Re: Formal description of system call interface

From: Tavis Ormandy
Date: Mon Nov 21 2016 - 10:35:15 EST

Next message: Borislav Petkov: "Re: [BUG] msr-trace.h:42 suspicious rcu_dereference_check() usage!"
Previous message: Peter Zijlstra: "Re: [PATCH] cpufreq: schedutil: add up/down frequency transition rate limits"
In reply to: Dmitry Vyukov: "Re: Formal description of system call interface"
Next in thread: Cyril Hrubis: "Re: Formal description of system call interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 21, 2016 at 7:14 AM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>
>
> Re more complex side effects. I always feared that a description suitable
> for automatic verification (i.e. zero false positives, otherwise it is useless)
> may be too difficult to achieve.
>
> Cyril, Tavis, can you come up with some set of predicates that can be
> checked automatically yet still useful?
> We can start small, e.g. "must not alter virtual address space".

Yes, I've been working on creating something like this, I have a
simple working prototype. I cant promise it has zero false positives
right now, but I think that is achievable.

Let me dig it up (I had put it on the back burner).

Tavis.

Next message: Borislav Petkov: "Re: [BUG] msr-trace.h:42 suspicious rcu_dereference_check() usage!"
Previous message: Peter Zijlstra: "Re: [PATCH] cpufreq: schedutil: add up/down frequency transition rate limits"
In reply to: Dmitry Vyukov: "Re: Formal description of system call interface"
Next in thread: Cyril Hrubis: "Re: Formal description of system call interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]