formal methods and systems
play

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 - PowerPoint PPT Presentation

Aug 20, 2022 •178 likes •359 views

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges in Barrelfish. System configuration using SAT. Tracing and online invariant checking. Better languages for Systems. 18 January 2016

  1. Formal Methods and Systems David Cock, ETH Zürich 18/01/16

  2. Overview ● Correctness challenges in Barrelfish. ● System configuration using SAT. ● Tracing and online invariant checking. ● Better languages for Systems. 18 January 2016 Industry Retreat 2016 2

  3. The State of the Fish 7 architectures: OMAP44xx, ● ARMv7/GEM5, X-Gene 1, ARMv8/GEM5, Xeon Phi, x86-64, x86-32 42 applications + 51 test apps ● 9 languages ● 32 committers ● 9 years old ● > 1.1M lines of code ● This is no longer a small research project! We're starting to see the engineering challenges of a large system. 18 January 2016 Industry Retreat 2016 3

  4. Getting It Right A lesson from history: It's easier to prove code correct, if it actually is correct! ● We embarked on a new port last year: ARMv8. ● This forced us to face some codebase “challenges”. ● We now support fewer platforms, more thoroughly. ● We now make a core vs. non-core distribution. ● Proper debugging is coming (more later). 18 January 2016 Industry Retreat 2016 4

  5. SAT Solving and the SKB 18 January 2016 Industry Retreat 2016 5

  6. Handling OS complexity ● System Knowledge Base Hardware data and specifjcation – Hardware info – Runtime state ● Rich semantic model – Represent the hardware – Reason about it CLP solver CLP solver – Embed policy choices (Prolog + (Prolog + constraints) constraints) Runtime system information 18 January 2016 Industry Retreat 2016 6

  7. What goes in? ● Hardware resource discovery – E.g. PCI enumeration, ACPI, CPUID… ● Online hardware profiling CLP solver CLP solver (Prolog + (Prolog + constraints) constraints) – Inter-core all-pairs latency, cache measurements… ● Operating system state – Locks, process placement, etc. ● “Things we just know” – SoC specs, assertions from data sheets, etc. 18 January 2016 Industry Retreat 2016 7

  8. Current SKB applications ● General name server / service registry ● Coordination service / lock manager ● Device management CLP solver CLP solver (Prolog + (Prolog + constraints) constraints) – Driver startup / hotplug ● PCIe bridge configuration – A surprisingly hard CSAT problem! ● Intra-machine routing – Efficient multicast tree construction ● Cache-aware thread placement – Used by e.g. databases for query planning 18 January 2016 Industry Retreat 2016 8

  9. Prolog + SAT ● There are limits to what Prolog will efficiently solve. ● Address allocation under alignment constraints e.g. PCI, is better expressed in terms of bits. ● SAT solvers have gotten really good lately. ● Can we express PCI bridge config as SAT ( yes! ). ● Can we put a SAT solver in the SKB ( research! ). 18 January 2016 Industry Retreat 2016 9

  10. Tracing for Invariants 18 January 2016 Industry Retreat 2016 10

  11. HW Tracing for Correctness Are HW operatjons right? 5Gb/s unmap(pa); cleanDCache(); flushTLB(); Filter at line rate ● Real time pipeline trace on ARM. ● Can halt and inspect caches. ● HW has “errata” (bugs). ● Check that it actually works! ● Catch transient and race bugs. Check temporal Log & process offmine assertjons 18 January 2016 Industry Retreat 2016 11

  12. HW Tracing for Performance • Should see N coherency messages. 5Gb/s • Do we? ‐ The HW knows! Filter at line rate Is URPC optjmal? Cache 0 x 1 1 INVAL(0) URPC[0]= x; READ(1) URPC[1]= 1; … x Core 0 Cache 1 while(!URPC[1]); x= URPC[0]; Log & process offmine 2 18 January 2016 Industry Retreat 2016 12 Core 1 12

  13. Online Example: LTL to Büchi ● LTL(-ish) formula: A store on core 1 is eventually visible on core 2. ● Think regular expressions for infinite streams. ● As for REs, we compile a checking automaton. ● Run the automaton in real time and look for violations. 18 January 2016 Industry Retreat 2016 13

  14. Could We Trace a Rack? ● Barrelfish is aiming for rack-scale single- image systems. ● We'll rely on a lot of coordination and consensus algorithms. ● It would be really useful to debug these noninvasively. ● 64 SoCs x 5Gb/s = 320Gb/s trace output. ● That'll need some data reduction, but it's very feasible. ● Online checkers (e.g. automata) will be essential at this scale and up. 18 January 2016 Industry Retreat 2016 14

  15. Languages

  16. Languages and Formal Methods ● Practical kernels are C/C++/ASM ● Some things we might like: – First-class messaging (Go) – Specifying layout (Rust) The hard part about reasoning about “C”, is that we keep stepping outside the language.

  17. What Should We Write Kernels In? ● Some languages have some of what we want: – No runtime, high performance (C) – Predictable resource usage (C, Rust) – Clear and clean semantics (Haskell, Rust?) ● No languages have everything (yet): – Enough expressive power: Can you enable the MMU, or thread switch without breaking the language rules? ● We should experiment with this: start with Clang/LLVM, drop the ugly parts?

  18. Poster on HW tracing this evening. 18 January 2016 Industry Retreat 2016 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan Crolard 1 ICAR15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2.

980 views • 71 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin 2000 Andrew Butterfield c Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS 2003, Rros, June 7th 2003)

1.02k views • 16 slides
Relation Algebra, Allegories, and Logic Programming Emilio Jess Gallego Arias [joint work with

Relation Algebra, Allegories, and Logic Programming Emilio Jess Gallego Arias [joint work with

Relation Algebra, Allegories, and Logic Programming Emilio Jess Gallego Arias [joint work with J. Lipton, J. Mario] CRI-Mines ParisTech Deducteam Seminar 17/10/2014 Paris EJGA (CRI-Mines) Allegories and CLP 09/22/2013 1 / 35

1.22k views • 106 slides
Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous workshop 2003 Christophe Mauras Christophe.Mauras@univ-nantes.fr Irin/Universit e de Nantes Overview From Symbolic Simulation to Constraint

388 views • 19 slides
Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type

Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type

Typing Linear Constraints Salvatore RUGGIERI and Fred MESNARD Introduction Typing Linear Constraints Types for Moding CLP( R ) Programs Syntax Semantics Checking type assertions A linear programming Salvatore RUGGIERI and Fred MESNARD

476 views • 26 slides
Description and Evaluation of a Generic Design to Integrate CLP and Tabled Execution Joaqun

Description and Evaluation of a Generic Design to Integrate CLP and Tabled Execution Joaqun

www.software.imdea.org Description and Evaluation of a Generic Design to Integrate CLP and Tabled Execution Joaqun Arias 1 , 2 Manuel Carro 1 , 2 1 IMDEA Software Institute, 2 Technical University of Madrid 1 / 23 www.software.imdea.org

777 views • 32 slides
Quantifiers and Measures, Part II Tom a s Jakl & Luca Reggio (j.w.w. Mai Gehrke) 26

Quantifiers and Measures, Part II Tom a s Jakl & Luca Reggio (j.w.w. Mai Gehrke) 26

Quantifiers and Measures, Part II Tom a s Jakl & Luca Reggio (j.w.w. Mai Gehrke) 26 March 2020 Taking over where Luca stopped... The image of R f : ( Mod n 1 ) V ( Typ n ) is the Stone dual of B x n = x n |

668 views • 36 slides
A Vietoris functor for bispaces and d-frames Tom a s Jakl (joint work with Ale s Pultr

A Vietoris functor for bispaces and d-frames Tom a s Jakl (joint work with Ale s Pultr

A Vietoris functor for bispaces and d-frames Tom a s Jakl (joint work with Ale s Pultr and Achim Jung) Department of Applied Mathematics School of Computer Science Charles University in Prague University of Birmingham AND TACL, 30

538 views • 31 slides
PrettyCLP: a Light Java Implementation for Teaching CLP Alessio Stalla 1 Davide Zanucco 2

PrettyCLP: a Light Java Implementation for Teaching CLP Alessio Stalla 1 Davide Zanucco 2

PrettyCLP: a Light Java Implementation for Teaching CLP Alessio Stalla 1 Davide Zanucco 2 Agostino Dovier 2 Viviana Mascardi 1 DISI - Univ. of Genova, alessiostalla@gmail.com,mascardi@disi.unige.it DIMI - Univ. of Udine,

436 views • 32 slides
clp(pfd(Y)) : Constraints for Probabilistic Reasoning in Logic Programming Nicos Angelopoulos

clp(pfd(Y)) : Constraints for Probabilistic Reasoning in Logic Programming Nicos Angelopoulos

clp(pfd(Y)) : Constraints for Probabilistic Reasoning in Logic Programming Nicos Angelopoulos nicos@cs.york.ac.uk http://www.cs.york.ac.uk/nicos Department of Computer Science University of York cp03 poster p.1 probabilistic finite

336 views • 15 slides

More recommend