Automated and Modular Refinement Reasoning for Concurrent Programs Collaborators: Chris Hawblitzel (Microsoft) Erez Petrank (Technion) Serdar Tasiran (Koc.

Slides:



Advertisements
Similar presentations
The many faces of TM Tim Harris. Granularity Distributed, large-scale atomic actions Composable shared memory data structures Leaf shared memory data.
Advertisements

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.
Multi Core Processors and Casino Programming W. J. Paul Vienna 2014 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Race Conditions. Isolated & Non-Isolated Processes Isolated: Do not share state with other processes –The output of process is unaffected by run of other.
Computer Systems/Operating Systems - Class 8
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Progress Guarantee for Parallel Programs via Bounded Lock-Freedom Erez Petrank – Technion Madanlal Musuvathi- Microsoft Bjarne Steensgaard - Microsoft.
Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
© 2004, D. J. Foreman 1 O/S Organization. © 2004, D. J. Foreman 2 Topics  Basic functions of an OS ■ Dev mgmt ■ Process & resource mgmt ■ Memory mgmt.
Chapter 2: Operating-System Structures
Verification of Hierarchical Cache Coherence Protocols for Future Processors Student: Xiaofang Chen Advisor: Ganesh Gopalakrishnan.
Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers.
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.
1 A Modular Checker for Multithreaded Programs Cormac Flanagan HP Systems Research Center Joint work with Shaz Qadeer Sanjit A. Seshia.
1 Software Testing and Quality Assurance Lecture 31 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
Intro to Java The Java Virtual Machine. What is the JVM  a software emulation of a hypothetical computing machine that runs Java bytecodes (Java compiler.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
A Free sample background from © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.
ECE 526 – Network Processing Systems Design Network Processor Architecture and Scalability Chapter 13,14: D. E. Comer.
Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,
© 2009 Matthew J. Sottile, Timothy G. Mattson, and Craig E Rasmussen 1 Concurrency in Programming Languages Matthew J. Sottile Timothy G. Mattson Craig.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
G53SEC 1 Reference Monitors Enforcement of Access Control.
1b.1 Types of Parallel Computers Two principal approaches: Shared memory multiprocessor Distributed memory multicomputer ITCS 4/5145 Parallel Programming,
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
Processes Introduction to Operating Systems: Module 3.
Safe to the Last Instruction: Automated Verification of a Type-Safe Operating System Jean Yang MIT CSAIL Chris Hawblitzel Microsoft Research.
Automated and Modular Refinement Reasoning for Concurrent Programs Shaz Qadeer.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
ICFEM 2002, Shanghai Reasoning about Hardware and Software Memory Models Abhik Roychoudhury School of Computing National University of Singapore.
Thread basics. A computer process Every time a program is executed a process is created It is managed via a data structure that keeps all things memory.
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
Page 1 2P13 Week 1. Page 2 Page 3 Page 4 Page 5.
Introduction to Programming 1 1 2Introduction to Java.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
System Components Operating System Services System Calls.
Introduction to Operating Systems Concepts
Module 3: Operating-System Structures
Trusted Computing and the Trusted Platform Module
Limited Direct Execution
Trusted Computing and the Trusted Platform Module
Introduction Enosis Learning.
What is an Operating System?
Introduction Enosis Learning.
Chapter 2: System Structures
Basic Concepts Protection: Security:
Lecture Topics: 11/1 General Operating System Concepts Processes
Chapter 2: Operating-System Structures
Outline Chapter 2 (cont) OS Design OS structure
Sai Krishna Deepak Maram, CS 6410
Outline Operating System Organization Operating System Examples
System calls….. C-program->POSIX call
Chapter 2: Operating-System Structures
Problems with Locks Andrew Whitaker CSE451.
M S COLLEGE ART’S, COMM., SCI. & BMS
Presentation transcript:

Automated and Modular Refinement Reasoning for Concurrent Programs Collaborators: Chris Hawblitzel (Microsoft) Erez Petrank (Technion) Serdar Tasiran (Koc University) Shaz Qadeer

NDA. Microsoft Confidential. Verified Garbage Collector Verified Threads Verified Interrupt Handlers Verified Device Interface Verified Startup x86 Hardware, Network, PCI, TPM Verified Boot 2 Small Operating System (C#) Verify safety & correctness with Boogie/Z3 “every assembly language instruction checked for safety” Verve: a verifiably safe OS (Yang- Hawblitzel 10)

An Ironclad app guarantees to remote parties that every instruction it executes adheres to a high-level security spec. 3 My password will never leak I can run full SQL and the cloud learns nothing

Goal: achieve end-to-end security Use small trusted computing base (TCB) — thousands of lines of spec, not millions of lines of code Make approach feasible for use by system and application developers Show developers how to achieve correctness without testing Approach: Combine cryptography, secure hardware, and formal code verification Push scale of formal verification tools to fully encompass large systems 4 Ironclad project (MSR OS Group)

NDA. Microsoft Confidential. Ironclad apps atop Verve Verified Garbage Collector Verified Threads Verified Interrupt Handlers Verified Device Interface Verified Startup x86 Hardware, Network, PCI, TPM Notary Verified Boot Bits & ArraysMath Big Integers RSA Enc + Sig SHA Hash TPM DriverNet Driver Ethernet UDP/IP Password Vault 5 DiffPriv DB

Verve and concurrency Provides threads No mechanism to reason about them Difficult to provide any assurance beyond memory safety Verve boots on a single core Stop-the-world garbage collector Unacceptable multi-core performance

Goal of our work A scalable automated verifier for reasoning about low-level concurrency A verified concurrent garbage collector

Refining concurrent programs Atomic actions as specifications Explicit non-interference (ala Owicki-Gries and Jones) Linear resources providing free invariants Verification works for me only when I start small. -Chris Hawblitzel

Garbage collector implementation Extends Dijkstra et al. 78 multiple parallel mutators no read barrier fast write barrier Features Mark/Sweep/Idle phases separated by barriers Mutator cooperates with collector Barrier for atomic root scan

Garbage collector specification memAbs : [obj][fld]obj// Heap rootAbs : [idx]obj// Roots (stack, registers) allocSet: [obj]bool// Allocated objects

Garbage collector verification Simple high-level specification refined down individual instructions load, store, CAS, atomic increment/decrement Six levels of refinement 2100 lines of code and specification 6 min and 2GB memory on a modern Windows machine Simplifying assumptions Allocator is naïve (sequential search for free space) All objects have the same number of fields Sequentially consistent execution

Future work Verify under TSO Improve allocator performance Incorporate variable-size objects Extract executable code and plug into Verve

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.