49 research outputs found

    Lessons from Formally Verified Deployed Software Systems (Extended version)

    Full text link
    The technology of formal software verification has made spectacular advances, but how much does it actually benefit the development of practical software? Considerable disagreement remains about the practicality of building systems with mechanically-checked proofs of correctness. Is this prospect confined to a few expensive, life-critical projects, or can the idea be applied to a wide segment of the software industry? To help answer this question, the present survey examines a range of projects, in various application areas, that have produced formally verified systems and deployed them for actual use. It considers the technologies used, the form of verification applied, the results obtained, and the lessons that can be drawn for the software industry at large and its ability to benefit from formal verification techniques and tools. Note: a short version of this paper is also available, covering in detail only a subset of the considered systems. The present version is intended for full reference.Comment: arXiv admin note: text overlap with arXiv:1211.6186 by other author

    Accelerating Halide on an FPGA by using CIRCT and Calyx as an intermediate step to go from a high-level and software-centric IRs down to RTL

    Get PDF
    Image processing and, more generally, array processing play an essential role in modern life: from applying filters to the images that we upload to social media to running object detection algorithms on self-driving cars. Optimizing these algorithms can be complex and often results in non-portable code. The Halide language provides a simple way to write image and array processing algorithms by separating the algorithm definition (what needs to be executed) from its execution schedule (how it is executed), delivering state-of-the-art performance that exceeds hand-tuned parallel and vectorized code. Due to the inherent parallel nature of these algorithms, FPGAs present an attractive acceleration platform. While previous work has added an RTL code generator to Halide, and utilized other heterogeneous computing languages as an intermediate step, these projects are no longer maintained. MLIR is an attractive solution, allowing the generation of code that can target multiple devices, such as parallelized and vectorized CPU code, OpenMP, and CUDA. CIRCT builds on top of MLIR to convert generic MLIR code to register transfer level (RTL) languages by using Calyx, a new intermediate language (IL) for compiling high-level programs into hardware designs. This thesis presents a novel flow that implements an MLIR code generator for Halide that generates RTL code, adding the necessary wrappers to execute that code on Xilinx FPGA devices. Additionally, it implements a Halide runtime using the Xilinx Runtime (XRT), enabling seamless execution of the generated Halide RTL kernels. While this thesis provides initial support for running Halide kernels and not all features and optimizations are supported, it also details the future work needed to improve the performance of the generated RTL kernels. The proposed flow serves as a foundation for further research and development in the field of hardware acceleration for image and array processing applications using Halide

    Designing a Functional Programming Architecture for the Internet of Things

    Get PDF
    As the Internet of Things (IoT) grows, so too do security concerns: as well as typically having access to sensors and actuators, IoT devices are often programmed using bug-prone, low-level languages. Such a combination results in vulnerabilities that pose risks to privacy and safety.This thesis aims to address this by making it possible to run high-level functional programs on IoT devices, a daunting prospect with traditional hardware due to the overheads of functional programming runtimes. To accomplish this, an architecture and partial implementation of a "natively functional" processor for IoT, named Cephalopode, is presented. The processor performs both graph reduction and garbage collection directly, without requiring an expensive software runtime.Implementing Cephalopode raised several opportunities for improving the process of hardware design. To that end, this thesis presents the finite state machine editor Stately and the high-level language Bifr\uf6st. Stately raises the level of abstraction of finite state machines enough to avoid a proliferation of edges during design, while maintaining efficiency and low-level control. Bifr\uf6st offers a higher-level approach to hardware design, allowing complex algorithmic processes—in particular those that communicate extensively with other components—to be described in an imperative language and compiled to an RTL-level circuit model

    Tools and Algorithms for the Construction and Analysis of Systems

    Get PDF
    This open access book constitutes the proceedings of the 28th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2022, which was held during April 2-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 46 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 159 submissions. The proceedings also contain 16 tool papers of the affiliated competition SV-Comp and 1 paper consisting of the competition report. TACAS is a forum for researchers, developers, and users interested in rigorously based tools and algorithms for the construction and analysis of systems. The conference aims to bridge the gaps between different communities with this common interest and to support them in their quest to improve the utility, reliability, exibility, and efficiency of tools and algorithms for building computer-controlled systems

    Optimal program variant generation for hybrid manycore systems

    Get PDF
    Field Programmable Gate Arrays promise to deliver superior energy efficiency in heterogeneous high performance computing, as compared to multicore CPUs and GPUs. The rate of adoption is however hampered by the relative difficulty of programming FPGAs. High-level synthesis tools such as Xilinx Vivado, Altera OpenCL or Intel's HLS address a large part of the programmability issue by synthesizing a Hardware Description Languages representation from a high-level specification of the application, given in programming languages such as OpenCL C, typically used to program CPUs and GPUs. Although HLS solutions make programming easier, they fail to also lighten the burden of optimization. Application developers must rely on expert knowledge to manually optimize their applications for each target device, meaning that traditional HLS solutions do not offer a solution to the issue of performance portability. This state of fact prompted the development of compiler frameworks such as TyTra that operate at an even higher level of abstraction that is amenable to the use of Design Space Exploration (DSE). With DSE the initial program specification can be seen as the starting location in a search-space of correct-by-construction program transformations. In TyTra the search-space is generated from the transitive-closure of term-level transformations derived from type-level transformations. Compiler frameworks such as TyTra theoretically solve the issue of performance portability by providing a way to automatically generate alternative correct program variants. They however suffer from the very practical issue that the generated space is often too large to fully explore. As a consequence, the globally optimal solution may be overlooked. In this work we provide a novel solution to issue performance portability by deriving an efficient yet effective DSE strategy for the TyTra compiler framework. We make use of categorical data types to derive categorical semantics for the formal languages that describe the terms, types, cost-performance estimates and their transformations. From these we define a category of interpretations for TyTra applications, from which we derive a DSE strategy that finds the globally optimal transformation sequence in polynomial time. This is achieved by reducing the size of the generated search space. We formally state and prove a theorem for this claim and then show that the polynomial run-time for our DSE strategy has practically negligible coefficients leading to sub-second exploration times for realistic applications

    Analysis and identification of possible automation approaches for embedded systems design flows

    Get PDF
    Sophisticated and high performance embedded systems are present in an increasing number of application domains. In this context, formal-based design methods have been studied to make the development process robust and scalable. Models of computation (MoC) allows the modeling of an application at a high abstraction level by using a formal base. This enables analysis before the application moves to the implementation phase. Different tools and frameworks supporting MoCs have been developed. Some of them can simulate the models and also verify their functionality and feasibility before the next design steps. In view of this, we present a novel method for analysis and identification of possible automation approaches applicable to embedded systems design flow supported by formal models of computation. A comprehensive case study shows the potential and applicability of our method11212

    Estratégias de automação para desenvolvimento de projetos de sistemas embarcados baseados em modelos formais de computação

    Get PDF
    Orientador: Denis SIlva LoubachDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia MecânicaResumo: Sistemas embarcados de alta performance estão presentes em cada vez mais áreas de aplicação. Com o aumento da complexidade, se torna mais difícil atender ao requisito de se projetar o sistema mais otimizado utilizando menos recursos. Nesse contexto, os métodos de projeto de sistemas embarcados baseados em modelos formais têm sido estudados para tornar esse processo mais robusto e escalável. O uso de modelos de computação (MoC), que consistem na modelagem de uma aplicação utilizando um alto nível de abstração com base formal, possibilita uma análise sistemática do sistema antes de sua implementação. Ferramentas e frameworks têm sido desenvolvidos para a modelagem baseada em MoCs. Algumas dessas ferramentas suportam a simulação dos modelos, possibilitando a verificação das funcionalidades do sistema antes das próximas fases do projeto. O aumento do nível de abstração, proporcionado pelo uso dos MoCs, dificulta a fase de implementação pela falta de detalhes nos modelos de alto nível de abstração. Nesse sentido, esta pesquisa tem como objetivo identificar possíveis estratégias de automação para o desenvolvimento de sistemas embarcados baseado em modelos formais de computaçãoAbstract: Sophisticated and high performance embedded systems are present in an increasing number of application domains. As the complexity grows, it gets harder to satisfy the requirement of getting the most optimized system using less development resources. In this context, formal-based design methods have been studied to make the development process robust and scalable, using the correct-by-construction approach. Models of computation (MoC), which consists on modeling an application at a high abstraction level by using a formal base, enables a systematic application analysis before its implementation. Different tools and frameworks have been developed supporting MoCs. Some of them can simulate the models and also verify its functionality and feasibility before the next design steps. As MoC elevates the abstraction level, the implementation steps get more complex, creating an abstraction gap. In view of this, the present research aims to identify possible automation approaches for embedded systems design flowsMestradoMecatrônicaMestre em Engenharia Mecânic

    ITL Monitor: Compositional Runtime Analysis with Interval Temporal Logic

    Get PDF
    Runtime verification has gained significant interest in recent years. It is a process in which the execution trace of a program is analysed while it is running. A popular language for specifying temporal requirements for runtime verification is Linear Temporal Logic (LTL), which is excellent for expressing properties such as safety and liveness. Another formalism that is used is Interval Temporal Logic (ITL). This logic has constructs for specifying the behaviour of programs that can be decomposed into subintervals of activity. Traditionally, only a restricted subset of ITL has been used for runtime verification due to the limitations imposed by making the subset executable. In this thesis an alternative restriction of ITL was considered as the basis for constructing a library of runtime verification monitors (ITL-Monitor). The thesis introduces a new first-occurrence operator (|>) into ITL and explores its properties. This operator is the basis of the translation from runtime monitors to their corresponding ITL formulae. ITL-Monitor is then introduced formally, and the algebraic properties of its operators are analysed. An implementation of ITL-Monitor is given, based upon the construction of a Domain Specific Language using Scala. The architecture of the underlying system comprises a network of concurrent actors built on top of Akka - an industrial strength distributed actor framework. A number of example systems are constructed to evaluate ITL-Monitor's performance against alternative verification tools. ITL-Monitor is also subjected to a simulation that generates a very large quantity of state data. The monitors were observed to deliver consistent performance across execution traces of up to a million states, and to verify subintervals of up to 300 states against ITL formulae with evaluation complexity of O(n^3)
    corecore