Filters








41 Hits in 4.4 sec

vTRUST: A Formal Modeling and Verification Framework for Virtualization Systems [chapter]

Jianan Hao, Yang Liu, Wentong Cai, Guangdong Bai, Jun Sun
2013 Lecture Notes in Computer Science  
However, the complexity of the virtualization system makes the formal analysis a difficult task, e.g., sophisticated programs to manipulate low-level technologies, paged memory management, memory mapped  ...  In this paper, we propose a formal framework, vTRUST, to formally describe virtualization systems with a carefully designed abstraction. vTRUST includes a library to model configurable hardware components  ...  One of the most famous works is the formal verification of seL4 [8] , making it the only hypervisor verified at source code level so far.  ... 
doi:10.1007/978-3-642-41202-8_22 fatcat:znxpeyay5jh2rdurmptymgzqbu

High-Assurance Separation Kernels: A Survey on Formal Methods [article]

Yongwang Zhao, David Sanan, Fuyuan Zhang, Yang Liu
2017 arXiv   pre-print
Based on the proposed analytical framework, a taxonomy is designed according to formal methods application, functionalities, and properties of separation kernels.  ...  However, this field lacks a survey to systematically study, compare, and analyze related work. On the other hand, high-assurance separation kernels by formal methods still face big challenges.  ...  Management of hardware (e.g. clock, timer, interrupt, and memory) are necessary for hypervisor-based separation kernels.  ... 
arXiv:1701.01535v1 fatcat:wivlgaqkmffc5nb2kalmpy77sy

Position paper: the science of deep specification

Andrew W. Appel, Lennart Beringer, Adam Chlipala, Benjamin C. Pierce, Zhong Shao, Stephanie Weirich, Steve Zdancewic
2017 Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences  
One contribution of 8 to a discussion meeting issue 'Verified trustworthy software systems' . Modern hardware and software are monstrously complex.  ...  (iv) The proof scripts yield formal proof objects in a variant of the calculus of inductive constructions (CiC) for which checking of proofs amounts to type checking and is fully automatic and independent  ...  We thank the graduate students and post-doctoral researchers of our research groups for their contributions, and our external academic and industrial collaborators for their participation.  ... 
doi:10.1098/rsta.2016.0331 pmid:28871056 fatcat:ztgho4isajbchi4bghlegxns7m

The semantics of power and ARM multiprocessor machine code

Jade Alglave, Anthony Fox, Samin Ishtiaq, Magnus O. Myreen, Susmit Sarkar, Peter Sewell, Francesco Zappa Nardelli
2008 Proceedings of the 4th workshop on Declarative aspects of multicore programming - DAMP '09  
We develop a rigorous semantics for Power and ARM multiprocessor programs, including their relaxed memory model and the behaviour of reasonable fragments of their instruction sets.  ...  This should provide a good basis for informal reasoning and formal verification of low-level code for these weakly consistent architectures, and, together with our x86 semantics, for the design and compilation  ...  Acknowledgements We thank Nathan Chong for discussions about the ARM, and Luc Maranget for comments on a draft, Paul McKenney and Raul Silvera for comments on the PowerPC, and Doug Lea.  ... 
doi:10.1145/1481839.1481842 dblp:conf/popl/AlglaveFIMSSN09 fatcat:h4dlhsfd4zcbfkuggpyfrj7nkm

Synchronising C/C++ and POWER

Susmit Sarkar, Kayvan Memarian, Scott Owens, Mark Batty, Peter Sewell, Luc Maranget, Jade Alglave, Derek Williams
2012 Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation - PLDI '12  
But in the very relaxed settings of IBM R POWER R , ARM, or C/C++, it remains surprisingly unclear exactly what the programmer can depend on. This paper studies relaxed-memory synchronisation.  ...  On the hardware side, we give a clear semantic characterisation of the load-reserve/store-conditional primitives as provided by POWER multiprocessors, for the first time since they were introduced 20 years  ...  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/ copytrade.shtml.  ... 
doi:10.1145/2254064.2254102 dblp:conf/pldi/SarkarMOBSMAW12 fatcat:wif4n2azwre25csayorry3xamy

Synchronising C/C++ and POWER

Susmit Sarkar, Kayvan Memarian, Scott Owens, Mark Batty, Peter Sewell, Luc Maranget, Jade Alglave, Derek Williams
2012 SIGPLAN notices  
But in the very relaxed settings of IBM R POWER R , ARM, or C/C++, it remains surprisingly unclear exactly what the programmer can depend on. This paper studies relaxed-memory synchronisation.  ...  On the hardware side, we give a clear semantic characterisation of the load-reserve/store-conditional primitives as provided by POWER multiprocessors, for the first time since they were introduced 20 years  ...  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/ copytrade.shtml.  ... 
doi:10.1145/2345156.2254102 fatcat:ukxlu6v2gzdajkg2aaz3zgpuyu

ISA semantics for ARMv8-a, RISC-v, and CHERI-MIPS

Alasdair Armstrong, Christopher Pulte, Shaked Flur, Ian Stark, Neel Krishnaswami, Peter Sewell, Thomas Bauereiss, Brian Campbell, Alastair Reid, Kathryn E. Gray, Robert M. Norton, Prashanth Mundkur (+2 others)
2019 Proceedings of the ACM on Programming Languages (PACMPL)  
We moreover integrate the RISC-V model into the RMEM tool for (user-mode) relaxed-memory concurrency exploration. We prove (on paper) the soundness of the core Sail type system.  ...  Our ARMv8-A models are automatically translated from authoritative ARM-internal definitions, and (in one variant) tested against the ARM Architecture Validation Suite.  ...  ACKNOWLEDGMENTS The ARMv8-A modelling work would not have been possible without generous technical assistance from ARM.  ... 
doi:10.1145/3290384 fatcat:v4zdb5cq7nbzzetgkitndrlcia

Scalable validation of binary lifters

Sandeep Dasgupta, Sushant Dinesh, Deepan Venkatesh, Vikram S. Adve, Christopher W. Fletcher
2020 Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation  
Also, I illustrated potential applications of the semantics in different formal analyses, and discuss how it can be useful for processor verification.  ...  Unfortunately, existing approaches focus on validating the correctness of lifting a single instruction and do not scale to full programs.  ...  We begin with a discussion of a use case for hardware verification.  ... 
doi:10.1145/3385412.3385964 dblp:conf/pldi/DasguptaDVAF20 fatcat:3khjl5gbmnetjay23fk3sc2ktu

Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware

Yanyan Shen, Kevin Elphinstone
2015 2015 11th European Dependable Computing Conference (EDCC)  
We take advantage of the functional correctness and isolation guarantee provided by the formally verified seL4 microkernel and hardware redundancy provided by multicore processors, design the redundant  ...  The effectiveness of the error detection mechanisms is assessed by conducting fault injection campaigns on real hardware, and the results demonstrate compelling improvement.  ...  The seL4 adopts a single-kernel-stack and non-preemptible kernel execution model to tackle the limitations of formal verification.  ... 
doi:10.1109/edcc.2015.16 dblp:conf/edcc/ShenE15 fatcat:xq65e72x7zcnjbbmrwpgebqnxa

Scale-out NUMA

Stanko Novakovic, Alexandros Daglis, Edouard Bugnion, Babak Falsafi, Boris Grot
2014 Proceedings of the 19th international conference on Architectural support for programming languages and operating systems - ASPLOS '14  
directly on top of a NUMA memory fabric via a stateless messaging protocol.  ...  To facilitate interactions between the application, OS, and the fabric, soNUMA relies on the remote memory controller -a new architecturally-exposed hardware block integrated into the node's local coherence  ...  This work has been partially funded by the EuroCloud project of the 7th Framework Program of the European Commission, and by the Workloads and Server Architectures for Green Datacenters project of the  ... 
doi:10.1145/2541940.2541965 dblp:conf/asplos/NovakovicDBFG14 fatcat:buiufe62bvfohpvti5gsq3cyoa

A Secure and Formally Verified Commodity Multiprocessor Hypervisor

Shih-Wei Li
2021
Commodity hypervisors are widely deployed to support virtual machines on multiprocessor server hardware.  ...  However, it remains unknown how one might feasibly verify the entire codebase of a complex, multiprocessor commodity system.  ...  In other words, the use of locks in verified KVM to protect shared memory accesses and make its proofs tractable do not adversely affect its multiprocessor VM performance on Arm relaxed memory hardware  ... 
doi:10.7916/d8-s2kz-e886 fatcat:blauq4tv55gl5bhnshrnoxrebq

Fault Resilient Real-Time Design for NoC Architectures

Christopher Zimmer, Frank Mueller
2012 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems  
and to lower jitter in systems via utilizing message passing instead of shared memory as the means for intra-processor communication.  ...  To our knowledge, this work is the first to systematically map real-time tasks onto massive multi-core processors with support for fault tolerance that considers NoC effects on scalability on an real hardware  ...  Notice that this is a virtual L3 cache implemented through a hypervisor by distributing memory references over the L2 caches of all cores.  ... 
doi:10.1109/iccps.2012.16 dblp:conf/iccps/ZimmerM12 fatcat:2hnpfqjjn5dpzgch7moi4u7cbe

System Software [chapter]

Peter Marwedel
2021 Embedded Systems  
AbstractIn order to cope with the complexity of applications of embedded systems, reuse of components is a key technique.  ...  This chapter starts with a description of general requirements for embedded operating systems.  ...  The lack of memory management hardware in uClinux-supported platforms comes with a number of disadvantages.  ... 
doi:10.1007/978-3-030-60910-8_4 fatcat:xtc64f3zqfd53e7ybwtfoe4dla

Report from Dagstuhl Seminar 11011 Multi-Core Memory Models and Concurrency Theory Creative Commons BY-NC-ND 3.0 Unported license

Hans Boehm, Ursula Goltz, Holger Hermanns, Peter Sewell, Ursula Goltz, T Braunschweig, Holger Hermanns, Peter Sewell, Hans Boehm, Ursula Goltz, Holger Hermanns, Peter Sewell (+7 others)
Dagstuhl Reports   unpublished
Hardware specifications are so informal that it is very hard to know whether we have a correct implementation of the language specs (if we knew how to specify those fully).  ...  This report documents the programme and the outcomes of Dagstuhl Seminar 11011 "Multi-Core Memory Models and Concurrency Theory".  ...  Hardware Verification Multiprocessor relaxed memory model behaviour is an emergent property of an entire multiprocessor design, involving both core behaviour (especially speculation) and memory communication  ... 
fatcat:dc7ohu5wwfd2tozg4h7tldjjv4

Operating System Security

Trent Jaeger
2008 Synthesis Lectures on Information Security Privacy and Trust  
He designed Sun's multilevel desktops based on Open Look, CDE, and GNOME; he holds a patent for the underlying X11 security policy.  ...  He is an associate editor with ACM TOIT and has been a guest editor of ACM TISSEC.  ...  Xen is a Type 1 VMM consisting of two major components: (1) a hypervisor that runs directly on the hardware and (2) a privileged VM that provides I/O and VM configuration support.  ... 
doi:10.2200/s00126ed1v01y200808spt001 fatcat:o7qgtis6zffr3disdujoq4izaa
« Previous Showing results 1 — 15 out of 41 results