a case study on formal verification of the anaxagoros
play

A Case Study on Formal Verification of the Anaxagoros Paging - PowerPoint PPT Presentation

Nov 21, 2022 •270 likes •590 views

A Case Study on Formal Verification of the Anaxagoros Paging System with Frama-C Allan Blanchard Nikolai Kosmatov Matthieu Lemerre Fr ed eric Loulergue FMICS 2015 June 22, 2015 CONTENTS Anaxagoros Virtual Memory Formal

  1. A Case Study on Formal Verification of the Anaxagoros Paging System with Frama-C Allan Blanchard Nikolai Kosmatov Matthieu Lemerre Fr´ ed´ eric Loulergue FMICS 2015 — June 22, 2015

  2. CONTENTS ✎ ☞ Anaxagoros Virtual Memory Formal Verification Results Conclusion ✍ ✌ CEA — June 22, 2015 — p. 2

  3. Anaxagoros Virtual Memory Anaxagoros Microkernel Clouds mutualize physical resources between users Safety and security are crucial CEA — June 22, 2015 — p. 3

  4. Anaxagoros Virtual Memory Anaxagoros Microkernel Clouds mutualize physical resources between users Safety and security are crucial CEA — June 22, 2015 — p. 3

  5. Anaxagoros Virtual Memory Anaxagoros Microkernel Clouds mutualize physical resources between users Safety and security are crucial Anaxagoros Secure microkernel hypervisor Developped at CEA LIST by Matthieu Lemerre Designed for resource isolation and protection Virtual memory system is a key module to ensure isolation CEA — June 22, 2015 — p. 3

  6. Anaxagoros Virtual Memory Virtual Memory Subsystem Organizes program address spaces Creates a hierarchy of pages Allows sharing when needed Controls accesses and modifications to the pages Only owners can access their pages Types of the pages limit possible actions Counts mappings, references, to each page CEA — June 22, 2015 — p. 4

  7. Formal Verification Verified function CEA — June 22, 2015 — p. 5

  8. Formal Verification Verified function CEA — June 22, 2015 — p. 5

  9. Formal Verification Verified function CEA — June 22, 2015 — p. 5

  10. Formal Verification Verified function CEA — June 22, 2015 — p. 5

  11. Formal Verification Verified function CEA — June 22, 2015 — p. 5

  12. Formal Verification Verified memory invariant Maintain the count of mappings on pages Each page descriptor contains a counter that must be equal to the number of mappings to the described page Assuming Occ v represents the number of occurrences of v in all pagetables, we want to prove : ∀ e , validpage ( e ) ⇒ Occ e = mappings [ e ] ≤ MAX CEA — June 22, 2015 — p. 6

  13. Formal Verification Concurrency issues Pages might be modified by different processus simultaneously It creates a gap between the actual number of mappings and the counter New invariant : ∀ e , validpage ( e ) ⇒ Occ e ≤ mappings [ e ] ≤ MAX and more precisely, ∀ e , validpage ( e ) ⇒ ∃ k . k ≥ 0 ∧ Occ e + k = mappings [ e ] ≤ MAX This k is actually the number of threads that have introduced a difference in the counter, difference of at most 1. CEA — June 22, 2015 — p. 7

  14. Formal Verification Frama-C and WP plugin Our verification is conducted with Frama-C : A framework for analysis of C programs Provides a specification language called ACSL We use the WP plugin for deductive proof Frama-C and WP do not support concurrency We simulate concurrent executions We prove the invariant on the simulation CEA — June 22, 2015 — p. 8

  15. Formal Verification Simulation of the concurrency We model the execution context, we have for each thread : global arrays representing the value of each local variable a global array representing its position in the execution We simulate every atomic step with a function taking in parameter the thread we want to execute We create an infinite loop that randomly chooses a thread and makes it perform a step of execution according to its current position CEA — June 22, 2015 — p. 9

  16. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  17. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  18. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  19. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  20. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  21. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  22. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  23. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  24. Formal Verification Simulation of the concurrency CEA — June 22, 2015 — p. 10

  25. Results Parts of the module verified For low-level functions, we conducted a “classic” verification Specification with ACSL Automatic proof with WP and SMT Solver : CVC4/Z3 For the concurrent function used to change pagetables : First specification and proof for sequential version Weakening of the invariant for concurrency Creation and specification of the simulation and proof CEA — June 22, 2015 — p. 11

  26. Results Some interactive proofs Occurrence counting in arrays relies on : Axiomatization of a simple recursive counting method Lemmas that define properties about this function These lemmas could not be proved automatically the proof is done in Coq by extracting them from WP CEA — June 22, 2015 — p. 12

  27. Results Lessons Learned, Limitations and Benefits Ability to treat concurrent programs With a tool that originally does not handle parallelism Proof done mostly automatically Verification of properties in isolation Scalability By-hand simulation is tedious and error prone Could perfectly be automized Need for specification mean for concurrent behaviors CEA — June 22, 2015 — p. 13

  28. Results Our approach is valid as long as : This function is the only function allowed to modify pagetables Actually, one another function is allowed to modify them, It could be added to the analysis The program respects an interleaving semantics In our case, it is true, In the general case, the simulation would not be correct CEA — June 22, 2015 — p. 14

  29. Conclusion We performed the deductive verification of a concurrent program in Frama-C that originally do not deal with it This method is quite simple Automatic proof saves a lot of time We still need some improvement : Simulation could be automatically generated The specification language could include concurrency material We could perform the verification without simulation CEA — June 22, 2015 — p. 15

  30. Conclusion We performed the deductive verification of a concurrent program in Frama-C that originally do not deal with it This method is quite simple Automatic proof saves a lot of time We still need some improvement : Simulation could be automatically generated The specification language could include concurrency material We could perform the verification without simulation Thank you for your attention ! CEA — June 22, 2015 — p. 15

  31. Thank you for your attention Direction de la Recherche Technologique Commissariat ` a l’´ energie atomique et aux ´ energies alternatives D´ epartement d’Ing´ enierie des Logiciels et des Syst` emes Institut Carnot CEA LIST Laboratoire de Sˆ uret´ e des Logiciels Centre de Saclay — 91191 Gif-sur-Yvette Cedex Etablissement public ` a caract` ere industriel et commercial — RCS Paris B 775 685 019

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e Platzer Edmund M. Clarke Carnegie Mellon University, Computer Science Department, Pittsburgh, PA Formal Methods, FM, Eindhoven, November 2009 0.5 0.4

1.11k views • 71 slides
Simulation Based Formal Verification of Onboard Software A Case Study SyLVer : System

Simulation Based Formal Verification of Onboard Software A Case Study SyLVer : System

Simulation Based Formal Verification of Onboard Software A Case Study SyLVer : System Level Verifier Toni Mancini, Annalisa Massini, Federico Mari , Igor Melatti, Ivano Salvo, Enrico Tronci Computer Science Department Sapienza University

668 views • 23 slides
European Train Control System: A Case Study in Formal Verification e Platzer 1 Jan-David Quesel 2

European Train Control System: A Case Study in Formal Verification e Platzer 1 Jan-David Quesel 2

European Train Control System: A Case Study in Formal Verification e Platzer 1 Jan-David Quesel 2 Andr 1 Carnegie Mellon University, Pittsburgh, PA 2 University of Oldenburg, Department of Computing Science, Germany International Conference on

769 views • 75 slides
Verification of the Session Management Protocol A Formal Methods Case Study Karl Palmskog School

Verification of the Session Management Protocol A Formal Methods Case Study Karl Palmskog School

Verification of the Session Management Protocol A Formal Methods Case Study Karl Palmskog School of Computer Science and Communication Royal Institute of Technology 2006-11-02 Karl Palmskog Verification of the Session Management Protocol

648 views • 27 slides
HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva

HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva

HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva Franz Franchetti Department of Electrical and Computer Engineering Carnegie Mellon University FHPC18 Vadim Zaliva, Franz Franchetti (CMU)

799 views • 61 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
PART FIVE: SOME VERIFICATION CHALLENGES a DFC case study with several verification problems,

PART FIVE: SOME VERIFICATION CHALLENGES a DFC case study with several verification problems,

PART FIVE: SOME VERIFICATION CHALLENGES a DFC case study with several verification problems, all concerning signaling properties and event-based feature interactions SIGNALING INTERACTIONS transparency: a box behaves transparently autonomy:

321 views • 12 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Introduction Formal Definitions Case Studies Conclusion Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1, CNRS, VERIMAG firstname.lastname@imag.fr Principles of Security and

806 views • 68 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the

Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the

Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the Case Study found in the Assignment section of M005 and be ready to present your findings in a formal presentation in week 11. Each team member

319 views • 6 slides
A Case Study in Automated A Case Study in Automated Verification Verification Jason

A Case Study in Automated A Case Study in Automated Verification Verification Jason

A Case Study in Automated A Case Study in Automated Verification Verification Jason Kirschenbaum Kirschenbaum, , Jason Heather Harton Harton and and Murali Murali Heather Sitaraman Sitaraman Introduction Introduction Goal is to

369 views • 16 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
A Formal Verification of Strong Stubborn Set Based Pruning Travis Rivera Petit <

A Formal Verification of Strong Stubborn Set Based Pruning Travis Rivera Petit <

A Formal Verification of Strong Stubborn Set Based Pruning Travis Rivera Petit < travis.riverapetit@stud.unibas.ch > Philosophisch-Naturwissenschaftlichen Fakult at, University of Basel 18.05.2020 Roadmap 1. Classical Planning 2.

663 views • 25 slides
Applying Formal Verification to Reflective Reasoning R. Kumar 1 B. Fallenstein 2 1 Data61, CSIRO

Applying Formal Verification to Reflective Reasoning R. Kumar 1 B. Fallenstein 2 1 Data61, CSIRO

Applying Formal Verification to Reflective Reasoning R. Kumar 1 B. Fallenstein 2 1 Data61, CSIRO and UNSW ramana@intelligence.org 2 Machine Intelligence Research Institute benya@intelligence.org Artificial Intelligence for Theorem Proving,

1.43k views • 47 slides
CS 4160 Formal Verification Prof. Clarkson Spring 2019 Approaches to validation Social

CS 4160 Formal Verification Prof. Clarkson Spring 2019 Approaches to validation Social

CS 4160 Formal Verification Prof. Clarkson Spring 2019 Approaches to validation Social Less formal: Techniques may Code reviews miss problems in programs Extreme/Pair programming Methodological Design patterns

330 views • 18 slides
Unfolding schematic formal systems: from non-finitist to feasible arithmetic Thomas Strahm

Unfolding schematic formal systems: from non-finitist to feasible arithmetic Thomas Strahm

Unfolding schematic formal systems: from non-finitist to feasible arithmetic Thomas Strahm Institut f ur Informatik und angewandte Mathematik, Universit at Bern LC 12, Manchester, July 2012 T. Strahm (IAM, Univ. Bern) Unfolding schematic

516 views • 32 slides
A Proof Repository for Formal Verification of Software Michael Franssen WASDeTT- 3 September 20

A Proof Repository for Formal Verification of Software Michael Franssen WASDeTT- 3 September 20

A Proof Repository for Formal Verification of Software Michael Franssen WASDeTT- 3 September 20 th 2010 Cocktail Derive programs from their specifications Does not scale and nobody programs like this Create proofs interactively with an

342 views • 7 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Performance analysis and formal verification of cognitive wireless networks Gian-Luca Dei Rossi

Performance analysis and formal verification of cognitive wireless networks Gian-Luca Dei Rossi

Performance analysis and formal verification of cognitive wireless networks Gian-Luca Dei Rossi Lucia Gallina Sabina Rossi Dipartimento di Scienze Ambientali, Informatica e Statistica Universit` a Ca Foscari, Venezia EPEW 2013, Venice,

314 views • 16 slides
Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el

Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el

Introduction Fixed-point Proof Conclusion Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el Rieu-Helft Inria, TrustInSoft, Universit e Paris-Saclay June 11th, 2019 Melquiond, Rieu-Helft

766 views • 44 slides

More recommend