The Science of Deep Specificationbcpierce/papers/deepspec-hcss... · 2016-05-11 · The Science of...

TheScienceofDeepSpecification

AndrewW.Appel,BenjaminPierce,StephanieWeirich,SteveZdancewic,Zhong Shao,AdamChlipala

Princeton Penn Yale MIT

Zero-vulnerabilitycriticalsoftware– Compilers,interpreters– Operatingsystems– Filesystems,networkingstacks– Distributedmiddleware– Databases– Crypto,securityprotocols

Apipedream?

Ahigh-value“niche”

Maybeuntilrecently!

Heroicproofsofconcept• CompCert (Ccompiler)• L4.verified(OS)

Proliferationof“pointsolutions”• CertiKos (hypervisor)

• Verdi(distributedalgorithmstoolkit)• RockSalt (softwarefaultisolation)• CakeML (MLcompiler)

• VeLLVM (LLVMoptimizations)

• HMAC+SHA(crypto)• …

Individuallyimpressive!Butdisconnected

TheRiseofIntegratedStacks• CompCert ecosystem• L4.verifiedecosystem• IronClad Apps• Bedrockwebserver• Everest(verifiedhttps)• … Whatmakesthischallenging?

(lotsofthings,but inparticular…)

SpecificationEngineering!

WhatwelearnedfromCompCert

Clanguage

CompCertCompiler

PowerPCISA

ProgramLogic

VerifiableCSystem

Clanguage

IBM’sCPU

Transistors

PowerPCISA

OSclientinterface

CertiKOShypervisorkernel

Clanguage AppelShao

PeterSewellUniv.ofCambridge

XavierLeroyInria

Whatwediscovered ...

CompCertCompiler

PowerPCISA

Clanguage

IBM’sCPU

Transistors

PowerPCISA

ProgramLogic

VerifiableCSystem

Clanguage

OSclientinterface

Clanguage AppelShao

XavierLeroyInria

Solution:exercisespec.frombothsides(2006-2015)

CompCertCompiler

IBM’sCPU

Transistors

ProgramLogic

VerifiableCSystem

Clanguage

OSclientinterface

Clanguage

XavierLeroyINRIA

AppelShao

Clanguage

PowerPCISA

Integration!

TheFutureofFormalMethods…

TheScienceofDeepSpecification

AnewNSFExpedition…

AndrewAppel

ZhongShao

StephanieWeirich

BenjaminPierce

SteveZdancewic

AdamChlipala

Princeton Penn YaleMIT

$10m5years

DeepSpecificationsareFORMAL,RICH,LIVE,and2-SIDED

RICH describecomplexbehaviorsindetail

FORMAL innotationwithaclearsemantics

LIVEmachine-checkedconnectiontoimplementations

2-SIDEDconnectedtobothimplementations&clients

DeepSpec goals1. Coreresearch2. Education3. Communitybuilding

CoreResearchTopics

Individualprojects,connectedatdeepspecs

15AdamChlipala

Verifiedprocessordesign

AndrewAppel

VerifiedtoolchainforverifyingconcurrentCprograms

SteveZdancewic

VerifiedLLVMcompiler

StephanieWeirich

Specificationoffunctionallanguage

ZhongShao

VerifiedhypervisorOSkernel

BenjaminPierce

Specification-basedrandom

testing

SpecificationandtestingPromisingdevelopment:Theriseofspecification-basedautomatedtestingtechniques– Property-based random testing(QuickCheck)– Model-based testing– Oracle-based testing– …

End-to-EndDemo(s)Leadingcandidates:– Votingsystems– Automotive software– Datacenterinfrastructure

Othersuggestions??

Educationandtraining

Textbooksandon-linematerialsSoftwareFoundationstextisusedatdozensofuniversities.Nowweknow:

Withgoodinstructionalmaterialsandinteractiveproofcheckers,specification&verificationcanbetaught…

...justlikeprogrammingandsoftwareengineeringcanbetaught!

BookDevelopment• Goal:UseSoftwareFoundations toseedanewseriesof“verifiedtextbooks”

• Firststep:

• Later:– Averifiedcompiler textbook?

VerifiedFunctionalAlgorithms

AndrewAppel

(fall2016)

CurriculumDevelopment

• Modularity⇒cleanpedagogical implementations• Precise(andcorrect!)descriptionofrelevantabstractions• Specifications⇒automatedtestharnesses/testcases/property-basedtesting(forgrading)

• Connects toformalmethodscoursethatteachesverificationtechniquesfortheseartifacts

NewCompiler&OSCoursesbasedon

CertiKOS

EducationSpecialistsBruceLenthallExecutiveDirectorPennCTL(CenterforTeaching&Learning)

EmilyElliottAssociateDirector,PennCTL

AnandaGunawardenaLecturer,PrincetonCS

Responsibilities:• determineappropriatemetricsforlearningoutcomes

• designassessmentplan• developdatacollectionplans

• helpdesignmeasurementinstruments

• analyzedata• workwithIRBs

Responsibilities:• manageimplementationofdatacollectionplan

• sendout,collect,andcompileassessments

• etc.

Assessmenttools1. ABETcourseoutcomes– Compare“pre-DS”to“DS-ified”versions of

courseatthesameuniversity (e.g.,Princeton),whereDS-ified versionswillbetestdriveninlateryearsoftheproject

2. Studentsurveys3. Instructorsurveys4. TrackingchangesbetweensuccessiveofferingsofDS-ified courses

CommunitybuildingGoalistoactasapointaroundwhichthingscrystallize…

• Workshops (everysummer)• Summerschools(beginningnextsummer)• Visitorprogram(acceptingapplications!)• IndustrialAdvisoryBoard• SupportforCoqdevelopment• Jobs forpostdocs,engineers,PhDstudents

Joinus!• DeepSpec isnotaboutbuildingasinglesystemorstack– It’saboutfindingouthowtomakeconnectionsbetweensystems

• Whowouldyou liketoconnectto?

The Science of Deep Specificationbcpierce/papers/deepspec-hcss... · 2016-05-11 · The Science of...

Documents

Martina Angela Sasse, Sacha Brostoff & Dirk Weirich

MIS & Business Lab 75 - Periyar · PDF file3 MBANEF3 International Financial ... Heinz Weirich 2. ... Principles – Concepts and Conventions – Accounting Standards – Management

tripurauniv.intripurauniv.in/main/images/universitymedia/UniversityNews... · International Relations Society and Technology . ... Koontz and Weirich, ... accounting and financial

thomas weirich portfolio

MBA (HOSPITAL MANAGEMENT) - Pondicherry University Management-110913.pdf · Domestic & International Corporations -Management of ... Koontz, Weirich &Aryasri, PRINCIPLES OF MANAGEMENT

WatchdogLite :-Hardware1Accelerated- Compiler1Based ...cgo.org/cgo2014/wp-content/uploads/2013/05/Watchdoglite.pdf · WatchdogLite :-Hardware1Accelerated-Compiler1Based-Pointer-Checking-Milo-M.K.-Mar?n-Steve-Zdancewic-University-of-Pennsylvania

Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic Lantian Zheng Nathaniel Nystrom Andrew Myers Cornell University

SYLLABUS - OPJS University in · PDF fileUNIT-IV: Front Accounting ... O‟Donnel and Weirich, MANAGEMENT, International students edition, ... Introduction, Concepts,

Type Analysis and Typed Compilation Stephanie Weirich Cornell University

A UNIFIED DATA-CENTRIC APPROACH TOWARDS AN …boonloo/papers/yun_thesis.pdf · thesis committee chair and WPE-II committee chair; Steve Zdancewic co-authored my ﬁrst paper ... that

Intensional Polymorphism in Type-Erasure Semantics Karl Crary, Stephanie Weirich, Greg Morrisett Presentation by Nate Waisbrot

Language-based Information-flow Security · 2003. 7. 14. · Security of data and infrastructure is critical [Trust in Cyberspace, Schneider et ... Military secrets Data. Zdancewic

Type inference and modern type systems Stephanie Weirich University of Pennsylvania

Robust Declassification Steve Zdancewic Andrew Myers Cornell University

MBA- Hospital Management - IIDE - Hospital Management.pdf · International Business Management 5 ... Koontz & Weirich, ... BLOCK 1 BASIC ACCOUNTING CONCEPTS AND PRINCIPLES Unit 1:

Chapter 16 International accounting. Definitions of international accounting Weirich and others identify three major concepts: 1.parent-foreign subsidiary

Lecture 21 CIS 341: COMPILERS - Penn EngineeringCIS 341: Compilers 22 LOOP OPTIMIZATIONS Zdancewic CIS 341: Compilers 23 Loop Optimizations • Program hot spots often occur in loops

Generative type abstraction and type-level computation (Wrestling with System FC) Stephanie Weirich, Steve Zdancewic University of Pennsylvania Dimitrios

Foster Lafortune Madhusudan Bodik · Foster Lafortune Bodik Alur Hartmann Zdancewic Vardi Tripakis Tabuada Kavraki Solar-Lezama Seshia Sangiovanni Kress-Gazit Loo Madhusudan Martin

LX: A Language for Flexible Type Analysis Stephanie Weirich Cornell University joint work with Karl Crary (CMU)