Download Slide - NYU Computer Science

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

Knowledge representation and reasoning wikipedia , lookup

Incomplete Nature wikipedia , lookup

Time series wikipedia , lookup

Agent-based model wikipedia , lookup

Mathematical model wikipedia , lookup

Transcript 
The Challenge of
Evolutionary Verification
The Amir Pnueli Memorial Symposium
NYU, 9 May 2010
Roni Rosner
Intel – Israel Design Center, Haifa, Israel
09-May-10
Slide 1
The Four-Color Theorem
• 1852: Guthrie conjectured
Every planar map is four-colorable
• 1976: Appel & Haken proved the theorem using an
assembly program on a IBM 370-168 computer
• 2004: Gonthier verified the proof of the theorem using the
Coq proof checker
• 2005: Devlin [Math. Assoc. America] announced
Last doubts removed
about the proof of the Four Color Theorem
• 2006: Harrison partially verified HOL light, the logical
kernel of Coq, using HOL light itself
• …
Even for most non-typically well defined problem - math,
formalization and verification are not so easily attainable
09-May-10
Slide 2
A Different Aspect of Uncertainty
•
•
•
•
1976 layers
Assembly program
Assembler
Operating system (with
VM!)
Mainframe
09-May-10
•
•
•
•
•
•
2004 layers
Data: proof
Application: proof-checker
Compiler(s)
Operating system + updates
Dual-core system
Network connection
Slide 3
A Typical Application
2010 layers
•
•
•
•
•
•
•
Data
Application
Compiler(s)
Operating system(s)
Virtualization layer(s)
Multi core / multi processor
Heterogeneous network
Dynamic aspects
• Runtime downloadable data /
scripts
• Dynamic libraries
• Dynamic compilation
• Online SW updates
• Anti virus at the background
• Viruses
• OS patches
• Virtualization layer
• Cloud computing
•…
The interfaces between abstraction layers as well as inside layers get
more complex, dynamic and unstable – more reasons for doubts!!!
09-May-10
Slide 4
Outline
• Motivation and conception of an
“evolutionary” approach for verification
• Supporting examples
• Initial thoughts about potential directions
09-May-10
Slide 5
Motivation
• Verification task refers to a single, isolated transition
– Given model, system, assumptions, specification
– Apply an algorithmic verification process
– Desired correctness outcome: once proved - done forever
• Modern systems are of a more progressive nature
–
–
–
–
Systems evolve, assumptions change
Underlying models adapt, correctness criteria get refined
Verification methods improve, adjust
Correctness concerns are never fully satisfied
• Hypothesis
– System’s fast evolution and complexity make it increasingly
inefficient / impossible to target system time-snapshots by
isolated verification tasks
09-May-10
Slide 6
Proposal: Evolutionary Verification
Challenge: Extend the scope of formal-methods research from
(isolated) verification tasks to the context of (evolutionary)
verification process
This requires the development of a formal framework that
can adapt to and express the evolution of
• Specifications
• Computational/programming model
• Verification methods
• Correctness criteria and metrics
• Methods for handling intermediate, incorrect states
… and their ongoing integration into the implementation
process.
09-May-10
Slide 7
Put into Historical Perspective
Strongly Inspired by some of Amir Pnueli’s Major Contributions

Verification
Task

Valid!
Input
Valid!
Input*
Adding time and state to
the system and its spec
Transformational
System
Verification
Task
Reactive
System
Adding laziness to the
verification process
Verification
Task
Valid
for P!
Input
P
Compiler
09-May-10
Verification
Process
Adding time and state to
the verification process???
Evolving
System
Slide 8
Case for Evolution (1) - Racing
• Characteristics
– Systems are too complex to fully verify in advance
– System’s (at least initial) reaction/output is
required earlier than full verification can complete
• Examples
– Just in time (JIT) compilation
– Dynamic binary optimizers (DBO)
– Virtualization layers
09-May-10
Slide 9
Case for Evolution (2) - Unpredictability
• Characteristics
– System behavior is changing dynamically
– Modes of operations / usage environments are
amorphous / not known in advance
• Examples
–
–
–
–
–
09-May-10
WEB applications, e.g. Java scripts
Viruses and anti viruses
Operating systems
Server networks
Cloud computing
Slide 10
Case for Evolution (3) - Maliciousness
• Characteristics
– Optimized systems
– Explicit interfaces (e.g. ISA, programming model) are preserved, yet
implicit assumptions of the applications are broken
– Knowledge of implementation details enables unexpected attacks
• Examples - RSA encryption
– Side channel attack on the Secure Socket Layer (SSL) protocol
(protecting online transactions)
– Exploits intimate knowledge of HW optimizations such as caches and
branch prediction
– Exploit intimate knowledge of the algorithmic implementation of the
protocol
– Utilize “innocent” OS features such time sharing to “spy” into the
protocol
– Gain observability into tiny timing effects uncovering the private key
09-May-10
Slide 11
So How Evolution?
• All three cases (racing, unpredictability, maliciousness) have several
characteristics in common
–
–
–
–
Complexity
Impossibility to validate in advance
A sense of continuous struggle for correctness
Need to tolerate intermediate failures
• Can “incessant, lazy-verification” become a more robust
evolutionary model?
– Specification, verification are building blocks of the continuous design
process
• While competing for system resources, need to address
–
–
–
–
09-May-10
How to manage the evolving specification, correctness status
What to do about incorrect output?
How to fix a failing system?
How to improve verification over time (learn)?
Slide 12
Why is Evolutionary Verification
an “Appropriate” Challenge?
•
•
•
•
Interesting? – subjective
Difficult? – necessary, not sufficient
Inspired by real world problems
Has the potential of expanding the scope and
outreach of formal methods, by
– Addressing some fundamental questions about the
very nature of formal models
• What is a (good) specification?
• What defines the limits and the desired flexibilities of a
formal model?
– Allowing for better design engineering
09-May-10
Slide 13
Partial List of Related Trends
and Potential Directions
• Open Verification Methodology (OVM) intiative
• Subject/aspect oriented programming
– Separation of concerns
• Self verification
– Assertions
– Artificial intelligence methods
– SHADOWS
• Any method of gradual verification
– Bounded model checking
• Many relevant ideas I heard in the first day of the
symposium
09-May-10
Slide 14
Thank You
09-May-10
Slide 15
Related documents
Exceptional design verification engineers sought to join a New York–based... group that is developing multiple generations of the Anton special-purpose... Design Verification Engineers
Exceptional design verification engineers sought to join a New York–based... group that is developing multiple generations of the Anton special-purpose... Design Verification Engineers
project selection process
project selection process
Слайд 1 - Indico
Слайд 1 - Indico
Applying Formal Methods to Systems
Applying Formal Methods to Systems
Religious Language
Religious Language
AbstractID: 9853 Title: Position Verification by Fluoroscopy, CT, and other... Position Verification by Fluoroscopy, CT, and other modalities
AbstractID: 9853 Title: Position Verification by Fluoroscopy, CT, and other... Position Verification by Fluoroscopy, CT, and other modalities
Modern Requirements Verification
Modern Requirements Verification
Reliability Failure Analysis Request Form
Reliability Failure Analysis Request Form
Creative Strategy: Planning and Development
Creative Strategy: Planning and Development
P - GEMS Project at ECMWF
P - GEMS Project at ECMWF
Verification, Validation and Evaluation of Expert Systems in Order to
Verification, Validation and Evaluation of Expert Systems in Order to
Validation Plan for Cobas Integra 400 for ALT
Validation Plan for Cobas Integra 400 for ALT
Trust-but-Verify: Verifying Result Correctness of Outsourced
Trust-but-Verify: Verifying Result Correctness of Outsourced
Program verification -
Program verification -
GUEST EDITORS` INTRODUCTION: POWER AND COMPLEXITY
GUEST EDITORS` INTRODUCTION: POWER AND COMPLEXITY
Software Engineering Program
Software Engineering Program
An overview of Coq
An overview of Coq
Virtual Simulation in the Radiooncology Department of B-A
Virtual Simulation in the Radiooncology Department of B-A
World History: Human Legacy
World History: Human Legacy
Solutions for DO-254
Solutions for DO-254
Possible Teacher Demonstration of Relative age
Possible Teacher Demonstration of Relative age
Model checking multitask applications for OSEK compliant real
Model checking multitask applications for OSEK compliant real