verifying a lustre compiler part 1
play

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 - PowerPoint PPT Presentation

Mar 14, 2023 •256 likes •1.06k views

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et Marie Curie 5.

  1. Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Lélio Brun 1 , 2 Pierre-Évariste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, École normale supérieure 3. CNRS 4. Univ. Pierre et Marie Curie 5. Yale University SYNCHRON Workshop, Bamberg—December 2016 1 / 20

  2. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) 2 / 20

  3. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) Coq [ The Coq Development Team (2016): The Coq proof ] assistant reference manual • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or � your favourite tool � ? 2 / 20

  4. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) Coq [ The Coq Development Team (2016): The Coq proof ] assistant reference manual • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or � your favourite tool � ? CompCert: a formal model and compiler for a subset of C • A generic machine-level model of execution and memory • A verified path to assembly code � Blazy, Dargaye, and Leroy (2006): “Formal � � Leroy (2009): “Formal verification of a � Verification of a C Compiler Front-End” realistic compiler” 2 / 20

  5. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) Coq [ The Coq Development Team (2016): The Coq proof ] assistant reference manual • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or � your favourite tool � ? CompCert: a formal model and compiler for a subset of C • A generic machine-level model of execution and memory • A verified path to assembly code � Blazy, Dargaye, and Leroy (2006): “Formal � � Leroy (2009): “Formal verification of a � Verification of a C Compiler Front-End” realistic compiler” • Computer assistance is all but essential for such detailed models. 2 / 20

  6. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc generation Clight compilation Assembly printing 3 / 20

  7. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc generation Clight compilation Assembly printing 3 / 20

  8. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation Clight compilation Assembly printing 3 / 20

  9. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [ Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] compilation Assembly printing 3 / 20

  10. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [ Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration to Scheduled and Normalized Lustre. compilation Assembly printing 3 / 20

  11. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [ Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration to Scheduled and Normalized Lustre. compilation • Translation to intermediate Obc code. Assembly printing 3 / 20

  12. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [ Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration to Scheduled and Normalized Lustre. compilation • Translation to intermediate Obc code. Assembly • Optimization of intermediate Obc code. printing 3 / 20

  13. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [ Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration to Scheduled and Normalized Lustre. compilation • Translation to intermediate Obc code. Assembly • Optimization of intermediate Obc code. printing • Generation of CompCert Clight code. 3 / 20

  14. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser ( menhir –coq ) [ Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [ Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration to Scheduled and Normalized Lustre. compilation • Translation to intermediate Obc code. Assembly • Optimization of intermediate Obc code. printing • Generation of CompCert Clight code. • Rely on CompCert for compilation. 3 / 20

  15. Lustre 30 years later? [ ] Caspi et al. (1987): “LUSTRE: A declarative language for programming synchronous systems” Not quite. . . • No pre : use fby , avoid initialization analysis for now • No sub-clocking on inputs or outputs • No current : use (binary) merge • No external calls 4 / 20

  16. Lustre 30 years later? [ ] Caspi et al. (1987): “LUSTRE: A declarative language for programming synchronous systems” Not quite. . . • No pre : use fby , avoid initialization analysis for now • No sub-clocking on inputs or outputs • No current : use (binary) merge • No external calls Two talks 1 Tim: • Overview • Translation correctness: SN-Lustre to Obc (recap) • Control-fusion optimization • Integration of Clight operators 2 Lélio: • Obc to Clight • Demo 4 / 20

  17. Outline Verifying Lustre compilation in Coq Translation correctness: SN-Lustre to Obc Fusion of control structures Integrating Clight operators into N-Lustre and Obc Conclusion 5 / 20

  18. Translation of SN-Lustre to Obc translation SN-Lustre Obc 6 / 20

  19. Translation of SN-Lustre to Obc translation SN-Lustre Obc functional program ( ≈ 100 lines) 6 / 20

  20. Translation of SN-Lustre to Obc translation SN-Lustre Obc functional program ( ≈ 100 lines) sem_node G f xss yss ( f t , s 0 ) stream ( T + i ) → stream ( T + o ) S × T + → T + o × S S i 6 / 20

  21. Translation of SN-Lustre to Obc translation SN-Lustre Obc functional program ( ≈ 100 lines) induction is too weak ✪ sem_node G f xss yss ( f t , s 0 ) stream ( T + i ) → stream ( T + o ) S × T + → T + o × S S i 6 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke,

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-variste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Llio Brun Verifying a Lustre Compiler Part 2 December 7,

907 views • 47 slides
1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6 compiler 3 Outline Lustre Lustre V6 P. Raymond & the Synchronous group et al. The Lustre V6 compiler P. Raymond, J. Ballet, E. Jahier 4

803 views • 37 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SYNCHRON18 November 29, 2018 The problem Adding the modular reset to Vlus 1 / 22 The problem Adding the modular

1.74k views • 143 slides
Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

1.41k views • 92 slides
A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John Matthews Galois Connections August 15, 2006 1 Presently at Microsoft. Thanks Rockwell Collins Advanced Technology Center, especially David

655 views • 27 slides
Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert Sison (UNSW Sydney, Data61) and Toby Murray (University of Melbourne) September 2019 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au So

1.94k views • 156 slides
What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda Bonnie Zach Fuerst Thomas Stitt Overview Motivation Configuration Tracing Metadata Improving Metadata Hardware Multiple Lustre

416 views • 23 slides
The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre Group May 2008 1 1 Introduction Lustre Centre of Excellence (LCE) > Established Nov 2006 by Cluster File Systems, Inc. (acquired by Sun in

356 views • 23 slides
Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Mitglied der Helmholtz-Gemeinschaft Mitglied der Helmholtz-Gemeinschaft Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre Status Lustre Status Storage Extension Fluctuation in Performance Lustre

195 views • 16 slides
Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation on the Cray XT System configuration requirements System configuration requirements Software configuration for failover Current

408 views • 16 slides
Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes

Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes

Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes Temporal operators memories : pre , -> clocks : when , current Data types/operators bool , int , real + all arithmethic and logic

541 views • 23 slides
Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019

Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019

Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019 LLNL-PRES-773414 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract

322 views • 14 slides
Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda

Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda

Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda Current Cray Lustre model Current Lustre offerings Cray and OpenSFS The Lustre 2.1 community Future Cray Lustre model Cray Lustre roadmap

226 views • 12 slides
An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag

An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag

Introduction RTC Lustre Lustre+MPA Conclusion An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag Grenoble France December 1, 2008 Matthieu Moy (VerimagGrenobleFrance) RTC/Lustre December 1,

748 views • 54 slides
gpucc: An Open-Source GPGPU Compiler Jingyue Wu , Artem Belevich, Eli Bendersky, Mark Heffernan,

gpucc: An Open-Source GPGPU Compiler Jingyue Wu , Artem Belevich, Eli Bendersky, Mark Heffernan,

gpucc: An Open-Source GPGPU Compiler Jingyue Wu , Artem Belevich, Eli Bendersky, Mark Heffernan, Chris Leary, Jacques Pienaar, Bjarke Roune, Rob Springer, Xuetian Weng, Robert Hundt One-Slide Overview Motivation Binary dependencies,

465 views • 33 slides
Build your own WebAssembly Compiler Colin Eberhardt, Scott Logic https://wasmweekly.news/ Why

Build your own WebAssembly Compiler Colin Eberhardt, Scott Logic https://wasmweekly.news/ Why

Build your own WebAssembly Compiler Colin Eberhardt, Scott Logic https://wasmweekly.news/ Why do we need WebAssembly? JavaScript is a compilation target > WebAssembly or wasm is a new portable, size- and load-time-efficient format

658 views • 62 slides
A Compiler Intermediate Representation for Stencils Climate change is now affecting every

A Compiler Intermediate Representation for Stencils Climate change is now affecting every

spcl.inf.ethz.ch @spcl_eth J EAN -M ICHEL G ORIUS , T OBIAS W ICKY , T OBIAS G ROSSER , AND T OBIAS G YSI A Compiler Intermediate Representation for Stencils Climate change is now affecting every country on every continent. It is disrupting

787 views • 42 slides
OmpSs + OpenACC Multi-target Task-Based Programming Model Exploiting OpenACC GPU Kernel Guray

OmpSs + OpenACC Multi-target Task-Based Programming Model Exploiting OpenACC GPU Kernel Guray

www.bsc.es www.bsc.es OmpSs + OpenACC Multi-target Task-Based Programming Model Exploiting OpenACC GPU Kernel Guray Ozen guray.ozen@bsc.es Exascale in BSC Marenostrum 4 (13.7 Petaflops ) General purpose cluster (3400 nodes) with Intel

464 views • 20 slides
A Preliminary Study of Compiler Transformations for Graph Applications on the EMU System

A Preliminary Study of Compiler Transformations for Graph Applications on the EMU System

A Preliminary Study of Compiler Transformations for Graph Applications on the EMU System Prasanth Chatarasi and Vivek Sarkar Habanero Extreme Scale Software Research Project Georgia Institute of Technology, Atlanta, USA 1 Prasanth Chatarasi

550 views • 20 slides
David Markachev CSE814 Topics What is Spec# Similarities

David Markachev CSE814 Topics What is Spec# Similarities

David Markachev CSE814 Topics What is Spec# Similarities with SPARK Dealing with an Object Oriented Language Dealing with Abstraction CSE814

289 views • 27 slides
Causal Block Diagram: compiler to LaTeX and DEVS Nicolas Demarbaix Overview Introduction

Causal Block Diagram: compiler to LaTeX and DEVS Nicolas Demarbaix Overview Introduction

Causal Block Diagram: compiler to LaTeX and DEVS Nicolas Demarbaix Overview Introduction Theoretical background Design & Implementation Conclusion 2 Introduction 3 Introduction Why ? Clear and detailed description

1.02k views • 19 slides
Outline Trusting trust attack Countering Trusting Trust What it is through Diverse

Outline Trusting trust attack Countering Trusting Trust What it is through Diverse

Outline Trusting trust attack Countering Trusting Trust What it is through Diverse Double-Compiling Attacker motivations Triggers & payloads David A. Wheeler Inadequate solutions & related work Solution: Diverse

517 views • 25 slides

More recommend