proving preservation of partial correctness with acl2 a
play

Proving Preservation of Partial Correctness with ACL2: A Mechanical - PowerPoint PPT Presentation

Apr 18, 2023 •17 likes •297 views

Proving Preservation of Partial Correctness with ACL2: A Mechanical Compiler Source Level Correctness Proof Wolfgang Goerigk Christian-Albrechts-Universit at zu Kiel, Germany wg@informatik.uni-kiel.de wg/

  1. Proving Preservation of Partial Correctness with ACL2: A Mechanical Compiler Source Level Correctness Proof Wolfgang Goerigk Christian-Albrechts-Universit¨ at zu Kiel, Germany wg@informatik.uni-kiel.de � wg/ http://www.informatik.uni-kiel.de/ Outline: ➜ Background, Three Steps to Correct Realistic Compilation ➜ Source Level Verification is not Sufficient ➜ Correct Implementation, Preservation of Partial Correctness ➜ Source and Target Language, the Compiler ➜ The Correctness Proof in ACL2 ➜ Conclusions and Further Work Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 1 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  2. ✁ How to Construct Correct Executables Generate correct executables from correct source programs ➜ manually ➜ using unverified compilers without verified compiling specification ➜ manually semantically checked [state-of-the-art certification] ➜ semantically checked by machine [Pnueli et al., Necula 1998, translation validation] with verified compiling specification ➜ manually syntactically checked [Goerigk,Hoffmann 1998] ➜ syntactically checked by machine [Traverso et al., 1998] ✂☎✄ ➜ using verified compilers ✆ (trusted compiler executables) Verifix DFG research group (Karlsruhe, Kiel, Ulm) for realistic source languages and real target processors Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 2 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  3. ✁ How to Construct Correct Executables Generate correct executables from correct source programs ➜ manually ➜ using unverified compilers without verified compiling specification ➜ manually semantically checked [state-of-the-art certification] ➜ semantically checked by machine [Pnueli et al., Necula 1998, translation validation] with verified compiling specification ➜ manually syntactically checked [Goerigk,Hoffmann 1998] ➜ syntactically checked by machine [Traverso et al., 1998] ✂☎✄ ➜ using verified compilers ✆ (trusted compiler executables) Verifix DFG research group (Karlsruhe, Kiel, Ulm) for realistic source languages and real target processors Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 3 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  4. Verifix Goals Construct and correctly implement compilers and compiler generators ➜ for realistic imperative and object-oriented source languages ➜ for real target and host processors ➜ generating efficient code that compares to unverified compilers ➜ exploiting mechanical proof support, e.g., by PVS or ACL2 ➜ industrially approved compiler architecture and construction techniques ➜ proof methodology supplements compiler construction, not vice versa ➜ exploit runtime result verification (a posteriori program or result checking) and ➜ an initial fully trusted compiler as sound bootstrapping basis Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 4 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  5. ✝ ✏ ✑ ✎ ✝ Three Steps Towards Trusted Realistic Compilation ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 5 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  6. ✝ ✏ ✑ ✎ ✝ Three Steps Towards Trusted Realistic Compilation ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 6 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  7. ✝ ✏ ✑ ✎ ✝ Towards Trusted Realistic Compilation ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 7 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  8. ✝ ✏ ✑ ✎ ✝ Towards Trusted Realistic Compilation - Reality ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ Low level implementation of a corresponding compiler executable TL written in binary target machine language TL , and low level compiler implementation ✞✟✞✒✏ ☛✟☛ SL . verification w.r.t. SL virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 8 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  9. ✑ ✎ ✑ ✏ ✏ ✑ ✝ ✑ ✏ ✝ Towards Trusted Realistic Compilation - Reality ➀ Specification of a compiling relation SL TL between abstract source and target languages SL and TL , and compiling (specification) verification w.r.t. language ✞✟✞✡✠☞☛✟☛ SL , ✞✟✞✌✠✍☛✟☛ TL and an appropriate semantics relation SL semantics TL . theoretical comp. sc., progr. lang. theory, [McCarthy and Painter 1967], ... ➁ Implementation of a corresponding compiler program SL in high level implementation language SL (close to the specification language), and high level SL compiler implementation verification w.r.t. TL . [Polak 1981], [Moore 1988, 1996], [Curzon 1994, 1996] software eng., formal methods like VDM, RAISE, CIP , PROSPECTRA, Z, B, ... ➂ ✓ Strong Compiler Bootstrap Test: Compile SL to TL by a twofold bootstrapping, using an unverified SL -compiler . Apply TL to SL and test if TL reproduces itself. virtually nothing, only demands [Chirica and Martin 1986], [Moore 1988] Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 9 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

  10. DEMO Wolfgang Goerigk - ACL2 2000 Workshop, University of Texas at Austin, Oct. 31, 2000 10 Christian-Albrechts-Universit¨ at zu Kiel - Institut f¨ ur Informatik und Praktische Mathematik

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the correctness of grammars, i.e., for proving that grammars generate the languages we want them to. 1 / 21 Definition of Suppose G is a grammar and

324 views • 21 slides
Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the Projektgruppe Formale Methoden der Softwareentwicklung WS 2012/2013 1 / 24 Introduction Formal Verification Formally prove correctness of

457 views • 41 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification Inductive invariants are easy to prove Provable by SAT for finite state machines In ACL2, can use GL. Downsides:

596 views • 12 slides
Proving Correctness of a KRK Chess Endgame Strategy by SAT-based Constraint Solving Marko

Proving Correctness of a KRK Chess Endgame Strategy by SAT-based Constraint Solving Marko

Introduction Reduction to SAT and URSA system Chess Endgame Strategies and Bratkos Strategy for KRK URSA Specification of KRK Endgame and of Strategy Correctness of Strategy Discussion and Conclusions Proving Correctness of a KRK Chess

390 views • 27 slides
Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe Zhang Matthias Felleisen Northeastern University 1 Dracula 2 Modular ACL2 (interface TYPE (sig pred (x))) (interface LIST-OF (extend TYPE)

701 views • 16 slides
Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of Wyoming 1 defpun A macro for consistently introducing partial functions into CAL2. Described in Pete & Js paper, Partial Functions in ACL2

295 views • 27 slides
Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick Universitt Oldenburg February 2017 Intro Correctness Results Rel. Work Conclusion Extras Outline Correctness and Graph Programs 1

354 views • 24 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a 1 a 2 Sebastian Buruian S , tefan Ciob ac 1 Alexandru Ioan Cuza University Bitedefender 2 Alexandru Ioan Cuza University WPTE 2018

435 views • 21 slides
Partial and Total Correctness Natural semantics Example: ( y:=1; while (x=1) do (y:=y x;

Partial and Total Correctness Natural semantics Example: ( y:=1; while (x=1) do (y:=y x;

Partial and Total Correctness Natural semantics Example: ( y:=1; while (x=1) do (y:=y x; x:=x 1) , s ) s y:=1; while (x=1) do s y = ( s x )! and s x > 0 (y:=y x; x:=x 1) Partial correctness: if initially

88 views • 6 slides
Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive

Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive

Algorithm : Design & Analysis Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive Procedures Deriving recurrence equations Solution of the Recurrence equations Guess and proving

615 views • 38 slides
What problem did the paper address? Big Picture Problem Proving correctness of communication

What problem did the paper address? Big Picture Problem Proving correctness of communication

Review of Model Checking Large Network Protocol Implementations Madanlal Musuvathi Dawson Engler By Vamsi Kambhampati 7 th March 2006 What problem did the paper address? Big Picture Problem Proving correctness of communication protocols

341 views • 5 slides
Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
Objec&ves Proving correctness of Stable Matching algorithm Analyzing algorithms

Objec&ves Proving correctness of Stable Matching algorithm Analyzing algorithms

1/12/18 Objec&ves Proving correctness of Stable Matching algorithm Analyzing algorithms Asympto&c running &mes If youre interested, join the W&L Computer Science Facebook Group! Jan 12, 2018 Sprenkle - CSCI211 1

319 views • 18 slides
Decision Procedures Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg

Decision Procedures Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg

Decision Procedures Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg Summer 2013 Jochen Hoenicke (Software Engineering) Decision Procedures Summer 2013 1 / 48 Program Correctness Road Map So far: decision procedures

597 views • 48 slides
Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Outline

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Outline

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Outline Part 1: Weakest Precondition for Program Analysis and Verification Part 2: Polynomial Invariant Generation (TACAS08, LPAR10) Part 3:

589 views • 44 slides
Proofs about Programs Why make you study logic? Program Verification Why make you do

Proofs about Programs Why make you study logic? Program Verification Why make you do

Proofs about Programs Why make you study logic? Program Verification Why make you do proofs? (Rosen, Sections 5.5) Because we want to prove properties of TOPICS programs: Program Correctness Preconditions &

323 views • 8 slides
The Calculus of Computation: Decision Procedures with 5. Program Correctness: Mechanics

The Calculus of Computation: Decision Procedures with 5. Program Correctness: Mechanics

The Calculus of Computation: Decision Procedures with 5. Program Correctness: Mechanics Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 5- 1 5- 2 Program A: LinearSearch with function specification Function

777 views • 12 slides
An Improved Rule for While Loops in Deductive Program Verification Bernhard Beckert 1 Steffen

An Improved Rule for While Loops in Deductive Program Verification Bernhard Beckert 1 Steffen

An Improved Rule for While Loops in Deductive Program Verification Bernhard Beckert 1 Steffen Schlager 2 Peter H. Schmitt 2 1 Universit at Koblenz-Landau 2 Universit at Karlsruhe ICFEM 2005, Manchester Beckert, Schlager, Schmitt (

989 views • 56 slides
't thiuers,Ls GPslto6Ug *r*gn DEDuCftve rE F{R oF PQ,o6RAns NTiCS ft.3.* : tl (*,1'i,5)!

't thiuers,Ls GPslto6Ug *r*gn DEDuCftve rE F{R oF PQ,o6RAns NTiCS ft.3.* : tl (*,1'i,5)!

trfi't* t tGt, lufr* ffific. nsRTiql: ffi |hr|fior,:3 r:r fA rfr ffif 't thiuers,Ls GPslto6Ug *r*gn DEDuCftve rE F{R oF PQ,o6RAns NTiCS ft.3.* : tl (*,1'i,5)! srhlg.g 7.>S b. )l tP.(t'cr[,[ * t = . - g ) (*,b,ig): LP.r

426 views • 15 slides
Towards Proving Runtime Properties of Data-Driven Systems Using Safety Envelopes Samuel Breese

Towards Proving Runtime Properties of Data-Driven Systems Using Safety Envelopes Samuel Breese

Towards Proving Runtime Properties of Data-Driven Systems Using Safety Envelopes Samuel Breese Fotis Kopsaftopoulos Carlos Varela Rensselaer Polytechnic Institute Dynamic Data Driven Application Systems (DDDAS) Session International Workshop

418 views • 21 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides

More recommend