coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Marco Servetto <marco.servetto AT gmail.com>
- To: coq-club AT inria.fr
- Subject: Re: [Coq-Club] A verified bootstrapping computer (academic curiousity)
- Date: Sun, 9 Jan 2022 08:20:52 +1300
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=marco.servetto AT gmail.com; spf=Pass smtp.mailfrom=marco.servetto AT gmail.com; spf=None smtp.helo=postmaster AT mail-lf1-f45.google.com
- Ironport-data: A9a23:afTEwqugnEvA8L7DwzidBJNYD+fnVDpfMUV32f8akzHdYEJGY0x3zDMXWjuHPPuOZzfwetklPIq/pkoPvZLTzt5lGQY6qC5EQiMRo6IpJ/zJdxaqZ3v6wu7rFR88sZ1GMrEsFC2FJ5Pljk/F3oPJ8D8shclkepKmULSeYnkpFVc+IMscoUsLd9AR0tYAbeeRWFvlVePa+6UzCXf9s9JGGjp8B5Gr9HuDiM/PVAYw5TTSUxzkUGj2zBH5BLpHTU24wuCRroN8RoZWTM6bpF21E/+wwvsjNj+luu6TnkwiR7fTOU2KhCMTVfT/xBdFoSM23+AwM/90hUV/0W3Y2YAsjowT6trsFG/FPYWU8AgZexxRCSp5e7ZL4qHKPWS4mcOWxkzCNXDrxp2CCWlvYdZJoLoqXAmi8tRBcGxXBvyZvMq9x6v+Qe1xjOw4PczzNcUevGthxHfXF54brTrrV/2fv5kHyG5l3oYWCayLP4xDOGs2eE+VO1sSLghCIYwat+KMqnnbUjR+lEixm6sS9zGLmVA1gayF3MH9f9WLQYBRkB/dqD6buWv+BR4eOZqUzj/tz55lvceX9QuTZW7YPOTQGj9WbFyvKqg7DRQXUR6/r6D8hBLjHd1YLEMQ92wlqq1aGImDJjXid0XQnZJGlkd0txls/ykS5wSEy66S6AGcboTBZiAUc8Qo7afaWhRzvmJkXLrV6fhHv7icSHbb/bCRxd93EUD5MkdaDRI5ocA5DxUPbW39Yt8jjjquLUJtsuDIJA==
- Ironport-hdrordr: A9a23:c20ymqF86tyFRqNmpLqE18eALOsnbusQ8zAXPidKOGRom62j5rmTdZEgvyMc5wxhPU3I9erwWpVoBEmslqKdgrNxAV7BZniDhILAFugLhrcKgQeBJ8SUzJ876U4PSdkZNDQyNzRHZATBjTVQ3+xO/DBPys6Vuds=
- Ironport-phdr: A9a23:OB+7WhIsvK/nQBIPGtmcuH1mWUAX0o4c3iYr45Yqw4hDbr6kt8y7ehCFvLM00AKCDNqTwskHotKei7rnV20E7MTJm1E5W7sIaSU4j94LlRcrGs+PBB6zBvfraysnAJYKDwc9rDm0PkdPBcnxeUDZrGGs4j4OABX/Mhd+KvjoFoLIgMm7yf2+94fObwhHhDexbrd/IRerpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoIODA5/2PXhMJ+j6xVvQyvqABwzYPPfIGVLeBzcr/Bcd8GR2dMWNtaWSxbAoO7aosCF+0PMvxCr4bhoFsFsAawChe2BOPx1DBImmP23aon2OkmFAHJxhYgEM4JsHjOt9X6Kr0SUf6rw6nU0TXDaOhb2Tj46IfScxAhpeuAUq53ccrU0EQiER7OgVqMp4L/JTyVyvgNvHaB7+pmTe+jlXMqpgNsrjSxycohl4fHiI0Jx13H+yt0z4c4KMO3RkNnYdOpH5tduiCEO4ZyXM4vQH9ktSgkx7ACu5O3YTQHxZI6zBDcc/yKa5aE7g7nWeqLIjp1hGhpdK++ihuw60Stxe3xW8+p21hQtCVFiMPDtnUV2hzT9MeHTvx981+k2TmV1gDT7vhIIUQ6labGMpIhzLE9m5oJvUTMGS/2n0r2jKuIeUk+5ueo7OHnbq3npp+aKYB0lhnzProylsG7G+g1MQgDU3KG9em91rDv50L0TbVSgv0ziKbZsZTaJcoBpq6+Bg9YyoMj5AylDzi619QUh2IHI0xfeBKZkYfpJ03OIPfjAPewhlSjijZrx/TcMrL9BZXNK2DPkK39crZl905c1A0zwMhD6JJTE7ENOe78WkvstNPDFRI5KAy1w+P/CNpnzI8eWGSPArWYMKzIq1OI6PgvcKGwY9oevy+4IPw47dbvi2U4kBkTZ/qHx5wSPVWxBP9ha36Ue2ThnssGWTMPtxA1S6rxhUecXCJPYF69Wqs94ncwD4fwXtSLfZyknLHUhHTzJZZRfG0TUjhk8F/tfoSAHvMCMWecfpInnTsDWrysDYQm0EP23OcV47ViJ+vQvCYfsMC6vDCQz+LWnBA2szdzCpbFu1w=
More than that, I would be interested to understand what kind of
compromises we are taking when we choose the assumptions we verify
against.
This is particularly relevant for the hardware verification part: what
model of physics gives us the best trade off between verification,
feasability and efficient and reliable HD as a result?
I would not expect the current HD verification systems to take in
account cosmic rays flipping bits...
but may be we should have a statistical verification approach that
takes that into account and verifies a system up to a specific
reliability constraint?
-Similarly... what if there is physical damage (drop the phone on the
floor) or quantum effects....
-For example, the "RowHammer" attack... can it be modelled and verified
against?
On Sun, 9 Jan 2022 at 08:13, Adam Chlipala <adamc AT csail.mit.edu> wrote:
>
> Thanks for drawing attention to a worthy goal, which I think at least a few
> different research groups already have in mind, at least philosophically.
>
> For such an effort, setting the goals properly can have a big effect on
> where it winds up. I'm not sure it makes sense to ask to "minimize the TCB
> as much as possible at each step." Rather, I'd expect that earlier stages
> are discarded as they are used to produce later stages, and the final stage
> can be used independently for self-validation. So, shrinking the TCB in an
> earlier stage isn't necessarily a good deal, if it delays the completion of
> later stages.
>
> There are plenty of high-impact proof-assistant developments that never
> could have been completed so soon if e.g. the original Coq team had decided
> to wait 20 additional years for the first release, to shrink the TCB as
> much as they could think up in brainstorming a project roadmap!
>
> Also, I don't think this question has zero practical motivation. I would
> hope that, 50 years from now, everyone takes for granted the existence of a
> repeatable process like you describe, leading to the systems they depend
> on. And, even sooner, we should be able to run undergraduate courses that
> follow such processes toward more modest endpoints.
>
> On 1/8/22 1:41 PM, Talia Ringer wrote:
>
> Something that nerd-sniped me today: Suppose you are building a computer
> from the ground up, starting with building the hardware. You cannot use any
> other computers to build or verify anything; this is the only computer in
> the world, and you have only what you've built at each step. You have no
> languages, no operating systems, no compilers, no verification tools. All
> you can do is bootstrap.
>
> Suppose you'd like to verify every single part of the hardware and software
> stack to the degree possible. It's OK (inevitable I guess) to start with
> unverified hardware, though, and replace it later with hardware you verify
> (has anyone done that? It sounds cool). You have two additional goals:
>
> 1) verify as much as possible at each each, and
> 2) minimize the TCB as much as possible at each step.
>
> How would you go about this? What are the biggest conceptual barriers to
> this, if any? What is the smallest you can get the TCB at any step of the
> process, and in the end?
>
> This is a purely academic and open-ended question, with zero practical
> motivation. It just sounds fun to think about and try, and like thinking
> about it might reveal interesting subproblems that actually have practical
> motivation.
>
> Talia
>
- [Coq-Club] A verified bootstrapping computer (academic curiousity), Talia Ringer, 01/08/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Adam Chlipala, 01/08/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Talia Ringer, 01/08/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Andrei Popescu, 01/08/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Marco Servetto, 01/08/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Talia Ringer, 01/08/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Sam Kuper, 01/09/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Freek Wiedijk, 01/10/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Robert Solovay, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Jeremy Dawson, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Sam Kuper, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Freek Wiedijk, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Timothy Carstens, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), D. Ben Knoble, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Timothy Carstens, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Freek Wiedijk, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Sam Kuper, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Jeremy Dawson, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Robert Solovay, 01/11/2022
- Re: [Coq-Club] A verified bootstrapping computer (academic curiousity), Adam Chlipala, 01/08/2022
Archive powered by MHonArc 2.6.19+.