w hat s special about s ystem c alls
play

W HAT S SPECIAL ABOUT S YSTEM C ALLS ? From the point of view of a - PowerPoint PPT Presentation

May 22, 2023 •334 likes •889 views

I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S IMULATION AND F ORMAL V ERIFICATION OF X 86 M ACHINE -C ODE P ROGRAMS THAT MAKE S YSTEM C ALLS Shilpi Goel Warren A. Hunt, Jr. Matt Kaufmann

  1. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S IMULATION AND F ORMAL V ERIFICATION OF X 86 M ACHINE -C ODE P ROGRAMS THAT MAKE S YSTEM C ALLS Shilpi Goel Warren A. Hunt, Jr. Matt Kaufmann Soumava Ghosh The University of Texas at Austin 22 nd October, 2014 1| 31

  2. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 2| 31

  3. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 3| 31

  4. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK M OTIVATION Bug-hunting tools, like static analyzers, have matured remarkably. ◮ Regularly used in the software development industry ◮ Strengths: easy to use; largely automatic ◮ Weaknesses: cannot prove complex invariants; cannot prove the absence of bugs 4| 31

  5. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK M OTIVATION Bug-hunting tools, like static analyzers, have matured remarkably. ◮ Regularly used in the software development industry ◮ Strengths: easy to use; largely automatic ◮ Weaknesses: cannot prove complex invariants; cannot prove the absence of bugs We want to formally verify properties of (x86 machine-code) programs that cannot be established in the foreseeable future by automatic tools. 4| 31

  6. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls 5| 31

  7. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls ◮ Specify the x86 ISA and Linux/FreeBSD system calls in ACL2 program- ming/proof environment 5| 31

  8. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls ◮ Specify the x86 ISA and Linux/FreeBSD system calls in ACL2 program- ming/proof environment ◮ Validate the above specification against real hardware and software 5| 31

  9. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UR A PPROACH Focus: Mechanical verification of user-level x86 machine-code programs that request services from an operating system via system calls ◮ Specify the x86 ISA and Linux/FreeBSD system calls in ACL2 program- ming/proof environment ◮ Validate the above specification against real hardware and software ◮ Reason about x86 machine-code programs using this specification 5| 31

  10. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK W HAT ’ S SPECIAL ABOUT S YSTEM C ALLS ? ◮ From the point of view of a programmer, system calls are non-deterministic ; different runs can yield different results on the same machine. 6| 31

  11. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK W HAT ’ S SPECIAL ABOUT S YSTEM C ALLS ? ◮ From the point of view of a programmer, system calls are non-deterministic ; different runs can yield different results on the same machine. ◮ This makes it non-trivial to reason about user-level programs that make system calls. 6| 31

  12. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK W HAT ’ S SPECIAL ABOUT S YSTEM C ALLS ? ◮ From the point of view of a programmer, system calls are non-deterministic ; different runs can yield different results on the same machine. ◮ This makes it non-trivial to reason about user-level programs that make system calls. Proved functional correctness of a word count program 6| 31

  13. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK C ORRECTNESS OF THE W ORD C OUNT P ROGRAM Assembly Program Snippet Pseudo-code: Specification Function ncSpec (offset, str, count): ... if (EOF-TERMINATED(str) && push %rbx lea -0x9(%rbp),%rax offset < len(str)) then mov %rax,-0x20(%rbp) c := str[offset] mov $0x0,%rax xor %rdi,%rdi if (c == EOF) then mov -0x20(%rbp),%rsi return count mov $0x1,%rdx syscall else mov %eax,%ebx count := (count + 1) mod 2^32 mov %ebx,-0x10(%rbp) movzbl -0x9(%rbp),%eax ncSpec (1 + offset, str, count) movzbl %al,%eax ... endif endif 7| 31

  14. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK C ORRECTNESS OF THE W ORD C OUNT P ROGRAM Assembly Program Snippet Pseudo-code: Specification Function ncSpec (offset, str, count): ... if (EOF-TERMINATED(str) && push %rbx lea -0x9(%rbp),%rax offset < len(str)) then mov %rax,-0x20(%rbp) c := str[offset] mov $0x0,%rax xor %rdi,%rdi if (c == EOF) then mov -0x20(%rbp),%rsi return count mov $0x1,%rdx syscall else mov %eax,%ebx count := (count + 1) mod 2^32 mov %ebx,-0x10(%rbp) movzbl -0x9(%rbp),%eax ncSpec (1 + offset, str, count) movzbl %al,%eax ... endif endif Theorem preconditions(rip i , x86 i ) ∧ x86 f = x86-run(clk(x86 i ), x86 i ) ⇒ = getNc(x86 f ) = ncSpec (Offset(x86 i ), Str(x86 i ), 0) 7| 31

  15. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 8| 31

  16. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK X 86 ISA + S YSTEM C ALLS S PECIFICATION ◮ Formalization of the x86 ISA, with syscall extended by a specification of Linux and FreeBSD system calls ◮ Formal and executable specification ◮ Memory model: 64-bit linear address space 9| 31

  17. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 10| 31

  18. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK X 86 ISA M ODEL IN ACL2 ◮ Interpreter-style operational semantics ◮ Semantics of a program is given by the effect it has on the state of the machine. ◮ State-transition function is characterized by a recursively defined interpreter . We call this state transition function x86-run . 11| 31

  19. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK F ORMALIZATION : X 86 S TATE Component Description registers general-purpose, segment, debug, control, floating point, MMX, model-specific rip instruction pointer flg flags register env environment field mem memory 12| 31

  20. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK F ORMALIZATION : S TATE T RANSITION F UNCTION ◮ State transition function: fetch , decode & execute ◮ Each instruction has its own semantic function 13| 31

  21. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK F ACTSHEET : X 86 ISA M ODEL ◮ 64-bit mode of Intel’s IA-32e mode ◮ 221 general and 96 SSE/SSE2 opcodes ◮ Implementation of all addressing modes ◮ Lines of Code: ∼ 40,000 ◮ Execution speed: up to 3.3 million instructions/second Machine used: 3.50GHz Intel Xeon E31280 CPU 14| 31

  22. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK A SSESSING THE A CCURACY OF THE ISA M ODEL 15| 31

  23. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK O UTLINE I NTRODUCTION 1 S IMULATION AND R EASONING F RAMEWORK 2 X 86 ISA M ODEL S YSTEM C ALLS M ODEL C ODE P ROOFS 3 C ONCLUSION AND F UTURE W ORK 4 16| 31

  24. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S YSTEM C ALLS M ODEL : E XTENDING SYSCALL System calls in the real world 17| 31

  25. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK S YSTEM C ALLS M ODEL : E XTENDING SYSCALL System calls in the real world System calls in our x86 model 17| 31

  26. I NTRODUCTION S IMULATION AND R EASONING F RAMEWORK C ODE P ROOFS C ONCLUSION AND F UTURE W ORK B ENEFITS OF THE S YSTEM C ALL M ODEL ◮ Useful for verifying application programs while assuming that services like I/O operations are provided reliably by the OS We check such assumptions during co-simulations. 18| 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

P age 1 Data Dependence and Hazards Data Dependence and Hazards I nstr J is dat a dependent

P age 1 Data Dependence and Hazards Data Dependence and Hazards I nstr J is dat a dependent

CS252 Recall f rom Pipelining Review Graduate Computer Architecture Lecture 15: Pipeline CPI = I deal pipeline CPI + St ruct ural I nstruction Level Parallelism and Dynamic St alls + Dat a Hazard St alls + Cont rol St alls Execution

394 views • 13 slides
Alls fair in taxation: Introduction A framing experiment with local politicians

Alls fair in taxation: Introduction A framing experiment with local politicians

Alls fair in taxation Colin R. Kuehnhanss &amp; Bruno Heyndels Alls fair in taxation: Introduction A framing experiment with local politicians Redistribution Taxation Schelling experiment Framing Hypotheses Colin R. Kuehnhanss

757 views • 37 slides
Ho How w to to Detec Detect soft soft falls alls on on de devices vices some signal

Ho How w to to Detec Detect soft soft falls alls on on de devices vices some signal

Ho How w to to Detec Detect soft soft falls alls on on de devices vices some signal processing with knime Prof. Dr. Dominique Genoud Vincent Cuendet master HES-SO, Institute of Information Systems Lausanne, Switzerland

440 views • 24 slides
Introducing B LOOD G LUCOSE M ONITORING S YSTEM B LOOD G LUCOSE M ONITORING S YSTEM Contents Co

Introducing B LOOD G LUCOSE M ONITORING S YSTEM B LOOD G LUCOSE M ONITORING S YSTEM Contents Co

Introducing B LOOD G LUCOSE M ONITORING S YSTEM B LOOD G LUCOSE M ONITORING S YSTEM Contents Co te ts Meter details &amp; kit GlucoRx services, compliance &amp; approvals Softw are Studies Cost savings Cost savings

452 views • 22 slides
Fair or Foul? THE P PITFAL ALLS O S OF T TECHNO NOLOGICAL AL DEBT C COLLECTI TION W N

Fair or Foul? THE P PITFAL ALLS O S OF T TECHNO NOLOGICAL AL DEBT C COLLECTI TION W N

Fair or Foul? THE P PITFAL ALLS O S OF T TECHNO NOLOGICAL AL DEBT C COLLECTI TION W N WITH THOUT C T CONSE NSENT NT Increased, Ass ssert rtive D Debt Col Colle lectio ion Behold, I send you forth as sheep in the midst of

518 views • 29 slides
Intrus ntrusion ion Det Detection, ection, Fi Fire rewalls, alls, an and d Intr ntrusion

Intrus ntrusion ion Det Detection, ection, Fi Fire rewalls, alls, an and d Intr ntrusion

Intrus ntrusion ion Det Detection, ection, Fi Fire rewalls, alls, an and d Intr ntrusion usion Pr Prevention ention Professor Patrick McDaniel ECE 590 03 (Guest lecture) Intrusion Detection Systems Authorized eavesdropper

607 views • 23 slides
SERRATOGA FALLS AMENDED SKETCH PLAN Serratoga Fall alls 1 st st Fili ling oad 3 treet ty

SERRATOGA FALLS AMENDED SKETCH PLAN Serratoga Fall alls 1 st st Fili ling oad 3 treet ty

SERRATOGA FALLS AMENDED SKETCH PLAN Serratoga Fall alls 1 st st Fili ling oad 3 treet ty Roa ain Str ounty Main Cou Serratoga SITE SITE alls 2 nd nd Fall Fili ling Pros ospect Roa oad SERRATOGA FALLS AMENDED SKETCH PLAN 2014

239 views • 6 slides
P-Mail Marketing: How a a tech company in incr creased brie riefing call alls 50 50% by y

P-Mail Marketing: How a a tech company in incr creased brie riefing call alls 50 50% by y

P-Mail Marketing: How a a tech company in incr creased brie riefing call alls 50 50% by y combining physical l mail il an and email il Bo Bob Bir Birge Will illiam Du Duke Director of Marketing Marketing Manager Blue Pillar,

368 views • 21 slides
02/08/2016 MUSIC AND ART INSPIRED BY SHAKESPEARE Lecture 6 Alls Well That Ends Henry Moore

02/08/2016 MUSIC AND ART INSPIRED BY SHAKESPEARE Lecture 6 Alls Well That Ends Henry Moore

02/08/2016 MUSIC AND ART INSPIRED BY SHAKESPEARE Lecture 6 Alls Well That Ends Henry Moore The Seven Ages of Man 1982 1 The Infant Richard Kindersley The Seven Ages of Man from As You Like It c 1990 Dr William Sterling Dr William

841 views • 10 slides
Reliable and Efficient S ystem for Community Energy Solution PROF. BIKASH PAL, IM PERIAL

Reliable and Efficient S ystem for Community Energy Solution PROF. BIKASH PAL, IM PERIAL

Reliable and Efficient S ystem for Community Energy Solution PROF. BIKASH PAL, IM PERIAL COLLEGE LONDON, UK Overview Reliability and Efficient S ystem for Community Energy Solutions (RESCUES) is a medium size Academia-Industry partnership

189 views • 8 slides
S YSTEM FUNCTIONALITY 2 Quickly move all baggage, including transfers, automatically between

S YSTEM FUNCTIONALITY 2 Quickly move all baggage, including transfers, automatically between

D ENVER A IRPORT I NTEGRATED A UTOMATED B AGGAGE H ANDLING S YSTEM I a i n S i m m s &amp; K y l e K e n n e d y I NTRODUCTION We will discuss: Background of the airport. Background of the airport. Baggage system

763 views • 34 slides
Resi esident dent Cl Clas assifica sification tion Syst ystem em - I Z IMMET H EALTHCARE

Resi esident dent Cl Clas assifica sification tion Syst ystem em - I Z IMMET H EALTHCARE

Me Medi dicare care Par art t A SN SNF Paym yment ent Syst ystem em Refo eform: m: Intr In troductio oduction n to to Resi esident dent Cl Clas assifica sification tion Syst ystem em - I Z IMMET H EALTHCARE 2018 Intr In

661 views • 37 slides
GLUT&amp;ps+pi+alls alexandrizavodny GLUTbarebones

GLUT&amp;ps+pi+alls alexandrizavodny GLUTbarebones

GLUT&amp;ps+pi+alls alexandrizavodny GLUTbarebones WhatisthesimplestGLUTappyoucanwrite? GLUTbarebones GLUTbarebones GLUTbarebones

590 views • 18 slides
C ompressed A ir F oam S ystem Flekkefjord 14/05/2014 CAFS What is CAFS CAFS = C ompressed A

C ompressed A ir F oam S ystem Flekkefjord 14/05/2014 CAFS What is CAFS CAFS = C ompressed A

CAFS C ompressed A ir F oam S ystem Flekkefjord 14/05/2014 CAFS What is CAFS CAFS = C ompressed A ir F oam S ystem + + Water Foam agent Compressed air Prsentationsthema, Datum, Folie 2 Foam vs. CAFS foam CAFS heterogeneous foam

880 views • 45 slides
1848 Springfield literally named after a spring in a field. Served as citys water source

1848 Springfield literally named after a spring in a field. Served as citys water source

H ISTORY OF S PRINGFIELD S D RINKING W ATER S YSTEM David Embleton Water Quality Program Manager davide@subutil.com T HE M AN B EHIND SUB S W ATER S YSTEM H ISTORY R ESEARCH 1988 State Hwy (Main St) needs to be rebuilt State

414 views • 17 slides
A Que A Quest f st for or a a Li Librar ary y Man anag agem emen ent t Sys ystem em

A Que A Quest f st for or a a Li Librar ary y Man anag agem emen ent t Sys ystem em

A Que A Quest f st for or a a Li Librar ary y Man anag agem emen ent t Sys ystem em Ruby Lindberg and Marlene Murphy,, Library, NT Department of Health Revie view w Pr Projec ject t Pl Plan an Ven endo dors

740 views • 25 slides
87th Air Base Wing Joint Base McGuire-Dix-Lakehurst Restoration Advisory Board 16 March 2017

87th Air Base Wing Joint Base McGuire-Dix-Lakehurst Restoration Advisory Board 16 March 2017

87th Air Base Wing Joint Base McGuire-Dix-Lakehurst Restoration Advisory Board 16 March 2017 87th Air Base Wing Review of Action Items Mr. Curtis Frye, P.E. Chief, JBMDL Environmental Restoration Program AFCEC/CZOE Action Items JBMDL

1.49k views • 112 slides
Materials 2 Avoiding Mechanical Failure Week 8 Demo Personal body armour Ned Kellys

Materials 2 Avoiding Mechanical Failure Week 8 Demo Personal body armour Ned Kellys

Materials 2 Avoiding Mechanical Failure Week 8 Demo Personal body armour Ned Kellys armour in the State Library of Victoria by Chensiyuan Personal armour has always been a trade-off between protection and movement Steel armour ~ 1550

348 views • 10 slides
Command(s) Answer 4. 4. Write a function that accepts an array A in its arguments and returns the

Command(s) Answer 4. 4. Write a function that accepts an array A in its arguments and returns the

UNIVERSITY OF JORDAN UNIVERSITY OF JORDAN COMP CO MPUTER ENGI UTER ENGINEERIN NEERING DEPARTM G DEPARTMENT NT CPE0907311 COMPUTER CPE0907311 COMPUTER APPLICATIONS LAB APPLICATIONS LAB EXERCISE SHEET 5 EXERC SE SHEET 5 STUDY THE S

669 views • 3 slides
Nuclear Power and the Spent Fuel Problem 1. The US has the largest number of reactors in the world

Nuclear Power and the Spent Fuel Problem 1. The US has the largest number of reactors in the world

Nuclear Power and the Spent Fuel Problem 1. The US has the largest number of reactors in the world ( 104 ). 2. The spent fuel is bad for you. For a typical, 10-year-old, spent-fuel rod the radiation dose at one meter is 20,000 rem/hr. Five

612 views • 23 slides
Cybersecurity for IoT: Verify your Software Today! Allan Blanchard, Nikolai Kosmatov (based on a

Cybersecurity for IoT: Verify your Software Today! Allan Blanchard, Nikolai Kosmatov (based on a

Cybersecurity for IoT: Verify your Software Today! Allan Blanchard, Nikolai Kosmatov (based on a tutorial prepared with Frdric Loulergue) Outline Introduction Verification of absence of runtime errors using Frama-C/Eva Deductive

694 views • 58 slides
Gneiss A nice component framework in SPARK Johannes Kliemann FOSDEM, Brussels, 2020-02-02

Gneiss A nice component framework in SPARK Johannes Kliemann FOSDEM, Brussels, 2020-02-02

Gneiss A nice component framework in SPARK Johannes Kliemann FOSDEM, Brussels, 2020-02-02 Component-based Architectures Trusted Components Cant reimplement everything Solution: software reuse Protocol validator Untrusted

413 views • 17 slides
Absence of the singular spectrum in a twisted Dirichlet-Neumann waveguide Ph. Briet 1 J.Dittrich 2

Absence of the singular spectrum in a twisted Dirichlet-Neumann waveguide Ph. Briet 1 J.Dittrich 2

The Dittrich-K r problem References Questions The spectrum Mourre estimate Absence of the singular spectrum in a twisted Dirichlet-Neumann waveguide Ph. Briet 1 J.Dittrich 2 rk 3 D. Krej ci 1 Centre de Physique Thorique,CNRS,

216 views • 19 slides
strt r r

strt r r

strt r r r t ss rr

425 views • 24 slides

More recommend