a formally verified compiler for lustre
play

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio - PowerPoint PPT Presentation

Aug 12, 2023 •182 likes •1.15k views

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

  1. A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Lélio Brun 1 , 2 Pierre-Évariste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, École normale supérieure 3. CNRS 4. Univ. Pierre et Marie Curie 5. Yale University 6. Collège de France PLDI, Barcelona—20 June 2017 1 / 22

  2. Screenshot from ANSYS/Esterel Techologies SCADE Suite 2 / 22

  3. • Widely used to program safety-critical software: – Aerospace, Defense, Rail Transportation, Heavy Equipment, Energy, Nuclear. – Airbus (A340, A380), Comac, EADS Astrium, Embraer, Eurocopter, PIAGGIO Aerospace, Pratt & Whitney, Sukhoi, Turbomeca, U.S. Army, Siemens, . . . • DO-178B level A certified development tool. Screenshot from ANSYS/Esterel Techologies SCADE Suite 2 / 22

  4. Screenshot from ANSYS/Esterel Techologies SCADE Suite 2 / 22

  5. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. 3 / 22

  6. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. 3 / 22

  7. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. • Why not use HOL, Isabelle, PVS, ACL2, Agda, or ܂ your favourite tool ܂ ? 3/22

  8. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. • Why not use HOL, Isabelle, PVS, ACL2, Agda, or ܂ your favourite tool ܂ ? CompCert: a formal model and compiler for a subset of C – A generic machine-level model of execution and memory – A verified path to assembly code output (PowerPC, ARM, x86) [ ] [ ] Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” 3 / 22

  9. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. • Why not use HOL, Isabelle, PVS, ACL2, Agda, or ܂ your favourite tool ܂ ? CompCert: a formal model and compiler for a subset of C – A generic machine-level model of execution and memory – A verified path to assembly code output (PowerPC, ARM, x86) [ ] [ ] Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” • Computer assistance is all but essential for such detailed models. 3 / 22

  10. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc generation Clight compilation CompCert Assembly printing 4 / 22

  11. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc generation Clight compilation CompCert Assembly printing 4 / 22

  12. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” generation Clight compilation CompCert Assembly printing 4 / 22

  13. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation Clight compilation CompCert Assembly printing 4 / 22

  14. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight compilation CompCert Assembly printing 4 / 22

  15. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation CompCert Assembly printing 4 / 22

  16. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation • Translation to intermediate Obc code. CompCert Assembly printing 4 / 22

  17. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation • Translation to intermediate Obc code. CompCert • Optimization of intermediate Obc code. Assembly printing 4 / 22

  18. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation • Translation to intermediate Obc code. CompCert • Optimization of intermediate Obc code. Assembly • Generation of CompCert Clight code. printing 4 / 22

Recommend

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6 compiler 3 Outline Lustre Lustre V6 P. Raymond & the Synchronous group et al. The Lustre V6 compiler P. Raymond, J. Ballet, E. Jahier 4

803 views • 37 slides
Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

1.41k views • 92 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim

Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim

Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim Zaliva 1 Nika Pona 2 What is ASN.1? At Digamma.ai we are verifying a compiler for ASN.1 The ASN.1 is a language for defining data

215 views • 21 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-variste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Llio Brun Verifying a Lustre Compiler Part 2 December 7,

907 views • 47 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et Marie Curie 5.

1.06k views • 79 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands 2 School of Computer Science Open University The Netherlands

778 views • 62 slides
FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model Patrick Lincoln and John Rushby Computer Science Laboratory SRI International Menlo Park CA USA FTCS 93 1 Summary What we have

494 views • 25 slides
Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime Dns Nick Giannarakis Ctlin Hricu Benjamin C. Pierce Antal Spector-Zabusky Andrew Tolmach May 20, 2015 1 How can we design secure

900 views • 79 slides
Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
Securing Existing Software using Formally Verified Libraries Tobias Reiher FOSDEM, Brussels,

Securing Existing Software using Formally Verified Libraries Tobias Reiher FOSDEM, Brussels,

Securing Existing Software using Formally Verified Libraries Tobias Reiher FOSDEM, Brussels, 2020-02-01 Software Security Security Vulnerabilities CVE-1999-0015 5.0 MEDIUM HP-UX, CVE-2017-14315 7.5 HIGH iOS Windows,

538 views • 22 slides
HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

1.07k views • 41 slides
A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic David Basin, Thibault

A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic David Basin, Thibault

A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic David Basin, Thibault Dardinier, Lukas Heimes, Sran Krsti , Martin Raszyk , Joshua Schneider and Dmitriy Traytel Department of Computer Science 1 Dmitriy Joshua

1.01k views • 83 slides

More recommend