a formally verified compiler for lustre
play

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio - PowerPoint PPT Presentation

Aug 12, 2023 •182 likes •1.15k views

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

  1. A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Lélio Brun 1 , 2 Pierre-Évariste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, École normale supérieure 3. CNRS 4. Univ. Pierre et Marie Curie 5. Yale University 6. Collège de France PLDI, Barcelona—20 June 2017 1 / 22

  2. Screenshot from ANSYS/Esterel Techologies SCADE Suite 2 / 22

  3. • Widely used to program safety-critical software: – Aerospace, Defense, Rail Transportation, Heavy Equipment, Energy, Nuclear. – Airbus (A340, A380), Comac, EADS Astrium, Embraer, Eurocopter, PIAGGIO Aerospace, Pratt & Whitney, Sukhoi, Turbomeca, U.S. Army, Siemens, . . . • DO-178B level A certified development tool. Screenshot from ANSYS/Esterel Techologies SCADE Suite 2 / 22

  4. Screenshot from ANSYS/Esterel Techologies SCADE Suite 2 / 22

  5. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. 3 / 22

  6. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. 3 / 22

  7. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. • Why not use HOL, Isabelle, PVS, ACL2, Agda, or ܂ your favourite tool ܂ ? 3/22

  8. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. • Why not use HOL, Isabelle, PVS, ACL2, Agda, or ܂ your favourite tool ܂ ? CompCert: a formal model and compiler for a subset of C – A generic machine-level model of execution and memory – A verified path to assembly code output (PowerPC, ARM, x86) [ ] [ ] Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” 3 / 22

  9. What did we do? • Implement a Lustre compiler in the Coq Interactive Theorem Prover. – Building on a previous attempt [ Auger, Colaço, Hamon, and Pouzet (2013): “A Formal- ization and Proof of a Modular Lustre Code Generator” ] . • Prove that the generated code implements the dataflow semantics. • Coq? [ The Coq Development Team (2016): The Coq proof assistant reference manual ] – A functional programming language; – ‘Extraction’ to OCaml programs; – A specification language (higher-order logic); – Tactic-based interactive proof. • Why not use HOL, Isabelle, PVS, ACL2, Agda, or ܂ your favourite tool ܂ ? CompCert: a formal model and compiler for a subset of C – A generic machine-level model of execution and memory – A verified path to assembly code output (PowerPC, ARM, x86) [ ] [ ] Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” • Computer assistance is all but essential for such detailed models. 3 / 22

  10. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc generation Clight compilation CompCert Assembly printing 4 / 22

  11. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc generation Clight compilation CompCert Assembly printing 4 / 22

  12. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” generation Clight compilation CompCert Assembly printing 4 / 22

  13. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation Clight compilation CompCert Assembly printing 4 / 22

  14. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight compilation CompCert Assembly printing 4 / 22

  15. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation CompCert Assembly printing 4 / 22

  16. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation • Translation to intermediate Obc code. CompCert Assembly printing 4 / 22

  17. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation • Translation to intermediate Obc code. CompCert • Optimization of intermediate Obc code. Assembly printing 4 / 22

  18. The Vélus Lustre Compiler (normalized) elaboration parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ ] Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” • Not yet implemented: normalization [ certifiée de SCADE/LUSTRE” ] generation Auger (2013): “Compilation • Elaboration to Normalized Lustre. Clight • Scheduling of dataflow equations. compilation • Translation to intermediate Obc code. CompCert • Optimization of intermediate Obc code. Assembly • Generation of CompCert Clight code. printing 4 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6 compiler 3 Outline Lustre Lustre V6 P. Raymond & the Synchronous group et al. The Lustre V6 compiler P. Raymond, J. Ballet, E. Jahier 4

803 views • 37 slides
Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

1.41k views • 92 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim

Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim

Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim Zaliva 1 Nika Pona 2 What is ASN.1? At Digamma.ai we are verifying a compiler for ASN.1 The ASN.1 is a language for defining data

215 views • 21 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-variste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Llio Brun Verifying a Lustre Compiler Part 2 December 7,

907 views • 47 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et Marie Curie 5.

1.06k views • 79 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
@odin odinthe thener nerd not the god Auto-Intern GmbH 1 @odinthenerd A possible future

@odin odinthe thener nerd not the god Auto-Intern GmbH 1 @odinthenerd A possible future

@odinthenerd @odin odinthe thener nerd not the god Auto-Intern GmbH 1 @odinthenerd A possible future of embedded development Auto-Intern GmbH 2 @odinthenerd Sean Parent Auto-Intern GmbH 3 @odinthenerd Every rything is is

881 views • 65 slides
Participatory Networking: An API for Application Control of SDNs Andrew Ferguson, Arjun Guha,

Participatory Networking: An API for Application Control of SDNs Andrew Ferguson, Arjun Guha,

Participatory Networking: An API for Application Control of SDNs Andrew Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi Cornell 1 Participatory Networking 2 Participatory Networking integrates end-users and their

1.99k views • 181 slides
CHERI JNI: Sinking the Java security model into the C David Chisnall , Brooks Davis, Khilan Gudka,

CHERI JNI: Sinking the Java security model into the C David Chisnall , Brooks Davis, Khilan Gudka,

CHERI JNI: Sinking the Java security model into the C David Chisnall , Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste, Robert Norton, Stacey Son, Michael Roe, Simon W.

320 views • 16 slides
Exploiting Modern Hardware Features via Lightweight Profiling Probir Roy Scalable Tools

Exploiting Modern Hardware Features via Lightweight Profiling Probir Roy Scalable Tools

Exploiting Modern Hardware Features via Lightweight Profiling Probir Roy Scalable Tools Workshop19 1 High performance and challenges IBM POWER 9 CPU Exploiting Modern Hardware Features via Lightweight Profiling 2 High performance and

2.14k views • 150 slides
The Database as a Value Rich Hickey What is Datomic? A functional database A sound model

The Database as a Value Rich Hickey What is Datomic? A functional database A sound model

The Database as a Value Rich Hickey What is Datomic? A functional database A sound model of information, with time Provides database as a value to applications Bring declarative programming to applications Focus on reducing

688 views • 51 slides
Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas

Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas

Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas Dep. de Sistemas Informticos y Computacin Universidad Politcnica de Valencia slucas@dsic.upv.es Summary Connecting declarative software

634 views • 42 slides
Extending In-Memory Relational Database Engines with Native Graph Support Mohamed S. Hassan 1

Extending In-Memory Relational Database Engines with Native Graph Support Mohamed S. Hassan 1

Extending In-Memory Relational Database Engines with Native Graph Support Mohamed S. Hassan 1 Tatiana Kuznetsova 1 Hyun Chai Jeong 1 Walid G. Aref 1 Mohammad Sadoghi 2 2 University of California Davis, CA, USA 1 Purdue University West

576 views • 36 slides
Internal Simulation as a Key to Cognitive Function Lund, 2012 Germund Hesslow Problems of the

Internal Simulation as a Key to Cognitive Function Lund, 2012 Germund Hesslow Problems of the

Cognition, Communciation and Learning Internal Simulation as a Key to Cognitive Function Lund, 2012 Germund Hesslow Problems of the inner world How does the inner world arise? What are mental objects? What is the function of the

954 views • 62 slides

More recommend