separation algebras for c verification in coq
play

Separation algebras for C verification in Coq Robbert Krebbers - PowerPoint PPT Presentation

Oct 12, 2022 •48 likes •598 views

Separation algebras for C verification in Coq Robbert Krebbers ICIS, Radboud University Nijmegen, The Netherlands July 18, 2014 @ VSTTE, Vienna, Austria 1 Context of this talk Formalin (Krebbers & Wiedijk) Compiler independent C

  1. Separation algebras for C verification in Coq Robbert Krebbers ICIS, Radboud University Nijmegen, The Netherlands July 18, 2014 @ VSTTE, Vienna, Austria 1

  2. Context of this talk Formalin (Krebbers & Wiedijk) ◮ Compiler independent C semantics in Coq ◮ Take underspecification by C11 seriously H H ◮ Operational semantics C11 ◮ Executable semantics O ◮ Typing and type checker ◮ Separation logic 2

  3. Context of this talk Formalin (Krebbers & Wiedijk) ◮ Compiler independent C semantics in Coq ◮ Take underspecification by C11 seriously H H ◮ Operational semantics C11 ◮ Executable semantics O ◮ Typing and type checker ◮ Separation logic ⇒ topic of this talk 2

  4. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } 3

  5. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right 3

  6. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order 3

  7. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order This program violates the sequence point restriction ◮ due to two unsequenced writes to x ◮ undefined behavior: garbage in, garbage out ⇒ all bets are off ◮ thus both compilers are right 3

  8. Why compiler (in)dependence matters int main() { int x; int y = (x = 3) + (x = 4); printf("%d %d\n", x, y); } Let us try some compilers ◮ Clang prints 4 7 , seems just left-right ◮ GCC prints 4 8 , does not correspond to any evaluation order This program violates the sequence point restriction ◮ due to two unsequenced writes to x ◮ undefined behavior: garbage in, garbage out ⇒ all bets are off ◮ thus both compilers are right Formalin should account for all undefined behavior 3

  9. Separation logic for C [Krebbers, POPL’14] Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } 4

  10. Separation logic for C [Krebbers, POPL’14] Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } What does this mean: ◮ Split the memory into two disjoint parts ◮ Prove that e 1 and e 2 can be executed safely in their part ◮ Now e 1 ⊚ e 2 can be executed safely in the whole memory 4

  11. Separation logic for C [Krebbers, POPL’14] Observation : non-determinism corresponds to concurrency Idea : use the separation logic rule for parallel composition { P 1 } e 1 { Q 1 } { P 2 } e 2 { Q 2 } { P 1 ∗ P 2 } e 1 ⊚ e 2 { Q 1 ∗ Q 2 } What does this mean: ◮ Split the memory into two disjoint parts ◮ Prove that e 1 and e 2 can be executed safely in their part ◮ Now e 1 ⊚ e 2 can be executed safely in the whole memory Disjointness ⇒ no sequence point violation 4

  12. Connectives of separation logic The connectives of separation logic are defined as: emp := λ m . m = ∅ P ∗ Q := λ m . ∃ m 1 m 2 . m = m 1 ∪ m 2 ∧ P m 1 ∧ Q m 2 5

  13. Connectives of separation logic The connectives of separation logic are defined as: emp := λ m . m = ∅ P ∗ Q := λ m . ∃ m 1 m 2 . m = m 1 ∪ m 2 ∧ P m 1 ∧ Q m 2 Definition of is non-trivial: ◮ Complex memory based on structured trees ◮ Fractional permissions for share-accounting For example needed in x + x ◮ Existence permissions for pointer arithmetic For example needed in *(p + 1) = (*p = 1) ◮ Locked permissions for sequence point restriction 5

  14. Connectives of separation logic The connectives of separation logic are defined as: emp := λ m . m = ∅ P ∗ Q := λ m . ∃ m 1 m 2 . m = m 1 ∪ m 2 ∧ P m 1 ∧ Q m 2 Definition of is non-trivial: ◮ Complex memory based on structured trees ◮ Fractional permissions for share-accounting For example needed in x + x ◮ Existence permissions for pointer arithmetic For example needed in *(p + 1) = (*p = 1) ◮ Locked permissions for sequence point restriction Use separation algebras [Calcagno et al. , LICS’07] to abstractly describe the permissions and memory 5

  15. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A 6

  16. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A Total instead of partial 6

  17. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A Total instead of partial Disjointness 6

  18. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A To avoid subset types Total instead of partial Disjointness 6

  19. Tweaked version of separation algebras in Coq Def: A simple separation algebra consists of a set A , with: ◮ An element ∅ : A ◮ A predicate valid : A → Prop ◮ Binary relations ⊥ , ⊆ : A → A → Prop ◮ Binary operations ∪ , \ : A → A → A To avoid subset types Total instead of partial Disjointness Satisfying the following laws: 1. If x ⊥ y , then y ⊥ x and x ∪ y = y ∪ x 2. If valid x , then ∅ ⊥ x and ∅ ∪ x = x 3. Associative, non-empty, cancellative, positive, . . . 6

  20. Example: fractional separation algebra Fractional permissions [0 , 1] Q [Boyland, SAS’09] Read-only No access Exclusive access 0 1 Rational numbers make it possible to split Read-only permissions 7

  21. Example: fractional separation algebra Fractional permissions [0 , 1] Q [Boyland, SAS’09] Read-only No access Exclusive access 0 1 Rational numbers make it possible to split Read-only permissions Def: The simple fractional separation algebra Q is defined as: valid x := 0 ≤ x ≤ 1 ∅ := 0 x ⊥ y := 0 ≤ x , y ∧ x + y ≤ 1 x ∪ y := x + y x ⊆ y := 0 ≤ x ≤ y ≤ 1 x \ y := x − y 7

  22. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed 8

  23. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable Writable Readable Locked Existing ⊥ 8

  24. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing Writable Readable Locked Existing ⊥ 8

  25. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing ◮ Readable: reading Writable Readable Locked Existing ⊥ 8

  26. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing ◮ Readable: reading Writable ◮ Existing: existence permissions , only pointer arithmetic Readable Locked Existing ⊥ 8

  27. Organization of permissions Separation logic: ∪ main connective (from separation algebra) Operational semantics: need to know what is allowed Def: Lattice of permission kinds (pkind , ⊆ k ) ◮ Freeable: reading, writing, deallocation Freeable ◮ Writable: reading, writing ◮ Readable: reading Writable ◮ Existing: existence permissions , only pointer arithmetic Readable Locked ◮ Locked: temporarily locked until next sequence point Existing Example: (x = 3) + (*p = 4); Undefined behavior if &x == p ⊥ 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic Cl ement Hurlin INRIA Sophia Antipolis M editerran ee, France Universiteit Twente, The Netherlands Soutenance de th` ese Th` ese

1.68k views • 130 slides
Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective

Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective

Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective Verification of Pointer Programs Monday 13th May, 2019 1/ 28 Part I Introduction to separation logic 2/ 28 Introduction Verification of imperative

758 views • 28 slides
Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 , Cristina David 2 , Shengchao Qin 3 , and Wei-Ngan Chin 1 , 2 1 Computer Science Programme, Singapore-MIT Alliance 2 Department of Computer Science, National

222 views • 18 slides
Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Dimitra Giannakopoulou Marko Dimjaevi University of Utah NASA Ames Research Center ISSTA 2015, Baltimore, Maryland July 17, 2015 1 /

614 views • 46 slides
Results on potential algebras: contraction algebras and Sklyanin algebras N.K.Iyudu Malta, March

Results on potential algebras: contraction algebras and Sklyanin algebras N.K.Iyudu Malta, March

Results on potential algebras: contraction algebras and Sklyanin algebras N.K.Iyudu Malta, March 2018 1 We consider finiteness conditions and ques- tions of growth of noncommutative algebras, known as A con s. They appear in M.Wemyss work on

214 views • 17 slides
Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation

850 views • 63 slides
Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research

Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research

Research in the Verification of Flight-Critical Systems Alwyn Goodloe NASA Langley Research Center Overview Background Verification and Certification Aircraft self-separation Runtime verification Formal-Methods for numerical

812 views • 50 slides
Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification with Hoare calculus Hoare calculus is based on proof rules manipulating Hoare triples. { P } C { Q } where C is a program P and Q are assertions in some

417 views • 30 slides
Tense MV-algebras and related functions Jan Paseka Michal Botur Department of Mathematics and

Tense MV-algebras and related functions Jan Paseka Michal Botur Department of Mathematics and

Introduction Basic notions and definitions Dyadic numbers and MV-terms Filters, ultrafilters and the term tr Semistates on MV-algebras Functions between MV-algebras and their construction The main theorem and its applications Tense MV-algebras

1.59k views • 121 slides
Implicative algebras: a new foundation for forcing and realizability Alexandre Miquel D E . .

Implicative algebras: a new foundation for forcing and realizability Alexandre Miquel D E . .

Intro Implicative structures Separation The implicative tripos Concl Implicative algebras: a new foundation for forcing and realizability Alexandre Miquel D E . . O L - P O G I U I Q C E A U R D A E L July 21th, 2016

944 views • 82 slides
Verifying Hybrid Systems with Interactive Theorem Provers Jonathan Juli an Huerta y Munive

Verifying Hybrid Systems with Interactive Theorem Provers Jonathan Juli an Huerta y Munive

Verifying Hybrid Systems with Interactive Theorem Provers Jonathan Juli an Huerta y Munive Georg Struth University of Sheffield, UK Algebras for Program Verification Kleene algebras modal Kleene algebras (MKAs) concurrent Kleene

701 views • 44 slides
Varieties of positive interior algebras: operation . The two presentations produce

Varieties of positive interior algebras: operation . The two presentations produce

Modal algebras form the algebraic semantics of normal modal logics. They are Boolean algebras with a unary operation s.t. 1 1 and ( x y ) x y . Modal algebras can be presented also as BAs with a unary

186 views • 5 slides
Verification of a Separation Kernel Inzemamul Haque Indian Institute of Science, Bangalore 17

Verification of a Separation Kernel Inzemamul Haque Indian Institute of Science, Bangalore 17

Introduction Muen Intel Virtualization Support Challenges Approach Verification of a Separation Kernel Inzemamul Haque Indian Institute of Science, Bangalore 17 July 2017 Introduction Muen Intel Virtualization Support Challenges

272 views • 25 slides
Block Decomposition of a Class of Integrable Representations of Toroidal Lie Algebras Tanusree

Block Decomposition of a Class of Integrable Representations of Toroidal Lie Algebras Tanusree

Block Decomposition of a Class of Integrable Representations of Toroidal Lie Algebras Tanusree Khandai Indian Institute of Science Education and Research, Mohali Interactions of quantum affine algebras with cluster algebras, current algebras

327 views • 28 slides
A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le (TU) Makoto Tatsuta (NII) Jun Sun (SUTD) Wei-Ngan Chin (NUS) Computer Aided Verification, 29th International Conference Heidelberg Germany July

490 views • 21 slides
Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its Verification Mads Dam KTH Royal Institute of Technology BISS spring school, Bertinoro 2018 The Goal Hypervisor Context switch: Fixed round-robin

1.16k views • 67 slides
Massachuse(s)Toxics)Use)Reduc1on)Act) (TURA):)Reducing)the)Use)of)Carcinogens) Rachel'Massey'

Massachuse(s)Toxics)Use)Reduc1on)Act) (TURA):)Reducing)the)Use)of)Carcinogens) Rachel'Massey'

Massachuse(s)Toxics)Use)Reduc1on)Act) (TURA):)Reducing)the)Use)of)Carcinogens) Rachel'Massey' Senior'Associate'Director'&'Policy'Program'Manager' Massachuse8s'Toxics'Use'Reduc=on'Ins=tute' ' World'Cancer'Congress' August'30,'2012'

583 views • 44 slides
Interpretive Planning for Museums Oregon Museum AssociationHood River, OregonSeptember 10,

Interpretive Planning for Museums Oregon Museum AssociationHood River, OregonSeptember 10,

Interpretive Planning for Museums Oregon Museum AssociationHood River, OregonSeptember 10, 2018 What are your organizational... Needs? Assets? Constraints? Who is your audience? Current? Aspirational? What is your big idea? What is the

305 views • 3 slides
Chemistry 2000 Slide Set 8: Valence bond theory Marc R. Roussel January 23, 2020 Marc R. Roussel

Chemistry 2000 Slide Set 8: Valence bond theory Marc R. Roussel January 23, 2020 Marc R. Roussel

Chemistry 2000 Slide Set 8: Valence bond theory Marc R. Roussel January 23, 2020 Marc R. Roussel Valence bond theory January 23, 2020 1 / 26 MO theory: a recap A molecular orbital is a one-electron wavefunction which, in principle, extends

276 views • 26 slides
Adsorption Refrigeration Orange Team B Customer Needs Need Attribute Metric Number Spacious

Adsorption Refrigeration Orange Team B Customer Needs Need Attribute Metric Number Spacious

Adsorption Refrigeration Orange Team B Customer Needs Need Attribute Metric Number Spacious Ft 3 5 Volume Cold Temperature o F 33-40 Low cost Money $ <100 Low Time to Years 5 maintenance maintenance Easy refuel Time

255 views • 8 slides
Formalizing the C99 standard Robbert Krebbers Joint work with Freek Wiedijk Radboud University

Formalizing the C99 standard Robbert Krebbers Joint work with Freek Wiedijk Radboud University

Formalizing the C99 standard Robbert Krebbers Joint work with Freek Wiedijk Radboud University Nijmegen November 15, 2011 @ ICT.OPEN, Veldhoven The C programming language Among the two currently most used languages: LangPop.com -

248 views • 24 slides
terpenoids synthesis and pharmacological properties Mariia Nesterkina*and Iryna Kravchenko

terpenoids synthesis and pharmacological properties Mariia Nesterkina*and Iryna Kravchenko

TRP modulators based on glycine and mono-, bicyclic terpenoids synthesis and pharmacological properties Mariia Nesterkina*and Iryna Kravchenko I.I. Mechnikov Odessa National University, 2 Dvorjanskaya st., Odessa, Ukraine * Corresponding

641 views • 15 slides
Biobanking for NEC: Challenges & Opportunities Misty Good, MD, MS Division of Newborn

Biobanking for NEC: Challenges & Opportunities Misty Good, MD, MS Division of Newborn

Biobanking for NEC: Challenges & Opportunities Misty Good, MD, MS Division of Newborn Medicine Department of Pediatrics Washington University School of Medicine Image source: L. Rubenstein/Broad Institute Audience Poll Raise your

683 views • 29 slides
On the Invertibility of ReLU Networks Inverse Problems and Machine Learning, Caltech Jens

On the Invertibility of ReLU Networks Inverse Problems and Machine Learning, Caltech Jens

Faculty 03 Center for Mathematics/ Computer Sciences Industrial Mathematics On the Invertibility of ReLU Networks Inverse Problems and Machine Learning, Caltech Jens Behrmann joint work with: S oren Dittmer, Pascal Fernsel, Peter Maass

528 views • 24 slides

More recommend