why are computers so and what can we do about it
play

Why are computers so @#!*, and what can we do about it? Peter - PowerPoint PPT Presentation

Sep 01, 2022 •473 likes •1.11k views

Why are computers so @#!*, and what can we do about it? Peter Sewell University of Cambridge August 2014 EMF , somewhere near Bletchley p. 1 Things I Know About Computers p. 2 Things I Know About Computers 1. there are a lot of

  1. Why are computers so @#!*, and what can we do about it? Peter Sewell University of Cambridge August 2014 EMF , somewhere near Bletchley – p. 1

  2. Things I Know About Computers – p. 2

  3. Things I Know About Computers 1. there are a lot of them – p. 2

  4. Things I Know About Computers 1. there are a lot of them 2. they go wrong a lot – p. 2

  5. [Ariane 501, $500 million] – p. 3

  6. – p. 4

  7. – p. 5

  8. – p. 6

  9. th Ba k in the 19 Century... – p. 7

  10. Beautiful Railway Bridge of the Silvery Tay! With your numerous ar hes and pillars in so grand array – p. 8

  11. – p. 9

  12. – p. 10

  13. – p. 11

  14. Now 100 years later: decent mechanical and civil engineering – p. 12

  15. Now 100 years later: decent mechanical and civil engineering What does that mean? enough thermodynamics, materials science, quality control, etc. to model designs well enough to predict whether they’ll do what we want – p. 12

  16. Now 100 years later: decent mechanical and civil engineering What does that mean? enough thermodynamics, materials science, quality control, etc. to model designs well enough to predict whether they’ll do what we want And for Computing? – p. 12

  17. Why is it so hard? – p. 13

  18. Too Much Code [from www.informationisbeautiful.net ] – p. 14

  19. – p. 15

  20. – p. 16

  21. But computer systems are built by smart people in big groups subject to commercial pressures using the best components and tools they know.... – p. 17

  22. – p. 18

  23. – p. 19

  24. How do we build those pieces? 1. (sometimes, at best) specify in prose 2. write code 3. write some ad hoc tests 4. test-and-fix-and-extend until marketable 5. test-and-fix-and-extend until no longer marketable 6. use until too bitrotted, device breaks, or obsolete – p. 20

  25. How do we build those pieces? 1. (sometimes, at best) specify in prose 2. write code 3. write some ad hoc tests 4. test-and-fix-and-extend until marketable 5. test-and-fix-and-extend until no longer marketable 6. use until too bitrotted, device breaks, or obsolete – p. 20

  26. Too Many... Execution paths ... scales (at least!) exponentially with code size States ... scales exponentially with amount of data Possible inputs – p. 21

  27. Discrete Systems – p. 22

  28. What can we do? – p. 23

  29. 1: improve s/w engineering processes more unit+system testing, more assertions, better coordination... – p. 24

  30. 2: use 1980s languages instead of 1970s expressive type systems guarantees of type- and memory-safety enforcement of abstraction boundaries user-defined inductive types, pattern matching, functions, ... In 2014? No excuse... – p. 25

  31. 2b: use languages that have been designed – p. 26

  32. 2b: use languages that have been designed (we can now precisely define the intended semantics of real-world PLs...) – p. 26

  33. 4: prove correctness – p. 27

  34. 4: prove correctness CompCert verified compiler from C-like language to assembly CompCertTSO ...plus concurrency CakeML verified compiler from core ML to binary Vellvm verified LLVM optimisation passes RockSalt verified SFI seL4 verified hypervisor – p. 27

  35. 3: specify+test behaviour of key interfaces – p. 28

  36. – p. 29

  37. 3: specify+test behaviour of key interfaces TCP and Sockets API x86, ARM, and IBM Power multiprocessor behaviour C/C++11 concurrency models (+ gcc/clang testing) OCaml core language C language TLS stack – p. 30

  38. Multiprocessors Processor 1 Processor N Shared Memory – p. 31

  39. The GhoĆ of MultiproceĄorŊ PaĆ BURROUGHS D825, 1962 “Outstanding features include truly modular hardware with parallel processing throughout” FUTURE PLANS The complement of compiling languages is to be expanded. – p. 32

  40. Example 1 (SB) Initial shared memory values: x=0 and y=0 Thread 0 Thread 1 write x := 1 write y := 1 read y read x Might expect x=1,y=1, x=1,y=0, or x=0,y=1. – p. 33

  41. Example 1 (SB) Initial shared memory values: x=0 and y=0 Thread 0 Thread 1 write x := 1 write y := 1 read y read x Might expect x=1,y=1, x=1,y=0, or x=0,y=1. Experimentally, on x86 (Intel Core i7): x=1, y=1 79 x=1, y=0 499683 x=0, y=1 499889 x=0, y=0 349 – p. 33

  42. Example 2 (MP , Message Passing) Initial shared memory values: x=0 and y=0 Thread 0 Thread 1 write x := 1 read y // until gets 1 write y := 1 read x Might expect to always see x=1 – p. 34

  43. Example 2 (MP , Message Passing) Initial shared memory values: x=0 and y=0 Thread 0 Thread 1 write x := 1 read y // until gets 1 write y := 1 read x Might expect to always see x=1 Experimentally: x86 x=1 ARM x=0 and x=1 IBM Power x=0 and x=1 Programmer must enforce ordering with memory barriers – p. 34

  44. How are architectures expressed? In prose: For each applicable pair a i , b j the memory barrier ensures that a i will be performed with respect to any processor or mecha- nism, to the extent required by the associated Memory Coher- ence Required attributes, before b j is performed with respect to that processor or mechanism. A includes all applicable storage accesses by any such processor or mechanism that have been performed with respect to P1 before the memory barrier is created. B includes all applicable storage accesses by any such processor or mechanism that are performed after a Load instruction executed by that processor or mechanism has returned the value stored by a store that is in B . – p. 35

  45. How are architectures expressed? In prose: For each applicable pair a i , b j the memory barrier ensures that a i will be performed with respect to any processor or mecha- nism, to the extent required by the associated Memory Coher- ence Required attributes, before b j is performed with respect to that processor or mechanism. A includes all applicable storage accesses by any such processor or mechanism that have been performed with respect to P1 before the memory barrier is created. B includes all applicable storage accesses by any such processor or mechanism that are performed after a Load instruction executed by that processor or mechanism has l returned the value stored by a store that is in B . – p. 35

  46. How are architectures expressed? “all that horrible horribly incomprehensible and confusing [...] text that no-one can parse or reason with — not even the people who wrote it” Anonymous Processor Architect, 2011 – p. 36

  47. Architectural Fiction Architecture texts (and mainstream language standards too): informal prose attempts at subtle loose specifications. We pretend programmers can “write to the spec” — but we develop software by testing. Fundamental problem: prose specifications cannot be used to test programs against , or to test processor implementations , or to prove properties of either, or even to communicate precisely . In a real sense, the specs don’t exist – p. 37

  48. Empirical Science to the Rescue! – p. 38

  49. Empirical Science to the Rescue! 1. invent mathematically precise model of multiprocessor behaviour (but abstract, avoiding microarchitectural detail) – p. 38

  50. Empirical Science to the Rescue! 1. invent mathematically precise model of multiprocessor behaviour (but abstract, avoiding microarchitectural detail) 2. make tool to find all model-allowed behaviour of tests (and interactive web interface) – p. 38

  51. Empirical Science to the Rescue! 1. invent mathematically precise model of multiprocessor behaviour (but abstract, avoiding microarchitectural detail) 2. make tool to find all model-allowed behaviour of tests (and interactive web interface) 3. compare against experimental data from production h/w (fixing model and finding h/w bugs) – p. 38

  52. Empirical Science to the Rescue! 1. invent mathematically precise model of multiprocessor behaviour (but abstract, avoiding microarchitectural detail) 2. make tool to find all model-allowed behaviour of tests (and interactive web interface) 3. compare against experimental data from production h/w (fixing model and finding h/w bugs) 4. discuss with architects – p. 38

  53. Empirical Science to the Rescue! 1. invent mathematically precise model of multiprocessor behaviour (but abstract, avoiding microarchitectural detail) 2. make tool to find all model-allowed behaviour of tests (and interactive web interface) 3. compare against experimental data from production h/w (fixing model and finding h/w bugs) 4. discuss with architects 5. prove correctness of C/C++11 concurrency compilation scheme – p. 38

  54. Empirical Science to the Rescue! 1. invent mathematically precise model of multiprocessor behaviour (but abstract, avoiding microarchitectural detail) 2. make tool to find all model-allowed behaviour of tests (and interactive web interface) 3. compare against experimental data from production h/w (fixing model and finding h/w bugs) 4. discuss with architects 5. prove correctness of C/C++11 concurrency compilation scheme 6. goto 1 – p. 38

  55. Rocket Science? – p. 39

  56. Rocket Science? specifying the intended behaviour of a system in some precise and clear language – p. 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Brief History of Computers A Brief History of Computers A Brief History of Computers By

A Brief History of Computers A Brief History of Computers A Brief History of Computers By

A Brief History of Computers A Brief History of Computers A Brief History of Computers By Debdeep Mukhopadhyay Assistant Professor Dept of Computer Sc and Engg IIT Madras Pre-Mechanical Computing: Pre-Mechanical Computing: Mechanical

422 views • 38 slides
Overview/Questions Where did computers come from? When were computers first discovered?

Overview/Questions Where did computers come from? When were computers first discovered?

CS101 Lecture 5: Brief History of Computing Aaron Stevens 26 January 2009 Some images courtesy Wikimedia Commons, IBM 1 Overview/Questions Where did computers come from? When were computers first discovered? What is the

386 views • 15 slides
Computers and Economics Computers and Economics Week 12b - April 12 Week 13a April 17 1

Computers and Economics Computers and Economics Week 12b - April 12 Week 13a April 17 1

Computers and Economics Computers and Economics Week 12b - April 12 Week 13a April 17 1 Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia http://cups.cs.cmu.edu/courses/compsoc-sp07/

610 views • 30 slides
Good Morning! INT1004 Computers for Business Ulrich Werner Discovering Computers Technology in

Good Morning! INT1004 Computers for Business Ulrich Werner Discovering Computers Technology in

Good Morning! INT1004 Computers for Business Ulrich Werner Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet Chapter 9 Operating Systems Operating System Functions Starting Computers and Mobile

873 views • 65 slides
COMPUTERS TAKING A QUANTUM LEAP Quantum computers will harness the power of atoms and molecules

COMPUTERS TAKING A QUANTUM LEAP Quantum computers will harness the power of atoms and molecules

COMPUTING COMPUTERS TAKING A QUANTUM LEAP Quantum computers will harness the power of atoms and molecules to perform calculations billions of times faster than todays silicon-based computers. They will also enable new revolutionary

299 views • 6 slides
Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

COMPUTER ORGANIZATION AND DESIGN 5 th Edition The Hardware/Software Interface Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers Operations on integers Addition and subtraction

718 views • 57 slides
ECE 238L Digital Computers and Number Systems August 30, 2006 Typeset by Foil T EX

ECE 238L Digital Computers and Number Systems August 30, 2006 Typeset by Foil T EX

ECE 238L Digital Computers and Number Systems August 30, 2006 Typeset by Foil T EX Computers are everywhere Computers are ubiquitous used everywhere. Cell phones, street lights, watches, calculators, ... Computers are

327 views • 13 slides
COMPUTERS Computers are like Old Testament gods; lots of rules and no mercy. WHAT IS A

COMPUTERS Computers are like Old Testament gods; lots of rules and no mercy. WHAT IS A

COMPUTERS Computers are like Old Testament gods; lots of rules and no mercy. WHAT IS A COMPUTER? A computer is an electronic device, operating under the control of instructions stored in its own memory. Collects Produces Processing

365 views • 10 slides
Good Morning! INT1004 Computers for Business Ulrich Werner Discovering Computers Technology in

Good Morning! INT1004 Computers for Business Ulrich Werner Discovering Computers Technology in

Good Morning! INT1004 Computers for Business Ulrich Werner Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet Chapter 11 Information and Data Management Databases, Data, and Information Database

706 views • 60 slides
Unit 3 Digital Circuits (Logic) A Brief History COMPUTERS AND SWITCHING TECHNOLOGY 3 4

Unit 3 Digital Circuits (Logic) A Brief History COMPUTERS AND SWITCHING TECHNOLOGY 3 4

1 2 Unit 3 Digital Circuits (Logic) A Brief History COMPUTERS AND SWITCHING TECHNOLOGY 3 4 Mechanical Computers Electronic Computers Primarily gear-based 1945 - ENIAC was first, fully Two prototypes designed and partially

249 views • 9 slides
Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Elements of quantum information processing and quantum computers (with trapped ion examples) D. J. Wineland, Dept. of Physics, U Oregon, Eugene, OR; & Research Associate, NIST, Boulder, CO Summary: * Why quantum for computers? *

742 views • 42 slides
computers to personal computers Xerox does it all 1973: Xerox Alto GUI wysiwyg mouse ethernet

computers to personal computers Xerox does it all 1973: Xerox Alto GUI wysiwyg mouse ethernet

computers to personal computers Xerox does it all 1973: Xerox Alto GUI wysiwyg mouse ethernet laserprinter smalltalk, impress, postscript 1979 : Steve Jobs tours PARC 1981: Xerox Star breaking down the computer HofI PC - 3 through thick

362 views • 24 slides
Computers

Computers

Food Electronics Bread Computers Home Milk 2% Skim Wheat White

383 views • 5 slides
61A Lecture 35 Characteristics of distributed computing: Computers are independent they do

61A Lecture 35 Characteristics of distributed computing: Computers are independent they do

Distributed Computing A distributed computing application consists of multiple programs running on multiple computers that together coordinate to perform some task. Computation is performed in parallel by many computers. Information can be

478 views • 3 slides
1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to computers! First, lets play some Fact or Fiction Games. Game 1: Of the following three statements. Which one is false? 1. Smartphones and tablets are

649 views • 22 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
The Role of Play in Self-Regulation The Role of Play in Self-Regulation Opportunities to teach

The Role of Play in Self-Regulation The Role of Play in Self-Regulation Opportunities to teach

The Role of Play in Self-Regulation The Role of Play in Self-Regulation Opportunities to teach self-regulation Opportuni)es for complex, extended make-believe play an important prac)ce ground for the development of self- regulatory

361 views • 6 slides
Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert

Dependently Typed Programming with Domain-Specific Logics Dan Licata Thesis Committee: Robert Harper Karl Crary Frank Pfenning Greg Morrisett, Harvard 1 Domain-specific logics Type systems for reasoning about a specific application

985 views • 67 slides
TDDC73 Lecture 3 1 Agenda Questions Complex components Network REST

TDDC73 Lecture 3 1 Agenda Questions Complex components Network REST

TDDC73 Lecture 3 1 Agenda Questions Complex components Network REST and/or GraphQL Screen navigation 2 Organisation of code Biggest challenge of UI development (Ok one of ) Maintaining the

462 views • 18 slides
React.js a crash course Jake Zimmerman January 29th, 2016 Key Features of React.js Easily

React.js a crash course Jake Zimmerman January 29th, 2016 Key Features of React.js Easily

React.js a crash course Jake Zimmerman January 29th, 2016 Key Features of React.js Easily express user Abstracts the Data flows are interfaces browser's DOM predictable Richly express the visual Write your UI modularly up Control the

438 views • 14 slides
Graph-Based Resource Allocation with Conflict Avoidance for V2V Broadcast Communications Luis F.

Graph-Based Resource Allocation with Conflict Avoidance for V2V Broadcast Communications Luis F.

Graph-Based Resource Allocation with Conflict Avoidance for V2V Broadcast Communications Luis F. Abanto-Leon Co-authors: Arie Koppelaar Sonia Heemstra de Groot Department of Electrical Engineering Eindhoven University of Technology IEEE

706 views • 44 slides
Understanding POWER multiprocessors Susmit Sarkar 1 Peter Sewell 1 Jade Alglave 2 , 3 Luc Maranget

Understanding POWER multiprocessors Susmit Sarkar 1 Peter Sewell 1 Jade Alglave 2 , 3 Luc Maranget

Understanding POWER multiprocessors Susmit Sarkar 1 Peter Sewell 1 Jade Alglave 2 , 3 Luc Maranget 3 Derek Williams 4 1 University of Cambridge 2 Oxford University 3 INRIA 4 IBM June 2011 Programming shared-memory multiprocessors No Sequential

551 views • 15 slides
Developing the Prosody XMPP server in Lua Matthew Wild ('MattJ') @FOSDEM 16 Introduction Why

Developing the Prosody XMPP server in Lua Matthew Wild ('MattJ') @FOSDEM 16 Introduction Why

Developing the Prosody XMPP server in Lua Matthew Wild ('MattJ') @FOSDEM 16 Introduction Why Prosody? Why Lua??? Performance of a scripting language Ecosystem Contributions The 'fun' parts Lua allowed us to: Define function

329 views • 12 slides
Announcements Extra credit Dont forget to enter questions on Canvas. At least 1 on

Announcements Extra credit Dont forget to enter questions on Canvas. At least 1 on

Announcements Extra credit Dont forget to enter questions on Canvas. At least 1 on each reading. Use phonetics videos on course website. Honey Badger to be done in groups of 2 or3 w/ at least 1 native speaker of English.

154 views • 3 slides

More recommend