Course Overview CS 680: Formal Methods for Verification of Computer Systems Jeremy Johnson Drexel...
-
Upload
cordelia-cain -
Category
Documents
-
view
215 -
download
2
Transcript of Course Overview CS 680: Formal Methods for Verification of Computer Systems Jeremy Johnson Drexel...
Course Overview
CS 680: Formal Methods for Verification of Computer Systems
Jeremy Johnson
Drexel University
Course Description This course is devoted to verification of
computer systems including both hardware and software. Verification and Validation is the process of checking that a computer system meets its specifications and fulfills its intended purpose. This course covers techniques and tools for computer verification with an emphasis on formal methods of verification which use mathematical techniques to prove that computer systems meet their specifications.
2
Course Themes Propositional and predicate logic Specification and verification of computer systems SAT solvers and fast practical tools for checking the satisfiability of
boolean formulas Temporal logic and model checking Generation of test cases and counter examples Automatic theorem proving and proof assistants
3
Course Topics Week 1: Propositional Calculus Week 2: Natural Deduction Week 3: SAT solvers Week 4: Predicate Calculus Week 5: ACL2 Proof Assistant Week 6: ACL2 Proof Assistant Week 7: ACL2 Proof Assistant Week 8: Temporal Logic and Model Checking Week 9: Model Checking Week 10: Model Checking
4
Audience and Prerequisites This is a graduate elective appropriate for
graduate students in Computer Science, Computer Engineering, Software Engineering and Mathematics.
Undergraduate degree in CS, CE, SE, or MATH. Students are expected to have solid programming skills, be familiar with software design and development, and have had some introduction to logic and mathematical proof.
5
Course Objectives To be able to use mathematical logic to formally specify
properties of computer systems To be able to use state-of-the-art SAT solvers to solve
practical problems in verification To be able to use a model checker to verify properties of
computer systems To be able to use a proof assistant to prove properties
of computer systems To be able to explain how SAT solvers, model checkers,
and proof assistants work
6
Course Benefits To be able to provide more formal specifications To be able to reason formally about computer systems To be able to use automated tools in computer
verification To be able to design and build more reliable computer
systems
7
Textbook and Required Software Logic in Computer Science: Modelling and Reasoning a
bout Systems, 2nd Ed., Michael Huth and Mark Ryan, 2004.
Computer-Aided Reasoning: An Approach, Matt Kaufmann, Panagiotis Manolios, and J Strother Moore, Kluwer Academic Publishers, June, 2000.
MiniSat ACL2 ACL2s NuSMV
8
Course Logistics Online and in class students combined Lectures W 6-9 (streamed and recorded) Weekly readings and labs
Checked off in class or through BbLearn submission
Three projects (MiniSat, ACL2, NuSMV) done in two student teams Must use of specified SW on chosen problem Requires ppt presentation (with audio)
9
Grading
Course Requirements and Grading
Weekly labs and course participation (40%)
Three Projects [SAT solver, Proof Asst, Model Checker] (60% - each worth 20%)
10
Software Bugs
In 1980, NORAD reported that the US was under missile attack. The problem was caused by a faulty circuit, a possibility the reporting software hadn’t taken into account.
The Therac-25 medical radiation therapy device was involved in several cases where massive overdoses of radiation were administered to patients in 1985-87, a side effect of the buggy software powering the device.
In 1996, a European Ariane 5 rocket was set to deliver a payload of satellites into Earth orbit, but problems with the software caused the launch rocket to veer off its path a mere 37 seconds after launch.
11
Software Bugs In 1994 in Scotland, a Chinook helicopter crashed and killed all 29
passengers. While initially the pilot was blamed for the crash, that decision was later overturned since there was evidence that a systems error had been the actual cause.
One of the subcontractors NASA used when building its Mars climate orbiter had used English units instead of the intended metric system, which caused the orbiter’s thrusters to work incorrectly. Due to this bug, the orbiter crashed almost immediately when it arrived at Mars in 1999. The cost of the project was $327 million, not to mention the lost time (it took almost a year for the orbiter to reach Mars).
In 2002 NIST estimated that programming errors cost the US economy $60B annually
12
Hardware Bug Intel FDIV Bug
Intel P5 Pentium floating point unit $500M Error as high as the fourth significant digit of a
decimal number, but the possibilities of this happening are 1 in 360 billion.
Approximately 8000 bugs introduced in during design of Pentium 4.
13
Verification and Validation
Verification and Validation is the process of checking that a SW/HW system meets specifications and fulfills its intended purpose
14
Empirical Testing Traditionally, errors in hardware and software
have been detected empirically by testing
Number of possibilities too large so only a small subset can be tested E.G. Testing arithmetic operations on all 264 double
precision floating point numbers is infeasible
15
Formal Methods
In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics
16
Success Stories Verified the cache coherence protocol in the IEEE
Futurebus+ Standard Analysis of Microsoft Windows device drivers using
SLAM Non-overflow proof for Airbus A380 flight control
software Verification of Pentium 4 floating-point unit with a
mixture of STE and theorem proving NICTA’s embedded L4 microkernel Compcert compiler
17
Approaches Model Checking Temporal logic, BDD, Z notation, … Static Analysis Type Checking Logical Inference
Automated theorem proving Proof Checking Program Derivation
18
Model Checking model checking refers to the following problem: Given a model of a
system, test automatically whether this model meets a given specification. Typically, the systems one has in mind are hardware or software systems, and the specification contains safety requirements such as the absence of deadlocks and similar critical states that can cause the system to crash. Model checking is a technique for automatically verifying correctness properties of finite-state systems.
An important class of model checking methods have been developed for checking models of hardware and software designs where the specification is given by a temporal logic formula. Pioneering work in the model checking of temporal logic formulae was done by E. M. Clarke and E. A. Emerson[1][2][3] and by J. P. Queille and J. Sifakis.
19
Automated Theorem Proving Formal proof by hand is difficult Have proof checked or generated
automatically by a computer Higher Order Logic, or HOL, is a widely-
used tool for creating formal specifications of systems, and for proving properties about them. It has been used in both industry and academia to support formal reasoning in many areas, including hardware and software verification. It can be used to support any project which can be defined in higher order logic, an expressive logic originally developed as a foundation for mathematics.
20
Proof Carrying Code Proof-carrying code (PCC) is a software mechanism that allows a
host system to verify properties about an application via a formal proof that accompanies the application's executable code. The host system can quickly verify the validity of the proof, and it can compare the conclusions of the proof to its own security policy to determine whether the application is safe to execute. This can be particularly useful in ensuring memory safety, i.e. preventing buffer overflows and other vulnerabilities common in some programming languages.
Proof-carrying code was originally described in 1996 by George Necula and Peter Lee.
21
Static Analysis Static program analysis (also static code analysis or SCA) is the
analysis of computer software that is performed without actually executing programs built from that software. The term is usually applied to the analysis performed by an automated tool.
A growing commercial use of static analysis is in the verification of properties of software used in safety-critical computer systems and locating potentially vulnerable code[3]. For example the following industries have identified the use of static code analysis as a means of improving the quality of increasingly sophisticated and complex software: Medical software, Nuclear software.
22
Program Generation program derivation is the derivation of a program from its
specification, by mathematical means.
To derive a program means to write a formal specification, which is usually non-executable, and then apply mathematically correct rules in order to obtain an executable program satisfying that specification. The program thus obtained is then correct by construction. Program and correctness proof are constructed together.
Hoare logic, stepwise refinement, Bird-Meertens Formalism, parallel program design, FLAME, SPIRAL
23
References http://en.wikipedia.org/wiki/Verification_and_validation_(software) http://en.wikipedia.org/wiki/Formal_verification http://en.wikipedia.org/wiki/Model_checking http://en.wikipedia.org/wiki/Temporal_logic http://en.wikipedia.org/wiki/Automated_theorem_proving http://en.wikipedia.org/wiki/Proof-carrying_code http://en.wikipedia.org/wiki/Static_program_analysis http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis http://en.wikipedia.org/wiki/Program_derivation E. Allen Emerson, The Beginning of Model Checking: A Personal Perspective John Harrison, Formal verification of floating-point arithmetic at Intel, June 2006. John Harrison, Formal Verification in Industry (I), 1999.
24