formal verification of a wcet estimation tool
play

Formal Verification of a WCET Estimation Tool Sandrine Blazy 1 , Andr - PowerPoint PPT Presentation

Jan 19, 2023 •279 likes •751 views

Formal Verification of a WCET Estimation Tool Sandrine Blazy 1 , Andr Maroneze 1 , David Pichardie 2 , Isabelle Puaut 1 1 University of Rennes 1 France 2 ENS Rennes, France 08/07/2014 1/30 Motivation Formal methods in industry Formal

  1. Formal Verification of a WCET Estimation Tool Sandrine Blazy 1 , André Maroneze 1 , David Pichardie 2 , Isabelle Puaut 1 1 University of Rennes 1 – France 2 ENS Rennes, France 08/07/2014 1/30

  2. Motivation Formal methods in industry Formal methods increasingly applied in industry Formal verification Machine-checked proofs Specifications → executable code Useful for industrial-size applications Examples: seL4 (NICTA), CompCert (Inria) 2/30

  3. Motivation Formal verification with proof assistants Interactive proof assistants (e.g. ACL2, Coq, Isabelle) Logic specification language → properties & theorems Functional programming language → algorithms Interactive (step-by-step) proof construction Executable code generation 3/30

  4. Motivation Coq general scheme 4/30

  5. Motivation Formal verification for WCET estimation Current tools perform very sophisticated analyses Formal verification helps to better understand them (e.g. implicit assumptions, corner cases) Idea: formally verify an existing WCET estimation method Integration within a compiler (CompCert) Products of the verification Correctness theorem for WCET estimation Verified tool (+ experimental evaluation) 5/30

  6. Outline 1 Architecture of our formalized tool 2 Formalization approach 3 Experimental evaluation 4 Conclusion and future work 6/30

  7. Overview WCET estimation tool architecture [Wilhelm08] 7/30

  8. Overview Architecture of the formalized WCET estimation tool 8/30

  9. Overview Architecture of the formalized WCET estimation tool 8/30

  10. Overview Architecture of the formalized WCET estimation tool 8/30

  11. Overview CompCert Moderately optimizing, formally verified C compiler Several intermediate languages E.g. RTL → data-flow analyses/optimizations 9/30

  12. Overview CompCert Moderately optimizing, formally verified C compiler Several intermediate languages E.g. RTL → data-flow analyses/optimizations Semantic preservation theorem Proof that compilation preserves program behavior 9/30

  13. Overview Architecture of the formalized WCET estimation tool 10/30

  14. Overview Architecture of the formalized WCET estimation tool 10/30

  15. Overview Architecture of the formalized WCET estimation tool Based on one of the methods used by SWEET Combination of reusable techniques 10/30

  16. Overview Loop bound estimation Program slicing Simplifies the program while preserving loop iterations Improves the precision of the estimation Value analysis by abstract interpretation Safe over-approximation of variable values Intervals of machine integers (32-bit) Bound computation Variable values → local bounds → nested loops → global bounds 11/30

  17. Overview Architecture of the formalized WCET estimation tool 12/30

  18. Outline 1 Architecture of our formalized tool 2 Formalization approach 3 Experimental evaluation 4 Conclusion and future work 13/30

  19. Formalization Formal verification approach σ =< ℓ , E , cs > Specify a formal semantics σ → σ ′ . . . Theorem (Bound correctness) Define correctness theorems Let P be a program s.t. . . . . . . then cs ( ℓ ) ≤ bound ( ℓ ) . Using the formal semantics Lemma correct_bounds: forall P σ , (reaches P σ ) → . . . Proof. Perform the proof intros P σ . induction reaches. . . . Qed. 14/30

  20. Formalization Formal RTL semantics (simplified) ⇒ Defined in CompCert ⇒ Standard small-step semantics CompCert’s RTL semantics Program state: σ = < ℓ , E > ℓ : program point (node in the CFG) E : environment (maps variables to values) Execution step relation → < ℓ ′ , E ′ > P ⊢ < ℓ , E > − Reachable state → ∗ σ σ ∈ reach ( P ) ⇐ ⇒ σ 0 − Execution trace: tr = [ σ 0 , σ 1 , σ 2 ,..., σ ] List of reachable states 15/30

  21. Formalization Adapting the RTL semantics Addition of execution counters Modified RTL semantics Program state: σ = < ℓ , E , cs > cs : counters (node �→ N ) Execution step relation → < ℓ ′ , E ′ , cs ′ > P ⊢ < ℓ , E , cs > − Counters incremented at each step 16/30

  22. Formalization Correctness theorem Theorem (Bound correctness) Let P be a program such that P’s execution terminates with counters cs, and let ℓ be a program point in P. Then cs ( ℓ ) ≤ bound ( P )( ℓ ) . bound : function computing the loop bound estimation E.g. bound(P)( ℓ ) = bounds(value(slice(P, ℓ ))) 17/30

  23. Formalization Correctness theorem Theorem (Bound correctness) Let P be a program such that P’s execution terminates with counters cs, and let ℓ be a program point in P. Then cs ( ℓ ) ≤ bound ( P )( ℓ ) . bound : function computing the loop bound estimation E.g. bound(P)( ℓ ) = bounds(value(slice(P, ℓ ))) Informally: For every terminating execution of program P , 17/30

  24. Formalization Correctness theorem Theorem (Bound correctness) Let P be a program such that P’s execution terminates with counters cs, and let ℓ be a program point in P. Then cs ( ℓ ) ≤ bound ( P )( ℓ ) . bound : function computing the loop bound estimation E.g. bound(P)( ℓ ) = bounds(value(slice(P, ℓ ))) Informally: For every terminating execution of program P , the actual execution counters of any program point ℓ 17/30

  25. Formalization Correctness theorem Theorem (Bound correctness) Let P be a program such that P’s execution terminates with counters cs, and let ℓ be a program point in P. Then cs ( ℓ ) ≤ bound ( P )( ℓ ) . bound : function computing the loop bound estimation E.g. bound(P)( ℓ ) = bounds(value(slice(P, ℓ ))) Informally: For every terminating execution of program P , the actual execution counters of any program point ℓ are overestimated by the result of the loop bound estimation. 17/30

  26. Formalization Correctness theorem Theorem (Bound correctness) Let P be a program such that P’s execution terminates with counters cs, and let ℓ be a program point in P. Then cs ( ℓ ) ≤ bound ( P )( ℓ ) . bound : function computing the loop bound estimation E.g. bound(P)( ℓ ) = bounds(value(slice(P, ℓ ))) Informally: For every terminating execution of program P , the actual execution counters of any program point ℓ are overestimated by the result of the loop bound estimation. 17/30

  27. Formalization Correctness theorem RTL bounds → ASM bounds Start-to-end-correctness theorem Uses CompCert’s annotations + semantic preservation theorem stw 0, 8(1) int i = 0; 1: x1 = 0 .L100: cmpwi 0, 4, 5 while (i < 5) { 2: if (x1 >=s 5) goto 6 bf 0, .L101 → → # annotation: loop _annot("loop"); 3: x2 = builtin annot "loop" addi 4, 4, 1 i++; 4: x1 = x1 + 1 b .L100 } 5: goto 2 .L101: 6: C RTL Assembly 18/30

  28. Formalization Overview of the formalized WCET estimation tool 19/30

  29. Formalization Program slicing Proof techniques Complementary techniques Direct proof Specify and formalize the algorithm A posteriori , verified validation Correctness ensured for a single input (runtime cost) 20/30

  30. Formalization Program slicing Proving program slicing correctness Efficient program slicing → imperative data structures E.g. program dependency graph ⇒ Complex proof Validation → decouples algorithm and proof Proof strategy Define and prove relation between original and sliced programs Code an efficient validator which checks it 21/30

  31. Formalization Loop bound estimation Repeat steps for remaining components, then compose the proofs 22/30

  32. Formalization Estimate computation 22/30

  33. Formalization IPET Implicit Path Enumeration Technique [Malik95] Control flow → linear programming (LP) system Represent execution counters for CFG nodes and edges with variables x i and e i , j Entry/exit constraints x entry = 1 x exit = 1 Flow constraints ( � e in = x i = � e out ) e entry , 1 + e 5 , 1 = x 1 = e 1 , exit + e 1 , 2 Loop constraints (derived from loop bounds) x 1 ≤ 6 ← loop bound estimation theorem WCET estimate: max( � x i . t i ) = 21 instructions → Here, t i = 1 (hardware cost coefficient) 23/30

  34. Formalization IPET IPET correctness and proof Approach similar to RTL: ASM semantics + counters X ( i ) → nodes E ( i , j ) → edges Correctness: (actual WCET) ≤ (WCET estimate) Algorithm + proof 1 LP generation → direct proof 2 External (non-verified) LP solver 3 LP validation → based on Farkas certificates 24/30

  35. Outline 1 Architecture of our formalized tool 2 Formalization approach 3 Experimental evaluation 4 Conclusion and future work 25/30

  36. Experimental evaluation Why to evaluate? Proof → ensure correctness Evaluation → measure precision ⇒ Objective: check whether results are practically useful Evaluated on the Mälardalen benchmarks Loop bound estimation Value analysis WCET estimation ⇒ Compiler integration → transformations for improved precision 26/30

  37. Experimental evaluation WCET estimation Results of the WCET estimation Comparison: WCET estimate vs. exact WCET → ASM emulator + known worst-case input 27/30

Recommend

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena Philip Daian Grigore Rosu Nov 7, 2018 @ FSE18 Smart contracts Programs that run on blockchain Usually written in a high-level

537 views • 28 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K.

Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K.

Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K. Bhattacharjee RCnD, BARC Supratik Chakraborty, CFDVS, IIT Bombay Introduction Design of modern computer based systems involves partitioning of

710 views • 58 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
On the Sustainability of the Extreme Value Theory for WCET Estimation Luca Santinelli , J er

On the Sustainability of the Extreme Value Theory for WCET Estimation Luca Santinelli , J er

On the Sustainability of the Extreme Value Theory for WCET Estimation Luca Santinelli , J er ome Morio, Guillaume Dufour, Damien Jacquemart Plan 1 Motivations &amp; Problem Statement 2 EVT Applicability: what are the hypotheses to apply

390 views • 35 slides
State-of-the-art of WCET (Worst- Case Execution Time) Estimation methods Isabelle PUAUT

State-of-the-art of WCET (Worst- Case Execution Time) Estimation methods Isabelle PUAUT

State-of-the-art of WCET (Worst- Case Execution Time) Estimation methods Isabelle PUAUT University de Rennes I / IRISA Rennes (CAPS) September 2007 Outline Context: real-time systems Timing analysis methods Classes of WCET

681 views • 40 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Jakarta a tool support for formal verification Gilles Barthe Pierre Courtieu Guillaume Dufay

Jakarta a tool support for formal verification Gilles Barthe Pierre Courtieu Guillaume Dufay

Jakarta a tool support for formal verification Gilles Barthe Pierre Courtieu Guillaume Dufay Marieke Huisman Sim ao Melo de Sousa Sorin Stratulat FirstName.LastName@sophia.inria.fr INRIA Sophia-Antipolis France Verificard02 p.1

500 views • 21 slides
Using a WCET Analysis Tool in Real-Time Systems Education Samuel Petersson*, Andreas Ermedahl*,

Using a WCET Analysis Tool in Real-Time Systems Education Samuel Petersson*, Andreas Ermedahl*,

Using a WCET Analysis Tool in Real-Time Systems Education Samuel Petersson*, Andreas Ermedahl*, Anders Pettersson*, Daniel Sundmark*, and Niklas Holsti # *Mlardalen Real-Time Research Center (MRTC) # Tidorum Ltd Status of WCET analysis

253 views • 12 slides
SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA Yosys, Yosys-SMTBMC, SymbiYosys Yosys FOSS Verilog Synthesis tool and more highly flexible, customizable using scripts Formal

600 views • 35 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
WCET Tool Challenge 2014 Outline 1. Objectives of the challenge 2. Benchmarks and problems 3.

WCET Tool Challenge 2014 Outline 1. Objectives of the challenge 2. Benchmarks and problems 3.

WCET Tool Challenge 2014 Outline 1. Objectives of the challenge 2. Benchmarks and problems 3. Participants 4. State of progress / next? Objectives a set of benchmarks and problems to: o compare the properties of different WCET tools

355 views • 20 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

707 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
INTEGRATED WCET ESTIMATION OF MULTICORE APPLICATIONS Dumitru Potop-Butucaru, Isabelle Puaut

INTEGRATED WCET ESTIMATION OF MULTICORE APPLICATIONS Dumitru Potop-Butucaru, Isabelle Puaut

1 INTEGRATED WCET ESTIMATION OF MULTICORE APPLICATIONS Dumitru Potop-Butucaru, Isabelle Puaut Motivation: Scalable timing analysis 2 Real-time systems: complexity steadily increases Hardware: Multi-core, networks-on-chips Software:

546 views • 28 slides
Removing Infeasible Paths in WCET Estimation: The Counter Method Work made during the ANR Project

Removing Infeasible Paths in WCET Estimation: The Counter Method Work made during the ANR Project

Removing Infeasible Paths in WCET Estimation: The Counter Method Work made during the ANR Project W-SEPT (2012-2016) Mihail Asavoae, R emy Boutonnet, Fabienne Carrier, Nicolas Halbwachs, Erwan Jahier, Claire Maiza, Catherine Parent-Vigouroux,

445 views • 27 slides
Trust in programming tools: the formal verification of compilers and static analysers Xavier

Trust in programming tools: the formal verification of compilers and static analysers Xavier

Trust in programming tools: the formal verification of compilers and static analysers Xavier Leroy Inria Paris Verified trustworthy software systems, April 2016 X. Leroy (Inria) Trust in tools 2016-04-05 1 / 35 Tool-assisted formal

731 views • 52 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies Synopsys, Inc. June 18, 2017 1 Build Better Formal Verification Tools? CAR BICYCLE DOG S oftware that learns from experience and enables

767 views • 40 slides

More recommend