SlideShare ist ein Scribd-Unternehmen logo

HIS 2015: Prof. Ian Phillips - Stronger than its weakest link

AdaCore
AdaCore

HIS 2015

Business
1 von 37
Downloaden Sie, um offline zu lesen
1 Stronger than its weakest link High Integrity So.ware Conference (HIS'15) 5nov15: Bristol. Pdf & SlideCast @ hCp://ianp24.blogspot.com Opinions expressed are my own ... Prof. Ian Phillips Principal Staff Engineer ARM Ltd ian.phillips@arm.com Visiting Prof. at ... Contribution to Industry Award 2008 2v0
2 High Integrity Software !? ..Or.. "The scienNfic method assumes that a system with perfect integrity yields a singular extrapolaNon within its domain that one can test against observed results" (Wikipedia) §  Is So.ware the weakest link in High Integrity Systems ? §  Such that improving it is all that's necessary to produce High Integrity Systems? §  When we say So.ware are we are actually thinking ComputaNon? §  But Computa;on is about results not about implementa;on technologies!
3 We know what Proper Computing is... §  HPC and Mainframe ... maybe Worksta2on §  But not really Laptop or ... (Heaven forbid) a Pocketable?
4 Graham's Orrery - c1700 §  A machine to Compute the posi;on of the planets §  Single-Task, Con;nuous Time, Analogue, Mechanical, Computer (With backlash!) George Graham. Clock-Maker (1674-1751)
5 Amsler’s Planimeter - c1856 Planimeter 2015 ! §  A Machine for Compu;ng the Area of an arbitrary 2D shape §  Technology: Precision Mechanics, Analogue §  Available today ... Electronically enhanced Jakob Amsler-Laffon. Mathematician, physicist, engineer (1823-1912)
6 IN (x) Enumerated Phenomena OUT (y) Processed Data/ Information y=F(x) §  State (s) and Time (t) are implicit or explicit variables in this §  And so are Accuracy (a), Reliability (r) and Cost ($) §  All of which can be balanced (Architected) to meet End-Customer needs §  Exceeding needs almost always 'costs' more! ... Technologies and Methodologies just offer 'star$' op;ons over basic func;onality ... Not all of which will be commercially valuable Computing is solving a Model of a Subset of Reality ... Fast enough to be useful and affordable by its customer y=F(x,s,t,a,r,$)
7 10nm 100nm 1um 10um 100um ApproximateProcessGeometry ITRS’99 Transistors/Chip(M) Transistor/PM(K) X http://en.wikipedia.org/wiki/Moore’s_law Digital Electronics Changed the Computation Game ...
8 2012: Nvidea’s Tegra 3 Processor Unit (Around 1B transistors) NB:TheTegra 3 is similar to the Apple A4
9 Computing Systems §  The System is perceived at its Human Interface §  Though the actual interface is (usually) rela;vely dumb §  And its Compute Engine is almost always remote (and may be shared)
10 The Invisible Face of Computing Today Unrecognised but Vital ... All need to be Dependable
11 The Visible Face of Computing Today EssenNal but not Vital ... But BIG-BIG-BIG $
12 §  Digital Electronics §  So.ware §  Memory §  OpNcs §  Analogue Electronic §  Sensors/Transducers §  Mechanics §  Micro-Motors §  Displays §  Discharge Tube §  RoboNc Assembly §  PlasNc, Metal, Glass Input: Image(Light) => Compute (Process Image) => Output: SD Card (Electrons) ... Many Technologies seamlessly coopera;ng, to Enhance Human Memory ... Tradi;onal siloes (inc. SW and HW) are just a means to this end! Electronic System (Cyber-physical System) - c2015 Incorporating DIGIC5+ (ARM) System-Level Computation ‘Classic’ Computer
13 Human Population Computing for the Masses ... ... Technology Products are Increasingly ‘Intelligent’ 1970 1980 1990 2000 2010 2020 2030 Main Frame Mini Computer Personal Computer Desktop Internet Mobile Internet Millionsof Units 1st Era Select work-tasks 2nd Era Broad-based computing for specific tasks 3rd Era Computing as part of our lives Technology is the Driver Consumer is the Driver ... Old Markets are s;ll there; but don't drive the Technology today!
14 Typical 2015 Computing Platform ... ... is just 137.2 x 70.5 x 5.9 mm
15 Typical 2015 Computing Platform Exynos 5422 Eight 32 bit CPUs (big.LITTLE): •  Four big (2.1GHz ARM A15) for heavy tasks; •  Four small (1.5GHz ARM A7) for lighter tasks. + Nine Mali GPU cores ... ... A ~30 Core Heterogeneous Mul;-Processor ... In your Shirt Pocket! One Board ... 21 significant ‘Chips’
16 2010:Apple’s A4 SIP Package (Cross-sec;on) IC Packaging Technology §  The processor is the centre rectangle. The silver circles beneath it are solder balls. §  Two rectangles above are RAM die, offset to make room for the wirebonds. §  Pufng the RAM close to the processor reduces latency, making RAM faster and reduces power consumpNon ... But increases cost. §  Memory: Unknown §  Processor: Samsung/Apple (ARM Processor) §  Packaging: Unknown (SIP Technology) Source ... http://www.ifixit.com Processor SOC Die 2 Memory Dies Glue Memory ‘Package’ 4-Layer Platform Package’ Steve Jobs WWDC 2010
17 2013: Samsung Solid-State Memory §  Smart Memory (eMMC) §  16-128Gb in a single package §  8Gb/die. Stacked 2-16 die/package §  Handles errors in the API (Smart Interface) §  Package just 1.4mm thick! (11.5x13x1.4mm) ... Smaller than a postage stamp
18 10nm 100nm 1um 10um 100um ApproximateProcessGeometry ITRS’99 Transistors/Chip(M) Transistor/PM(K) “Verification Gap” 1,800py 8,500py 100py Moore’s Law: Increasing Design Challenge... http://en.wikipedia.org/wiki/Moore’s_law
19 §  They sell things that Their Customers desire and can afford §  To sa;sfy the End-Customers needs ... In an End-Product which may be several ‘layers’ above them. §  Focus on their Core Competencies as a Component Provider in a Global Market §  Avoid CommodiNsaNon by DifferenNaNon §  Improved Cost and Quality (by improving Process) ..and.. §  Improved Business-Models (which make the Money) ..and.. §  Improved Func;onality (by new Technology and Methods) §  But New Product Development is a Cost and a Risk to be Minimised §  Technology (HW, SW, Mechanics, Op;cs, Graphene, etc) just enables Op;ons! §  New-Technology may cost more (including risk) than it delivers in Product Value! §  Over-Design costs ... Business can't afford the Precau;onary Principle! ... Because successful End-Products fund their en;re (RD&I) Value-Chains ... Reuse of their Technologies become economic necessity in other markets! Computing Technologies in Business Context Businesses have to be Competitive, Money Making Machines today ...
20 Component and Sub-Systems from Global Enterprise ... ... Global Teams contributing Specialist Knowledge & Knowhow §  Apple ID’d 159 Tier-1 Suppliers ... §  Thousands of Engineers Globally §  Est. 10x Tier-2 Suppliers ... §  Including Virtual Components1 and Sub-Systems (ARM and other IP Providers) §  Mul;ple Technologies ... §  Hardware, Sojware, Op;cs, Mechanics, Acous;cs, RF, Plas;cs, etc §  Manufacturing, Test, Qualifica;on, etc. §  Methods, Tools, Training, etc §  Tens of thousands Engineers Globally ... More than 90% of Technology and Methods are Reused (produc;vity)! 1: Virtual Components do not appear on BOM
21 §  But the only way to economically realise this potenNal is by product evoluNon; reusing and reusing again the work of our technical predecessors ... §  Hardware, SoHware and other Technologies; Methods and Tools; and throughout the stack §  In-Company: Sourced and Evolved from Predecessor Products §  Ex-Company: Sourced from businesses with Specialist Knowledge/Experiance §  Reuse Improves Quality; as objects are designed more carefully, and bug-fixes are incremental §  Reuse Improves ProducLvity; as objects can be deployed without understand their implementa;on technology (or its limita;ons) ... It delivers working systems quickly with finite teams; but the dependability cannot be quan;fied! ... Despite this, Commercial Technologies will be used in Systems on which people Depend §  The cost of alternaLves will be several orders of magnitude too great §  The issue is (just) making dependable systems using undependable components Designer Productivity has become the Limiting Factor The Customer Expectation of the Billions of available Transistors is irresistible!
22 ARM: Delivers Reuse-Based Productivity ... .... 24 Processors in 6 Families for different Applica;on Domains About 50MTr About 50KTr
23 ...Tools to create optimal Hetrogeneous Multi-Processors ... ACE ACE NIC-400 Network Interconnect Flash GPIO NIC-400 USBQuad Cortex- A15 L2 cache Interrupt Control CoreLink™ DMC-520 x72 DDR4-3200 PHY AHB Snoop Filter Quad Cortex- A15 L2 cache Quad Cortex- A15 L2 cache Quad Cortex- A15 L2 cache CoreLink™ DMC-520 x72 DDR4-3200 8-16MB L3 cache PCIe 10-40 GbE DPI Crypto CoreLink™ CCN-504 Cache Coherent Network IO Virtualisation with System MMU DSP DSP DSP SATA Dual channel DDR3/4 x72 Up to 4 cores per cluster Up to 4 coherent clusters Integrated L3 cache Up to 18 AMBA interfaces for I/O coherent accelerators and IO Peripheral address space Heterogeneous processors – CPU, GPU, DSP and accelerators Virtualized Interrupts Uniform System memory
24 … Other Tools, Libraries and Partners to Realize the Potential §  Technology to build Electronic System solu2ons: §  SoHware, Drivers, OS-Ports, Tools, ULliLes to create efficient system with op;mized sojware solu;ons §  Diverse Physical Components, including CPU and GPU processors designed for specific tasks §  Interconnect System IP delivering coherency and the quality of service required for lowest memory bandwidth §  OpLmised Cell-Libraries for a highly op;mized SoC implementa;ons §  Well Connected to Partners in the Life-Cycle: §  For complementary tools and methods required by System Developers §  Global Technology Global Partners: §  >900 Licences; Millions of Developers
25 Are the Outcomes of this 'chain' Dependable? Evidently so:They are Functional and Dependable enough to satisfy Billions/yr! (2Q2015) Smart-Phone shipments 2Q15 - 185 million (~0.75B/yr) ... The probability of a 'fairly reliable' systems failing, when you need to use it for 'improbable' event, is 'highly improbable' ... And mostly this is enough
26 ‘OpNmal’ Plaporm HW1" HW2" HW3" HW4" Hardware Interface" RTOS/Drivers" Thread" Bus(es) Processor(s) F1" F2" F3" F4" F5" Create FuncNonal-Model1 on a 'Generic' Plaporm (F1)! (F3)! (F5)!(F2)! Evolving the Model (& Plaporm) unNl FuncNonal and Non-FuncNonal, Performance is Adequate. NOTE: 'Final SW' is sNll a Model of Behaviour! Design is Transforming a Model of Behaviour ... ... evolving a Mathematical Model to meet Non-Functional Constraints Transform to a FuncNonal-Model on an 'OpNmal' (HW/SW) Plaporm 1: This includes a Model of Execu;on such as a Java VM.
27 §  All models are a simplificaNon of reality; therefore they all have limitaNons §  "All models are wrong, but some are useful" (G.E.Box) §  Normal So.ware Design Methods are create-it-wrong, test-it-right ... §  Quality is established by Test; and bug-fixes/patches in the field (An inherently poor method) §  Sojware Reuse offers hugely improved ProducLvity (Not-using it is not an op;on) §  Sojware Reuse offers improved Quality (But over what?) §  ExaminaNon shows that all code has high residual errors ... §  Well structured and tested Source-Code has ~5 errors per 1,000 lines of code (E-KLOC) §  Commercial code is typically ~5x worse than this §  Most errors are harmless – But there is no useful correla;on §  Formal-Methods are beRer; but cost is high if you can't uNlise (normal) legacy code. §  But Even 'Perfect-Sojware' s;ll has to execute on an Imperfect-Plauorm ... "YES!": But Good-Enough sa;sfies the Commercial Impera;ve for most applica;ons Is Software (Logic) Inherently Undependable? Software is a Model of Reality, executing on a Hardware and Software Platform
28 Open Source is Dependable? "Somebody will see the bugs!" (But only if they look!) 1: http://www.wired.com/2014/04/heartbleedslesson/ 2: http://veridicalsystems.com/blog/of-money-responsibility-and-pride/ “It is now very clear that OpenSSL development could benefit from dedicated full-Nme, properly funded developers” “OSF typically receives only $2,000 a year in donaNons” §  OpenSSL HeartBleed bug (2014) 1 §  Update was received just before a Public Holiday §  Editor was a known and high-quality source §  Code was reviewed informally and released §  Editor was conflicted with day-job, family and holiday pressure 2 §  Too lixle resources to do a proper job. §  This was a classic E-KLOC error ... §  Not a Coding, Formayng, or Func;onal error §  It was a System error (an omission in a non-func;onal aspect of the code). ... Was the ‘fault’ with the sojware Source (OpenSSL Sojware Founda;on (OSF)) ? ... Or a User Community too-ready to believe in the Myth of Open Source sojware?
29 §  Boolean MathemaNcs (HDL) is Dependable; but implementaNon depends on reliably mapping its equaNons to the physical world through Logic-Gates §  A Gate is a Saturated Analogue circuit; with Non-Func;onal axributes. §  CMOS has been a 'reliable' Boolean mapping for 30 years, but ... §  Today’s 20nm transistors (14nm soon) have larger variability, and there are many more on a chip (Typically 1B in 2014) §  At 70degC, Vtn=130mv (sigma ~25mv) around 1 in 5 million, transistors have Vt<0 (Can’t be turned off) §  So that’s >100 transistors/chip that don’t switch off §  And there's another >100 that only turn-on weakly (low drive/slow) §  This is intrinsic (atomic), so will always be randomly located! ... "NO!": Today’s chips shouldn’t work! (So why do they?) So is Hardware (Logic) Dependable? 1/3 B A +V A B OUTNAND OUT
30 MiNgaNng this we have ... §  Weak Transistors: Not all ... §  Are at 70 degC even if the die is (But some will be higher) §  Are Minimum Size (Larger ‘area’ reduces variability) §  Are on Cri;cal Paths; and the probability of there being more than one on a path is low! §  CMOS Logic: Is very robust and will conNnue to funcLon with out-of-spec transistors §  Leaky Gates and Faster Transi;ons are seldom func;onal failures (but they do hit reliability!) §  Speed varia;ons on a path average out (on average!) §  Errors are frequently difficult to detect (and thus correct!) §  Memory: Analogue Circuits are much more sensiNve to transistor variaNon. But ... §  Failures are easier to detect (and work around) §  Spare rows/columns are included to fix manufacturing (sta;c) defects ... but not dynamic (use) §  NV-M limited write-cycles and bit failures are shielded by their smart API ... to some degree. ... Hardware failure is not always easily spoxed at the func;onal level! So is Hardware (Logic) Dependable? 2/3
31 §  And we haven't included imponderables ... §  Internally and Externally generated noise? (Greater suscep;bility at lower voltages) §  High-energy par;cles? (Greater suscep;bility at smaller geometries) §  Wear-out: Vt/Gain drij and Electro Migra;on? (Greater suscep;bility at smaller geometries) §  Local Hot-Spots? (140C is not uncommon on chip) §  Limita;ons of Verifica;on and Test (State-Space explora;on is always a sub-set) §  We are repeatedly mulNplying Nny-improbables, by ever larger-numbers ... §  And many of the values are only guesses! §  We have no real idea about the reliability/dependability of modern Systems or Components §  But we know that as process geometries shrink, SuscepNbility will get worse ... §  Chips will get ever more complex (and more chips will be used in more complex Systems) §  Transistors will get smaller and Designers will erode safety margins to get performance ... Despite this; Chips and Systems do Yield more than we would rightly expect ... ... So we must be u;lising Unknown Safety Margins! So is Hardware (Logic) Dependable? 3/3
32 Killing a Sacred Cow: SW and HW Logic are the Same ...They have different characteristics, so choice is a System Architectural decision! // A master-slave type D-Flip Flop module flop (data, clock, clear, q, qb); input data, clock, clear; output q, qb; // primitive #delay instance-name // (output, input1, input2, .....), nand #10 nd1 (a, data, clock, clear), nd2 (b, ndata, clock), nd4 (d, c, b, clear), nd5 (e, c, nclock), nd6 (f, d, nclock), nd8 (qb, q, f, clear); nand #9 nd3 (c, a, d), nd7 (q, e, qb); not #10 inv1 (ndata, data), inv2 (nclock, clock); endmodule 'Hardware' Language (Verilog) 'Software' Language (C) #include<time.h> /* Use the PC's timer to check */ /* processing time */ main() { clock_t time,deltime; long junk,i; float secs; LOOP: printf("input loop count: "); scanf("%ld",&junk); time = clock(); for(i=0;i<junk;i++) deltime = clock() - time; secs = (float) deltime/CLOCKS_PER printf("for %ld loops, #tics = % %fn",junk,deltime,secs); goto LOOP; ... Target Platform CMOS -------- CPU Target Architecture Info Compilers HW ----------- SW Configuration Files HW -------------- SW
33 §  By the Nme you are wriNng ApplicaNons you are hugely dependent on the layered-accuracy of other peoples work beneath ... Both Hardware and So.ware So whilst Boolean Mathematics is Absolute ... ... all implementations of it are not A SoftwareView A HardwareView
34 §  We Can’t Design them Right §  HW is SW; and Coding errors remain. State-space too big for simula;on explora;on. Can’t model or explore whole Systems and they are too complex for Formal methods. Reuse embodies unknown bugs. §  We Can’t Make them Right §  Chips are subject to Process Imperfec;ons and Variability. Chips and Systems are subject to Verifica;ons and Test Escapes. Boolean math is absolute; logic cells and real layouts are not §  We Can’t Keep them Right §  Chips are suscep;ble to Supply Transients, Wear-Out and High-Energy par;cles. Most damage is not immediately obvious. ... And it will all get worse as process geometries shrink ... Yet every year we make Billions of Systems that work! "The Naysayers are just Harbingers of Doom!" So Complex Electronic Systems are Impossible!
35 §  System-Level Dependability is what maCers ... §  Component and Sub-System dependability is inherently poor (and will get worse). §  ProducNvity demands that Dependable Systems must Reuse Components and Sub- Systems (Physical and Virtual); and the affordable ones are of Commercial quality! §  Clean-Sheet design is not an op;on for almost all complex products! ... the cost-is-no-object customer is an endangered specie §  Increasing the Dependability of Components and Sub-Systems helps; but can never be enough §  ARM product is really; 'Enhanced Reuse for Electronic System Design and Manufacture' ... The Only Place to implement System-Level Dependability on an Undependable Plauorm, is at the System-Layer! §  Reliable components and sub-systems will help, but cannot ever be enough §  Predominantly a 'So.ware' challenge; but not alone (Don't forget the simple Watch-Dog) Dependable on Undependable Any Methods that are based on perfection in HW or SW are untenable ...
36 The Real Conclusions §  Systems are what End-Customers buy; they expect them to be Dependable Enough §  A subjec;ve concept; which is Applica;on, State and Context dependent (& Technology independent) §  Commercial Components (HW/SW) will be the building blocks of Dependable Systems §  Commercial use gives us the Technologies which we are economically bound to use today §  Though they work bexer than we would rightly expect, we cannot quan;fy their quality §  Improving their Quality/Reliability/Dependability helps; but 100% is an asympto;c goal! §  The System Knows what the System Wants §  So: System behaviour and robustness must be handled at the System-Level (Top-Level); only it can know the expected ac;on and appropriate correc;ve ac;on for its domain. §  And: Because of the size of the Func;onal and Non-Func;onal Space, conformance cannot be measured; so it will require a Policy Based approach. ... Meanwhile systems that people depend on will be produced ... The Commercial Impera;ve can’t/won't wait for the 'right methodology'
37 The END IsVery Nigh ... Pdf & SlideCast through http://ianp24.blogspot.com

Empfohlen

CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 
The trials and tribulations of providing engineering infrastructure
The trials and tribulations of providing engineering infrastructure The trials and tribulations of providing engineering infrastructure
The trials and tribulations of providing engineering infrastructure TechExeter
 
Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Nelson Brito
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021Olivera Milenkovic
 
[PH-Neutral 0x7db] Exploit Next Generation®
[PH-Neutral 0x7db] Exploit Next Generation®[PH-Neutral 0x7db] Exploit Next Generation®
[PH-Neutral 0x7db] Exploit Next Generation®Nelson Brito
 
A client-side vulnerability under the microscope!
A client-side vulnerability under the microscope!A client-side vulnerability under the microscope!
A client-side vulnerability under the microscope!Nelson Brito
 

Empfohlen

CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 
The trials and tribulations of providing engineering infrastructure
The trials and tribulations of providing engineering infrastructure The trials and tribulations of providing engineering infrastructure
The trials and tribulations of providing engineering infrastructure TechExeter
 
Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Nelson Brito
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021Olivera Milenkovic
 
[PH-Neutral 0x7db] Exploit Next Generation®
[PH-Neutral 0x7db] Exploit Next Generation®[PH-Neutral 0x7db] Exploit Next Generation®
[PH-Neutral 0x7db] Exploit Next Generation®Nelson Brito
 
A client-side vulnerability under the microscope!
A client-side vulnerability under the microscope!A client-side vulnerability under the microscope!
A client-side vulnerability under the microscope!Nelson Brito
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Maksim Shudrak
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Maksim Shudrak
 
The hangover: A "modern" (?) high performance approach to build an offensive ...
The hangover: A "modern" (?) high performance approach to build an offensive ...The hangover: A "modern" (?) high performance approach to build an offensive ...
The hangover: A "modern" (?) high performance approach to build an offensive ...Nelson Brito
 
AusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesAusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesDavid Jorm
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation KernelAdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesAdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Maksim Shudrak
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Maksim Shudrak
 
The hangover: A "modern" (?) high performance approach to build an offensive ...
The hangover: A "modern" (?) high performance approach to build an offensive ...The hangover: A "modern" (?) high performance approach to build an offensive ...
The hangover: A "modern" (?) high performance approach to build an offensive ...Nelson Brito
 
AusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesAusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesDavid Jorm
 

Was ist angesagt? (6)

Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_new
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
 
The hangover: A "modern" (?) high performance approach to build an offensive ...
The hangover: A "modern" (?) high performance approach to build an offensive ...The hangover: A "modern" (?) high performance approach to build an offensive ...
The hangover: A "modern" (?) high performance approach to build an offensive ...
 
AusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternativesAusCERT 2016: CVE and alternatives
AusCERT 2016: CVE and alternatives
 

Andere mochten auch

HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation KernelAdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesAdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

Andere mochten auch (20)

HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics Devices
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the future
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Ähnlich wie HIS 2015: Prof. Ian Phillips - Stronger than its weakest link

EDCC14 Keynote, Newcastle 15may14
EDCC14 Keynote, Newcastle 15may14EDCC14 Keynote, Newcastle 15may14
EDCC14 Keynote, Newcastle 15may14Ian Phillips
 
Computing Platforms for the XXIc - DSD/SEAA Keynote
Computing Platforms for the XXIc - DSD/SEAA KeynoteComputing Platforms for the XXIc - DSD/SEAA Keynote
Computing Platforms for the XXIc - DSD/SEAA KeynoteIan Phillips
 
Building frameworks: from concept to completion
Building frameworks: from concept to completionBuilding frameworks: from concept to completion
Building frameworks: from concept to completionRuben Goncalves
 
Computing Platforms for the 21C - 25feb14
Computing Platforms for the 21C - 25feb14Computing Platforms for the 21C - 25feb14
Computing Platforms for the 21C - 25feb14Ian Phillips
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Takeda Pharmaceuticals
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.Rsaesha
 
An AI accelerator ASIC architecture
An AI accelerator ASIC architectureAn AI accelerator ASIC architecture
An AI accelerator ASIC architectureKhanh Le
 
Arm cross development_with_eclipse
Arm cross development_with_eclipseArm cross development_with_eclipse
Arm cross development_with_eclipseWalmar de Paula
 
Innodisk at aditech customer meet 2015
Innodisk at aditech customer meet 2015Innodisk at aditech customer meet 2015
Innodisk at aditech customer meet 2015Vilas Fulsundar
 
Making a Process (Virtualizing Memory)
Making a Process (Virtualizing Memory)Making a Process (Virtualizing Memory)
Making a Process (Virtualizing Memory)David Evans
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer OverflowsDaniel Tumser
 
IoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/LinuxIoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/LinuxSamsung Open Source Group
 
Acug datafiniti pellon_sept2013
Acug datafiniti pellon_sept2013Acug datafiniti pellon_sept2013
Acug datafiniti pellon_sept2013Datafiniti
 
The Ever So Slighty Geeky Quiz With Maybe
The Ever So Slighty Geeky Quiz With MaybeThe Ever So Slighty Geeky Quiz With Maybe
The Ever So Slighty Geeky Quiz With MaybeAmanda Jackson
 
An introduction to erlang
An introduction to erlangAn introduction to erlang
An introduction to erlangMirko Bonadei
 
Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Leif Bloomquist
 
Caring for file formats
Caring for file formatsCaring for file formats
Caring for file formatsAnge Albertini
 

Ähnlich wie HIS 2015: Prof. Ian Phillips - Stronger than its weakest link (20)

EDCC14 Keynote, Newcastle 15may14
EDCC14 Keynote, Newcastle 15may14EDCC14 Keynote, Newcastle 15may14
EDCC14 Keynote, Newcastle 15may14
 
Computing Platforms for the XXIc - DSD/SEAA Keynote
Computing Platforms for the XXIc - DSD/SEAA KeynoteComputing Platforms for the XXIc - DSD/SEAA Keynote
Computing Platforms for the XXIc - DSD/SEAA Keynote
 
Building frameworks: from concept to completion
Building frameworks: from concept to completionBuilding frameworks: from concept to completion
Building frameworks: from concept to completion
 
Computing Platforms for the 21C - 25feb14
Computing Platforms for the 21C - 25feb14Computing Platforms for the 21C - 25feb14
Computing Platforms for the 21C - 25feb14
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.
 
An AI accelerator ASIC architecture
An AI accelerator ASIC architectureAn AI accelerator ASIC architecture
An AI accelerator ASIC architecture
 
Arm cross development_with_eclipse
Arm cross development_with_eclipseArm cross development_with_eclipse
Arm cross development_with_eclipse
 
Innodisk at aditech customer meet 2015
Innodisk at aditech customer meet 2015Innodisk at aditech customer meet 2015
Innodisk at aditech customer meet 2015
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
Making a Process (Virtualizing Memory)
Making a Process (Virtualizing Memory)Making a Process (Virtualizing Memory)
Making a Process (Virtualizing Memory)
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Stack-Based Buffer Overflows
Stack-Based Buffer OverflowsStack-Based Buffer Overflows
Stack-Based Buffer Overflows
 
IoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/LinuxIoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
IoTivity Tutorial: Prototyping IoT Devices on GNU/Linux
 
Acug datafiniti pellon_sept2013
Acug datafiniti pellon_sept2013Acug datafiniti pellon_sept2013
Acug datafiniti pellon_sept2013
 
The Ever So Slighty Geeky Quiz With Maybe
The Ever So Slighty Geeky Quiz With MaybeThe Ever So Slighty Geeky Quiz With Maybe
The Ever So Slighty Geeky Quiz With Maybe
 
An introduction to erlang
An introduction to erlangAn introduction to erlang
An introduction to erlang
 
Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Internet Technology for the Commodore 64
Internet Technology for the Commodore 64
 
OpenPOWER Update
OpenPOWER UpdateOpenPOWER Update
OpenPOWER Update
 
Caring for file formats
Caring for file formatsCaring for file formats
Caring for file formats
 

Mehr von AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 

Mehr von AdaCore (19)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 

Kürzlich hochgeladen

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 

Kürzlich hochgeladen (20)

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 

HIS 2015: Prof. Ian Phillips - Stronger than its weakest link

  • 1. 1 Stronger than its weakest link High Integrity So.ware Conference (HIS'15) 5nov15: Bristol. Pdf & SlideCast @ hCp://ianp24.blogspot.com Opinions expressed are my own ... Prof. Ian Phillips Principal Staff Engineer ARM Ltd ian.phillips@arm.com Visiting Prof. at ... Contribution to Industry Award 2008 2v0
  • 2. 2 High Integrity Software !? ..Or.. "The scienNfic method assumes that a system with perfect integrity yields a singular extrapolaNon within its domain that one can test against observed results" (Wikipedia) §  Is So.ware the weakest link in High Integrity Systems ? §  Such that improving it is all that's necessary to produce High Integrity Systems? §  When we say So.ware are we are actually thinking ComputaNon? §  But Computa;on is about results not about implementa;on technologies!
  • 3. 3 We know what Proper Computing is... §  HPC and Mainframe ... maybe Worksta2on §  But not really Laptop or ... (Heaven forbid) a Pocketable?
  • 4. 4 Graham's Orrery - c1700 §  A machine to Compute the posi;on of the planets §  Single-Task, Con;nuous Time, Analogue, Mechanical, Computer (With backlash!) George Graham. Clock-Maker (1674-1751)
  • 5. 5 Amsler’s Planimeter - c1856 Planimeter 2015 ! §  A Machine for Compu;ng the Area of an arbitrary 2D shape §  Technology: Precision Mechanics, Analogue §  Available today ... Electronically enhanced Jakob Amsler-Laffon. Mathematician, physicist, engineer (1823-1912)
  • 6. 6 IN (x) Enumerated Phenomena OUT (y) Processed Data/ Information y=F(x) §  State (s) and Time (t) are implicit or explicit variables in this §  And so are Accuracy (a), Reliability (r) and Cost ($) §  All of which can be balanced (Architected) to meet End-Customer needs §  Exceeding needs almost always 'costs' more! ... Technologies and Methodologies just offer 'star$' op;ons over basic func;onality ... Not all of which will be commercially valuable Computing is solving a Model of a Subset of Reality ... Fast enough to be useful and affordable by its customer y=F(x,s,t,a,r,$)
  • 8. 8 2012: Nvidea’s Tegra 3 Processor Unit (Around 1B transistors) NB:TheTegra 3 is similar to the Apple A4
  • 9. 9 Computing Systems §  The System is perceived at its Human Interface §  Though the actual interface is (usually) rela;vely dumb §  And its Compute Engine is almost always remote (and may be shared)
  • 10. 10 The Invisible Face of Computing Today Unrecognised but Vital ... All need to be Dependable
  • 11. 11 The Visible Face of Computing Today EssenNal but not Vital ... But BIG-BIG-BIG $
  • 12. 12 §  Digital Electronics §  So.ware §  Memory §  OpNcs §  Analogue Electronic §  Sensors/Transducers §  Mechanics §  Micro-Motors §  Displays §  Discharge Tube §  RoboNc Assembly §  PlasNc, Metal, Glass Input: Image(Light) => Compute (Process Image) => Output: SD Card (Electrons) ... Many Technologies seamlessly coopera;ng, to Enhance Human Memory ... Tradi;onal siloes (inc. SW and HW) are just a means to this end! Electronic System (Cyber-physical System) - c2015 Incorporating DIGIC5+ (ARM) System-Level Computation ‘Classic’ Computer
  • 13. 13 Human Population Computing for the Masses ... ... Technology Products are Increasingly ‘Intelligent’ 1970 1980 1990 2000 2010 2020 2030 Main Frame Mini Computer Personal Computer Desktop Internet Mobile Internet Millionsof Units 1st Era Select work-tasks 2nd Era Broad-based computing for specific tasks 3rd Era Computing as part of our lives Technology is the Driver Consumer is the Driver ... Old Markets are s;ll there; but don't drive the Technology today!
  • 14. 14 Typical 2015 Computing Platform ... ... is just 137.2 x 70.5 x 5.9 mm
  • 15. 15 Typical 2015 Computing Platform Exynos 5422 Eight 32 bit CPUs (big.LITTLE): •  Four big (2.1GHz ARM A15) for heavy tasks; •  Four small (1.5GHz ARM A7) for lighter tasks. + Nine Mali GPU cores ... ... A ~30 Core Heterogeneous Mul;-Processor ... In your Shirt Pocket! One Board ... 21 significant ‘Chips’
  • 16. 16 2010:Apple’s A4 SIP Package (Cross-sec;on) IC Packaging Technology §  The processor is the centre rectangle. The silver circles beneath it are solder balls. §  Two rectangles above are RAM die, offset to make room for the wirebonds. §  Pufng the RAM close to the processor reduces latency, making RAM faster and reduces power consumpNon ... But increases cost. §  Memory: Unknown §  Processor: Samsung/Apple (ARM Processor) §  Packaging: Unknown (SIP Technology) Source ... http://www.ifixit.com Processor SOC Die 2 Memory Dies Glue Memory ‘Package’ 4-Layer Platform Package’ Steve Jobs WWDC 2010
  • 17. 17 2013: Samsung Solid-State Memory §  Smart Memory (eMMC) §  16-128Gb in a single package §  8Gb/die. Stacked 2-16 die/package §  Handles errors in the API (Smart Interface) §  Package just 1.4mm thick! (11.5x13x1.4mm) ... Smaller than a postage stamp
  • 19. 19 §  They sell things that Their Customers desire and can afford §  To sa;sfy the End-Customers needs ... In an End-Product which may be several ‘layers’ above them. §  Focus on their Core Competencies as a Component Provider in a Global Market §  Avoid CommodiNsaNon by DifferenNaNon §  Improved Cost and Quality (by improving Process) ..and.. §  Improved Business-Models (which make the Money) ..and.. §  Improved Func;onality (by new Technology and Methods) §  But New Product Development is a Cost and a Risk to be Minimised §  Technology (HW, SW, Mechanics, Op;cs, Graphene, etc) just enables Op;ons! §  New-Technology may cost more (including risk) than it delivers in Product Value! §  Over-Design costs ... Business can't afford the Precau;onary Principle! ... Because successful End-Products fund their en;re (RD&I) Value-Chains ... Reuse of their Technologies become economic necessity in other markets! Computing Technologies in Business Context Businesses have to be Competitive, Money Making Machines today ...
  • 20. 20 Component and Sub-Systems from Global Enterprise ... ... Global Teams contributing Specialist Knowledge & Knowhow §  Apple ID’d 159 Tier-1 Suppliers ... §  Thousands of Engineers Globally §  Est. 10x Tier-2 Suppliers ... §  Including Virtual Components1 and Sub-Systems (ARM and other IP Providers) §  Mul;ple Technologies ... §  Hardware, Sojware, Op;cs, Mechanics, Acous;cs, RF, Plas;cs, etc §  Manufacturing, Test, Qualifica;on, etc. §  Methods, Tools, Training, etc §  Tens of thousands Engineers Globally ... More than 90% of Technology and Methods are Reused (produc;vity)! 1: Virtual Components do not appear on BOM
  • 21. 21 §  But the only way to economically realise this potenNal is by product evoluNon; reusing and reusing again the work of our technical predecessors ... §  Hardware, SoHware and other Technologies; Methods and Tools; and throughout the stack §  In-Company: Sourced and Evolved from Predecessor Products §  Ex-Company: Sourced from businesses with Specialist Knowledge/Experiance §  Reuse Improves Quality; as objects are designed more carefully, and bug-fixes are incremental §  Reuse Improves ProducLvity; as objects can be deployed without understand their implementa;on technology (or its limita;ons) ... It delivers working systems quickly with finite teams; but the dependability cannot be quan;fied! ... Despite this, Commercial Technologies will be used in Systems on which people Depend §  The cost of alternaLves will be several orders of magnitude too great §  The issue is (just) making dependable systems using undependable components Designer Productivity has become the Limiting Factor The Customer Expectation of the Billions of available Transistors is irresistible!
  • 22. 22 ARM: Delivers Reuse-Based Productivity ... .... 24 Processors in 6 Families for different Applica;on Domains About 50MTr About 50KTr
  • 23. 23 ...Tools to create optimal Hetrogeneous Multi-Processors ... ACE ACE NIC-400 Network Interconnect Flash GPIO NIC-400 USBQuad Cortex- A15 L2 cache Interrupt Control CoreLink™ DMC-520 x72 DDR4-3200 PHY AHB Snoop Filter Quad Cortex- A15 L2 cache Quad Cortex- A15 L2 cache Quad Cortex- A15 L2 cache CoreLink™ DMC-520 x72 DDR4-3200 8-16MB L3 cache PCIe 10-40 GbE DPI Crypto CoreLink™ CCN-504 Cache Coherent Network IO Virtualisation with System MMU DSP DSP DSP SATA Dual channel DDR3/4 x72 Up to 4 cores per cluster Up to 4 coherent clusters Integrated L3 cache Up to 18 AMBA interfaces for I/O coherent accelerators and IO Peripheral address space Heterogeneous processors – CPU, GPU, DSP and accelerators Virtualized Interrupts Uniform System memory
  • 24. 24 … Other Tools, Libraries and Partners to Realize the Potential §  Technology to build Electronic System solu2ons: §  SoHware, Drivers, OS-Ports, Tools, ULliLes to create efficient system with op;mized sojware solu;ons §  Diverse Physical Components, including CPU and GPU processors designed for specific tasks §  Interconnect System IP delivering coherency and the quality of service required for lowest memory bandwidth §  OpLmised Cell-Libraries for a highly op;mized SoC implementa;ons §  Well Connected to Partners in the Life-Cycle: §  For complementary tools and methods required by System Developers §  Global Technology Global Partners: §  >900 Licences; Millions of Developers
  • 25. 25 Are the Outcomes of this 'chain' Dependable? Evidently so:They are Functional and Dependable enough to satisfy Billions/yr! (2Q2015) Smart-Phone shipments 2Q15 - 185 million (~0.75B/yr) ... The probability of a 'fairly reliable' systems failing, when you need to use it for 'improbable' event, is 'highly improbable' ... And mostly this is enough
  • 26. 26 ‘OpNmal’ Plaporm HW1" HW2" HW3" HW4" Hardware Interface" RTOS/Drivers" Thread" Bus(es) Processor(s) F1" F2" F3" F4" F5" Create FuncNonal-Model1 on a 'Generic' Plaporm (F1)! (F3)! (F5)!(F2)! Evolving the Model (& Plaporm) unNl FuncNonal and Non-FuncNonal, Performance is Adequate. NOTE: 'Final SW' is sNll a Model of Behaviour! Design is Transforming a Model of Behaviour ... ... evolving a Mathematical Model to meet Non-Functional Constraints Transform to a FuncNonal-Model on an 'OpNmal' (HW/SW) Plaporm 1: This includes a Model of Execu;on such as a Java VM.
  • 27. 27 §  All models are a simplificaNon of reality; therefore they all have limitaNons §  "All models are wrong, but some are useful" (G.E.Box) §  Normal So.ware Design Methods are create-it-wrong, test-it-right ... §  Quality is established by Test; and bug-fixes/patches in the field (An inherently poor method) §  Sojware Reuse offers hugely improved ProducLvity (Not-using it is not an op;on) §  Sojware Reuse offers improved Quality (But over what?) §  ExaminaNon shows that all code has high residual errors ... §  Well structured and tested Source-Code has ~5 errors per 1,000 lines of code (E-KLOC) §  Commercial code is typically ~5x worse than this §  Most errors are harmless – But there is no useful correla;on §  Formal-Methods are beRer; but cost is high if you can't uNlise (normal) legacy code. §  But Even 'Perfect-Sojware' s;ll has to execute on an Imperfect-Plauorm ... "YES!": But Good-Enough sa;sfies the Commercial Impera;ve for most applica;ons Is Software (Logic) Inherently Undependable? Software is a Model of Reality, executing on a Hardware and Software Platform
  • 28. 28 Open Source is Dependable? "Somebody will see the bugs!" (But only if they look!) 1: http://www.wired.com/2014/04/heartbleedslesson/ 2: http://veridicalsystems.com/blog/of-money-responsibility-and-pride/ “It is now very clear that OpenSSL development could benefit from dedicated full-Nme, properly funded developers” “OSF typically receives only $2,000 a year in donaNons” §  OpenSSL HeartBleed bug (2014) 1 §  Update was received just before a Public Holiday §  Editor was a known and high-quality source §  Code was reviewed informally and released §  Editor was conflicted with day-job, family and holiday pressure 2 §  Too lixle resources to do a proper job. §  This was a classic E-KLOC error ... §  Not a Coding, Formayng, or Func;onal error §  It was a System error (an omission in a non-func;onal aspect of the code). ... Was the ‘fault’ with the sojware Source (OpenSSL Sojware Founda;on (OSF)) ? ... Or a User Community too-ready to believe in the Myth of Open Source sojware?
  • 29. 29 §  Boolean MathemaNcs (HDL) is Dependable; but implementaNon depends on reliably mapping its equaNons to the physical world through Logic-Gates §  A Gate is a Saturated Analogue circuit; with Non-Func;onal axributes. §  CMOS has been a 'reliable' Boolean mapping for 30 years, but ... §  Today’s 20nm transistors (14nm soon) have larger variability, and there are many more on a chip (Typically 1B in 2014) §  At 70degC, Vtn=130mv (sigma ~25mv) around 1 in 5 million, transistors have Vt<0 (Can’t be turned off) §  So that’s >100 transistors/chip that don’t switch off §  And there's another >100 that only turn-on weakly (low drive/slow) §  This is intrinsic (atomic), so will always be randomly located! ... "NO!": Today’s chips shouldn’t work! (So why do they?) So is Hardware (Logic) Dependable? 1/3 B A +V A B OUTNAND OUT
  • 30. 30 MiNgaNng this we have ... §  Weak Transistors: Not all ... §  Are at 70 degC even if the die is (But some will be higher) §  Are Minimum Size (Larger ‘area’ reduces variability) §  Are on Cri;cal Paths; and the probability of there being more than one on a path is low! §  CMOS Logic: Is very robust and will conNnue to funcLon with out-of-spec transistors §  Leaky Gates and Faster Transi;ons are seldom func;onal failures (but they do hit reliability!) §  Speed varia;ons on a path average out (on average!) §  Errors are frequently difficult to detect (and thus correct!) §  Memory: Analogue Circuits are much more sensiNve to transistor variaNon. But ... §  Failures are easier to detect (and work around) §  Spare rows/columns are included to fix manufacturing (sta;c) defects ... but not dynamic (use) §  NV-M limited write-cycles and bit failures are shielded by their smart API ... to some degree. ... Hardware failure is not always easily spoxed at the func;onal level! So is Hardware (Logic) Dependable? 2/3
  • 31. 31 §  And we haven't included imponderables ... §  Internally and Externally generated noise? (Greater suscep;bility at lower voltages) §  High-energy par;cles? (Greater suscep;bility at smaller geometries) §  Wear-out: Vt/Gain drij and Electro Migra;on? (Greater suscep;bility at smaller geometries) §  Local Hot-Spots? (140C is not uncommon on chip) §  Limita;ons of Verifica;on and Test (State-Space explora;on is always a sub-set) §  We are repeatedly mulNplying Nny-improbables, by ever larger-numbers ... §  And many of the values are only guesses! §  We have no real idea about the reliability/dependability of modern Systems or Components §  But we know that as process geometries shrink, SuscepNbility will get worse ... §  Chips will get ever more complex (and more chips will be used in more complex Systems) §  Transistors will get smaller and Designers will erode safety margins to get performance ... Despite this; Chips and Systems do Yield more than we would rightly expect ... ... So we must be u;lising Unknown Safety Margins! So is Hardware (Logic) Dependable? 3/3
  • 32. 32 Killing a Sacred Cow: SW and HW Logic are the Same ...They have different characteristics, so choice is a System Architectural decision! // A master-slave type D-Flip Flop module flop (data, clock, clear, q, qb); input data, clock, clear; output q, qb; // primitive #delay instance-name // (output, input1, input2, .....), nand #10 nd1 (a, data, clock, clear), nd2 (b, ndata, clock), nd4 (d, c, b, clear), nd5 (e, c, nclock), nd6 (f, d, nclock), nd8 (qb, q, f, clear); nand #9 nd3 (c, a, d), nd7 (q, e, qb); not #10 inv1 (ndata, data), inv2 (nclock, clock); endmodule 'Hardware' Language (Verilog) 'Software' Language (C) #include<time.h> /* Use the PC's timer to check */ /* processing time */ main() { clock_t time,deltime; long junk,i; float secs; LOOP: printf("input loop count: "); scanf("%ld",&junk); time = clock(); for(i=0;i<junk;i++) deltime = clock() - time; secs = (float) deltime/CLOCKS_PER printf("for %ld loops, #tics = % %fn",junk,deltime,secs); goto LOOP; ... Target Platform CMOS -------- CPU Target Architecture Info Compilers HW ----------- SW Configuration Files HW -------------- SW
  • 34. 34 §  We Can’t Design them Right §  HW is SW; and Coding errors remain. State-space too big for simula;on explora;on. Can’t model or explore whole Systems and they are too complex for Formal methods. Reuse embodies unknown bugs. §  We Can’t Make them Right §  Chips are subject to Process Imperfec;ons and Variability. Chips and Systems are subject to Verifica;ons and Test Escapes. Boolean math is absolute; logic cells and real layouts are not §  We Can’t Keep them Right §  Chips are suscep;ble to Supply Transients, Wear-Out and High-Energy par;cles. Most damage is not immediately obvious. ... And it will all get worse as process geometries shrink ... Yet every year we make Billions of Systems that work! "The Naysayers are just Harbingers of Doom!" So Complex Electronic Systems are Impossible!
  • 35. 35 §  System-Level Dependability is what maCers ... §  Component and Sub-System dependability is inherently poor (and will get worse). §  ProducNvity demands that Dependable Systems must Reuse Components and Sub- Systems (Physical and Virtual); and the affordable ones are of Commercial quality! §  Clean-Sheet design is not an op;on for almost all complex products! ... the cost-is-no-object customer is an endangered specie §  Increasing the Dependability of Components and Sub-Systems helps; but can never be enough §  ARM product is really; 'Enhanced Reuse for Electronic System Design and Manufacture' ... The Only Place to implement System-Level Dependability on an Undependable Plauorm, is at the System-Layer! §  Reliable components and sub-systems will help, but cannot ever be enough §  Predominantly a 'So.ware' challenge; but not alone (Don't forget the simple Watch-Dog) Dependable on Undependable Any Methods that are based on perfection in HW or SW are untenable ...
  • 36. 36 The Real Conclusions §  Systems are what End-Customers buy; they expect them to be Dependable Enough §  A subjec;ve concept; which is Applica;on, State and Context dependent (& Technology independent) §  Commercial Components (HW/SW) will be the building blocks of Dependable Systems §  Commercial use gives us the Technologies which we are economically bound to use today §  Though they work bexer than we would rightly expect, we cannot quan;fy their quality §  Improving their Quality/Reliability/Dependability helps; but 100% is an asympto;c goal! §  The System Knows what the System Wants §  So: System behaviour and robustness must be handled at the System-Level (Top-Level); only it can know the expected ac;on and appropriate correc;ve ac;on for its domain. §  And: Because of the size of the Func;onal and Non-Func;onal Space, conformance cannot be measured; so it will require a Policy Based approach. ... Meanwhile systems that people depend on will be produced ... The Commercial Impera;ve can’t/won't wait for the 'right methodology'
  • 37. 37 The END IsVery Nigh ... Pdf & SlideCast through http://ianp24.blogspot.com