1 / 37

The German Verisoft Project 2003 - 2007

The German Verisoft Project 2003 - 2007. W. Paul Universität Saarbrücken wiss. Gesamtprojektleiter bmb+f Projekt Verisoft. Testing System Design. how do you know that zero needles are left ?. Measure it !. how do you know that zero needles are left ? Formal Verification

galvin
Télécharger la présentation

The German Verisoft Project 2003 - 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The German Verisoft Project2003 - 2007 W. Paul Universität Saarbrücken wiss. Gesamtprojektleiter bmb+f Projekt Verisoft

  2. Testing System Design • how do you know that zero needles are left ?

  3. Measure it ! • how do you know that zero needles are left ? • Formal Verification • correctness proof • measure number of gaps in proof by CAV system • syntax check

  4. Measure it ! • how do you know that zero needles are left ? • Formal Verification • correctness proof • measure number of gaps in proof by CAV system • syntax check • CAV system = measuring instrument • nothing less • nothing more

  5. In principle we know how to do it... • Verify software

  6. In principle we know how to do it... • Verify software • not just programs • you cannot possibly be sure unless you have done it ???

  7. In principle we know how to do it... • destroy civilisation • you cannot possibly be sure unless you have done it ???

  8. In principle we know how to do it... • fly to the moon • you may be wrong

  9. In principle we know how to do it... • fly to the moon • there may be something missing

  10. In principle we know how to do it... • fly to the moon

  11. In principle we know how to do it... • verify software • was anything (more or less) serious missing 2003 ?

  12. You don‘t know how to verify software unless you know how to fully verify • drivers • OS kernel written in C • programs making calls to OS • programs using RPC • implementations of crytographic protocols • assembler programs with timer interrupts • ......one more !!

  13. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! formal model of processor + device(s) ICCD 05: disk You don‘t know how to verify software unless you know how to fully verify

  14. data paths + control automaton of diskcouple with processor model sector buffer bufp swap w,r stat cmd lba scnt data ien din, adr dout eev eifi: transfer sector buffer/swap done true eventually port RAM

  15. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! formal model of processor + device(s) ICCD 05: disk 2006: disk + terminal + network interface + timer + model hierarchy (e.g. file system) a distributed system You don‘t know how to verify software unless you know how to fully verify

  16. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! TPHOLS 05: semantics of C with in line assembler code You don‘t know how to verify software unless you know how to fully verify

  17. C0A: C0 with in line assembler code

  18. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! TPHOLS 05: semantics of C with in line assembler code uses compiler theory TPHOLS 05: semantics of kernel + users You don‘t know how to verify software unless you know how to fully verify

  19. CVM semantics and implementation (1)

  20. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! OS semantics (thesis Bogarn) You don‘t know how to verify software unless you know how to fully verify

  21. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! RPC semantics: Thesis Alkassar applications : DFKI + Univ. Koblenz You don‘t know how to verify software unless you know how to fully verify

  22. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! basic math: probability number theory TU Darmstadt + DFKI + TU Munich + T-Systems You don‘t know how to verify software unless you know how to fully verify

  23. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! Knapp/Paul 2006: assembler model does not see caches assembler model inherently nondeterministic: resolve nondeterminism be worst case execution time (WCET) analysis (AbsInt) on RTL level You don‘t know how to verify software unless you know how to fully verify

  24. Pure WCET above RTL level of processor • is either by measurements • guarantees usually nothing • or • like guaranteeing a speed of at least 4.07 km/h for this car • because: • cache penalties can affect execution time of an ISA intruction by factor 100

  25. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts ......one more !! Knapp/Paul 2006: assembler model does not see caches assembler model inherently nondeterministic: resolve nondeterminism be worst case execution time (WCET) analysis (AbsInt) on RTL level uses theory of procesor correctness You don‘t know how to verify software unless you know how to fully verify

  26. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts implementation correctness of e.g. CSP down to assembler level Markt Oberdorf lectures 2006: correctness proof for distributed real time system FlexRay+OSEKTime (like) serial interfaces clock synchronisation classical theory of program correctness + everything above You don‘t know how to verify software unless you know how to fully verify

  27. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts implementation correctness of e.g. CSP down to assembler level Markt Oberdorf lectures 2006: correctness proof for distributed real time system serial interfaces clock synchronisation classical theory of program correctness + everything above all in 1 (one) Theory You don‘t know how to verify software unless you know how to fully verify

  28. drivers OS kernel written in C programs making calls to OS programs using RPC implementations of crytographic protocols assembler programs with timer interrupts implementation correctness of e.g. CSP down to assembler level Markt Oberdorf lectures 2006: correctness proof for distributed real time system serial interfaces clock synchronisation classical theory of program correctness everything above all in 1 (one) Theory You don‘t know how to verify software unless you know how to fully verify

  29. Result 1 • One unified mathematical theory of correctness of computer sysems • hardware, processors, devices, languages, compilers, WCET, kernel, OS, RPC • necessary for pervasive system verification • Exists on paper

  30. Result 2 • One unified mathematical theory of correctness of computer sysems • hardware, processors, devices, languages, compilers, WCET, kernel, OS, RPC • System Verification Environment/Repository • development tools • formal proof tools • equivalence proofs for semantics • formal models • verified components (processor, compiler, kernel, OS,libraries) • supporting collaborative development of proofs in that unified theory

  31. Result 2 • One unified mathematical theory of correctness of computer sysems • hardware, processors, devices, languages, compilers, WCET, kernel, OS, RPC • System Verification Environment/Repository • development tools • formal proof tools • equivalence proofs for semantics • formal models • verified components (processor, compiler, kernel, OS,libraries) • supporting collaborative development of proofs in that unified theory

  32. Result 2.5: productivity • traditional devlopment of complex software • 80 % testing • 50 lines of code (LOC)/person week • full C program verification • present state, Hoare logic, VCG • 10 lines of proof (LOP)/LOC • up to 30-50 LOC/person week • productivity comparable now • with infra structure is in place

  33. Current Activities.... • System Verification Environment/Repository • development tools • formal proof tools • equivalence proofs for semantics • formal models + proofs • verified components (processor, compiler, kernel, OS,libraries) • supporting collaborative development of proofs in that unified theory • stable portions of repository will successively made public • beginning in September 2006

  34. Repository: present and near future • C-semantics • Hoare Logic • small step; also in line assembler • big step • equivalence big step/Hoare • equivalence big step/small step • Extended state (e.g. C variables + device state) • Verified Programs and Software • string library • big number library • compiler; correctness wrt small step; proven in Hoare logic • page fault handler • OS Kernel

  35. Repository: present and near future • C-semantics • Hoare Logic • small step; also in line assembler • big step • equivalence big step/Hoare • equivalence big step/small step • Extended state (e.g. C variables + device state) • Verified Programs and Software • string library • big number library • compiler; correctness wrt small step; proven in Hoare logic • page fault handler (uses everything above) • OS Kernel

  36. Integrated system C0 Verification Environment • Interactive Provers • Isabelle/HOL • VSE • Integrating Automatic Methods • abstract interpretation • shape analysis • software model checking • counter example guided abstraction refinement • termination analysis • automatic theorem provers • In Hardware Verification • degree of automation 97 % (OneSpin solutions) • cheaper than traditional testing • more complex than most program correctness proofs

  37. Summary • Unified theory of system correctness • from gates to applications • structure induced by standard systems components • Integrated system verification environment • architecture induced by 1 • productivity not bad now • Interactive provers + all standard automatic methods • If it‘s not verifiable/falsifiable its not science • checking measurements in CS easier than in physics • www.verisoft.de

More Related