program verification as a toolbox
play

Program Verification as a Toolbox 2005Now Todays Verification A - PowerPoint PPT Presentation

Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems Program Verification as a Toolbox 2005Now Todays Verification A Brief, Subjective History Toolbox Whats Next? David Cock January 23, 2015 1


  1. Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems Program Verification as a Toolbox 2005–Now Today’s Verification A Brief, Subjective History Toolbox What’s Next? David Cock January 23, 2015 1 / 32

  2. Program Is Your System Correct? Verification as a Toolbox Short answer — no. David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? 2 / 32

  3. Program Is Your System Correct? Verification as a Toolbox Short answer — no. David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? 3 / 32

  4. The Bug Rate in Linux 1 Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2.6.5 2.6.10 2.6.15 2.6.20 2.6.25 2.6.30 2005–Now Average 0.8 % of faulty notes Staging Today’s Verification Toolbox Drivers 0.6 Sound What’s Next? Arch 0.4 FS Net 0.2 Other 0.0 2004 2005 2006 2007 2008 2009 2010 It’s dropping, but there’s a long way to go. 1 Source: Palix et. al., Faults in Linux: Ten Years Later, ASPLOS’11 4 / 32

  5. Bug Lifetime in Linux 2 Program Verification as a Toolbox David Cock Is Your System Correct? All faults Cumulative number 80 % of all faults Verified Systems 1500 50 % of all faults of faults fixed 2005–Now Staging Today’s Verification Drivers 1000 Toolbox 50 % of drivers Sound What’s Next? 500 Arch FS Net 0 Other 0 2 4 6 Years • Only 60% fixed within a year. • Asymptotic — some bugs live 5+ years! 2 Source: Palix et. al., Faults in Linux: Ten Years Later, ASPLOS’11 5 / 32

  6. Program Why Now? Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification • Less expertise is required than 10 years ago. Toolbox • We’ve seen some real milestones: What’s Next? • seL4 • CompCert • Tool support has matured dramatically. 6 / 32

  7. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verified Systems 2005–Now 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 7 / 32

  8. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems 2005–Now 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 8 / 32

  9. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 9 / 32

  10. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 10 / 32

  11. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification Toolbox What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 11 / 32

  12. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 12 / 32

  13. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 13 / 32

  14. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 14 / 32

  15. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now Today’s Verification Toolbox What’s Next? 15 / 32

  16. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? 16 / 32

  17. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? *(a++) = ++*a-- + (*(a++))++ * *--a; 17 / 32

  18. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? *(a++) = ++*a-- + (*(a++))++ * *--a; • We’ve now got a formal semantics for C 3 . 3 Winwood et. al., Mind the gap: A verification framework for low-level C, TPHOLS’09 18 / 32

  19. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? *(a++) = ++*a-- + (*(a++))++ * *--a; • We’ve now got a formal semantics for C 3 . • As long as you don’t write nonsense like this. 3 Winwood et. al., Mind the gap: A verification framework for low-level C, TPHOLS’09 19 / 32

  20. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 20 / 32

  21. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? CompCert 2009 seL4 Applications 2014 2013 2012 2011 2010 21 / 32

  22. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: 22 / 32

  23. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. 23 / 32

  24. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. 24 / 32

  25. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. • An automatic verifier for concurrent C: VCC. 25 / 32

  26. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. • An automatic verifier for concurrent C: VCC. • seL4 compiles with CompCert... 26 / 32

  27. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. • An automatic verifier for concurrent C: VCC. • seL4 compiles with CompCert... but VCC can’t (yet) verify seL4. 27 / 32

  28. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? CompCert 2009 seL4 Applications 2014 2013 2012 2011 2010 28 / 32

  29. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? AutoCorres ASM Verification CompCert 2009 seL4 Applications 2014 2013 2012 2011 2010 29 / 32

Recommend


More recommend