workflow GMP library Specification WhyML library Why3 Verified Verification C library conditions SMT solvers Coq Gappa Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 6/18

  16. Introduction Fixed-point Proof Conclusion Motivation Sqrt Workflow The Why3 Workflow GMP library Specification WhyML library Why3 Verified Verification C library conditions SMT solvers Coq Gappa Melquiond, Rieu-Helft Formal Verification of a State-of-the-Art Integer Square Root 6/18

Recommend

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom

for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom

Relational STE and Theorem Proving for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom Melham, Oxford CPU datapath verification at Intel Thousands of operations Integer, FP, SSE, AVX,

241 views • 23 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com

Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com

Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com JNAO 2nd June 2006 0 Overview Computer arithmetic bugs Formal verification and theorem proving Floating-point arithmetic Square

843 views • 37 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

707 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Automata in Infinite-State Formal Verification Ond rej Leng al Advisor: prof. Ing. Tom

Automata in Infinite-State Formal Verification Ond rej Leng al Advisor: prof. Ing. Tom

Automata in Infinite-State Formal Verification Ond rej Leng al Advisor: prof. Ing. Tom a s Vojnar, Ph.D. (Co-supervised by: Mgr. Luk a s Hol k, Ph.D.) Faculty of Information Technology Brno University of Technology Ond

562 views • 43 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Formal Specification and Verification of Voting Software Bernhard Beckert | ComSoC, 14.04.13 K

Formal Specification and Verification of Voting Software Bernhard Beckert | ComSoC, 14.04.13 K

Formal Specification and Verification of Voting Software Bernhard Beckert | ComSoC, 14.04.13 K ARLSRUHE I NSTITUTE OF T ECHNOLOGY | D EPARTMENT OF C OMPUTER S CIENCE www.kit.edu KIT University of the State of Baden-Wuerttemberg and National

791 views • 67 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies Synopsys, Inc. June 18, 2017 1 Build Better Formal Verification Tools? CAR BICYCLE DOG S oftware that learns from experience and enables

767 views • 40 slides
Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA tools for students, hobbyists, enthusiasts FPGA Synthesis Formal Verification Free to use: Free to use: Xilinx Vivado WebPack,

819 views • 49 slides
Formal Verification via MCMAS &amp; PRISM Hongyang Qu University of Sheffield 1 December 2015

Formal Verification via MCMAS &amp; PRISM Hongyang Qu University of Sheffield 1 December 2015

Formal Verification via MCMAS &amp; PRISM Hongyang Qu University of Sheffield 1 December 2015 Outline Motivation for Formal Verification Overview of MCMAS Overview of PRISM Formal verification It is a systematic way to check

461 views • 34 slides
Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the meaning

740 views • 54 slides
Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018

Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018

Formal Verification of Masked Implementations Sonia Bela d Benjamin Gr egoire CHES 2018 - Tutorial September 9th 2018 1 / 47 1 Side-Channel Attacks and Masking 2 Formal Tools for Verification at Fixed Order 3 Formal Tools

1.24k views • 97 slides
Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the

811 views • 68 slides
Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July 2008 0 Formal verification Formal verification: mathematically prove the correctness of a design with respect to a mathematical formal specification

570 views • 53 slides

More recommend