trusting large specifications the virtuous cycle
play

Trusting Large Specifications: The Virtuous Cycle Alastair Reid - PowerPoint PPT Presentation

Apr 03, 2023 •241 likes •518 views

Trusting Large Specifications: The Virtuous Cycle Alastair Reid alastair.reid@arm.com @alastair_d_reid ARM Research Applica'on Library OS Compiler Processor ARM Research 2 Qualities of a Specification Applicability Scope

  1. Trusting Large Specifications: The Virtuous Cycle Alastair Reid alastair.reid@arm.com @alastair_d_reid ARM Research

  2. Applica'on Library OS Compiler Processor ARM Research 2

  3. Qualities of a Specification Applicability Scope Trustworthiness ARM Research 3

  4. Applicability v6 (1997) A -class (phones/tablets/servers) v7 (2005) R -class (real-time, lock-step support) v8.0 (2013) v8.1 (2015) M -class (microcontroller) v8.2 (2016) ARM Research 4

  5. Scope Compiler targeted instructions? User-level instructions? User+Supervisor? User+Supervisor+Hypervisor+Secure Monitor? ARM Research 5

  6. ISA Specification - ASL Opcode Check Validity Get Operands Set Result Register Set Flags ARM Research 6

  7. System Architecture Specification ARM Research 7

  8. ARM Spec (lines of code) v8-A v8-M Instructions 26,000 6,000 Int/FP/SIMD Exceptions 4,000 3,000 Memory 3,000 1,000 Debug 3,000 1,000 5,500 2,000 Misc (Test support) 1,500 2,000 Total 43,000 15,000 ARM Research 8

  9. System Register Spec v8-A v8-M 586 186 Registers Fields 3951 622 Constant 985 177 aoe Reserved 940 208 Impl. Defined 70 10 Passive 1888 165 68 62 Active Operations 112 10 ARM Research 9

  10. Trustworthiness ARM Research 10

  11. Trustworthiness ARM’s specification is correct by definition ARM Research 10

  12. Trustworthiness ARM’s specification is correct by definition ARM Research 10

  13. Trustworthiness Does the specification match the behaviour of all ARM processors? ARM Research 11

  14. ARM Spec Test S'mulus =?= Oracle ARM Research 12

  15. ARM Spec Directed Tests Random Tests … =?= Memory Tests IRQ Generators Oracle ARM Research 13

  16. ARM Spec Directed Tests Random Tests Self-checking … Bus monitors Memory Tests Trace compare IRQ Generators Oracle ARM Research 14

  17. Architecture Conformance Suite Processor architectural compliance sign-off Large v8-A 11,000 test programs, > 2 billion instructions v8-M 3,500 test programs, > 250 million instructions Thorough Tests dark corners of specification ARM Research 15

  18. v8-A v8-M 100% 100% 75% 75% 50% 50% 25% 25% 0% 0% ARM Research 16

  19. Trustworthy Specifica'ons of ARM v8-A and v8-M System Level Architecture, FMCAD 2016 Pass / Fail ARM Spec ASL Interpreter ELF Test Implementa'on Defined ARM Research 17

  20. End to End Verifica'on of ARM Processors with ISA-Formal, CAV 2016 Counterexample ARM Spec Model Checker ARM CPU Counterexample ARM Research 18

  21. (Work by Jon French and Nathan Chong) ARM Spec ASL Interpreter mbedOS Implementa'on Defined ARM Research 19

  22. (Work by Jon French and Nathan Chong) ARM Spec AFL Fuzzer mbedOS Bugs ARM Research 20

  23. Creating a Virtuous Cycle ARM Informa'on Conformance Testcase Flow TestSuite Genera'on Analysis Processor So_ware ARM Spec Verifica'on Verifica'on Random Boot Instruc'on AFL OS Sequences Fuzzer ARM Research 21

  24. Preparing public release of ARM v8-A specification • Enable formal verification of software and tools • Public release planned for 2016 Q4 • Liberal license • REMS group currently translating to SAIL Talk to me about how I can help you use it ARM Research 22

  25. CPU Specifications Basis of a lot of formal verification Too large to be “obviously correct” Reusable specs enable “virtuous cycle” Greater effort to produce Share testing / maintenance effort More likely to be correct Preparing public release of machine readable ARM Specification ARM Research 23

  26. End Alastair Reid ARM Research alastair.reid@arm.com @alastair_d_reid

Recommend

Virtuous Cycle(s) of Velocity What I Learned About Going Fast at eBay and Google Randy Shoup

Virtuous Cycle(s) of Velocity What I Learned About Going Fast at eBay and Google Randy Shoup

Virtuous Cycle(s) of Velocity What I Learned About Going Fast at eBay and Google Randy Shoup @randyshoup linkedin.com/in/randyshoup Background CTO at KIXEYE Making awesome games awesomer (and scalabler and reliabler) Director of Engineering for

190 views • 18 slides
The Virtuous Cycle of Data Mining Data is at the heart of most companies core business

The Virtuous Cycle of Data Mining Data is at the heart of most companies core business

The Virtuous Cycle of Data Mining Data is at the heart of most companies core business processes Data is generated by transactions regardless of industry (retail, insurance) In addition to this internal data, there are lots of

419 views • 4 slides
Grupo LALA Virtuous cycle drives success Safe Harbor This material does not constitute an

Grupo LALA Virtuous cycle drives success Safe Harbor This material does not constitute an

Grupo LALA Virtuous cycle drives success Safe Harbor This material does not constitute an offering document. This material was prepared solely for informational purposes and is not to be construed as a solicitation or an offer to buy or sell any

833 views • 51 slides
Grupo LALA Virtuous cycle drives success Safe Harbor This material does not constitute an

Grupo LALA Virtuous cycle drives success Safe Harbor This material does not constitute an

Grupo LALA Virtuous cycle drives success Safe Harbor This material does not constitute an offering document. This material was prepared solely for informational purposes and is not to be construed as a solicitation or an offer to buy or sell any

428 views • 39 slides
Leading with Care AMPATH Purdue Kenya Partnership The Virtuous Cycle of Academic Engagement

Leading with Care AMPATH Purdue Kenya Partnership The Virtuous Cycle of Academic Engagement

Leading with Care AMPATH Purdue Kenya Partnership The Virtuous Cycle of Academic Engagement Care Teaching Research Leading with Care Academ demic Mod odel Provid vidin ing Acces ess To o Health thcar are Initiated in

881 views • 29 slides
T RAVEL PROMOTIONS VIRTUOUS CYCLE In 2016, Travel Exports (spending by international travelers

T RAVEL PROMOTIONS VIRTUOUS CYCLE In 2016, Travel Exports (spending by international travelers

TOURISM IS BIG BUSINESS T RAVEL PROMOTIONS VIRTUOUS CYCLE In 2016, Travel Exports (spending by international travelers to US) exceed Travel Imports (spending by US travelers to other countries) = Trade Surplus = $84 BILLION surplus LOUISIANA

854 views • 58 slides
Outline Trusting trust attack Countering Trusting Trust What it is through Diverse

Outline Trusting trust attack Countering Trusting Trust What it is through Diverse

Outline Trusting trust attack Countering Trusting Trust What it is through Diverse Double-Compiling Attacker motivations Triggers & payloads David A. Wheeler Inadequate solutions & related work Solution: Diverse

517 views • 25 slides
Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive Proofs Proofs Graham Cormode G.Cormode@warwick.ac.uk Amit Chakrabarti (Dartmouth) Andrew McGregor (U Mass Amherst) Justin Thaler (Harvard/Yahoo!)

257 views • 14 slides
policies versus a Virtuous Circle of reinforcing policies Suzana Carp Brussels Office Lead 06

policies versus a Virtuous Circle of reinforcing policies Suzana Carp Brussels Office Lead 06

A Vicious Cycle of overlapping policies versus a Virtuous Circle of reinforcing policies Suzana Carp Brussels Office Lead 06 June 2017 Impact of policy overlap on the price in the EU ETS Report: Placing the EU ETS in context (Sandbag, 1

697 views • 5 slides
Specifications and formal program development in-the-large What are specifications for? For

Specifications and formal program development in-the-large What are specifications for? For

Specifications and formal program development in-the-large What are specifications for? For the system user: specification captures the properties of the system the user can rely on. For the system developer: specification captures all the

297 views • 26 slides
VLSI Design Styles Basic Concepts in VLSI Physical Design Automation VLSI Design Cycle

VLSI Design Styles Basic Concepts in VLSI Physical Design Automation VLSI Design Cycle

VLSI Design Styles Basic Concepts in VLSI Physical Design Automation VLSI Design Cycle Large number of devices System Optimization requirements Specifications for high performance Time-to-market competition Cost Manual

789 views • 57 slides
VLSI Design Styles Basic Concepts in VLSI Physical Design Automation 1 VLSI Design Cycle

VLSI Design Styles Basic Concepts in VLSI Physical Design Automation 1 VLSI Design Cycle

VLSI Design Styles Basic Concepts in VLSI Physical Design Automation 1 VLSI Design Cycle Large number of devices System Optimization requirements Specifications for high performance Time-to-market competition Cost

559 views • 29 slides
BIG DATA AND US 2 GARTNER HYPE CYCLE www.gartner.com www.wikipedia.org GARTNER HYPE CYCLE 3

BIG DATA AND US 2 GARTNER HYPE CYCLE www.gartner.com www.wikipedia.org GARTNER HYPE CYCLE 3

BIG DATA AND US 2 GARTNER HYPE CYCLE www.gartner.com www.wikipedia.org GARTNER HYPE CYCLE 3 Emerging technologies 2014 www.gartner.com 4 TIME TO BE PRODUCTIVE Large data hide true quantitative signal Large data generate spurious

446 views • 21 slides
Company Overview Sajars Specialties Molding Specifications Large Parts (10 to 80

Company Overview Sajars Specialties Molding Specifications Large Parts (10 to 80

Company Overview Sajars Specialties Molding Specifications Large Parts (10 to 80 horizontal, 10 to 70 vertical, Surface Area: In excess of 1,000 sq. in.) High Cosmetic Standards Conversions to Gas Assist Injection Molding

898 views • 40 slides
Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) David A. Wheeler

Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) David A. Wheeler

Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) David A. Wheeler November 18, 2009 http://www.dwheeler.com/trusting-trust This presentation contains the views of the author and does not necessarily indicate endorsement

1.22k views • 72 slides
Certification Specifications and Acceptable Means of Compliance for Large Rotorcraft CS-29

Certification Specifications and Acceptable Means of Compliance for Large Rotorcraft CS-29

Annex to ED Decision 2016/025/R European Aviation Safety Agency Certification Specifications and Acceptable Means of Compliance for Large Rotorcraft CS-29 Amendment 4 30 November 2016 1 1 For the date of entry into force of Amendment 4,

1.57k views • 142 slides
Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) David A. Wheeler May 7,

Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) David A. Wheeler May 7,

Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) David A. Wheeler May 7, 2013 http://www.dwheeler.com/trusting-trust This presentation contains the views of the author and does not necessarily indicate endorsement by

770 views • 72 slides
RCIA 9: The Cardinal and Theological Virtues 9: The Cardinal and Theological Virtues Virtuous

RCIA 9: The Cardinal and Theological Virtues 9: The Cardinal and Theological Virtues Virtuous

9/2/2019 RCIA 9: The Cardinal and Theological Virtues 9: The Cardinal and Theological Virtues Virtuous Living Goal of the virtuous life is to become like God Living in truth and love is the only authentic response to You, therefore,

516 views • 10 slides
Symbolic Model Checking for Large Software Specifications William Chan Richard Anderson Paul

Symbolic Model Checking for Large Software Specifications William Chan Richard Anderson Paul

Symbolic Model Checking for Large Software Specifications William Chan Richard Anderson Paul Beame Steve Burns Francesmary Modugno David Jones (Boeing) David Notkin Jon D. Reese William Warner (Boeing) Motivation: circa 1998-2000 How

575 views • 44 slides
A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas State] John Hatcliff Work on specification patterns by Matthew Dwyer, Jay Corbett, and George Avrunin http://www.cis.ksu.edu/santos/bandera

303 views • 29 slides
Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications Reach Lift System Seat height 9-33 Wheel brakes, Handles 100kg Sliding bearings without tipping Safety and stability Weight Hydraulic jack 1500N

298 views • 13 slides
A sustainable fine chocolate market Creating a virtuous circle of quality, flavour,

A sustainable fine chocolate market Creating a virtuous circle of quality, flavour,

A sustainable fine chocolate market Creating a virtuous circle of quality, flavour, sustainability and fair prices for farmers FOUNDER MEMBERS kessons Organic, Switzerland Amano, USA Bonnat Chocolatier, France Susana Crdenas, Seventy%,

431 views • 8 slides
EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com http://www.elizabethcastro.com/epub Specifications Specifications Specifications Specifications Specifications Specifications Specifications Specifications

712 views • 58 slides
trusting in the Promise Arise This is the command of God to Abraham: Arise, walk through

trusting in the Promise Arise This is the command of God to Abraham: Arise, walk through

PRESENTATION OF THE THEME Arise, go on your journey (Dt. 10:11) trusting in the Promise Arise This is the command of God to Abraham: Arise, walk through the length and the breadth of the land, for I will give it to you (Gn.

154 views • 3 slides

More recommend