Hardware Error Detection Using AN-Codes

Total Page:16

File Type:pdf, Size:1020Kb

Hardware Error Detection Using AN-Codes Hardware Error Detection Using AN-Codes Dissertation zur Erlangung des akademischen Grades Doktoringenieur (Dr.-Ing.) vorgelegt an der Technischen Universitat¨ Dresden Fakultat¨ Informatik eingereicht von Dipl.-Inf. Ute Schiffel geboren am 08. 07. 1980 in Sebnitz Gutachter: Prof. Christof Fetzer, PhD, Technische Universit¨at Dresden Prof. Dr. Wolfgang Ehrenberger, Hochschule Fulda Datum der Verteidigung: 20. Mai 2011 Dresden, den 10.06.2011 Abstract Due to the continuously decreasing feature sizes and the increasing complexity of integrated circuits, commercial off-the-shelf (COTS) hardware is becoming less and less reliable. However, dedicated reliable hardware is expensive and usually slower than commodity hardware. Thus, economic pressure will most likely result in the usage of unreliable COTS hardware in safety-critical systems. The usage of unreliable, COTS hardware in safety-critical systems results in the need for software-implemented solutions for handling execution errors caused by this unreliable hardware. In this thesis, we provide techniques for detecting hardware errors that disturb the execution of a program. The detection provided facilitates handling of these errors, for example, by retry or graceful degradation. We realize the error detection by transforming unsafe programs that are not guaranteed to detect execution errors into safe programs that detect execution errors with a high probability. Therefore, we use arithmetic AN-, ANB-, ANBD-, and ANBDmem-codes. These codes detect errors that modify data during storage or transport and errors that disturb computations as well. Furthermore, the error detection provided is independent of the hardware used. We present the following novel encoding approaches: • Software Encoded Processing (SEP) that transforms an unsafe binary into a safe execution at runtime by applying an ANB-code, and • Compiler Encoded Processing (CEP) that applies encoding at compile time and provides different levels of safety by using different arithmetic codes. In contrast to existing encoding solutions, SEP and CEP allow to encode applications whose data and control flow is not completely predictable at compile time. For encoding, SEP and CEP use our set of encoded operations also presented in this thesis. To the best of our knowledge, we are the first ones that present the encoding of a complete RISC instruction set including boolean and bitwise logical operations, casts, unaligned loads and stores, shifts and arithmetic operations. Our evaluations show that encoding with SEP and CEP significantly reduces the amount of erroneous output caused by hardware errors. Furthermore, our evaluations show that, in contrast to replication-based approaches for detecting errors, arithmetic encoding facilitates the detection of permanent hardware errors. This increased reliability does not come for free. However, unexpectedly the runtime costs for the different arithmetic codes supported by CEP compared to redundancy increase only linearly, while the gained safety increases exponentially. iii Für Arthur Es weht der Wind ein Blatt vom Baum, von vielen Bl¨attern eines. Das eine Blatt, man merkt es kaum, denn eines ist ja keines. Doch dieses eine Blatt allein, war Teil von unsrem Leben. Drum wird uns dieses Blatt allein, fur¨ immer, immer fehlen. Hermann Hesse Acknowledgments Over the last years many people helped me to complete this thesis. Now, it is time to thank them for their support. My advisor Christof Fetzer always believed in encoding { even when I did not. He was always open for discussions and an endless source of ideas. His constant request: \You could publish at conference XYZ." ensured a steady progress of my work. Thank you. My colleagues at the chair for Systems Engineering at TU Dresden provided a friendly and enjoyable working environment. They were always open for discussing ideas, problems and gave lots of feedback on paper drafts and pre- sentations. I especially thank, Martin Sußkraut¨ whose ideas and suggestions considerably helped to improve the Encoding Compiler and this thesis, which he proof-read from the first to the very last page, Andr´eSchmitt who trans- formed my ideas for the ANB-encoding Compiler into a compiler pass during his diploma thesis, Thomas Knauth who implemented the list- and tree-based version management, Gert Pfeifer who had always time for me: either for just listening or for explaining some interesting P2P or DNS technique, Andrey Brito on whom I could count on to drop by on these long evenings before a paper deadline, Martin Nowack who proof-read the short version of this thesis, and Claudia Einer and Karina Wauer who helped me to survive in an otherwise women-free work environment. Special thanks go to my husband Stephan. He endlessly discussed problems and possible solutions with me, he proof-read this thesis, and supported me wherever he could. Und zu guter Letzt: Danke meine lieben Eltern, daß Ihr mich immer unterstutzt¨ und gef¨ordert habt und auch heute noch fur¨ Stephan und mich da seid und alle unsere Vorhaben mit Ratschl¨agen und Hilfe begleitet. vii Contents Contents ix 1. Introduction1 2. Reliability of Hardware7 2.1. Terminology..............................7 2.2. Causes and Effects of Hardware Errors...............8 2.2.1. Causes for Increasing Unreliability of Hardware......8 2.2.2. (Un)Reliability of Hardware................. 11 2.3. Impact of Hardware Errors..................... 14 2.4. Conclusions from the State of Hardware Reliability........ 15 2.5. Software-level Symptoms of Hardware Errors........... 16 3. Arithmetic Codes 19 3.1. Berger Code.............................. 21 3.2. Residue Codes............................ 23 3.3. AN-Codes............................... 26 3.3.1. Error Correcting AN-Codes................. 29 3.3.2. Systematic AN-Codes.................... 30 3.3.3. jgANjM Code......................... 31 3.3.4. Conclusions for AN-Codes.................. 33 3.4. ANB-Codes.............................. 33 3.5. ANBD-Codes............................. 35 3.6. Comparison of the Codes...................... 36 4. Encoding an Instruction Set 39 4.1. Implementation of Encoding and Decoding............ 40 4.1.1. Provided Functions...................... 41 4.1.2. Encoding........................... 42 4.1.3. Conversion: Signed Encoded Unsigned Encoded.... 44 4.1.4. Decoding........................... 46 4.2. Encoded Operations......................... 46 4.2.1. Encoded Base Operations.................. 47 4.2.2. Encodable Replacement Operations............ 74 4.2.3. Floating Point Operations.................. 79 4.3. Encoded Constants.......................... 80 ix x Contents 4.4. Calls to External Libraries...................... 80 4.5. Encoded Data and Control Flow.................. 81 4.6. Encoding Dynamic Memory Access................. 81 4.7. Version Management......................... 82 4.7.1. The List............................ 84 4.7.2. The Tree........................... 86 4.7.3. Performance Evaluation................... 89 4.8. Outlook: Application of Encoded Basic Building Blocks........... 90 5. Choice of Encoding Parameters 93 5.1. Choice of A.............................. 93 5.1.1. How A Influences the Probability of Detecting Errors.. 94 5.1.2. Practical Evaluation: How Many Errors Are Undetectable? 96 5.2. Choice of the Signatures....................... 100 5.3. Version................................ 102 5.4. Conclusion.............................. 103 6. The Vital Coded Processor (VCP) 105 6.1. System Overview........................... 105 6.2. Workflow............................... 107 6.3. Program Encoding.......................... 108 6.4. Discussion of VCP.......................... 109 7. Software Encoded Processing (SEP) 111 7.1. System Overview........................... 111 7.2. Workflow............................... 113 7.3. Program Encoding.......................... 114 7.3.1. Critical Combinations of Error Symptoms......... 114 7.3.2. Encoding of the Process Image and the Instruction Pointer115 7.3.3. Encoded Program Execution................ 117 7.3.4. Encoding of Control Flow Instructions........... 120 7.3.5. Input and Output...................... 120 7.3.6. Code Checking........................ 121 7.4. Evaluation............................... 122 7.4.1. Error Detection Capabilities................. 123 7.4.2. Runtime Overhead...................... 125 7.5. Summary of SEP........................... 127 8. Compiler Encoded Processing (CEP) 129 8.1. System Overview........................... 130 8.2. Workflow............................... 132 8.3. Program Encoding.......................... 134 8.3.1. LLVM Bitcode........................ 134 Contents xi 8.3.2. Preparations for Encoding.................. 136 8.3.3. Encoding........................... 137 8.4. Checking the Correctness of the Execution............. 153 8.5. Evaluation............................... 155 8.5.1. Benchmarks Used...................... 155 8.5.2. Other Error Detection Approaches Evaluated....... 156 8.5.3. Error Detection Capabilities................. 157 8.5.4. Runtime Overhead...................... 163 8.5.5. Costs vs Gains........................ 167 8.6. Summary of CEP........................... 168 9. Symptom-based Error Injection Tools 171 9.1. Related Work............................. 172 9.1.1. Error Injectors........................ 172 9.1.2. Error Injectors Used in Recent Research Papers...... 174 9.1.3. Slicing............................. 176 9.1.4. Design Decisions Derived.................. 176 9.2. FITgrind..............................
Recommended publications
  • Compilers & Translator Writing Systems
    Compilers & Translators Compilers & Translator Writing Systems Prof. R. Eigenmann ECE573, Fall 2005 http://www.ece.purdue.edu/~eigenman/ECE573 ECE573, Fall 2005 1 Compilers are Translators Fortran Machine code C Virtual machine code C++ Transformed source code Java translate Augmented source Text processing language code Low-level commands Command Language Semantic components Natural language ECE573, Fall 2005 2 ECE573, Fall 2005, R. Eigenmann 1 Compilers & Translators Compilers are Increasingly Important Specification languages Increasingly high level user interfaces for ↑ specifying a computer problem/solution High-level languages ↑ Assembly languages The compiler is the translator between these two diverging ends Non-pipelined processors Pipelined processors Increasingly complex machines Speculative processors Worldwide “Grid” ECE573, Fall 2005 3 Assembly code and Assemblers assembly machine Compiler code Assembler code Assemblers are often used at the compiler back-end. Assemblers are low-level translators. They are machine-specific, and perform mostly 1:1 translation between mnemonics and machine code, except: – symbolic names for storage locations • program locations (branch, subroutine calls) • variable names – macros ECE573, Fall 2005 4 ECE573, Fall 2005, R. Eigenmann 2 Compilers & Translators Interpreters “Execute” the source language directly. Interpreters directly produce the result of a computation, whereas compilers produce executable code that can produce this result. Each language construct executes by invoking a subroutine of the interpreter, rather than a machine instruction. Examples of interpreters? ECE573, Fall 2005 5 Properties of Interpreters “execution” is immediate elaborate error checking is possible bookkeeping is possible. E.g. for garbage collection can change program on-the-fly. E.g., switch libraries, dynamic change of data types machine independence.
    [Show full text]
  • Source-To-Source Translation and Software Engineering
    Journal of Software Engineering and Applications, 2013, 6, 30-40 http://dx.doi.org/10.4236/jsea.2013.64A005 Published Online April 2013 (http://www.scirp.org/journal/jsea) Source-to-Source Translation and Software Engineering David A. Plaisted Department of Computer Science, University of North Carolina at Chapel Hill, Chapel Hill, USA. Email: [email protected] Received February 5th, 2013; revised March 7th, 2013; accepted March 15th, 2013 Copyright © 2013 David A. Plaisted. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. ABSTRACT Source-to-source translation of programs from one high level language to another has been shown to be an effective aid to programming in many cases. By the use of this approach, it is sometimes possible to produce software more cheaply and reliably. However, the full potential of this technique has not yet been realized. It is proposed to make source- to-source translation more effective by the use of abstract languages, which are imperative languages with a simple syntax and semantics that facilitate their translation into many different languages. By the use of such abstract lan- guages and by translating only often-used fragments of programs rather than whole programs, the need to avoid writing the same program or algorithm over and over again in different languages can be reduced. It is further proposed that programmers be encouraged to write often-used algorithms and program fragments in such abstract languages. Libraries of such abstract programs and program fragments can then be constructed, and programmers can be encouraged to make use of such libraries by translating their abstract programs into application languages and adding code to join things together when coding in various application languages.
    [Show full text]
  • A Compiler-Level Intermediate Representation Based Binary Analysis and Rewriting System
    A Compiler-level Intermediate Representation based Binary Analysis and Rewriting System Kapil Anand Matthew Smithson Khaled Elwazeer Aparna Kotha Jim Gruen Nathan Giles Rajeev Barua University of Maryland, College Park {kapil,msmithso,wazeer,akotha,jgruen,barua}@umd.edu Abstract 1. Introduction This paper presents component techniques essential for con- In recent years, there has been a tremendous amount of ac- verting executables to a high-level intermediate representa- tivity in executable-level research targeting varied applica- tion (IR) of an existing compiler. The compiler IR is then tions such as security vulnerability analysis [13, 37], test- employed for three distinct applications: binary rewriting us- ing [17], and binary optimizations [30, 35]. In spite of a sig- ing the compiler’s binary back-end, vulnerability detection nificant overlap in the overall goals of various source-code using source-level symbolic execution, and source-code re- methods and executable-level techniques, several analyses covery using the compiler’s C backend. Our techniques en- and sophisticated transformations that are well-understood able complex high-level transformations not possible in ex- and implemented in source-level infrastructures have yet to isting binary systems, address a major challenge of input- become available in executable frameworks. Many of the derived memory addresses in symbolic execution and are the executable-level tools suggest new techniques for perform- first to enable recovery of a fully functional source-code. ing elementary source-level tasks. For example, PLTO [35] We present techniques to segment the flat address space in proposes a custom alias analysis technique to implement a an executable containing undifferentiated blocks of memory.
    [Show full text]
  • Tdb: a Source-Level Debugger for Dynamically Translated Programs
    Tdb: A Source-level Debugger for Dynamically Translated Programs Naveen Kumar†, Bruce R. Childers†, and Mary Lou Soffa‡ †Department of Computer Science ‡Department of Computer Science University of Pittsburgh University of Virginia Pittsburgh, Pennsylvania 15260 Charlottesville, Virginia 22904 {naveen, childers}@cs.pitt.edu [email protected] Abstract single stepping through program execution, watching for par- ticular conditions and requests to add and remove breakpoints. Debugging techniques have evolved over the years in response In order to respond, the debugger has to map the values and to changes in programming languages, implementation tech- statements that the user expects using the source program niques, and user needs. A new type of implementation vehicle viewpoint, to the actual values and locations of the statements for software has emerged that, once again, requires new as found in the executable program. debugging techniques. Software dynamic translation (SDT) As programming languages have evolved, new debugging has received much attention due to compelling applications of techniques have been developed. For example, checkpointing the technology, including software security checking, binary and time stamping techniques have been developed for lan- translation, and dynamic optimization. Using SDT, program guages with concurrent constructs [6,19,30]. The pervasive code changes dynamically, and thus, debugging techniques use of code optimizations to improve performance has necessi- developed for statically generated code cannot be used to tated techniques that can respond to queries even though the debug these applications. In this paper, we describe a new optimization may have changed the number of statement debug architecture for applications executing with SDT sys- instances and the order of execution [15,25,29].
    [Show full text]
  • Virtual Machine Part II: Program Control
    Virtual Machine Part II: Program Control Building a Modern Computer From First Principles www.nand2tetris.org Elements of Computing Systems, Nisan & Schocken, MIT Press, www.nand2tetris.org , Chapter 8: Virtual Machine, Part II slide 1 Where we are at: Human Abstract design Software abstract interface Thought Chapters 9, 12 hierarchy H.L. Language Compiler & abstract interface Chapters 10 - 11 Operating Sys. Virtual VM Translator abstract interface Machine Chapters 7 - 8 Assembly Language Assembler Chapter 6 abstract interface Computer Machine Architecture abstract interface Language Chapters 4 - 5 Hardware Gate Logic abstract interface Platform Chapters 1 - 3 Electrical Chips & Engineering Hardware Physics hierarchy Logic Gates Elements of Computing Systems, Nisan & Schocken, MIT Press, www.nand2tetris.org , Chapter 8: Virtual Machine, Part II slide 2 The big picture Some . Some Other . Jack language language language Chapters Some Jack compiler Some Other 9-13 compiler compiler Implemented in VM language Projects 7-8 VM implementation VM imp. VM imp. VM over the Hack Chapters over CISC over RISC emulator platforms platforms platform 7-8 A Java-based emulator CISC RISC is included in the course written in Hack software suite machine machine . a high-level machine language language language language Chapters . 1-6 CISC RISC other digital platforms, each equipped Any Hack machine machine with its VM implementation computer computer Elements of Computing Systems, Nisan & Schocken, MIT Press, www.nand2tetris.org , Chapter 8: Virtual Machine,
    [Show full text]
  • Three Architectural Models for Compiler-Controlled Speculative
    Three Architectural Mo dels for Compiler-Controlled Sp eculative Execution Pohua P. Chang Nancy J. Warter Scott A. Mahlke Wil liam Y. Chen Wen-mei W. Hwu Abstract To e ectively exploit instruction level parallelism, the compiler must move instructions across branches. When an instruction is moved ab ove a branch that it is control dep endent on, it is considered to b e sp eculatively executed since it is executed b efore it is known whether or not its result is needed. There are p otential hazards when sp eculatively executing instructions. If these hazards can b e eliminated, the compiler can more aggressively schedule the co de. The hazards of sp eculative execution are outlined in this pap er. Three architectural mo dels: re- stricted, general and b o osting, whichhave increasing amounts of supp ort for removing these hazards are discussed. The p erformance gained by each level of additional hardware supp ort is analyzed using the IMPACT C compiler which p erforms sup erblo ckscheduling for sup erscalar and sup erpip elined pro cessors. Index terms - Conditional branches, exception handling, sp eculative execution, static co de scheduling, sup erblo ck, sup erpip elining, sup erscalar. The authors are with the Center for Reliable and High-Performance Computing, University of Illinois, Urbana- Champaign, Illinoi s, 61801. 1 1 Intro duction For non-numeric programs, there is insucient instruction level parallelism available within a basic blo ck to exploit sup erscalar and sup erpip eli ned pro cessors [1][2][3]. Toschedule instructions b eyond the basic blo ck b oundary, instructions havetobemoved across conditional branches.
    [Show full text]
  • Toward IFVM Virtual Machine: a Model Driven IFML Interpretation
    Toward IFVM Virtual Machine: A Model Driven IFML Interpretation Sara Gotti and Samir Mbarki MISC Laboratory, Faculty of Sciences, Ibn Tofail University, BP 133, Kenitra, Morocco Keywords: Interaction Flow Modelling Language IFML, Model Execution, Unified Modeling Language (UML), IFML Execution, Model Driven Architecture MDA, Bytecode, Virtual Machine, Model Interpretation, Model Compilation, Platform Independent Model PIM, User Interfaces, Front End. Abstract: UML is the first international modeling language standardized since 1997. It aims at providing a standard way to visualize the design of a system, but it can't model the complex design of user interfaces and interactions. However, according to MDA approach, it is necessary to apply the concept of abstract models to user interfaces too. IFML is the OMG adopted (in March 2013) standard Interaction Flow Modeling Language designed for abstractly expressing the content, user interaction and control behaviour of the software applications front-end. IFML is a platform independent language, it has been designed with an executable semantic and it can be mapped easily into executable applications for various platforms and devices. In this article we present an approach to execute the IFML. We introduce a IFVM virtual machine which translate the IFML models into bytecode that will be interpreted by the java virtual machine. 1 INTRODUCTION a fundamental standard fUML (OMG, 2011), which is a subset of UML that contains the most relevant The software development has been affected by the part of class diagrams for modeling the data apparition of the MDA (OMG, 2015) approach. The structure and activity diagrams to specify system trend of the 21st century (BRAMBILLA et al., behavior; it contains all UML elements that are 2014) which has allowed developers to build their helpful for the execution of the models.
    [Show full text]
  • Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK
    1 From Start-ups to Scale-ups: Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK Abstract—This paper1 describes some of the challenges and research questions that target the most productive intersection opportunities when deploying static and dynamic analysis at we have yet witnessed: that between exciting, intellectually scale, drawing on the authors’ experience with the Infer and challenging science, and real-world deployment impact. Sapienz Technologies at Facebook, each of which started life as a research-led start-up that was subsequently deployed at scale, Many industrialists have perhaps tended to regard it unlikely impacting billions of people worldwide. that much academic work will prove relevant to their most The paper identifies open problems that have yet to receive pressing industrial concerns. On the other hand, it is not significant attention from the scientific community, yet which uncommon for academic and scientific researchers to believe have potential for profound real world impact, formulating these that most of the problems faced by industrialists are either as research questions that, we believe, are ripe for exploration and that would make excellent topics for research projects. boring, tedious or scientifically uninteresting. This sociological phenomenon has led to a great deal of miscommunication between the academic and industrial sectors. I. INTRODUCTION We hope that we can make a small contribution by focusing on the intersection of challenging and interesting scientific How do we transition research on static and dynamic problems with pressing industrial deployment needs. Our aim analysis techniques from the testing and verification research is to move the debate beyond relatively unhelpful observations communities to industrial practice? Many have asked this we have typically encountered in, for example, conference question, and others related to it.
    [Show full text]
  • A Brief History of Just-In-Time Compilation
    A Brief History of Just-In-Time JOHN AYCOCK University of Calgary Software systems have been using “just-in-time” compilation (JIT) techniques since the 1960s. Broadly, JIT compilation includes any translation performed dynamically, after a program has started execution. We examine the motivation behind JIT compilation and constraints imposed on JIT compilation systems, and present a classification scheme for such systems. This classification emerges as we survey forty years of JIT work, from 1960–2000. Categories and Subject Descriptors: D.3.4 [Programming Languages]: Processors; K.2 [History of Computing]: Software General Terms: Languages, Performance Additional Key Words and Phrases: Just-in-time compilation, dynamic compilation 1. INTRODUCTION into a form that is executable on a target platform. Those who cannot remember the past are con- What is translated? The scope and na- demned to repeat it. ture of programming languages that re- George Santayana, 1863–1952 [Bartlett 1992] quire translation into executable form covers a wide spectrum. Traditional pro- This oft-quoted line is all too applicable gramming languages like Ada, C, and in computer science. Ideas are generated, Java are included, as well as little lan- explored, set aside—only to be reinvented guages [Bentley 1988] such as regular years later. Such is the case with what expressions. is now called “just-in-time” (JIT) or dy- Traditionally, there are two approaches namic compilation, which refers to trans- to translation: compilation and interpreta- lation that occurs after a program begins tion. Compilation translates one language execution. into another—C to assembly language, for Strictly speaking, JIT compilation sys- example—with the implication that the tems (“JIT systems” for short) are com- translated form will be more amenable pletely unnecessary.
    [Show full text]
  • A Parallel Program Execution Model Supporting Modular Software Construction
    A Parallel Program Execution Model Supporting Modular Software Construction Jack B. Dennis Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 U.S.A. [email protected] Abstract as a guide for computer system design—follows from basic requirements for supporting modular software construction. A watershed is near in the architecture of computer sys- The fundamental theme of this paper is: tems. There is overwhelming demand for systems that sup- port a universal format for computer programs and software The architecture of computer systems should components so users may benefit from their use on a wide reflect the requirements of the structure of pro- variety of computing platforms. At present this demand is grams. The programming interface provided being met by commodity microprocessors together with stan- should address software engineering issues, in dard operating system interfaces. However, current systems particular, the ability to practice the modular do not offer a standard API (application program interface) construction of software. for parallel programming, and the popular interfaces for parallel computing violate essential principles of modular The positions taken in this presentation are contrary to or component-based software construction. Moreover, mi- much conventional wisdom, so I have included a ques- croprocessor architecture is reaching the limit of what can tion/answer dialog at appropriate places to highlight points be done usefully within the framework of superscalar and of debate. We start with a discussion of the nature and VLIW processor models. The next step is to put several purpose of a program execution model. Our Parallelism processors (or the equivalent) on a single chip.
    [Show full text]
  • Coqjvm: an Executable Specification of the Java Virtual Machine Using
    CoqJVM: An Executable Specification of the Java Virtual Machine using Dependent Types Robert Atkey LFCS, School of Informatics, University of Edinburgh Mayfield Rd, Edinburgh EH9 3JZ, UK [email protected] Abstract. We describe an executable specification of the Java Virtual Machine (JVM) within the Coq proof assistant. The principal features of the development are that it is executable, meaning that it can be tested against a real JVM to gain confidence in the correctness of the specification; and that it has been written with heavy use of dependent types, this is both to structure the model in a useful way, and to constrain the model to prevent spurious partiality. We describe the structure of the formalisation and the way in which we have used dependent types. 1 Introduction Large scale formalisations of programming languages and systems in mechanised theorem provers have recently become popular [4–6, 9]. In this paper, we describe a formalisation of the Java virtual machine (JVM) [8] in the Coq proof assistant [11]. The principal features of this formalisation are that it is executable, meaning that a purely functional JVM can be extracted from the Coq development and – with some O’Caml glue code – executed on real Java bytecode output from the Java compiler; and that it is structured using dependent types. The motivation for this development is to act as a basis for certified consumer- side Proof-Carrying Code (PCC) [12]. We aim to prove the soundness of program logics and correctness of proof checkers against the model, and extract the proof checkers to produce certified stand-alone tools.
    [Show full text]
  • Visual Representations of Executing Programs
    Visual Representations of Executing Programs Steven P. Reiss Department of Computer Science Brown University Providence, RI 02912-1910 401-863-7641, FAX: 401-863-7657 {spr}@cs.brown.edu Abstract Programmers have always been curious about what their programs are doing while it is exe- cuting, especially when the behavior is not what they are expecting. Since program execution is intricate and involved, visualization has long been used to provide the programmer with appro- priate insights into program execution. This paper looks at the evolution of on-line visual repre- sentations of executing programs, showing how they have moved from concrete representations of relatively small programs to abstract representations of larger systems. Based on this examina- tion, we describe the challenges implicit in future execution visualizations and methodologies that can meet these challenges. 1. Introduction An on-line visual representation of an executing program is a graphical display that provides information about what a program is doing as the program does it. Visualization is used to make the abstract notion of a computer executing a program concrete in the mind of the programmer. The concurrency of the visualization in con- junction with the execution lets the programmer correlate real time events (e.g., inputs, button presses, error messages, or unexpected delays) with the visualization, making the visualization more useful and meaningful. Visual representations of executing programs have several uses. First, they have traditionally been used for program understanding as can be seen from their use in most algorithm animation systems [37,52]. Second, in various forms they have been integrated into debuggers and used for debugging [2,31].
    [Show full text]