formal methods for critical systems
play

Formal Methods for Critical Systems: A verified implementation of - PowerPoint PPT Presentation

Feb 20, 2023 •258 likes •980 views

Formal Methods for Critical Systems: A verified implementation of nested procedures Tristan Crolard 1 ICAR15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2.

  1. Formal Methods for Critical Systems: A verified implementation of nested procedures ⋆ Tristan Crolard 1 ICAR’15 8-9 October 2015 Joint work with: 1 Pierre Courtieu, 1 , 2 Maria-Virginia Aponte, Julia Lawall 3 1. CNAM / Cedric / CPR team 2. INRIA / Gallium team 3. UPMC / LIP6 / Whisper team ⋆ Research project funded by AdaCore, the GNAT Pro Company

  2. 1 Formal Methods for Critical Systems: Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  3. 1 Formal Methods for Critical Systems: based on a mathematical formalism Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  4. 1 Formal Methods for Critical Systems: based on a life -critical or mathematical safety -critical formalism Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  5. 1 Formal Methods for Critical Systems: based on a life -critical or embedded mathematical safety -critical systems formalism Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  6. 1 Formal Methods for Critical Systems: based on a life -critical or embedded mathematical safety -critical systems formalism Formal methods are about: � formal specifications � mathematical proofs of properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  7. 1 Formal Methods for Critical Systems: based on a life -critical or embedded mathematical safety -critical systems formalism machine - Formal methods are about: checked � formal specifications � mathematical proofs of properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  8. Machine-checked mathematical proofs 2 You might want to prove: � some safety and security properties of your system � the full correctness of your implementation with respect to its specification � only the partial correctness of your implementation (no buffer overflow, for instance) In any case, you need a formal specification of your system. Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  9. Machine-checked mathematical proofs 2 You might want to prove: � some safety and security properties of your system � the full correctness of your implementation with respect to its specification � only the partial correctness of your implementation (no buffer overflow, for instance) In any case, you need a formal specification of your system. Of course, testing is still allowed and a formal specification is also required in this case (when mixing tests and proofs). Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  10. Formal Methods: logics and tools 3 expressive Higher-order logics full correctness First-order logics partial correctness decidable Specialized logics specific properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  11. Formal Methods: logics and tools 3 interactive expressive Higher-order logics Proof assistants full correctness First-order logics Provers and solvers partial correctness automatic decidable Specialized logics Model checkers specific properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  12. Formal Methods: logics and tools 3 interactive expressive Higher-order logics Proof assistants full correctness Program logics First-order logics Provers and solvers partial correctness automatic decidable Specialized logics Model checkers specific properties Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  13. Limits of formal methods 4 “The correspondence between our formal models of programs and the actual behavior of real systems is limited by three factors: � the behavior of the programming language, � the operating system, � and the underlying hardware. For safety-critical systems, these limitations are crucially important and we cannot assume that a program is correct just because it has been proved.” Seven Myths of Formal Methods Anthony Hall, Praxis Sytems, September 1990 Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  14. Two success stories about formal methods 5 � The seL4 project developed at NICTA (SSRG). – seL4 is a formally-verified microkernel – Developed since 2006. – First public release in 2011 (open source since 2014). � The CompCert project developed at INRIA (Gallium team). – CompCert is a formally-verified C compiler – Developed since 2004. – First public release in 2008. Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  15. The seL4 project 6 seL4 is a high-performance general-purpose microkernel, that provides address spaces, threads, IPC and authorisation capabilities � Formal proof of correctness down to binary level � Developed for ARM and Intel processors � The fastest existing microkernel (faster than L4) � 10,000 lines of code � 200,000 lines of proof � about 30 person.years Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  16. The CompCert project 7 A formally-verified optimizing standard C compiler � Formal proof of correctness down to binary level � Developed for PowerPC, ARM and Intel processors � Generated code only 20% slower than gcc -O2 � 15,000 lines of code � 100,000 lines of proof � about 6 person.years Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  17. Proof Architecture 8 Specification correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  18. Proof Architecture 8 Specification correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  19. Proof Architecture 8 proof assistant Specification (Isabelle/HOL, Coq, ...) correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  20. Proof Architecture 8 proof assistant Specification (Isabelle/HOL, Coq, ...) correctness “pure” language Prototype (Haskell, pure ML, pure Prolog, ...) correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  21. Proof Architecture 8 proof assistant Specification (Isabelle/HOL, Coq, ...) correctness “pure” language Prototype (Haskell, pure ML, pure Prolog, ...) correctness mainstream language Implementation (C, Ada, ...) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  22. Proof Architecture: seL4 9 Specification correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  23. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  24. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness “pure” language: Prototype Haskell correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  25. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness “pure” language: Prototype Haskell correctness mainstream language: Implementation C (compiled with gcc) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  26. Proof Architecture: seL4 9 proof assistant: Specification Isabelle/HOL correctness generation “pure” language: Prototype Haskell correctness mainstream language: Implementation C (compiled with gcc) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  27. Proof Architecture: CompCert 10 Specification correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  28. Proof Architecture: CompCert 10 proof assistant: Specification Coq correctness Prototype correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  29. Proof Architecture: CompCert 10 proof assistant: Specification Coq correctness “pure” language: Prototype pure ML (OCaml) correctness Implementation Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

  30. Proof Architecture: CompCert 10 proof assistant: Specification Coq correctness “pure” language: Prototype pure ML (OCaml) correctness mainstream language: Implementation OCaml (native compiler) Formal Methods for Critical Systems: Tristan Crolard A verified implementation of nested procedures

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin 2000 Andrew Butterfield c Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS 2003, Rros, June 7th 2003)

1.02k views • 16 slides
Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems design Marc Pantel and many others IRIT - ACADIE ENSEEIHT - INPT - Universit de Toulouse Institute of Cybernetics Institute Tallinn

1.58k views • 110 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department -- RATP/ING/STF/QS/AQL Evguenia DMITRIEVA / Oct 16 2014, Toulouse Plan 1. Industrial Context 2. Formal methods for software safety assessment : PERF 3.

498 views • 32 slides
Formal analysis of security models for critical systems: Virtualization platforms and mobile

Formal analysis of security models for critical systems: Virtualization platforms and mobile

Formal analysis of security models for critical systems: Virtualization platforms and mobile devices Carlos Luna Grupo de Seguridad Inform atica, InCo Facultad de Ingenier a, Universidad de la Rep ublica, Uruguay Formal analysis

751 views • 56 slides
Safe Reinforcement Learning via Formal Methods Nathan Fulton and Andr Platzer Carnegie Mellon

Safe Reinforcement Learning via Formal Methods Nathan Fulton and Andr Platzer Carnegie Mellon

Safe Reinforcement Learning via Formal Methods Nathan Fulton and Andr Platzer Carnegie Mellon University Safety-Critical Systems "How can we provide people with cyber-physical systems they can bet their lives on?" - Jeannette Wing

568 views • 55 slides
Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic

Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic

2nd School of Theoretical Computer Science and Formal Methods Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic in Maude Universidade Federal Fluminense s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2

1.07k views • 72 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal,

SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal,

SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal, Michal Batko Table of Contents Part I: Metric searching in a nutshell Foundations of metric space searching Survey of existing approaches Part

1.34k views • 119 slides
SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal,

SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal,

SIMILARITY SEARCH The Metric Space Approach Pavel Zezula, Giuseppe Amato, Vlastislav Dohnal, Michal Batko Table of Contents Part I: Metric searching in a nutshell Foundations of metric space searching Survey of existing approaches Part

1.28k views • 95 slides
How do people come to know the love of God? Psalm 139 How precious are you thoughts about me, O

How do people come to know the love of God? Psalm 139 How precious are you thoughts about me, O

How do people come to know the love of God? Psalm 139 How precious are you thoughts about me, O God. They cannot be numbered! 18 I can t even count them; they outnumber the grains of sand! And when I wake up, you are still with me! Psalm

658 views • 30 slides
Total (Co)Programming with Guarded Recursion Andrea Vezzosi Department of Computer Science and

Total (Co)Programming with Guarded Recursion Andrea Vezzosi Department of Computer Science and

Total (Co)Programming with Guarded Recursion Andrea Vezzosi Department of Computer Science and Engineering Chalmers University of Technology, Gothenburg, Sweden Types for Proofs and Programs Annual Meeting 2015 Tallinn, Estonia 18 May 2015

412 views • 26 slides
CS686: RRT Sung-Eui Yoon ( ) Course URL: http://sglab.kaist.ac.kr/~sungeui/MPA Class

CS686: RRT Sung-Eui Yoon ( ) Course URL: http://sglab.kaist.ac.kr/~sungeui/MPA Class

CS686: RRT Sung-Eui Yoon ( ) Course URL: http://sglab.kaist.ac.kr/~sungeui/MPA Class Objectives Understand the RRT technique and its recent advancements RRT* Kinodynamic planning 2 Rapidly-exploring Random Trees (RRT)

857 views • 46 slides
Combining program verification with component-based architectures Alexander Senier BOB 2018

Combining program verification with component-based architectures Alexander Senier BOB 2018

Combining program verification with component-based architectures Alexander Senier BOB 2018 Berlin, February 23 rd , 2018 About Componolit 23.02.2018 2 What happens when we use what's best? 23.02.2018 3 Whats Best? Mid-90ies:

595 views • 32 slides
Cross-compiling Linux Kernels on x86_64: A tutorial on How to Get Started Shuah Khan Senior

Cross-compiling Linux Kernels on x86_64: A tutorial on How to Get Started Shuah Khan Senior

Cross-compiling Linux Kernels on x86_64: A tutorial on How to Get Started Shuah Khan Senior Linux Kernel Developer Open Source Group Samsung Research America (Silicon Valley) shuah.kh@samsung.com Agenda Cross-compile value proposition

821 views • 34 slides
Adding run-time type information to the GNU toolchain and glibc Stephen Kell

Adding run-time type information to the GNU toolchain and glibc Stephen Kell

Adding run-time type information to the GNU toolchain and glibc Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge 1 How it all started: tool wanted if (obj > type == OBJ COMMIT) { if (process

938 views • 57 slides

More recommend