separation algebras for c verification in coq
play

Separation algebras for C verification in Coq Robbert Krebbers - PowerPoint PPT Presentation

Oct 12, 2022 •48 likes •598 views

Separation algebras for C verification in Coq Robbert Krebbers ICIS, Radboud University Nijmegen, The Netherlands July 18, 2014 @ VSTTE, Vienna, Austria 1 Context of this talk Formalin (Krebbers & Wiedijk) Compiler independent C

  1. Separation algebras for C verification in Coq Robbert Krebbers ICIS, Radboud University Nijmegen, The Netherlands July 18, 2014 @ VSTTE, Vienna, Austria 1

  2. Context of this talk Formalin (Krebbers & Wiedijk) ◮ Compiler independent C semantics in Coq ◮ Take underspecification by C11 seriously H H ◮ Operational semantics C11 ◮ Executable semantics O ◮ Typing and type checker ◮ Separation logic 2

  3. Context of this talk Formalin (Krebbers & Wiedijk) ◮ Compiler independent C semantics in Coq ◮ Take underspecification by C11 seriously H H ◮ Operational semantics C11 ◮ Executable semantics O ◮ Typing and type checker ◮ Separation logic ⇒ topic of this talk 2

  4. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } 3

  5. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right 3

  6. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order 3

  7. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order This program violates the sequence point restriction ◮ due to two unsequenced writes to x ◮ undefined behavior: garbage in, garbage out ⇒ all bets are off ◮ thus both compilers are right 3

  8. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order This program violates the sequence point restriction ◮ due to two unsequenced writes to x ◮ undefined behavior: garbage in, garbage out ⇒ all bets are off ◮ thus both compilers are right Formalin should account for all undefined behavior 3

  9. Separation logic for C [Krebbers, POPL’14] Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } 4

  10. Separation logic for C [Krebbers, POPL’14] Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } What does this mean: ◮ Split the memory into two disjoint parts ◮ Prove that e 1 and e 2 can be executed safely in their part ◮ Now e 1 ⊚ e 2 can be executed safely in the whole memory 4

  11. Separation logic for C [Krebbers, POPL’14] Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } What does this mean: ◮ Split the memory into two disjoint parts ◮ Prove that e 1 and e 2 can be executed safely in their part ◮ Now e 1 ⊚ e 2 can be executed safely in the whole memory Disjointness ⇒ no sequence point violation 4

  12. Connectives of separation logic The connectives of separation logic are defined as: emp := λ m . m = ∅ P ∗ Q := λ m . ∃ m 1 m 2 . m = m 1 ∪ m 2 ∧ P m 1 ∧ Q m 2 5

  13. Connectives of separation logic The connectives of separation logic are defined as: emp := λ m . m = ∅ P ∗ Q := λ m . ∃ m 1 m 2 . m = m 1 ∪ m 2 ∧ P m 1 ∧ Q m 2 Definition of is non-trivial: ◮ Complex memory based on structured trees ◮ Fractional permissions for share-accounting For example needed in x + x ◮ Existence permissions for pointer arithmetic For example needed in *(p + 1) = (*p = 1) ◮ Locked permissions for sequence point restriction 5

  14. Connectives of separation logic The connectives of separation logic are defined as: emp := λ m . m = ∅ P ∗ Q := λ m . ∃ m 1 m 2 . m = m 1 ∪ m 2 ∧ P m 1 ∧ Q m 2 Definition of is non-trivial: ◮ Complex memory based on structured trees ◮ Fractional permissions for share-accounting For example needed in x + x ◮ Existence permissions for pointer arithmetic For example needed in *(p + 1) = (*p = 1) ◮ Locked permissions for sequence point restriction Use separation algebras [Calcagno et al. , LICS’07] to abstractly describe the permissions and memory 5

  15. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A 6

  16. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A Total instead of partial 6

  17. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A Total instead of partial Disjointness 6

  18. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A To avoid subset types Total instead of partial Disjointness 6

  19. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A To avoid subset types Total instead of partial Disjointness Satisfying the following laws: 1. If x ⊥ y , then y ⊥ x and x ∪ y = y ∪ x 2. If valid x , then ∅ ⊥ x and ∅ ∪ x = x 3. Associative, non-empty, cancellative, positive, . . . 6

  20. Example: fractional separation algebra Fractional permissions [0 , 1] Q [Boyland, SAS’09] Read-only No access Exclusive access 0 1 Rational numbers make it possible to split Read-only permissions 7

  21. Example: fractional separation algebra Fractional permissions [0 , 1] Q [Boyland, SAS’09] Read-only No access Exclusive access 0 1 Rational numbers make it possible to split Read-only permissions Def: The simple fractional separation algebra Q is defined as: valid x := 0 ≤ x ≤ 1 ∅ := 0 x ⊥ y := 0 ≤ x , y ∧ x + y ≤ 1 x ∪ y := x + y x ⊆ y := 0 ≤ x ≤ y ≤ 1 x \ y := x − y 7

  22. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed 8

  23. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable Writable Readable Locked Existing ⊥ 8

  24. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing Writable Readable Locked Existing ⊥ 8

  25. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing ◮ Readable: reading Writable Readable Locked Existing ⊥ 8

  26. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing ◮ Readable: reading Writable ◮ Existing: existence permissions , only pointer arithmetic Readable Locked Existing ⊥ 8

  27. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing ◮ Readable: reading Writable ◮ Existing: existence permissions , only pointer arithmetic Readable Locked ◮ Locked: temporarily locked until next sequence point Existing Example: (x = 3) + (*p = 4); Undefined behavior if &x == p ⊥ 8

Recommend

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic Cl ement Hurlin INRIA Sophia Antipolis M editerran ee, France Universiteit Twente, The Netherlands Soutenance de th` ese Th` ese

1.68k views • 130 slides
Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective

Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective

Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective Verification of Pointer Programs Monday 13th May, 2019 1/ 28 Part I Introduction to separation logic 2/ 28 Introduction Verification of imperative

758 views • 28 slides
Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 , Cristina David 2 , Shengchao Qin 3 , and Wei-Ngan Chin 1 , 2 1 Computer Science Programme, Singapore-MIT Alliance 2 Department of Computer Science, National

222 views • 18 slides
Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Dimitra Giannakopoulou Marko Dimjaevi University of Utah NASA Ames Research Center ISSTA 2015, Baltimore, Maryland July 17, 2015 1 /

614 views • 46 slides
Results on potential algebras: contraction algebras and Sklyanin algebras N.K.Iyudu Malta, March

Results on potential algebras: contraction algebras and Sklyanin algebras N.K.Iyudu Malta, March

Results on potential algebras: contraction algebras and Sklyanin algebras N.K.Iyudu Malta, March 2018 1 We consider finiteness conditions and ques- tions of growth of noncommutative algebras, known as A con s. They appear in M.Wemyss work on

214 views • 17 slides
Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation

850 views • 63 slides
Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research

Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research

Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research Center Overview Background Verification and Certification Aircraft self-separation Runtime verification Formal-Methods for numerical

812 views • 50 slides
Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification with Hoare calculus Hoare calculus is based on proof rules manipulating Hoare triples. { P } C { Q } where C is a program P and Q are assertions in some

417 views • 30 slides
Tense MV-algebras and related functions Jan Paseka Michal Botur Department of Mathematics and

Tense MV-algebras and related functions Jan Paseka Michal Botur Department of Mathematics and

Introduction Basic notions and definitions Dyadic numbers and MV-terms Filters, ultrafilters and the term tr Semistates on MV-algebras Functions between MV-algebras and their construction The main theorem and its applications Tense MV-algebras

1.59k views • 121 slides
Implicative algebras: a new foundation for forcing and realizability Alexandre Miquel D E . .

Implicative algebras: a new foundation for forcing and realizability Alexandre Miquel D E . .

Intro Implicative structures Separation The implicative tripos Concl Implicative algebras: a new foundation for forcing and realizability Alexandre Miquel D E . . O L - P O G I U I Q C E A U R D A E L July 21th, 2016

944 views • 82 slides
Verifying Hybrid Systems with Interactive Theorem Provers Jonathan Juli an Huerta y Munive

Verifying Hybrid Systems with Interactive Theorem Provers Jonathan Juli an Huerta y Munive

Verifying Hybrid Systems with Interactive Theorem Provers Jonathan Juli an Huerta y Munive Georg Struth University of Sheffield, UK Algebras for Program Verification Kleene algebras modal Kleene algebras (MKAs) concurrent Kleene

701 views • 44 slides
Varieties of positive interior algebras: operation . The two presentations produce

Varieties of positive interior algebras: operation . The two presentations produce

Modal algebras form the algebraic semantics of normal modal logics. They are Boolean algebras with a unary operation s.t. 1 1 and ( x y ) x y . Modal algebras can be presented also as BAs with a unary

186 views • 5 slides
Verification of a Separation Kernel Inzemamul Haque Indian Institute of Science, Bangalore 17

Verification of a Separation Kernel Inzemamul Haque Indian Institute of Science, Bangalore 17

Introduction Muen Intel Virtualization Support Challenges Approach Verification of a Separation Kernel Inzemamul Haque Indian Institute of Science, Bangalore 17 July 2017 Introduction Muen Intel Virtualization Support Challenges

272 views • 25 slides
Block Decomposition of a Class of Integrable Representations of Toroidal Lie Algebras Tanusree

Block Decomposition of a Class of Integrable Representations of Toroidal Lie Algebras Tanusree

Block Decomposition of a Class of Integrable Representations of Toroidal Lie Algebras Tanusree Khandai Indian Institute of Science Education and Research, Mohali Interactions of quantum affine algebras with cluster algebras, current algebras

327 views • 28 slides
A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le (TU) Makoto Tatsuta (NII) Jun Sun (SUTD) Wei-Ngan Chin (NUS) Computer Aided Verification, 29th International Conference Heidelberg Germany July

490 views • 21 slides
Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its Verification Mads Dam KTH Royal Institute of Technology BISS spring school, Bertinoro 2018 The Goal Hypervisor Context switch: Fixed round-robin

1.16k views • 67 slides
(Pre-)Algebras for Linguistics 2. Introducing Preordered Algebras Carl Pollard Linguistics 680:

(Pre-)Algebras for Linguistics 2. Introducing Preordered Algebras Carl Pollard Linguistics 680:

(Pre-)Algebras for Linguistics 2. Introducing Preordered Algebras Carl Pollard Linguistics 680: Formal Foundations Autumn 2010 Carl Pollard (Pre-)Algebras for Linguistics Algebras A (one-sorted) algebra is a set with one or more operations

497 views • 38 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Oracle Labs, Brisbane, 4 December 2015 1/ 19

291 views • 27 slides
Separation energies A = 21 isobaric chain one-nucleon separation energies two-nucleon separation

Separation energies A = 21 isobaric chain one-nucleon separation energies two-nucleon separation

Separation energies A = 21 isobaric chain one-nucleon separation energies two-nucleon separation energies Using http://www.nndc.bnl.gov/chart/ find one- and two-nucleon separation energies of 8 He, 11 Li, 45 Fe, 141 Ho, and 208 Pb. Discuss the

237 views • 5 slides
The Calabi-Yau property of Hopf algebras and braided Hopf algebras Xiaolan YU joint work with

The Calabi-Yau property of Hopf algebras and braided Hopf algebras Xiaolan YU joint work with

The Calabi-Yau property of Hopf algebras and braided Hopf algebras Xiaolan YU joint work with Yinhuo Zhang Hangzhou Normal University September 16th, 2011 1 / 35 Outline Motivation Braided Hopf algebras Calabi-Yau algebras The Calabi-Yau

639 views • 63 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

789 views • 63 slides
Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G.

Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G.

Nelson, Cintya, Sueli Lattices Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G. Brasil Junior 1 Cintya W. O. Benedito 2 Examples Sueli I. R. Costa 1 1 Institute of Mathematics, Statistics and

650 views • 6 slides
Fragile Separation Robust Separation x 2 x 2 x 2 x 2 New data x 1 x 1 x 1 x 1 } What

Fragile Separation Robust Separation x 2 x 2 x 2 x 2 New data x 1 x 1 x 1 x 1 } What

Data Separation x 2 x 2 Class #10: Kernel Functions and Support Vector Machines (SVMs) x 1 x 1 Machine Learning (COMP 135): M. Allen, 07 Oct. 19 Linear classification with a perceptron or logistic function look for a dividing line in } the

162 views • 5 slides
Fragile Separation Robust Separation x 2 x 2 x 2 x 2 New data x 1 x 1 x 1 x 1 } What

Fragile Separation Robust Separation x 2 x 2 x 2 x 2 New data x 1 x 1 x 1 x 1 } What

Data Separation x 2 x 2 Class #13: Support Vector Machines (SVMs) and Kernel Functions x 1 x 1 Machine Learning (COMP 135): M. Allen, 02 Mar. 20 Linear classification with a perceptron or logistic function look for a dividing line in } the

170 views • 6 slides

More recommend