uf minimizing the coq extraction tcb
play

uf: Minimizing the Coq Extraction TCB Eric Mullen , Stuart - PowerPoint PPT Presentation

Jan 04, 2023 •228 likes •1.3k views

uf: Minimizing the Coq Extraction TCB Eric Mullen , Stuart Pernsteiner, James Wilcox, Zachary Tatlock, Dan Grossman 1 Extraction 2 Extraction K coq 2 Extraction K coq 2 Extraction K coq Extraction 2 Extraction K coq Extraction K

  1. Œuf: Minimizing the Coq Extraction TCB Eric Mullen , Stuart Pernsteiner, James Wilcox, Zachary Tatlock, Dan Grossman 1

  2. Extraction 2

  3. Extraction K coq 2

  4. Extraction K coq 2

  5. Extraction K coq Extraction 2

  6. Extraction K coq Extraction K ocaml 2

  7. Extraction ? K coq Extraction K ocaml 2

  8. Extraction ? K coq Extraction K ocaml ocamlc 2

  9. Extraction ? K coq Extraction K ocaml ocamlc K asm 2

  10. Extraction ? ? K coq Extraction K ocaml ocamlc K asm 2

  11. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm 2

  12. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: 2

  13. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: K coq 2

  14. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: K coq 2

  15. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: Œuf K coq 2

  16. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: Œuf K coq K Cminor 2

  17. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: Œuf K coq K Cminor 2

  18. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: Œuf K coq K Cminor CompCert 2

  19. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: Œuf K coq K Cminor CompCert K asm 2

  20. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Œuf: Œuf K coq K Cminor CompCert K asm 2

  21. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Shim Œuf: Œuf K coq K Cminor CompCert K asm 2

  22. Extraction ? ? Current: K coq Extraction K ocaml ocamlc K asm Shim Œuf: Œuf K coq K Cminor CompCert K asm Shim 2

  23. Extraction Œuf: Œuf K coq K Cminor CompCert K asm Shim 3

  24. Extraction 1.Novel frontend guarantees correct input Œuf: Œuf K coq K Cminor CompCert K asm Shim 3

  25. Extraction 1.Novel frontend guarantees correct input 2.Correctness theorem allows shim reasoning Œuf: Œuf K coq K Cminor CompCert K asm Shim 3

  26. Related Work 4

  27. Related Work • Built in HOL • Uses Di ff erent Frontend Technique 4

  28. Related Work • Built in HOL • Uses Di ff erent Frontend Technique • Aims to compile all of Gallina • Doesn’t support shim reasoning • No frontend trust story 4

  29. Related Work • Built in HOL • Uses Di ff erent CompCert Frontend Technique Provides the • Aims to compile all compiler of Gallina backend for • Doesn’t support Œuf (and shim reasoning CertiCoq) • No frontend trust story 4

  30. Outline Architecture Guarantee Evaluation 5

  31. Outline Architecture Guarantee Evaluation 6

  32. 7

  33. Outline Architecture Guarantee Evaluation 8

  34. Outline Architecture Guarantee Evaluation 9

  35. Architecture Oeuf K coq K Cminor CompCert K asm Shim 10

  36. Architecture K coq 10

  37. Architecture K coq 11

  38. Architecture Reflect K coq 11

  39. Architecture Reflect K coq K AST 11

  40. Architecture Reflect K coq K AST Denote 11

  41. Architecture Reflect K coq K AST Serialize Denote 11

  42. Architecture Reflect K coq K AST Serialize Denote 11

  43. Architecture Reflect K coq K AST Serialize Deserialize Denote 11

  44. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote 11

  45. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile 11

  46. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile K Cminor 11

  47. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile K Cminor Shim 11

  48. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile K Cminor CompCert Shim 11

  49. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile K Cminor CompCert Shim S Cminor 11

  50. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile Link K Cminor CompCert Shim S Cminor 11

  51. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile Link K Cminor L Cminor CompCert Shim S Cminor 11

  52. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile Link K Cminor L Cminor CompCert CompCert Shim S Cminor 11

  53. Architecture Reflect Deserialize K AST K coq K AST Serialize Denote Compile Link K Cminor L Cminor CompCert L asm CompCert Shim S Cminor 11

  54. Frontend Reflect K coq K AST Denote 12

  55. Frontend Reflect e ::= K coq K AST | x (var) | e e (application) Denote | C e* (constructor) | E e* e (eliminator) | f e* (closure creation) 12

  56. Frontend Reflect e ::= K’ coq K AST | x (var) | e e (application) Denote | C e* (constructor) | E e* e (eliminator) Remove Dep Types Pattern Matching -> Elims | f e* (closure creation) K coq 12

  57. Frontend Reflect e ::= K’ coq K AST | x (var) | e e (application) Denote | C e* (constructor) | E e* e (eliminator) Remove Dep Types Pattern Matching -> Elims | f e* (closure creation) K coq Theorem: 12

  58. Frontend Language Restrictions K coq K AST Denote 13

  59. Frontend Language Restrictions K coq K AST Denote • No Fixpoints 13

  60. Frontend Language Restrictions K coq K AST Denote • No Fixpoints • No Pattern Matching 13

  61. Frontend Language Restrictions K coq K AST Denote • No Fixpoints • No Pattern Matching • No Dependent Types 13

  62. Frontend Language Restrictions K coq K AST Denote • No Fixpoints • No Pattern Matching • No Dependent Types • All Types built into Œuf 13

  63. Compiler Deserialize K AST Serialize Compile K Cminor 14

  64. Compiler Deserialize K AST Serialize Compile K Cminor 45 verified compilation passes 14

  65. Compiler Deserialize K AST Serialize Compile K Cminor 45 verified compilation passes 14

  66. Compiler Deserialize K AST Serialize Compile K Cminor 45 verified compilation passes 14

  67. Shim K Cminor Shim 15

  68. Shim K Cminor CompCert Shim 15

  69. Shim K Cminor CompCert Shim S Cminor 15

  70. Shim Link K Cminor CompCert Shim S Cminor 15

  71. Shim Link K Cminor L Cminor CompCert Shim S Cminor 15

  72. Shim Link K Cminor L Cminor CompCert CompCert Shim S Cminor 15

  73. Shim Link K Cminor L Cminor CompCert L asm CompCert Shim S Cminor 15

  74. Shim Link K Cminor L Cminor CompCert L asm CompCert Shim S Cminor 15

  75. Outline Architecture Guarantee Evaluation 16

  76. Outline Architecture Guarantee Evaluation 17

  77. Guarantee S Cminor 18

  78. Guarantee S Coq S Cminor 18

  79. Guarantee S Coq match S Cminor 18

  80. Guarantee 1) evaluate S Coq match S Cminor 18

  81. Guarantee 1) evaluate S Coq V Coq match S Cminor 18

  82. Guarantee 1) evaluate S Coq V Coq match 2) match S Cminor 18

  83. Guarantee 1) evaluate S Coq V Coq match 2) match S Cminor V Cminor 18

  84. Guarantee 1) evaluate S Coq V Coq match 2) match S Cminor V Cminor 3) steps* 18

  85. Guarantee 1) evaluate S Coq V Coq match 2) match S Cminor V Cminor 3) steps* *Cminor is Deterministic 18

  86. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim 19

  87. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim Œuf coq 19

  88. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim Extraction Œuf coq 19

  89. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim Extraction Œuf coq Œuf ocaml 19

  90. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim ? Extraction Œuf coq Œuf ocaml 19

  91. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim ? Extraction Œuf coq Œuf ocaml Œuf Driver 19

  92. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim ? Extraction Œuf coq Œuf ocaml ocamlc Œuf Driver 19

  93. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim ? Extraction Œuf coq Œuf ocaml ocamlc Œuf asm Œuf Driver 19

  94. TCB Œuf: Œuf K coq K Cminor CompCert K asm Shim ? ? Extraction Œuf coq Œuf ocaml ocamlc Œuf asm Œuf Driver 19

  95. Outline Architecture Guarantee Evaluation 20

  96. Outline Architecture Guarantee Evaluation 21

  97. Evaluation • Eliminate trust in parser • Provide API for shim reasoning • Verify the compiler • Works on real code • Performance? 22

  98. Evaluation • Eliminate trust in parser • Provide API for shim reasoning • Verify the compiler • Works on real code • Performance? 22

  99. Evaluation • Eliminate trust in parser • Provide API for shim reasoning • Verify the compiler • Works on real code • Performance? 22

  100. Evaluation • Eliminate trust in parser • Provide API for shim reasoning • Verify the compiler • Works on real code • Performance? 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Minimizing the Air Impacts of Marcellus Shale Activity in Allegheny County Presentation to

Minimizing the Air Impacts of Marcellus Shale Activity in Allegheny County Presentation to

Minimizing the Air Impacts of Marcellus Shale Activity in Allegheny County Presentation to Allegheny County Air Advisory Committee October 19, 2010 What Pollutants are Emitted During Natural Gas Drilling, Extraction, Processing, and

787 views • 19 slides
Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Presenting a live 90 minute webinar with interactive Q&A Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults and Bankruptcy THURS

979 views • 95 slides
Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike; satellite components ) Minimizing volume ( mobile phone; minidisk player ) Objectives Minimizing environmental impact ( packaging, cars ) Maximizing

450 views • 24 slides
Declarative Information Extraction Declarative Information Extraction Using Datalog Datalog with

Declarative Information Extraction Declarative Information Extraction Using Datalog Datalog with

Declarative Information Extraction Declarative Information Extraction Using Datalog Datalog with Embedded with Embedded Using Extraction Predicates Extraction Predicates Warren Shen, AnHai Doan, Jeffrey Naughton University of Wisconsin,

566 views • 25 slides
3. Feature Extraction 3.1 Feature Extraction from Speech or other types of audio like music

3. Feature Extraction 3.1 Feature Extraction from Speech or other types of audio like music

3. Feature Extraction 3.1 Feature Extraction from Speech or other types of audio like music See Schukat-Talamazzini Chapter 3 2 Goal of Feature Extraction Capture essential information about speech Be robust against background

741 views • 55 slides
Soil Extraction Cell: An Alternative Soil Extraction Cell: An Alternative Method of Soil

Soil Extraction Cell: An Alternative Soil Extraction Cell: An Alternative Method of Soil

Soil Extraction Cell: An Alternative Soil Extraction Cell: An Alternative Method of Soil Extraction for O Organics i Joe Boyd Environmental Express Charleston, SC , Various Extraction Techniques Various Extraction Techniques

475 views • 24 slides
The fundamental idea of program extraction 2 / 51 The fundamental idea of program extraction A

The fundamental idea of program extraction 2 / 51 The fundamental idea of program extraction A

IFP - A Logic for Program Extraction 1 Ulrich Berger Swansea University BCTCS Durham, April 15-17, 2019 1 available at www.cs.swan.ac.uk/ csulrich/slides.html 1 / 51 The fundamental idea of program extraction 2 / 51 The fundamental idea

1.59k views • 131 slides
Minimizing Phosphorus Loss with 4R Nutrient Stewardship & Cover Crops Nathan Nelson, Kraig

Minimizing Phosphorus Loss with 4R Nutrient Stewardship & Cover Crops Nathan Nelson, Kraig

Minimizing Phosphorus Loss with 4R Nutrient Stewardship & Cover Crops Nathan Nelson, Kraig Roozeboom, Peter Tomlinson, Gerard Kluitenberg, Phil Barnes, and Jeff Williams Kansas State University Maximizing returns and minimizing externalities

301 views • 27 slides
Relation Extraction CSCI 699 Instructor: Xiang Ren USC Computer Science Relation extraction

Relation Extraction CSCI 699 Instructor: Xiang Ren USC Computer Science Relation extraction

Relation Extraction CSCI 699 Instructor: Xiang Ren USC Computer Science Relation extraction example CHICAGO (AP) Citing high fuel prices, United Airlines said Friday it has increased fares by $6 per round trip on flights to some cities

1.56k views • 121 slides
? (entity type) Apr 23, 2007 NAACL-HLT 2 1 What Is Relation Extraction? hundreds of

? (entity type) Apr 23, 2007 NAACL-HLT 2 1 What Is Relation Extraction? hundreds of

A Systematic Exploration of the Feature Space for Relation Extraction Jing Jiang & ChengXiang Zhai Department of Computer Science University of Illinois, Urbana-Champaign What Is Relation Extraction? hundreds of Palestinians converged

678 views • 23 slides
Automated Feature Extraction Automated Feature Extraction for Object Recognition for Object

Automated Feature Extraction Automated Feature Extraction for Object Recognition for Object

Automated Feature Extraction Automated Feature Extraction for Object Recognition for Object Recognition I.Levner and V.Bulitko http://ircl.cs.ualberta.ca Outline Outline Motivation System Overview Feature Extraction Problem

601 views • 15 slides
Machine Learning (CSE 446): Learning as Minimizing Loss; Least Squares Sham M Kakade c 2018

Machine Learning (CSE 446): Learning as Minimizing Loss; Least Squares Sham M Kakade c 2018

Machine Learning (CSE 446): Learning as Minimizing Loss; Least Squares Sham M Kakade c 2018 University of Washington cse446-staff@cs.washington.edu 1 / 13 Review 1 / 13 Alternate View of PCA: Minimizing Reconstruction Error Assume that

729 views • 25 slides
Proximal Newton-type methods for minimizing composite functions Jason D. Lee Joint work with

Proximal Newton-type methods for minimizing composite functions Jason D. Lee Joint work with

Proximal Newton-type methods for minimizing composite functions Jason D. Lee Joint work with Yuekai Sun, Michael A. Saunders Institute for Computational and Mathematical Engineering, Stanford University June 12, 2014 Minimizing composite

713 views • 32 slides
AB Feature Extraction Experiments Discussion Noise Robust LVCSR Feature Extraction Based on

AB Feature Extraction Experiments Discussion Noise Robust LVCSR Feature Extraction Based on

Introduction AB Feature Extraction Experiments Discussion Noise Robust LVCSR Feature Extraction Based on the Stabilized Weighted Linear Prediction HUT-TUT Fall DSP Seminar 2008 Heikki Kallasjoki Adaptive Informatics Research Centre

316 views • 18 slides
Mohamed Thahir Traditional and Open Relation Extraction Read the Web Relation Extraction

Mohamed Thahir Traditional and Open Relation Extraction Read the Web Relation Extraction

Mohamed Thahir Traditional and Open Relation Extraction Read the Web Relation Extraction Experimental Results Coupled learning of Predicates Challenges and ongoing work A relation is instantiated with a set of manually

550 views • 27 slides
Data Mining l The Extraction of useful information from data l The automated extraction of hidden

Data Mining l The Extraction of useful information from data l The automated extraction of hidden

Data Mining l The Extraction of useful information from data l The automated extraction of hidden predictive information from (large) databases l Business, Huge data bases, customer data, mine the data Also Medical, Genetic, Astronomy, etc. l

535 views • 32 slides
Propagating ECN across IP tunnel Headers Separated by a Shim

Propagating ECN across IP tunnel Headers Separated by a Shim

Propagating ECN across IP tunnel Headers Separated by a Shim draft-ietf-tsvwg-rfc6040update-shim-04 Bob Briscoe bobbriscoe.net IETF-99, Jul 2017 draft-ietf-tsvwg-rfc6040update-shim-04 Problem #1 RFC6040 Tunnelling of ECN; scope was

187 views • 7 slides
AdL SUS/US Quad Controls Conceptual Design J. Heefner 7/12/2005 LIGO-G050318-00-C AdL SUS

AdL SUS/US Quad Controls Conceptual Design J. Heefner 7/12/2005 LIGO-G050318-00-C AdL SUS

AdL SUS/US Quad Controls Conceptual Design J. Heefner 7/12/2005 LIGO-G050318-00-C AdL SUS Controls Conceptual Design Design Considerations AdL Controls Architecture has yet to be determined Controls block diagram based on scaling

180 views • 17 slides
P4 P4 Cur Curriculum riculum Briefing Briefing 2016 2016 Self-directed Learners,

P4 P4 Cur Curriculum riculum Briefing Briefing 2016 2016 Self-directed Learners,

Welcome to P4 P4 Cur Curriculum riculum Briefing Briefing 2016 2016 Self-directed Learners, Compassionate Leaders & Responsible and Useful Citizens Programme Sharing on School Vision, Mission and Values Introduction to School

725 views • 70 slides
Origin of brane cosmological constant in warped geometry models Soumitra SenGupta IACS, Kolkata

Origin of brane cosmological constant in warped geometry models Soumitra SenGupta IACS, Kolkata

Origin of brane cosmological constant in warped geometry models Soumitra SenGupta IACS, Kolkata 26 July, 2013 S.SenGupta (IACS, Kolkata, India) () Origin of brane cosmological Constant in warped geometry models 1 / 51 The talk is based on my

888 views • 51 slides
Scheduling-Independence in SHIM Olivier Tardieu Columbia University, New York joint work with

Scheduling-Independence in SHIM Olivier Tardieu Columbia University, New York joint work with

Scheduling-Independence in SHIM Olivier Tardieu Columbia University, New York joint work with Prof. Stephen A. Edwards Software/Hardware Integration Medium SHIM is a concurrent programming language C/Java-like syntax and semantics for

478 views • 24 slides
Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel

Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel

Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel Corporation Agenda Why Kata Containers? Acceptance Community growth Ecosystem influence Hypervisor flexible

958 views • 49 slides
6.888 Lecture 6: Network Performance Isola8on Mohammad Alizadeh Spring 2016 1 Mul8-tenant

6.888 Lecture 6: Network Performance Isola8on Mohammad Alizadeh Spring 2016 1 Mul8-tenant

6.888 Lecture 6: Network Performance Isola8on Mohammad Alizadeh Spring 2016 1 Mul8-tenant Cloud Data Centers Shared infrastructure between mul8ple tenants/apps Lack of Performance Predictability GAE memcache read 100 values Unpredictable

730 views • 31 slides
Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides

More recommend