towards an axiomatic basis for c
play

Towards an Axiomatic Basis for C++ Gregory Malecha, Abhishek Anand, - PowerPoint PPT Presentation

May 25, 2023 •128 likes •491 views

Towards an Axiomatic Basis for C++ Gregory Malecha, Abhishek Anand, Gordon Stewart BedRock Systems BedRock Systems Formally verifjed, deep specifjcations. Unbreakable Foundation for the Software Defjned World Enable everyone to write and

  1. Towards an Axiomatic Basis for C++ Gregory Malecha, Abhishek Anand, Gordon Stewart BedRock Systems

  2. BedRock Systems Formally verifjed, deep specifjcations. Unbreakable Foundation for the Software Defjned World Enable everyone to write and share verifjed code! The future is built on BedRock.

  3. Verifjcation target Guest Guest VMM ... vUART vETH VMM ... Mux Switch Zeta Userspace NOVA (microhypervisor) The future is built on BedRock.

  4. Verifjcation target Guest Guest Deep correctness Deep correctness VMM ... vUART vETH properties of highly properties of highly VMM ... Mux Switch concurrent, low-level code. concurrent, low-level code. C++ Code C++ Code Zeta Userspace NOVA (microhypervisor) The future is built on BedRock.

  5. Working with C++ The future is built on BedRock.

  6. The verifjcation toolchain From source to proof? a.cpp a_cpp_proof.v The future is built on BedRock.

  7. The verifjcation toolchain a.cpp syntax.v a_cpp_proof.v logic.v The future is built on BedRock.

  8. The verifjcation toolchain a.cpp a_cpp.v cpp2v syntax.v a_cpp_proof.v logic.v The future is built on BedRock.

  9. The verifjcation toolchain a.cpp a_cpp.v a_cpp_spec.v cpp2v syntax.v a_cpp_proof.v logic.v The future is built on BedRock.

  10. The verifjcation toolchain a.cpp a_cpp.v a_cpp_spec.v cpp2v syntax.v a_cpp_proof.v logic.v The future is built on BedRock.

  11. The verifjcation toolchain a.cpp a_cpp.v a_cpp_spec.v cpp2v syntax.v a_cpp_proof.v auto.v logic.v The future is built on BedRock.

  12. The verifjcation toolchain a.cpp a_cpp.v a_cpp_spec.v cpp2v syntax.v a_cpp_proof.v auto.v logic.v The future is built on BedRock.

  13. Building on previous work C Imp (CompCert,VST) Iris separation logic library The future is built on BedRock.

  14. Building on previous work C++ C C++ Imp (.., 14, 17, ...) (.., 14, 17, ...) (CompCert,VST) Iris separation logic library The future is built on BedRock.

  15. Features of C++ Surface Complexities Semantic Challenges Classes + Objects ● ● ● Parsing Value categories Constructors ● ● ● Type checking Side-effects Destructors ● ● ● Overload resolution Modularity Inheritance ● Syntactic sugar The future is built on BedRock.

  16. Features of C++ Surface Complexities Semantic Challenges Classes + Objects ● ● ● Parsing Value categories Constructors ● ● ● Type checking Side-effects Destructors ● ● ● Overload resolution Modularity Inheritance ● Syntactic sugar Hooking into existing tooling The future is built on BedRock.

  17. cpp2v Uses clang to build C++ ASTs from source fjles. ► First-order AST, ► embedded types cpp2v a.cpp a_cpp.v The future is built on BedRock.

  18. cpp2v Uses clang to build C++ ASTs from source fjles. ► First-order AST, ► embedded types cpp2v a.cpp a_cpp.v cpp2v -o a_cpp.v src/a.cpp -- --target=aarch64-none-elf - std=gnu++17 -O2 -fno-exceptions -fno-rtti -fno- threadsafe-statics -fno-builtin -I./include -I./include/aarch64 Standard clang compiler options. Also runnable as a clang plugin. The future is built on BedRock.

  19. cpp2v Compatible with C Minimal pre-processing Uses clang to build C++ ASTs (close to C++ standard). from source fjles. ► First-order AST, ► embedded types cpp2v a.cpp a_cpp.v cpp2v -o a_cpp.v src/a.cpp -- --target=aarch64-none-elf - std=gnu++17 -O2 -fno-exceptions -fno-rtti -fno- threadsafe-statics -fno-builtin -I./include -I./include/aarch64 Standard clang compiler options. Also runnable as a clang plugin. The future is built on BedRock.

  20. cpp2v Compatible with C Minimal pre-processing Uses clang to build C++ ASTs (close to C++ standard). from source fjles. ► First-order AST, ► embedded types cpp2v a.cpp a_cpp.v Include extra information to ease consumption: ► value categories, ► types, ► implicit initializers, cpp2v -o a_cpp.v src/a.cpp -- --target=aarch64-none-elf - ► overload resolution, std=gnu++17 -O2 -fno-exceptions -fno-rtti -fno- ► some desugaring, threadsafe-statics -fno-builtin -I./include ► etc. -I./include/aarch64 Standard clang compiler options. Also runnable as a clang plugin. The future is built on BedRock.

  21. Features of C++ Surface Complexities Semantic Challenges Classes + Objects ● ● ● Parsing Value categories Constructors ● ● ● Type checking Side-effects Destructors ● ● ● Overload resolution Modularity Inheritance ● Syntactic sugar Hooking into existing Weakest precondition tooling semantics in Iris The future is built on BedRock.

  22. The program logic for C++ These are values, e.g. integers And for other value categories & language constructs: wp_lval, wp_xval The future is built on BedRock.

  23. The program logic for C++ These are values, e.g. integers Declarations “Thread identifier” Iris mask Locals Temporaries to destroy And for other value categories & language constructs: wp_lval, wp_xval The future is built on BedRock.

  24. Variables & Location of x is a Regions (persistent) All program state is represented uniformly as resources ► Simple representation Mapping from of stack-allocated names to location structs ► More uniform representation predicates All locations are accessed uniformly. The future is built on BedRock.

  25. File-modular Verifjcation Verify once! lib.hpp ● #include & macros int foo(int) { … } ○ Verifjcation after macro extern int bar(); expansion ○ C++ is moving away from macros towards language- based features, e.g. constexpr lib.cpp main.cpp #include “lib.hpp” #include “lib.hpp” ● Lots of code in header fjles. struct F { … }; struct B { … }; int main() { … } int main() { … } The future is built on BedRock.

  26. File-modular Verifjcation lib.hpp ● #include & macros int foo(int) { … } ○ Verifjcation after macro extern int bar(); expansion Preservation under ○ C++ is moving away from compatible extension macros towards language- based features, e.g. constexpr lib.cpp main.cpp #include “lib.hpp” #include “lib.hpp” ● Lots of code in header fjles. struct F { … }; struct B { … }; int main() { … } int main() { … } The future is built on BedRock.

  27. Features of C++ Surface Complexities Semantic Challenges Classes + Objects ● ● ● Parsing Value categories Constructors ● ● ● Type checking Side-effects Destructors ● ● ● Overload resolution Modularity Inheritance ● Syntactic sugar Hooking into existing Weakest precondition Describe the object system tooling semantics in Iris in separation logic. The future is built on BedRock.

  28. Supporting Classes + Objects Classes are a pervasive addition in C++ ► Constructors ► Destructors Fairly easy due to information in the ► Member functions AST, e.g. explicit cast nodes, etc. ► Virtual functions The future is built on BedRock.

  29. Supporting Classes + Objects Classes are a pervasive addition in C++ ► Constructors ► Destructors Fairly easy due to information in the ► Member functions AST, e.g. explicit cast nodes, etc. ► Virtual functions Object identity is intricate ► Track it using language- specifjc ghost state The future is built on BedRock.

  30. Supporting Classes + Objects Classes are a pervasive addition in C++ ► Constructors ► Destructors Fairly easy due to information in the ► Member functions AST, e.g. explicit cast nodes, etc. ► Virtual functions Object identity is intricate ► Track it using language- specifjc ghost state Still looking for a good abstraction for reasoning. (Do you have ideas?) The future is built on BedRock.

  31. Features of C++ Surface Complexities Semantic Challenges Classes + Objects ● ● ● Parsing Value categories Constructors ● ● ● Type checking Side-effects Destructors ● ● ● Overload resolution Modularity Inheritance ● Syntactic sugar Hooking into existing Weakest precondition Describe the object system Unsupported Features tooling semantics in Iris in separation logic. Uninstantiated templates ● Lambda expressions ● virtual inheritance ● Exceptions ● ● Weak memory The future is built on BedRock.

  32. Verifjcation for Everyone The future is built on BedRock.

  33. It helps! Separation logic is central to this. 🙷 Every engineer uses some form of “verification" in their head ..., formal verification simply helps putting that on paper precisely. 🙸 ~ Systems Engineer The future is built on BedRock.

  34. It helps! Separation logic is central to this. 🙷 Every engineer uses some form of “verification" in their head ..., formal verification simply helps putting that on paper precisely. 🙸 ~ Systems Engineer ● Teaching everyone to specify their code ○ Very helpful to tie verifjcation to a language they already know. ○ Systems engineers able to write fjrst-order specifjcations. ○ Seems to be some cognitive benefjt to classes. The future is built on BedRock.

  35. Summary ► cpp2v is a tool for importing C++ code in Coq ► Built on top of the clang toolchain ► Axiomatic semantics of (much of) C++ ► Some interesting challenges in C++ Contributions, collaborations, and users welcome cpp2v https://github.com/bedrocksystems/cpp2v The future is built on BedRock.

Recommend

An Axiomatic Basis for Computer Programming Tony Hoare, 1969 Presented by Alexa VanHattum, Great

An Axiomatic Basis for Computer Programming Tony Hoare, 1969 Presented by Alexa VanHattum, Great

An Axiomatic Basis for Computer Programming Tony Hoare, 1969 Presented by Alexa VanHattum, Great Works in PL Spring 2019 Mentor Jonathan DiLorenzo software bugs are bad manual testing is not enough formal reasoning is better Motivation

550 views • 30 slides
An Axiomatic Basis for Computer Programming C. A. R. Hoare October, 1969 2 Computer

An Axiomatic Basis for Computer Programming C. A. R. Hoare October, 1969 2 Computer

SigPL Winter School 2005 An Axiomatic Basis for Computer Programming C. A. R. Hoare October, 1969 2 Computer Programming and Science Computer Programming = Exact Science What is Programming Programming: The writing of a computer program

615 views • 50 slides
9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses the semantics of a programming language by associating with the language a mathematical theory fo r p roving properties of programs written in

1.02k views • 98 slides
The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as

The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as

The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as Menni Conicet and Universidad Nacional de La Plata - Argentina The Nullstellenzatz in Axiomatic Cohesion p. 1/17 A science of cohesion An

940 views • 59 slides
O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like

O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like

THE LEPTON SECTOR AS AN AXIOMATIC-LIKE CONSTRUCTION O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like construction? Unique approach and unification of mathematical formalism. STABLE LEPTONS

164 views • 15 slides
An axiomatic divisibility theory for commutative rings .c Pha .m Ngo Anh R enyi

An axiomatic divisibility theory for commutative rings .c Pha .m Ngo Anh R enyi

Motivation and Aim Divisibility theory and unique generation Bezout monoids as an axiomatic divisibility theory Representation theo An axiomatic divisibility theory for commutative rings .c Pha .m Ngo Anh R enyi Institute, Hungary

527 views • 36 slides
Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Chair of Software Engineering Trusted Components Prof. Dr. Bertrand Meyer Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see course page) Axiomatic semantics chapter in Introduction to the

628 views • 30 slides
Constructive Axiomatic Method and Univalent Foundations of Mathematics Andrei Rodin

Constructive Axiomatic Method and Univalent Foundations of Mathematics Andrei Rodin

UF overview Constructivism MLTT Homotopy hierarchy Constructive Axiomatic Method Constructive Axiomatic Method and Univalent Foundations of Mathematics Andrei Rodin (andrei@philomatica.org) Steklov Mathematical Institute, Saint-Petersburg,

582 views • 41 slides
Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for

Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for

Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for propositional logics Valentin Goranko Stockholm University November 2020 Goranko Hilbert-style axiomatic systems Goranko Hilbert-style axiomatic

1.08k views • 97 slides
Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for

Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for

Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for propositional logics Valentin Goranko Stockholm University October 2016 Goranko Hilbert-style axiomatic systems Based on axioms (or, axiom

115 views • 10 slides
CSC 7101: Programming Language Structures 1 Specification Language Should be high-level

CSC 7101: Programming Language Structures 1 Specification Language Should be high-level

Operational Semantics Winskel, Ch. 2 Slonneger and Kurtz Ch 8.4, 8.5, 8.6 1 Operational vs. Axiomatic Axiomatic semantics Describes properties of program state, using first-order logic Concerned with constructing proofs for

263 views • 10 slides
The Axiomatic Method in Social Choice Theory: Preference Aggregation, Judgment Aggregation, Graph

The Axiomatic Method in Social Choice Theory: Preference Aggregation, Judgment Aggregation, Graph

Axiomatic Method Lorentz Center, June 2015 The Axiomatic Method in Social Choice Theory: Preference Aggregation, Judgment Aggregation, Graph Aggregation Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle

393 views • 20 slides
Intergenerational mobility in developing countries: on the axiomatic foundation of

Intergenerational mobility in developing countries: on the axiomatic foundation of

Intergenerational mobility in developing countries: on the axiomatic foundation of persistence and other measures Vegard Iversen Natural Resources Institute (NRI) University of Greenwich UNU-WIDER 5. September 2019 Background

437 views • 24 slides
Axiomatic classes of models in modal logics Evgeny Zolin Moscow State University Workshop on

Axiomatic classes of models in modal logics Evgeny Zolin Moscow State University Workshop on

Axiomatic classes of models in modal logics Evgeny Zolin Moscow State University Workshop on Proof Theory, Modal Logic and Reflection Principles (Wormshop 2017) Steklov Mathematical Institute, Moscow October 20, 2017 Evgeny Zolin Axiomatic

589 views • 58 slides
Quiz Suppose u 1 , . . . , u n is a basis for U and v 1 , . . . , v k is a basis for V . Prove that

Quiz Suppose u 1 , . . . , u n is a basis for U and v 1 , . . . , v k is a basis for V . Prove that

Quiz Suppose u 1 , . . . , u n is a basis for U and v 1 , . . . , v k is a basis for V . Prove that u 1 , . . . , u n , v 1 , . . . , v k is a basis for U V . Two parts to the proof: 1. Show that Span { u 1 , . . . , u n , v 1 , . . . , v k }

712 views • 26 slides
What do Mathematicians Think Biologists Want from Supertrees? An Axiomatic Perspective William

What do Mathematicians Think Biologists Want from Supertrees? An Axiomatic Perspective William

What do Mathematicians Think Biologists Want from Supertrees? An Axiomatic Perspective William H. E. Day Port Maitland, NS B0W 2V0, Canada whday@istar.ca 12 March 2003 DIMACS Tree of Life Working Group Meeting Biologists understand

831 views • 60 slides
On a new orthonormal basis for RBF native spaces and its fast computation Stefano De Marchi and

On a new orthonormal basis for RBF native spaces and its fast computation Stefano De Marchi and

On a new orthonormal basis for RBF native spaces and its fast computation Stefano De Marchi and Gabriele Santin Torino: June 11, 2014 Outline Introduction 1 Change of basis 2 3 WSVD Basis The new basis 4 5 Numerical Results Further

813 views • 42 slides
Lecture 2.4: Axiomatic systems Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 2.4: Axiomatic systems Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 2.4: Axiomatic systems Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4190, Discrete Mathematical Structures M. Macauley (Clemson) Lecture 2.4: Axiomatic systems

391 views • 7 slides
An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert Krebbers Radboud University Nijmegen January 22, 2014 @ POPL, San Diego, USA 1 / 16 What is this program supposed to do? int main() { int x; int y =

789 views • 42 slides
Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and Proofs based on semantics are too detailed logical variables (e.g. n ) Restriction to certain kinds of properties partial correctness Example:

283 views • 6 slides
Axiomatic Analysis and Optimization of Information Retrieval Models ChengXiang (Cheng)

Axiomatic Analysis and Optimization of Information Retrieval Models ChengXiang (Cheng)

Axiomatic Analysis and Optimization of Information Retrieval Models ChengXiang (Cheng) Zhai Department of Computer Science University of Illinois at Urbana-Champaign http://www.cs.uiuc.edu/homes/czhai 1 Search is everywhere, and part

914 views • 55 slides
Axiomatic Foundations of Multiplier Preferences Tomasz Strzalecki Multiplier preferences

Axiomatic Foundations of Multiplier Preferences Tomasz Strzalecki Multiplier preferences

Axiomatic Foundations of Multiplier Preferences Tomasz Strzalecki Multiplier preferences Expected Utility inconsistent with observed behavior We (economists) may not want to fully trust any probabilistic model. Hansen and Sargent:

879 views • 84 slides
Gdel and Incompleteness Tom Cuchta p. 1/1 Introduction In ancient Greece, Euclid

Gdel and Incompleteness Tom Cuchta p. 1/1 Introduction In ancient Greece, Euclid

Gdel and Incompleteness Tom Cuchta p. 1/1 Introduction In ancient Greece, Euclid pioneered the geometrical axiomatic system. p. 2/1 Axiomatic Geometry 1. A straight line segment can be drawn joining any two points. 2. Any

300 views • 19 slides
Deflationism and Axiomatic Theories of Truth Deflationism Peano Proof theoretic and model

Deflationism and Axiomatic Theories of Truth Deflationism Peano Proof theoretic and model

Deflationism and Axiomatic Theories of Truth Stella Moon Deflationism and Axiomatic Theories of Truth Deflationism Peano Proof theoretic and model theoretic conservativities Arithmetic The Compositional Theory of Stella Moon Truth

992 views • 62 slides

More recommend