program verification as a toolbox
play

Program Verification as a Toolbox 2005Now Todays Verification A - PowerPoint PPT Presentation

Aug 29, 2023 •96 likes •432 views

Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems Program Verification as a Toolbox 2005Now Todays Verification A Brief, Subjective History Toolbox Whats Next? David Cock January 23, 2015 1

  1. Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems Program Verification as a Toolbox 2005–Now Today’s Verification A Brief, Subjective History Toolbox What’s Next? David Cock January 23, 2015 1 / 32

  2. Program Is Your System Correct? Verification as a Toolbox Short answer — no. David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? 2 / 32

  3. Program Is Your System Correct? Verification as a Toolbox Short answer — no. David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? 3 / 32

  4. The Bug Rate in Linux 1 Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2.6.5 2.6.10 2.6.15 2.6.20 2.6.25 2.6.30 2005–Now Average 0.8 % of faulty notes Staging Today’s Verification Toolbox Drivers 0.6 Sound What’s Next? Arch 0.4 FS Net 0.2 Other 0.0 2004 2005 2006 2007 2008 2009 2010 It’s dropping, but there’s a long way to go. 1 Source: Palix et. al., Faults in Linux: Ten Years Later, ASPLOS’11 4 / 32

  5. Bug Lifetime in Linux 2 Program Verification as a Toolbox David Cock Is Your System Correct? All faults Cumulative number 80 % of all faults Verified Systems 1500 50 % of all faults of faults fixed 2005–Now Staging Today’s Verification Drivers 1000 Toolbox 50 % of drivers Sound What’s Next? 500 Arch FS Net 0 Other 0 2 4 6 Years • Only 60% fixed within a year. • Asymptotic — some bugs live 5+ years! 2 Source: Palix et. al., Faults in Linux: Ten Years Later, ASPLOS’11 5 / 32

  6. Program Why Now? Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification • Less expertise is required than 10 years ago. Toolbox • We’ve seen some real milestones: What’s Next? • seL4 • CompCert • Tool support has matured dramatically. 6 / 32

  7. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verified Systems 2005–Now 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 7 / 32

  8. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems 2005–Now 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 8 / 32

  9. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 9 / 32

  10. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification Toolbox What’s Next? 2009 2014 2013 2012 2011 2010 10 / 32

  11. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification Toolbox What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 11 / 32

  12. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 12 / 32

  13. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 13 / 32

  14. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 14 / 32

  15. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now Today’s Verification Toolbox What’s Next? 15 / 32

  16. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? 16 / 32

  17. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? *(a++) = ++*a-- + (*(a++))++ * *--a; 17 / 32

  18. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? *(a++) = ++*a-- + (*(a++))++ * *--a; • We’ve now got a formal semantics for C 3 . 3 Winwood et. al., Mind the gap: A verification framework for low-level C, TPHOLS’09 18 / 32

  19. Program SIMPL/C Verification as a Toolbox David Cock Is Your System Correct? Verified Systems C is an awful language to reason about... 2005–Now but it’s fast and universal. Today’s Verification Toolbox What’s Next? *(a++) = ++*a-- + (*(a++))++ * *--a; • We’ve now got a formal semantics for C 3 . • As long as you don’t write nonsense like this. 3 Winwood et. al., Mind the gap: A verification framework for low-level C, TPHOLS’09 19 / 32

  20. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? 2009 seL4 Applications 2014 2013 2012 2011 2010 20 / 32

  21. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? CompCert 2009 seL4 Applications 2014 2013 2012 2011 2010 21 / 32

  22. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: 22 / 32

  23. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. 23 / 32

  24. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. 24 / 32

  25. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. • An automatic verifier for concurrent C: VCC. 25 / 32

  26. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. • An automatic verifier for concurrent C: VCC. • seL4 compiles with CompCert... 26 / 32

  27. Program seL4, VCC & CompCert Verification as a Toolbox David Cock Is Your System Correct? Verified Systems 2005–Now Today’s Verification Toolbox What’s Next? As of 2009, we’ve got: • A verified kernel: seL4. • A verifying compiler: CompCert. • An automatic verifier for concurrent C: VCC. • seL4 compiles with CompCert... but VCC can’t (yet) verify seL4. 27 / 32

  28. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? CompCert 2009 seL4 Applications 2014 2013 2012 2011 2010 28 / 32

  29. Program A Timeline Verification as a Toolbox David Cock 2003 2004 2005 2006 2007 Is Your System Correct? Verisoft Verified Systems Verisoft XT 2005–Now seL4 2008 Today’s Verification CompCert Toolbox SIMPL C-SIMPL What’s Next? AutoCorres ASM Verification CompCert 2009 seL4 Applications 2014 2013 2012 2011 2010 29 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions & Postconditions Program Verification Assignments Composition Conditionals Loops Proofs about Programs Why

537 views • 36 slides
presentation The Case Competition Toolbox About the Toolbox Disclaimer The Case Competition

presentation The Case Competition Toolbox About the Toolbox Disclaimer The Case Competition

presentation The Case Competition Toolbox About the Toolbox Disclaimer The Case Competition Toolbox is a collection of useful This Toolbox is a collection of useful tips, tools, advices guidelines and frameworks that will assist your case

552 views • 37 slides
From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91 Reference From Program Verification to Program Synthesis. @ POPL10; January 17-23, 2010 Saurabh Srivastava , University of Maryland, College Park

1.21k views • 91 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Towards full verification of concurrent libraries Viktor Vafeiadis Program verification

Towards full verification of concurrent libraries Viktor Vafeiadis Program verification

Towards full verification of concurrent libraries Viktor Vafeiadis Program verification Programs considered: Small (<100 LOC) Medium (KLOC) Large (MLOC) Simple

577 views • 45 slides
Quo Vadis Program Verification Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of

Quo Vadis Program Verification Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of

Quo Vadis Program Verification Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam Quo Vadis Program Verification p. 1/1 One Page Summary Assertional approach to program verification is here to stay. Gap between

629 views • 19 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language for Java Used for the

620 views • 41 slides
7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester 2018 Alexander J. Summers 158 Weakest Preconditions So Far Weakest preconditions provide a means of reducing the question: does a program have

339 views • 16 slides
Welcome to the Machine Learning Toolbox! Machine Learning Toolbox Supervised learning caret

Welcome to the Machine Learning Toolbox! Machine Learning Toolbox Supervised learning caret

MACHINE LEARNING TOOLBOX Welcome to the Machine Learning Toolbox! Machine Learning Toolbox Supervised learning caret R package Automates supervised learning (a.k.a. predictive modeling ) Target variable Machine Learning Toolbox

634 views • 16 slides
2010 PARTNERING CONFERENCE Project Managers Toolbox August 10, 2010 Ron Rigney, P.E. &

2010 PARTNERING CONFERENCE Project Managers Toolbox August 10, 2010 Ron Rigney, P.E. &

2010 PARTNERING CONFERENCE Project Managers Toolbox August 10, 2010 Ron Rigney, P.E. & P.L.S. Director Division of Program Management Project Managers Overview of KYTC Toolbox The following instructions are for accessing the

436 views • 10 slides
Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform for deductive program verification Made by: Franois Bobot Martin Clochard Lon Gondelman Jean-Christophe Fillitre Claude

98 views • 9 slides
SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification now hot Used here in Sweden since 1989 mostly in safety critical applications (railway control program verification) Bounded Model Checking a

468 views • 25 slides
Viktor Vafeiadis Software Analysis & Verification Full functional verification

Viktor Vafeiadis Software Analysis & Verification Full functional verification

Viktor Vafeiadis Software Analysis & Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security Part I: Types and Recursion Schemes for Higher-Order Program Verification Part II: Higher-Order Program Verification and Language-Based Security

836 views • 54 slides
IN INTR TRODUCTION ODUCTION The NRP and NRP jr is an NTU outreach programme designed for

IN INTR TRODUCTION ODUCTION The NRP and NRP jr is an NTU outreach programme designed for

IN INTR TRODUCTION ODUCTION The NRP and NRP jr is an NTU outreach programme designed for students from selected Secondary Schools, and all IP (Integrated Programme) Schools and Junior Colleges NRP projects will only be offered to

395 views • 17 slides
Sustainability and the Health 325 bed Tertiary Medical Center 3 Regional Hospitals of

Sustainability and the Health 325 bed Tertiary Medical Center 3 Regional Hospitals of

About us Integrated Delivery System Approximately 6,500 Total Employees 795 providers employed / 505 medical staff 59 clinic locations Sustainability and the Health 325 bed Tertiary Medical Center 3 Regional Hospitals of

79 views • 5 slides
pharmacy Chris Ellett, Transformation Director PharmacyForum April 2018, Marbella @CJEllett77

pharmacy Chris Ellett, Transformation Director PharmacyForum April 2018, Marbella @CJEllett77

The consumer future of pharmacy Chris Ellett, Transformation Director PharmacyForum April 2018, Marbella @CJEllett77 Hello Content 1. Consumers changing business 2. How does Pharmacy and Healthcare stack up? 3. What is this digital thing?

1.4k views • 106 slides
SC State Fiscal Accountability Authority Division of Procurement Services Statewide IT Contract

SC State Fiscal Accountability Authority Division of Procurement Services Statewide IT Contract

SC State Fiscal Accountability Authority Division of Procurement Services Statewide IT Contract Updates South Carolina Procurement Code Changes Mike Spicer Stacy Adams http://www.procurement.sc.gov Statewide IT Term Contract Updates

224 views • 11 slides
Symbolic Mathematics Dr. Mihail November 20, 2018 (Dr. Mihail) Symbolic November 20, 2018 1 /

Symbolic Mathematics Dr. Mihail November 20, 2018 (Dr. Mihail) Symbolic November 20, 2018 1 /

Symbolic Mathematics Dr. Mihail November 20, 2018 (Dr. Mihail) Symbolic November 20, 2018 1 / 16 Overview Symbolic So far in this course we dealt with MATLAB variables that were placeholders for numeric types (e.g., scalars, vectors,

953 views • 17 slides
The Impedance Budget Toolbox Structure and main concepts Introduction Early stages of

The Impedance Budget Toolbox Structure and main concepts Introduction Early stages of

The Impedance Budget Toolbox Structure and main concepts Introduction Early stages of development Outline of general structure Based on impedance_toolbox of D. Amorim and IW2D toolbox of N. Mounet Aims to provide a set

351 views • 9 slides
PAYS Team Phyllis Law Sebrina Doyle Communities That Research Assistant Care Consultant

PAYS Team Phyllis Law Sebrina Doyle Communities That Research Assistant Care Consultant

PAYS Team Phyllis Law Sebrina Doyle Communities That Research Assistant Care Consultant EPISCenter EPISCenter Sandy Hinkle Tania Luciow Communities That Communications Manager Care Consultant EPISCenter EPISCenter Geoff Kolchin

243 views • 11 slides
The Synchronization Toolbox The Synchronization Toolbox Mutual Exclusion Mutual Exclusion Race

The Synchronization Toolbox The Synchronization Toolbox Mutual Exclusion Mutual Exclusion Race

The Synchronization Toolbox The Synchronization Toolbox Mutual Exclusion Mutual Exclusion Race conditions can be avoiding by ensuring mutual exclusion in critical sections. Critical sections are code sequences that are vulnerable to races.

708 views • 34 slides

More recommend