2,196 research outputs found
A Verified Information-Flow Architecture
SAFE is a clean-slate design for a highly secure computer system, with
pervasive mechanisms for tracking and limiting information flows. At the lowest
level, the SAFE hardware supports fine-grained programmable tags, with
efficient and flexible propagation and combination of tags as instructions are
executed. The operating system virtualizes these generic facilities to present
an information-flow abstract machine that allows user programs to label
sensitive data with rich confidentiality policies. We present a formal,
machine-checked model of the key hardware and software mechanisms used to
dynamically control information flow in SAFE and an end-to-end proof of
noninterference for this model.
We use a refinement proof methodology to propagate the noninterference
property of the abstract machine down to the concrete machine level. We use an
intermediate layer in the refinement chain that factors out the details of the
information-flow control policy and devise a code generator for compiling such
information-flow policies into low-level monitor code. Finally, we verify the
correctness of this generator using a dedicated Hoare logic that abstracts from
low-level machine instructions into a reusable set of verified structured code
generators
Partial Orders for Efficient BMC of Concurrent Software
This version previously deposited at arXiv:1301.1629v1 [cs.LO]The vast number of interleavings that a concurrent program can have is typically identified as the root cause of the difficulty of automatic analysis of concurrent software. Weak memory is generally believed to make this problem even harder. We address both issues by modelling programs' executions with partial orders rather than the interleaving semantics (SC). We implemented a software analysis tool based on these ideas. It scales to programs of sufficient size to achieve first-time formal verification of non-trivial concurrent systems code over a wide range of models, including SC, Intel x86 and IBM Power
Executing Safe State Machines on a Reactive Processor
Safe State Machines (SSMs) are a Statechart dialect with precise synchronous semantics, used to describe the behavior of reactive systems. A natural target for executing SSMs are reactive processors, which have an instruction set architecture (ISA) particularly well-suited for reactive control flow. When synthesizing SSMs into code, this is traditionally done via the synchronous language Esterel. However, this is not always straightforward; transitions in SSMs can jump arbitrarily between states, and there is no Esterel statement that matches this. We here propose to circumvent this by synthesizing SSMs directly onto a reactive ISA that can encode transitions directly as GOTOs. This not only has the potential for smaller and faster code, but preserves the structure of the SSM much better that going via Esterel. Conversely, we note that SSMs appear easier to implement on a reactive processor than Esterel, notably because there is not exception handling required
Design of testbed and emulation tools
The research summarized was concerned with the design of testbed and emulation tools suitable to assist in projecting, with reasonable accuracy, the expected performance of highly concurrent computing systems on large, complete applications. Such testbed and emulation tools are intended for the eventual use of those exploring new concurrent system architectures and organizations, either as users or as designers of such systems. While a range of alternatives was considered, a software based set of hierarchical tools was chosen to provide maximum flexibility, to ease in moving to new computers as technology improves and to take advantage of the inherent reliability and availability of commercially available computing systems
- âŠ