Presentation is loading. Please wait.

Presentation is loading. Please wait.

Checking the Hardware- Software Interface in Spec# Kevin Bierhoff (CMU) Chris Hawblitzel (Microsoft Research)

Published byJoseph Chase Modified over 9 years ago

Similar presentations

Presentation on theme: "Checking the Hardware- Software Interface in Spec# Kevin Bierhoff (CMU) Chris Hawblitzel (Microsoft Research)"— Presentation transcript:

1 Checking the Hardware- Software Interface in Spec# Kevin Bierhoff (CMU) Chris Hawblitzel (Microsoft Research)

2 Safe OS code, statically typed (?) kernel TCP/IP web server web plug-in single hardware address space Singularity OSTypedUntyped Safe Unsafe ML Java LISP Cassembler network driver... uint mode = csr6.Read32(); mode &= ~(CSR6.SR | CSR6.ST); csr6.Write32(mode); rxRing.Reset(); csr3.Write32(rxRing.BaseAddress.ToUInt32()); txRing.Reset(); csr4.Write32(txRing.BaseAddress.ToUInt32());...

3 Tulip Network Adaptor host memory csr3 Tulip device entry RX ring ownflags size1size2 buffer1 address buffer2 address entry csr4 csr6

4 Safe Hardware Interaction Layer... internal void StartRxTxMiiSym() requires RxConfigured && TxConfigured; modifies this.rxStarted, this.txStarted; ensures RxConfigured && TxConfigured && RxStarted && TxStarted; { csr6.Write32( CSR6.MBO | CSR6.HBD | CSR6.PS | (3u << CSR6.TR_ROLL) | CSR6.ST | CSR6.SR ); rxStarted = txStarted = true; }... device csr6 network driver safe code (Spec#) SHIL(Spec#) Spec# = C# + logical annotations

5 Bug: SHIL pre-condition violated internal void ConfigureHostBus( uint cacheMask, uint busMask, uint cacheAlignment, uint burstLength) requires (RxStarted == false) && (TxStarted == false); requires (cacheMask & ~(CSR0.WIE | CSR0.RLE | CSR0.RME)) == 0; requires busMask == 0 || busMask == CSR0.BAR; requires cacheAlignment >= 0 && cacheAlignment <= 3; requires burstLength == 0 || burstLength == 1 || burstLength == 2 || burstLength == 4 || burstLength == 8 || burstLength == 16 || burstLength == 32; ensures (RxStarted == false) && (TxStarted == false); { csr0.Write32(cacheMask | busMask | (cacheAlignment << CSR0.CAL_ROLL) | (burstLength << CSR0.PBL_ROLL)); } Was violated in original implementation and is now fixed

6 Buffer ownership kernel network driver TCP/IP web server web plug-in single hardware address space ownflags size1size2 buffer1 address buffer2 address buffer class TulipRxDescriptor {... internal void Buffer1Claim(Packet! packet) requires packet.Full; requires !Buffer1Set; ensures packet.Empty; ensures Buffer1Set {...}... } class TulipRxRing {... internal void GiveToDevice( TulipRxDescriptor! descriptor) requires !descriptor.OwnedByDevice; requires descriptor.Buffer1Set && descriptor.Buffer2Set; ensures descriptor.OwnedByDevice;... {...}... }

7 Driver, SHIL code size device (200- page doc) csr6 network driver driver code device (200- page doc) csr6 network driver safe code SHIL 1800 lines original coderevised code (5 person-weeks) 1800 lines 1400 lines

8 Conclusions Static verification tools have improved –automation –data structures, aliasing, objects, concurrency... –(run-time checking also possible) Properties are interconnected –memory safety relies on state Hardware is diverse (and complicated) –packet fragments Incremental approach on existing code Future work: declarative SHIL language ML,Java Spec# LISP Cassembler

Download ppt "Checking the Hardware- Software Interface in Spec# Kevin Bierhoff (CMU) Chris Hawblitzel (Microsoft Research)"

Similar presentations

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.

XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.
ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.

ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,

1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,
1 Module 1 The Windows NT 4.0 Environment. 2  Overview The Microsoft Operating System Family Windows NT Architecture Overview Workgroups and Domains.

1 Module 1 The Windows NT 4.0 Environment. 2  Overview The Microsoft Operating System Family Windows NT Architecture Overview Workgroups and Domains.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.
Embedded Network Controller with Web Interface Bradley University Department of Electrical & Computer Engineering By: Ed Siok Advisor: Dr. Malinowski.

Embedded Network Controller with Web Interface Bradley University Department of Electrical & Computer Engineering By: Ed Siok Advisor: Dr. Malinowski.
An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.

An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.
File Management Systems

File Management Systems
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers.

Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers.
© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.

© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.
Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.

Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.

Similar presentations

Ads by Google