w hat s special about s ystem c alls
play

W HAT S SPECIAL ABOUT S YSTEM C ALLS ? From the point of view of a - PowerPoint PPT Presentation

May 22, 2023 •334 likes •889 views

I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S IMULATION AND F ORMAL V ERIFICATION OF X 86 M ACHINE -C ODE P ROGRAMS THAT MAKE S YSTEM C ALLS Shilpi Goel Warren A. Hunt, Jr. Matt Kaufmann

  1. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S IMULATION AND F ORMAL V ERIFICATION OF X 86 M ACHINE -C ODE P ROGRAMS THAT MAKE S YSTEM C ALLS Shilpi Goel Warren A. Hunt, Jr. Matt Kaufmann Soumava Ghosh The University of Texas at Austin 22 nd October, 2014 1| 31

  2. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 2| 31

  3. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 3| 31

  4. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK M OTIVATION Bug-hunting tools, like static analyzers, have matured remarkably. ◮ Regularly used in the software development industry ◮ Strengths: easy to use; largely automatic ◮ Weaknesses: cannot prove complex invariants; cannot prove the absence of bugs 4| 31

  5. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK M OTIVATION Bug-hunting tools, like static analyzers, have matured remarkably. ◮ Regularly used in the software development industry ◮ Strengths: easy to use; largely automatic ◮ Weaknesses: cannot prove complex invariants; cannot prove the absence of bugs We want to formally verify properties of (x86 machine-code) programs that cannot be established in the foreseeable future by automatic tools. 4| 31

  6. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls 5| 31

  7. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls ◮ Specify the x86 ISA and Linux/FreeBSD system calls in ACL2 program- ming/proof environment 5| 31

  8. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls ◮ Specify the x86 ISA and Linux/FreeBSD system calls in ACL2 program- ming/proof environment ◮ Validate the above specification against real hardware and software 5| 31

  9. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls ◮ Specify the x86 ISA and Linux/FreeBSD system calls in ACL2 program- ming/proof environment ◮ Validate the above specification against real hardware and software ◮ Reason about x86 machine-code programs using this specification 5| 31

  10. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK W HAT ’ S SPECIAL ABOUT S YSTEM C ALLS ? ◮ From the point of view of a programmer, system calls are non-deterministic ; different runs can yield different results on the same machine. 6| 31

  11. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK W HAT ’ S SPECIAL ABOUT S YSTEM C ALLS ? ◮ From the point of view of a programmer, system calls are non-deterministic ; different runs can yield different results on the same machine. ◮ This makes it non-trivial to reason about user-level programs that make system calls. 6| 31

  12. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK W HAT ’ S SPECIAL ABOUT S YSTEM C ALLS ? ◮ From the point of view of a programmer, system calls are non-deterministic ; different runs can yield different results on the same machine. ◮ This makes it non-trivial to reason about user-level programs that make system calls. Proved functional correctness of a word count program 6| 31

  13. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK C ORRECTNESS OF THE W ORD C OUNT P ROGRAM Assembly Program Snippet Pseudo-code: Specification Function ncSpec (offset, str, count): ... if (EOF-TERMINATED(str) && push %rbx lea -0x9(%rbp),%rax offset < len(str)) then mov %rax,-0x20(%rbp) c := str[offset] mov $0x0,%rax xor %rdi,%rdi if (c == EOF) then mov -0x20(%rbp),%rsi return count mov $0x1,%rdx syscall else mov %eax,%ebx count := (count + 1) mod 2^32 mov %ebx,-0x10(%rbp) movzbl -0x9(%rbp),%eax ncSpec (1 + offset, str, count) movzbl %al,%eax ... endif endif 7| 31

  14. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK C ORRECTNESS OF THE W ORD C OUNT P ROGRAM Assembly Program Snippet Pseudo-code: Specification Function ncSpec (offset, str, count): ... if (EOF-TERMINATED(str) && push %rbx lea -0x9(%rbp),%rax offset < len(str)) then mov %rax,-0x20(%rbp) c := str[offset] mov $0x0,%rax xor %rdi,%rdi if (c == EOF) then mov -0x20(%rbp),%rsi return count mov $0x1,%rdx syscall else mov %eax,%ebx count := (count + 1) mod 2^32 mov %ebx,-0x10(%rbp) movzbl -0x9(%rbp),%eax ncSpec (1 + offset, str, count) movzbl %al,%eax ... endif endif Theorem preconditions(rip i , x86 i ) ∧ x86 f = x86-run(clk(x86 i ), x86 i ) ⇒ = getNc(x86 f ) = ncSpec (Offset(x86 i ), Str(x86 i ), 0) 7| 31

  15. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 8| 31

  16. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK X 86 ISA + S YSTEM C ALLS S PECIFICATION ◮ Formalization of the x86 ISA, with syscall extended by a specification of Linux and FreeBSD system calls ◮ Formal and executable specification ◮ Memory model: 64-bit linear address space 9| 31

  17. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 10| 31

  18. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK X 86 ISA M ODEL IN ACL2 ◮ Interpreter-style operational semantics ◮ Semantics of a program is given by the effect it has on the state of the machine. ◮ State-transition function is characterized by a recursively defined interpreter . We call this state transition function x86-run . 11| 31

  19. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK F ORMALIZATION : X 86 S TATE Component Description registers general-purpose, segment, debug, control, floating point, MMX, model-specific rip instruction pointer flg flags register env environment field mem memory 12| 31

  20. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK F ORMALIZATION : S TATE T RANSITION F UNCTION ◮ State transition function: fetch , decode & execute ◮ Each instruction has its own semantic function 13| 31

  21. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK F ACTSHEET : X 86 ISA M ODEL ◮ 64-bit mode of Intel’s IA-32e mode ◮ 221 general and 96 SSE/SSE2 opcodes ◮ Implementation of all addressing modes ◮ Lines of Code: ∼ 40,000 ◮ Execution speed: up to 3.3 million instructions/second Machine used: 3.50GHz Intel Xeon E31280 CPU 14| 31

  22. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK A SSESSING THE A CCURACY OF THE ISA M ODEL 15| 31

  23. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 16| 31

  24. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S YSTEM C ALLS M ODEL : E XTENDING SYSCALL System calls in the real world 17| 31

  25. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S YSTEM C ALLS M ODEL : E XTENDING SYSCALL System calls in the real world System calls in our x86 model 17| 31

  26. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK B ENEFITS OF THE S YSTEM C ALL M ODEL ◮ Useful for verifying application programs while assuming that services like I/O operations are provided reliably by the OS We check such assumptions during co-simulations. 18| 31

Recommend

P age 1 Data Dependence and Hazards Data Dependence and Hazards I nstr J is dat a dependent

P age 1 Data Dependence and Hazards Data Dependence and Hazards I nstr J is dat a dependent

CS252 Recall f rom Pipelining Review Graduate Computer Architecture Lecture 15: Pipeline CPI = I deal pipeline CPI + St ruct ural I nstruction Level Parallelism and Dynamic St alls + Dat a Hazard St alls + Cont rol St alls Execution

394 views • 13 slides
Alls fair in taxation: Introduction A framing experiment with local politicians

Alls fair in taxation: Introduction A framing experiment with local politicians

Alls fair in taxation Colin R. Kuehnhanss &amp; Bruno Heyndels Alls fair in taxation: Introduction A framing experiment with local politicians Redistribution Taxation Schelling experiment Framing Hypotheses Colin R. Kuehnhanss

757 views • 37 slides
Ho How w to to Detec Detect soft soft falls alls on on de devices vices some signal

Ho How w to to Detec Detect soft soft falls alls on on de devices vices some signal

Ho How w to to Detec Detect soft soft falls alls on on de devices vices some signal processing with knime Prof. Dr. Dominique Genoud Vincent Cuendet master HES-SO, Institute of Information Systems Lausanne, Switzerland

440 views • 24 slides
Introducing B LOOD G LUCOSE M ONITORING S YSTEM B LOOD G LUCOSE M ONITORING S YSTEM Contents Co

Introducing B LOOD G LUCOSE M ONITORING S YSTEM B LOOD G LUCOSE M ONITORING S YSTEM Contents Co

Introducing B LOOD G LUCOSE M ONITORING S YSTEM B LOOD G LUCOSE M ONITORING S YSTEM Contents Co te ts Meter details &amp; kit GlucoRx services, compliance &amp; approvals Softw are Studies Cost savings Cost savings

452 views • 22 slides
Fair or Foul? THE P PITFAL ALLS O S OF T TECHNO NOLOGICAL AL DEBT C COLLECTI TION W N

Fair or Foul? THE P PITFAL ALLS O S OF T TECHNO NOLOGICAL AL DEBT C COLLECTI TION W N

Fair or Foul? THE P PITFAL ALLS O S OF T TECHNO NOLOGICAL AL DEBT C COLLECTI TION W N WITH THOUT C T CONSE NSENT NT Increased, Ass ssert rtive D Debt Col Colle lectio ion Behold, I send you forth as sheep in the midst of

518 views • 29 slides
Intrus ntrusion ion Det Detection, ection, Fi Fire rewalls, alls, an and d Intr ntrusion

Intrus ntrusion ion Det Detection, ection, Fi Fire rewalls, alls, an and d Intr ntrusion

Intrus ntrusion ion Det Detection, ection, Fi Fire rewalls, alls, an and d Intr ntrusion usion Pr Prevention ention Professor Patrick McDaniel ECE 590 03 (Guest lecture) Intrusion Detection Systems Authorized eavesdropper

607 views • 23 slides
SERRATOGA FALLS AMENDED SKETCH PLAN Serratoga Fall alls 1 st st Fili ling oad 3 treet ty

SERRATOGA FALLS AMENDED SKETCH PLAN Serratoga Fall alls 1 st st Fili ling oad 3 treet ty

SERRATOGA FALLS AMENDED SKETCH PLAN Serratoga Fall alls 1 st st Fili ling oad 3 treet ty Roa ain Str ounty Main Cou Serratoga SITE SITE alls 2 nd nd Fall Fili ling Pros ospect Roa oad SERRATOGA FALLS AMENDED SKETCH PLAN 2014

239 views • 6 slides
P-Mail Marketing: How a a tech company in incr creased brie riefing call alls 50 50% by y

P-Mail Marketing: How a a tech company in incr creased brie riefing call alls 50 50% by y

P-Mail Marketing: How a a tech company in incr creased brie riefing call alls 50 50% by y combining physical l mail il an and email il Bo Bob Bir Birge Will illiam Du Duke Director of Marketing Marketing Manager Blue Pillar,

368 views • 21 slides
02/08/2016 MUSIC AND ART INSPIRED BY SHAKESPEARE Lecture 6 Alls Well That Ends Henry Moore

02/08/2016 MUSIC AND ART INSPIRED BY SHAKESPEARE Lecture 6 Alls Well That Ends Henry Moore

02/08/2016 MUSIC AND ART INSPIRED BY SHAKESPEARE Lecture 6 Alls Well That Ends Henry Moore The Seven Ages of Man 1982 1 The Infant Richard Kindersley The Seven Ages of Man from As You Like It c 1990 Dr William Sterling Dr William

841 views • 10 slides
Reliable and Efficient S ystem for Community Energy Solution PROF. BIKASH PAL, IM PERIAL

Reliable and Efficient S ystem for Community Energy Solution PROF. BIKASH PAL, IM PERIAL

Reliable and Efficient S ystem for Community Energy Solution PROF. BIKASH PAL, IM PERIAL COLLEGE LONDON, UK Overview Reliability and Efficient S ystem for Community Energy Solutions (RESCUES) is a medium size Academia-Industry partnership

189 views • 8 slides
S YSTEM FUNCTIONALITY 2 Quickly move all baggage, including transfers, automatically between

S YSTEM FUNCTIONALITY 2 Quickly move all baggage, including transfers, automatically between

D ENVER A IRPORT I NTEGRATED A UTOMATED B AGGAGE H ANDLING S YSTEM I a i n S i m m s &amp; K y l e K e n n e d y I NTRODUCTION We will discuss: Background of the airport. Background of the airport. Baggage system

763 views • 34 slides
Resi esident dent Cl Clas assifica sification tion Syst ystem em - I Z IMMET H EALTHCARE

Resi esident dent Cl Clas assifica sification tion Syst ystem em - I Z IMMET H EALTHCARE

Me Medi dicare care Par art t A SN SNF Paym yment ent Syst ystem em Refo eform: m: Intr In troductio oduction n to to Resi esident dent Cl Clas assifica sification tion Syst ystem em - I Z IMMET H EALTHCARE 2018 Intr In

661 views • 37 slides
GLUT&amp;ps+pi+alls alexandrizavodny GLUTbarebones

GLUT&amp;ps+pi+alls alexandrizavodny GLUTbarebones

GLUT&amp;ps+pi+alls alexandrizavodny GLUTbarebones WhatisthesimplestGLUTappyoucanwrite? GLUTbarebones GLUTbarebones GLUTbarebones

590 views • 18 slides
C ompressed A ir F oam S ystem Flekkefjord 14/05/2014 CAFS What is CAFS CAFS = C ompressed A

C ompressed A ir F oam S ystem Flekkefjord 14/05/2014 CAFS What is CAFS CAFS = C ompressed A

CAFS C ompressed A ir F oam S ystem Flekkefjord 14/05/2014 CAFS What is CAFS CAFS = C ompressed A ir F oam S ystem + + Water Foam agent Compressed air Prsentationsthema, Datum, Folie 2 Foam vs. CAFS foam CAFS heterogeneous foam

880 views • 45 slides
1848 Springfield literally named after a spring in a field. Served as citys water source

1848 Springfield literally named after a spring in a field. Served as citys water source

H ISTORY OF S PRINGFIELD S D RINKING W ATER S YSTEM David Embleton Water Quality Program Manager davide@subutil.com T HE M AN B EHIND SUB S W ATER S YSTEM H ISTORY R ESEARCH 1988 State Hwy (Main St) needs to be rebuilt State

414 views • 17 slides
A Que A Quest f st for or a a Li Librar ary y Man anag agem emen ent t Sys ystem em

A Que A Quest f st for or a a Li Librar ary y Man anag agem emen ent t Sys ystem em

A Que A Quest f st for or a a Li Librar ary y Man anag agem emen ent t Sys ystem em Ruby Lindberg and Marlene Murphy,, Library, NT Department of Health Revie view w Pr Projec ject t Pl Plan an Ven endo dors

740 views • 25 slides
passport.lausd.net P arent A ccess S upport S ystem port al The LAUSD PASSport provides the

passport.lausd.net P arent A ccess S upport S ystem port al The LAUSD PASSport provides the

P arent A ccess S upport S ystem port al Parent Presentation P arent A ccess S upport S ystem port al The LAUSD Parent Access Support System portal (LAUSD PASSport), is a one-stop online system available 24/7 that securely connects

813 views • 21 slides
T HE C OMMUNITY R ATING S YSTEM (CRS) Voluntary NFIP program offers discounts on flood

T HE C OMMUNITY R ATING S YSTEM (CRS) Voluntary NFIP program offers discounts on flood

May 19, 2015 L OCAL G OVERNMENT S OLUTIONS : T HE NFIP C OMMUNITY R ATING S YSTEM Mary-Carson Stiff, Director of Policy, Wetlands Watch Roy Hoagland, Director, Virginia Coastal Policy Center, W&amp;M Law Closing the Deal: How to respond to the

280 views • 17 slides
Plan Motivations (to combine navigation and querying in a file system) Specification (ls = ?,

Plan Motivations (to combine navigation and querying in a file system) Specification (ls = ?,

USENIX ATC, 2003 A L OGIC F ILE S YSTEM P ADIOLEAU &amp; R IDOUX A L OGIC F ILE S YSTEM Y OANN P ADIOLEAU and O LIVIER R IDOUX IRISA / University of Rennes padiolea,ridoux @irisa.fr http://www.irisa.fr/LIS USENIX A NNUAL T ECHNICAL C

571 views • 30 slides
B altic O perational O ceanographic S ystem and In S itu T hematic A ssembly C entre for

B altic O perational O ceanographic S ystem and In S itu T hematic A ssembly C entre for

B altic O perational O ceanographic S ystem and In S itu T hematic A ssembly C entre for Copernicus Marine Service J. Linders/SMHI, BOOS Members &amp; INSTAC Partners Aim Operational oceanography can add value to environment assessment:

433 views • 25 slides
A NALYSIS OF THE L UBRICATION S YSTEM IN A H IGH P RESSURE P ISTON W ATER P UMP D. Bottazzi 2 , D.

A NALYSIS OF THE L UBRICATION S YSTEM IN A H IGH P RESSURE P ISTON W ATER P UMP D. Bottazzi 2 , D.

D EPT . OF S CIENCES &amp; M ETHODS FOR E NGINEERING U NIV . OF M ODENA &amp; R EGGIO E MILIA H YDRAULIC S YSTEMS D ESIGN R ESEARCH G ROUP A NALYSIS OF THE L UBRICATION S YSTEM IN A H IGH P RESSURE P ISTON W ATER P UMP D. Bottazzi 2 , D. Galloni

186 views • 18 slides
I NTERMODAL M ANAGEMENT M ANAGEMENT S YSTEM S YSTEM Regional Freight Study Regional Freight

I NTERMODAL M ANAGEMENT M ANAGEMENT S YSTEM S YSTEM Regional Freight Study Regional Freight

I NTERMODAL I NTERMODAL M ANAGEMENT M ANAGEMENT S YSTEM S YSTEM Regional Freight Study Regional Freight Study Presented by: Camelia Ravanbakht Presented by: Camelia Ravanbakht, Ph.D. , Ph.D. Virginia Freight Advisory Committee Virginia

559 views • 26 slides
I T S E LEMENTARY , D EAR W ATSON : A PPLYING L OGIC P ROGRAMMING TO C ONVERGENT S YSTEM M

I T S E LEMENTARY , D EAR W ATSON : A PPLYING L OGIC P ROGRAMMING TO C ONVERGENT S YSTEM M

EECS, Tufts University LISA-XIII November 11, 1999 I T S E LEMENTARY , D EAR W ATSON : A PPLYING L OGIC P ROGRAMMING TO C ONVERGENT S YSTEM M ANAGEMENT T ASKS Dr. Alva L. Couch and Michael Gilfix Electrical Engineering and Computer Science

472 views • 16 slides
SAFETY PERFORMANCE GOALS Electric S ystem Liquidit y $188.7 MM &gt;= $105 MM Consolidated

SAFETY PERFORMANCE GOALS Electric S ystem Liquidit y $188.7 MM &gt;= $105 MM Consolidated

PROJECTED Zero Q2 2.6 Recordable Incident 0 2019 Fx 1.8 Rate SAFETY PERFORMANCE GOALS Electric S ystem Liquidit y $188.7 MM &gt;= $105 MM Consolidated Return on Net 3.5% &gt;= 3.8% Asset s MAINTAIN Consolidat ed A STRONG

478 views • 32 slides

More recommend