encoding hoare logic in typed certified code
play

Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou - PowerPoint PPT Presentation

Oct 08, 2022 •447 likes •901 views

Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou Angelos Manousaridis National Technical University of Athens School of Electrical and Computer Engineering Software Engineering Laboratory {nickie,

  1. Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou Angelos Manousaridis National Technical University of Athens School of Electrical and Computer Engineering Software Engineering Laboratory {nickie, mpapakyr, amanous}@softlab.ntua.gr 5th Panhellenic Logic Symposium Athens, July 25-28, 2005 N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  2. Outline Motivation Hoare logic Typed certified code Can we combine the two? Our approach The type language The computation language Encoding Hoare logic Problems with Hoare Logic And their Solution Example Conclusions N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  3. Hoare Logic (i) ◮ Introduced the strength of formal logic in computer programming ◮ A tool to: ◮ reason about program properties and prove correctness ◮ derive programs from their specifications C. A. R. Hoare, “An axiomatic basis for computer programming”, Communications of the ACM , vol. 12, no. 10, pp. 576–585, 1969. N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  4. Hoare Logic (ii) ◮ Hoare triples represent program specifications { P } program { Q } N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  5. Hoare Logic (ii) ◮ Hoare triples represent program specifications { P } program { Q } ◮ Example: greatest common divisor { n + m > 0 } a : = n ; b : = m ; while a > 0 and b > 0 do if a > b then a : = a mod b else b : = b mod a ; r : = a + b { r > 0 ∧ r \ n ∧ r \ m ∧ ( ∀ r ′ ∈ N . r ′ \ n ∧ r ′ \ m ⇒ r ′ ≤ r ) } N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  6. Typed Certified Code (i) Methodology: ◮ a sound formal logic is used ◮ combined with the programming language ◮ program specifications are expressed as propositions in this logic ◮ proofs of these propositions are embedded in programs ◮ either explicitly given by the programmer ◮ or automatically constructed by the compiler N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  7. Typed Certified Code (ii) Proposed solutions: ◮ Typed Intermediate Language (TIL); Harper and Morrisett, 1995 ◮ Typed Assembly Language (TAL); Morrisett, Walker, Crary and Glew, 1998 ◮ Proof-Carrying Code (PCC); Necula, 1998 ◮ Foundational Proof-Carrying Code, Appel, 2001 ◮ Shao, Saha, Trifonov and Papaspyrou, 2002, 2005 ◮ Crary and Vanderwaart, 2002 N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  8. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  9. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ nat “One of the arguments shall not be zero.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  10. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ nat “One of the arguments shall not be zero.” ◮ Singleton type snat n A data type whose elements are representations of the single integer value n : Nat N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  11. Typed Certified Code (iii) ◮ Example: greatest common divisor ◮ gcd : nat ։ nat ։ nat “A function taking two naturals and returning some natural.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ nat “One of the arguments shall not be zero.” ◮ Singleton type snat n A data type whose elements are representations of the single integer value n : Nat ◮ (Syntactic sugar) nat ≡ ∃ r : Nat . snat r N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  12. Typed Certified Code (iv) ◮ Example (continued) ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ : ( r > 0 ) . snat r “The result shall not be zero.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  13. Typed Certified Code (iv) ◮ Example (continued) ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ : ( r > 0 ) . snat r “The result shall not be zero.” ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ : ( r > 0 ∧ r \ n ∧ r \ m ) . snat r “The result shall not be zero and shall divide both arguments.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  14. Typed Certified Code (v) ◮ Example (continued) ◮ gcd : ∀ n : Nat . ∀ m : Nat . ∀ p ∗ : ( n + m > 0 ) . snat n ։ snat m ։ ∃ r : Nat . ∃ q ∗ 1 : ( r > 0 ∧ r \ n ∧ r \ m ) . 2 : ( Π r ′ : Nat . r ′ \ n ∧ r ′ \ m → r ′ ≤ r ) . ∃ q ∗ snat r “The result shall be the greatest common divisor of the two arguments.” N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  15. Can we combine the two? ◮ Hoare Logic + long studied, large body of scientific knowledge + simple axioms and rules + works with variables and destructive update − does not work well with (higher-order) functions − proofs of specifications cannot be automatically verified N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  16. Can we combine the two? ◮ Hoare Logic + long studied, large body of scientific knowledge + simple axioms and rules + works with variables and destructive update − does not work well with (higher-order) functions − proofs of specifications cannot be automatically verified ◮ Typed Certified Code − relatively new approach − highly complex type system − does not work well with variables and destructive update + works well with (higher-order) functions + proofs of specifications can be automatically verified N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  17. Overview of the Type Language ◮ A variation of the Calculus of Inductive Constructions ◮ Incorporates higher-order predicate logic ◮ Complete grammar: A , B :: = Set | Type | Ext | X | Π X : A . B | λ X : A . B | AB Ind ( X : A ) { � A } | Constr ( n , A ) | Elim [ A ′ ]( A : B � B ) { � | A } A → B ≡ Π X new : A . B Papaspyrou, Vytiniotis and Koutavas, “Logic-Enhanced Type Systems”, PLS 4 , 2003. Shao, Trifonov, Saha and Papaspyrou, “A Type System for Certified Binaries”, ACM TOPLAS , vol. 27, no. 1, pp. 1-45, 2005. N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  18. The Computation Language (i) ◮ The simple imperative language WHILE x : Var variables :: = n | b | x | ⋄ e | e ⋆ e e : Expr c : Comm :: = skip | x : = e | c ; c | if e then c else c | while e do c ⋄ : UnOp :: = − | ¬ ⋆ : BinOp :: = + | − | ∗ | div | mod | = | � = | < | > | ≤ | ≥ | and | or N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  19. The Computation Language (ii) Typing ◮ Types τ : Ω :: = int | bool Γ : Env = Var → Ω ◮ Type environments Γ ⊢ e : τ ◮ Typing of expressions Γ ⊢ c ◮ Typing of commands N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  20. The Computation Language (ii) Typing ◮ Types τ : Ω :: = int | bool Γ : Env = Var → Ω ◮ Type environments Γ ⊢ e : τ ◮ Typing of expressions Γ ⊢ c ◮ Typing of commands Semantics ◮ Meaning of types [ [ int ] ] = Int , [ [ bool ] ] = Bool s : Store Γ = Π x : Var . [ [ Γ x ] ◮ Stores ] ◮ Meaning of expressions [ [ e ] ] s ⇓ v ] s ⇓ s ′ ◮ Meaning of commands [ [ c ] N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  21. Encoding Hoare Logic (i) P , Q , R : Pred Γ = Store Γ → Set ◮ Predicates N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

  22. Encoding Hoare Logic (i) P , Q , R : Pred Γ = Store Γ → Set ◮ Predicates ◮ Specification of commands { P } c { Q } Γ ⊢ c P , Q : Pred Γ ◮ { P } c { Q } is valid if for all s : Store Γ , ] s ⇓ s ′ , for some s ′ : Store Γ , if Ps and [ [ c ] then Qs ′ N. S. Papaspyrou, M. A. Papakyriakou, A. Manousaridis Encoding Hoare Logic in Typed Certified Code

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge

Hoare logic Lecture 4: A verifier for Hoare logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction Last time, we saw that that proofs in Hoare logic can involve large amounts of very error-prone bookkeeping

690 views • 48 slides
Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge

Hoare Logic and Model Checking Semantics of Hoare Logic Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Semantics of Hoare Logic

663 views • 10 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it

Hoare Logic Hoare Logic is used to reason about the correctness of programs. In the end, it reduces a program and its specification to a set of verifications conditions. Slides by Wishnu Prasetya URL : www.cs.uu.nl/~wishnu Course URL :

1.4k views • 124 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969

Hoare Logic Andreas Podelski November 8, 2011 Hoare logic introduced by Hoare in 1969 builds on first-order logic Hoare logic introduced by Hoare in 1969 builds on first-order logic correctness specification = pre- and

401 views • 37 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

2k views • 158 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre

Probabilistic Relational Hoare Logic Main judgments Hoare Logic c : = : hoare [ c : pre ==&gt; post] Probabilistic Hoare Logic [ c : = ] = (see Lecture 6): bd_hoare [ c : pre ==&gt; post ] = r Probabilistic Relational Hoare

377 views • 23 slides
Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 /

Hoare Logic Jari Stenman February 10, 2012 Jari Stenman () Hoare Logic February 10, 2012 1 / 25 Outline Background 1 Axioms and Rules 2 A note on Weakest Preconditions 3 Jari Stenman () Hoare Logic February 10, 2012 2 / 25 Outline

463 views • 25 slides
Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen

Recap Decoration Preliminaries Radboud University Nijmegen Decorations Hoare as Logic Hoare Logic Part II Decorations and Hoare as Logic Thomas Churchman Radboud University Nijmegen Type Theory and Coq - 2016 Thomas Churchman Type Theory

289 views • 18 slides
Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last

Logic for Computer Science 15 Hoare logic Wouter Swierstra University of Utrecht 1 Last time Natural deduction 2 This lecture Semantics of computer programs A logic for reasoning about them 3 Syntax of programming language The BNF

796 views • 78 slides
locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro &amp; motivation, getting started with

locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro &amp; motivation, getting started with

L AST T IME Syntax and semantics of IMP Hoare logic rules Soundness of Hoare logic NICTA Advanced Course Verification conditions Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications Example program proofs

322 views • 8 slides
Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Varese, September 19-21 2012 Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina Lenisa Universit degli studi di Udine, Italy Daniel Pellarini and Marina Lenisa Hoare Logic for Multiprocessing Hoare

507 views • 23 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL Leonor Prensa Nieto TU M unchen Marseille, 7 January 2002 Isabelle HOL = Overview Motivation. Hoare logic for

263 views • 23 slides
Floyd-Hoare Logic &amp; Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A

Floyd-Hoare Logic &amp; Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A

Floyd-Hoare Logic &amp; Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A Small Imperative Language data Var data Exp data Pred A Small Imperative Language data Com = Asgn Var Expr | Seq Com Com | If Exp Com Com | While

802 views • 45 slides
Hoare Logic for Quantum Programs Mingsheng Ying University of Technology, Sydney and Tsinghua

Hoare Logic for Quantum Programs Mingsheng Ying University of Technology, Sydney and Tsinghua

Hoare Logic for Quantum Programs Mingsheng Ying University of Technology, Sydney and Tsinghua University SamsonFest, May 28-30,2013 Abramsky Conjecture: For every n &gt; 2, every n partite entangled state is logically non-local Happy

977 views • 78 slides
Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Roberto Guanciale Estonian Winter School Day 01 Formal verification of low-level execution platforms Roberto Guanciale Assistant professor Computer Security Department of Theoretical Computer Science @KTH Research interest in Formal

895 views • 71 slides
Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors

Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors

Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors meeting XXXII Online 1 June 2020 1 WU Vienna, Austria, https://nm.wu.ac.at/nm/en:adelsberger 2 Swansea University, UK,

769 views • 28 slides
Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of

Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of

Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of Cybernetics, Tallinn joint work with Keiko Nakata COST Rich Models Toolkit meeting, Madrid, 1718 October 2013 Motivation Standard big-step semantics

725 views • 25 slides
Simplifying Loop Invariant Generation Using Splitter Predicates R. Sharma, I. Dillig, T. Dillig,

Simplifying Loop Invariant Generation Using Splitter Predicates R. Sharma, I. Dillig, T. Dillig,

Simplifying Loop Invariant Generation Using Splitter Predicates R. Sharma, I. Dillig, T. Dillig, A. Aiken Presented by Raphael Fuchs Background Context: (Automatic) Program Verification Floyd-Hoare logic {P} S {Q} Often no

429 views • 13 slides
Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS Cachan, CNRS 2 Imperial College, London ANR PANDA Sept. 10 PPS Outline Copyless Message Passing Language Highlights Contracts Local

1.08k views • 60 slides

More recommend