proving preservation of partial correctness with acl2 a
play

Proving Preservation of Partial Correctness with ACL2: A Mechanical - PowerPoint PPT Presentation

Apr 18, 2023 •17 likes •297 views

Proving Preservation of Partial Correctness with ACL2: A Mechanical Compiler Source Level Correctness Proof Wolfgang Goerigk Christian-Albrechts-Universit at zu Kiel, Germany wg@informatik.uni-kiel.de wg/

  1. Proving Preservation of Partial Correctness with ACL2: A Mechanical Compiler Source Level Correctness Proof Wolfgang Goerigk Christian-Albrechts-Universit¨ at zu Kiel, Germany wg@informatik.uni-kiel.de � wg/ http://www.informatik.uni-kiel.de/ Outline: ➜ Background, Three Steps to Correct Realistic Compilation ➜ Source Level Verification is not Sufficient ➜ Correct Implementation, Preservation of Partial Correctness ➜ Source and Target Language, the Compiler ➜ The Correctness Proof in ACL2 ➜ Conclusions and Further Work Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 1 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  2. ✁ How to Construct Correct Executables Generate correct executables from correct source programs ➜ manually ➜ using unverified compilers without verified compiling specification ➜ manually semantically checked [state-of-the-art certification] ➜ semantically checked by machine [Pnueli et al., Necula 1998, translation validation] with verified compiling specification ➜ manually syntactically checked [Goerigk,Hoffmann 1998] ➜ syntactically checked by machine [Traverso et al., 1998] ✂☎✄ ➜ using verified compilers ✆ (trusted compiler executables) Verifix DFG research group (Karlsruhe, Kiel, Ulm) for realistic source languages and real target processors Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 2 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  3. ✁ How to Construct Correct Executables Generate correct executables from correct source programs ➜ manually ➜ using unverified compilers without verified compiling specification ➜ manually semantically checked [state-of-the-art certification] ➜ semantically checked by machine [Pnueli et al., Necula 1998, translation validation] with verified compiling specification ➜ manually syntactically checked [Goerigk,Hoffmann 1998] ➜ syntactically checked by machine [Traverso et al., 1998] ✂☎✄ ➜ using verified compilers ✆ (trusted compiler executables) Verifix DFG research group (Karlsruhe, Kiel, Ulm) for realistic source languages and real target processors Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 3 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  4. Verifix Goals Construct and correctly implement compilers and compiler generators ➜ for realistic imperative and object-oriented source languages ➜ for real target and host processors ➜ generating efficient code that compares to unverified compilers ➜ exploiting mechanical proof support, e.g., by PVS or ACL2 ➜ industrially approved compiler architecture and construction techniques ➜ proof methodology supplements compiler construction, not vice versa ➜ exploit runtime result verification (a posteriori program or result checking) and ➜ an initial fully trusted compiler as sound bootstrapping basis Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 4 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  5. ✝ ✏ ✑ ✎ ✝ Three Steps Towards Trusted Realistic Compilation ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 5 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  6. ✝ ✏ ✑ ✎ ✝ Three Steps Towards Trusted Realistic Compilation ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 6 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  7. ✝ ✏ ✑ ✎ ✝ Towards Trusted Realistic Compilation ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 7 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  8. ✝ ✏ ✑ ✎ ✝ Towards Trusted Realistic Compilation - Reality ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 8 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  9. ✑ ✎ ✑ ✏ ✏ ✑ ✝ ✑ ✏ ✝ Towards Trusted Realistic Compilation - Reality ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ ✓ Strong Compiler Bootstrap Test: Compile SL to TL by a twofold bootstrapping, using an unverified SL -compiler . Apply TL to SL and test if TL reproduces itself. virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 9 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  10. DEMO Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 10 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

Recommend

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the correctness of grammars, i.e., for proving that grammars generate the languages we want them to. 1 / 21 Definition of Suppose G is a grammar and

324 views • 21 slides
Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the Projektgruppe Formale Methoden der Softwareentwicklung WS 2012/2013 1 / 24 Introduction Formal Verification Formally prove correctness of

457 views • 41 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification Inductive invariants are easy to prove Provable by SAT for finite state machines In ACL2, can use GL. Downsides:

596 views • 12 slides
Proving Correctness of a KRK Chess Endgame Strategy by SAT-based Constraint Solving Marko

Proving Correctness of a KRK Chess Endgame Strategy by SAT-based Constraint Solving Marko

Introduction Reduction to SAT and URSA system Chess Endgame Strategies and Bratkos Strategy for KRK URSA Specification of KRK Endgame and of Strategy Correctness of Strategy Discussion and Conclusions Proving Correctness of a KRK Chess

390 views • 27 slides
Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe Zhang Matthias Felleisen Northeastern University 1 Dracula 2 Modular ACL2 (interface TYPE (sig pred (x))) (interface LIST-OF (extend TYPE)

701 views • 16 slides
Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of Wyoming 1 defpun A macro for consistently introducing partial functions into CAL2. Described in Pete & Js paper, Partial Functions in ACL2

295 views • 27 slides
Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick Universitt Oldenburg February 2017 Intro Correctness Results Rel. Work Conclusion Extras Outline Correctness and Graph Programs 1

354 views • 24 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a 1 a 2 Sebastian Buruian S , tefan Ciob ac 1 Alexandru Ioan Cuza University Bitedefender 2 Alexandru Ioan Cuza University WPTE 2018

435 views • 21 slides
Partial and Total Correctness Natural semantics Example: ( y:=1; while (x=1) do (y:=y x;

Partial and Total Correctness Natural semantics Example: ( y:=1; while (x=1) do (y:=y x;

Partial and Total Correctness Natural semantics Example: ( y:=1; while (x=1) do (y:=y x; x:=x 1) , s ) s y:=1; while (x=1) do s y = ( s x )! and s x > 0 (y:=y x; x:=x 1) Partial correctness: if initially

88 views • 6 slides
Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive

Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive

Algorithm : Design & Analysis Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive Procedures Deriving recurrence equations Solution of the Recurrence equations Guess and proving

615 views • 38 slides
What problem did the paper address? Big Picture Problem Proving correctness of communication

What problem did the paper address? Big Picture Problem Proving correctness of communication

Review of Model Checking Large Network Protocol Implementations Madanlal Musuvathi Dawson Engler By Vamsi Kambhampati 7 th March 2006 What problem did the paper address? Big Picture Problem Proving correctness of communication protocols

341 views • 5 slides
Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
Objec&ves Proving correctness of Stable Matching algorithm Analyzing algorithms

Objec&ves Proving correctness of Stable Matching algorithm Analyzing algorithms

1/12/18 Objec&ves Proving correctness of Stable Matching algorithm Analyzing algorithms Asympto&c running &mes If youre interested, join the W&L Computer Science Facebook Group! Jan 12, 2018 Sprenkle - CSCI211 1

319 views • 18 slides
Attaching Efficient Executability to Partial Functions in ACL2 Sandip Ray Department of Computer

Attaching Efficient Executability to Partial Functions in ACL2 Sandip Ray Department of Computer

Attaching Efficient Executability to Partial Functions in ACL2 Sandip Ray Department of Computer Science University of Texas at Austin Email: sandip@cs.utexas.edu web: http://www.cs.utexas.edu/users/sandip U NIVERSITY OF T EXAS AT A USTIN D

626 views • 35 slides
Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg angelaw@cs.chalmers.se 4th International Symposium June 9, 2005, L okeberg Outline 1. Problem: Induction and Loops 2. First approach: Use idea

821 views • 34 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
15-150 Fall 2020 Stephen Brookes Lecture 4 Proving correctness Last time Specification

15-150 Fall 2020 Stephen Brookes Lecture 4 Proving correctness Last time Specification

15-150 Fall 2020 Stephen Brookes Lecture 4 Proving correctness Last time Specification format for a function F type assumption (REQUIRES) guarantee (ENSURES) For all (properly typed ) x satisfying the assumption , F x satisfies

1.28k views • 102 slides
Infeasible Paths Elimination by Symb. Execution Techniques: Proof of Correctness and Preservation

Infeasible Paths Elimination by Symb. Execution Techniques: Proof of Correctness and Preservation

Infeasible Paths Elimination by Symb. Execution Techniques: Proof of Correctness and Preservation of Paths Romain Aissat, Frederic Voisin and Burkhart Wolff Univ - Paris-Sud / LRI 1 Abstract TRACER [8] is a tool for verifying safety

361 views • 21 slides
Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk],

Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk],

Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk], Noah Torp-Smith [noah@itu.dk] The IT University of Copenhagen Joint work with John C. Reynolds, Carnegie Mellon University Spatial Logic Workshop,

958 views • 70 slides
Proving the correctness of a compiler Xavier Leroy Coll` ege de France and Inria EUTypes Summer

Proving the correctness of a compiler Xavier Leroy Coll` ege de France and Inria EUTypes Summer

Proving the correctness of a compiler Xavier Leroy Coll` ege de France and Inria EUTypes Summer School 2019 1 The compilation process In general: any translation from a computer language to another. More specifically: automatic translation

1.65k views • 133 slides
Proving Correctness of Compilers Using Structured Graphs Patrick Bahr University of Copenhagen,

Proving Correctness of Compilers Using Structured Graphs Patrick Bahr University of Copenhagen,

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Faculty of Science Proving Correctness of Compilers Using Structured Graphs Patrick Bahr University of Copenhagen, Department of Computer

965 views • 68 slides

More recommend