verifying a lustre compiler part 2
play

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) - PowerPoint PPT Presentation

Oct 16, 2023 •421 likes •907 views

Verifying a Lustre Compiler Part 2 Llio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-variste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Llio Brun Verifying a Lustre Compiler Part 2 December 7,

  1. Verifying a Lustre Compiler Part 2 Lélio Brun PARKAS (Inria - ENS) Timothy Bourke, Pierre-Évariste Dagand, Xavier Leroy, Marc Pouzet, Lionel Rieg SYNCHRON 2016 December 7, 2016 Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 1 / 19

  2. Introduction Context (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc Verified Lustre compiler generation several passes intermediary imperative language: Obc Clight Obc � → Clight compilation Assembly printing Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 2 / 19

  3. Introduction Context (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc Verified Lustre compiler generation several passes intermediary imperative language: Obc Clight Obc � → Clight compilation Contribution Assembly implementation and correctness proof in Coq printing Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 2 / 19

  4. Obc Syntax Obc: Abstract Syntax s := statement e := expression | x := e (update) | x (local variable) | state ( x ) := e (state update) | state ( x ) (state variable) | if e then s else s (conditional) | c (constant) ⇀ x := c ( i ) . m ( ⇀ | e ) (method call) | ⋄ e (unary operator) | (composition) s ; s | e ⊕ e (binary operator) | skip (do nothing) cls := declaration | class c { (class) memory ⇀ x ty instance ⇀ i c m ( ⇀ x ty ) returns ( ⇀ x ty ) [var ⇀ x ty ] { s } } Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 3 / 19

  5. Obc Syntax Example ✞ ☎ ✞ ☎ node rect(d: int) returns (y: int) class rect { var py: int; memory py: int; let reset () { state(py) := 0 } y = py + d; step(d: int) returns (y: int) { py = 0 fby y; y := state(py) + d; tel state(py) := y } node integrator (a: int) returns (v, x: int) } let v = rect(a); class integrator { x = rect(v); instance v, x: rect; tel reset () { rect(v).reset (); node excess(max , a: int) rect(x).reset () returns (e: bool; x: int) } var v: int; step(a: int) returns (v, x: int) { let v := rect(v).step(a); (v, x) = integrator (a); x := rect(x).step(v) e = v > max; } tel } ✝ ✆ class excess { instance vx: integrator ; reset () { integrator (vx).reset () } step(max , a: int) returns (e: bool , x: int) var v: int { v, x := integrator(vx).step(a); e := v > max } } ✝ ✆ Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 4 / 19

  6. Obc Semantics State and memory model menv instances(vx) venv � ident → val � memories : ident → val menv � instances(v) instances(x) instances : ident → menv memories(py) memories(py) Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 5 / 19

  7. Obc Semantics Statements rules me , ve ⊢ exp e ⇓ v p , me , ve ⊢ st x := e ⇓ me , ve ∪ { x � → v } me , ve ⊢ exp e ⇓ v p , me , ve ⊢ st state ( x ) := e ⇓ update_mem ( me , x , v ) , ve . . . Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 6 / 19

  8. Generation and proof TranslGeneration of Clight Clight CompCert’s frontend language block memory model 2 types of variables: local and temporaries 2 semantics variants: parameters as local variables or as temporaries 2 semantics: small and big step ◮ small step: continuations ◮ big step: state ( e , le , m ) e local variables environment : ident → block ∗ int le temporaries environment : ident → val m memory : block → int → byte Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 7 / 19

  9. Generation and proof TranslGeneration of Clight Generation function Obc class � → Clight structure Obc method � → void-returning Clight function ◮ state: pointer self ◮ multiple outputs: pointer out Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 8 / 19

  10. Generation and proof TranslGeneration of Clight Example ✞ ☎ ✞ ☎ class rect { struct rect { memory py : int; int py; [...] }; } class integrator { struct integrator { instance v, x: rect; struct rect v; [...] struct rect x; } }; class excess { struct excess { instance vx: integrator ; struct integrator vx; }; [...] [...] step(max , a: int) struct excess_step { returns (e: bool , x: int) _Bool e; var v: int int x; { }; v, x := integrator(vx).step(a); void excess_step (struct excess *self , e := v > max struct excess_step *out , } int max , int a) } { ✝ ✆ struct integrator_step vx_step; register int v; integrator_step (&(* self).vx , &vx_step , a); v = vx_step.v; (* out).x = sx_step.x; (* out).e = v > max; } ✝ ✆ Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 9 / 19

  11. Generation and proof Correctness proof Semantics preservation Obc : ( me , ve ) ; Clight : ( e , le , m ) me 1 , ve 1 ⊢ st s ⇓ me 2 , ve 2 match _ states e 1 , le 1 , m 1 Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 10 / 19

  12. Generation and proof Correctness proof Semantics preservation Obc : ( me , ve ) ; Clight : ( e , le , m ) ⊢ st s ⇓ me 1 , ve 1 me 2 , ve 2 match _ states match _ states e 1 , le 1 , m 1 ⊢ Clight | s | s ⤋ e 1 , le 2 , m 2 Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 10 / 19

  13. Generation and proof Correctness proof Separation logic Consequences of CompCert’s memory model: aliasing (overlapping) alignment permissions sizes Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 11 / 19

  14. Generation and proof Correctness proof Separation logic Consequences of CompCert’s memory model: aliasing (overlapping) alignment permissions sizes Solution use a separation logic formalism Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 11 / 19

  15. Generation and proof Correctness proof Separation logic in CompCert � mfoot : block → int → P , m � P ≡ ( mpred P ) m predicate P : mpred : memory → P conjonction m � P ∗ Q pure formula m � pure ( P ) ∗ Q ↔ P ∧ m � Q Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 12 / 19

  16. Generation and proof Correctness proof Separation logic in CompCert � mfoot : block → int → P , m � P ≡ ( mpred P ) m predicate P : mpred : memory → P conjonction m � P ∗ Q pure formula m � pure ( P ) ∗ Q ↔ P ∧ m � Q   mfoot = λ b ofs . mfoot P b ofs ∨ mfoot Q b ofs   P ∗ Q = mpred = λ m . mpred P m ∧ mpred Q m    ∧ disjoint ( mfoot P ) ( mfoot Q ) Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 12 / 19

  17. Generation and proof Correctness proof States correspondence Obc : ( me , ve ) ; Clight : ( e , le , m ) match_states = Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 13 / 19

  18. Generation and proof Correctness proof States correspondence Obc : ( me , ve ) ; Clight : ( e , le , m ) match_states = self pointer pure ( le ( self ) = ( b s , ofs )) ∗ pure ( le ( out ) = ( b o , 0 )) out pointer ∗ pure ( ge ( f_c ) = co out ) output structure Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 13 / 19

  19. Generation and proof Correctness proof States correspondence Obc : ( me , ve ) ; Clight : ( e , le , m ) match_states = pure ( le ( self ) = ( b s , ofs )) ∗ pure ( le ( out ) = ( b o , 0 )) ∗ pure ( ge ( f_c ) = co out ) ∗ pure ( wt_env ve m ) ∗ pure ( wt_mem me p c ) Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 13 / 19

  20. Generation and proof Correctness proof States correspondence Obc : ( me , ve ) ; Clight : ( e , le , m ) match_states = pure ( le ( self ) = ( b s , ofs )) ∗ pure ( le ( out ) = ( b o , 0 )) ∗ pure ( ge ( f_c ) = co out ) ∗ pure ( wt_env ve m ) memory me ≈ ∗ pure ( wt_mem me p c ) structure pointed by self ∗ staterep p c me b s ofs Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 13 / 19

  21. Generation and proof Correctness proof States correspondence Obc : ( me , ve ) ; Clight : ( e , le , m ) match_states = pure ( le ( self ) = ( b s , ofs )) ∗ pure ( le ( out ) = ( b o , 0 )) ∗ pure ( ge ( f_c ) = co out ) ∗ pure ( wt_env ve m ) ∗ pure ( wt_mem me p c ) output variables of m ∗ staterep p c me b s ofs ≈ fields of co out pointed ∗ blockrep ve co out b o by out Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 13 / 19

  22. Generation and proof Correctness proof States correspondence Obc : ( me , ve ) ; Clight : ( e , le , m ) match_states = pure ( le ( self ) = ( b s , ofs )) ∗ pure ( le ( out ) = ( b o , 0 )) ∗ pure ( ge ( f_c ) = co out ) ∗ pure ( wt_env ve m ) ∗ pure ( wt_mem me p c ) ∗ staterep p c me b s ofs ∗ blockrep ve co out b o parameters and local ∗ varsrep m ve le variables ≈ temporaries Lélio Brun Verifying a Lustre Compiler Part 2 December 7, 2016 13 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand

Verifying a Lustre Compiler (Part 1) Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 3 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 1. INRIA Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et Marie Curie 5.

1.06k views • 79 slides
1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6

1 A Lustre V6 tutorial Verimag December 5, 2008 - Outline Lustre Lustre V6 The Lustre V6 compiler 3 Outline Lustre Lustre V6 P. Raymond & the Synchronous group et al. The Lustre V6 compiler P. Raymond, J. Ballet, E. Jahier 4

803 views • 37 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria

Verifying the Lustre modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SYNCHRON18 November 29, 2018 The problem Adding the modular reset to Vlus 1 / 22 The problem Adding the modular

1.74k views • 143 slides
Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc

Towards a verified Lustre compiler with modular reset Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 1 Inria Paris 2 DI ENS 3 UPMC SCOPES 2018 May 30, 2018 Screenshot from ANSYS/Esterel Techologies SCADE Suite 1 / 14 Screenshot from

1.41k views • 92 slides
A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John Matthews Galois Connections August 15, 2006 1 Presently at Microsoft. Thanks Rockwell Collins Advanced Technology Center, especially David

655 views • 27 slides
Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert Sison (UNSW Sydney, Data61) and Toby Murray (University of Melbourne) September 2019 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au So

1.94k views • 156 slides
What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda

What a Lustre Cluster (Improving and Tracing Lustre Metadata) yaaaasss Team Saffron Amanda Bonnie Zach Fuerst Thomas Stitt Overview Motivation Configuration Tracing Metadata Improving Metadata Hardware Multiple Lustre

416 views • 23 slides
The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre

The Lustre Centre of Excellence at ORNL Makia Minich Clustre Monkey, HPC Software Stack Lustre Group May 2008 1 1 Introduction Lustre Centre of Excellence (LCE) > Established Nov 2006 by Cluster File Systems, Inc. (acquired by Sun in

356 views • 23 slides
Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre

Mitglied der Helmholtz-Gemeinschaft Mitglied der Helmholtz-Gemeinschaft Overview of Lustre Usage on JUROPA 26 September 2011 | Frank Heckes, FZ Jlich, JSC Lustre Status Lustre Status Storage Extension Fluctuation in Performance Lustre

195 views • 16 slides
Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation

Lustre Background Why Lustre Failover ? How does Lustre Failover work ? Automation on the Cray XT System configuration requirements System configuration requirements Software configuration for failover Current

408 views • 16 slides
Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes

Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes

Lustre V6 Synchronous Team VERIMAG, Grenoble 2 Lustre Basics Structuration Only nodes Temporal operators memories : pre , -> clocks : when , current Data types/operators bool , int , real + all arithmethic and logic

541 views • 23 slides
Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019

Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019

Un-scratching Lustre MSST 2019 Cameron Harr (Lustre Ops & Stuff, LLNL) May 21, 2019 LLNL-PRES-773414 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract

322 views • 14 slides
Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda

Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda

Cray Lustre Model Roadmap Cory Spitz and Derek Robb Cray Inc. 5/24/2011 Introduction and Agenda Current Cray Lustre model Current Lustre offerings Cray and OpenSFS The Lustre 2.1 community Future Cray Lustre model Cray Lustre roadmap

226 views • 12 slides
An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag

An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag

Introduction RTC Lustre Lustre+MPA Conclusion An Experiment With Lustre and Real-Time Calculus Introduction du cours Matthieu Moy Verimag Grenoble France December 1, 2008 Matthieu Moy (VerimagGrenobleFrance) RTC/Lustre December 1,

748 views • 54 slides
Ewens-like distributions and Analysis of Algorithms Nicolas Auger , Mathilde Bouvel, Cyril Nicaud,

Ewens-like distributions and Analysis of Algorithms Nicolas Auger , Mathilde Bouvel, Cyril Nicaud,

Ewens-like distributions and Analysis of Algorithms Nicolas Auger , Mathilde Bouvel, Cyril Nicaud, Carine Pivoteau March 11, 2016 1 / 16 Notion of presortedness In practice, data are often presorted . No reasons to be uniformly distributed. Few

556 views • 32 slides
Meas easurem emen ent of of U Ultra-High En Ener ergy gy Cosmic R Co c Rays: Prese

Meas easurem emen ent of of U Ultra-High En Ener ergy gy Cosmic R Co c Rays: Prese

Meas easurem emen ent of of U Ultra-High En Ener ergy gy Cosmic R Co c Rays: Prese sent a and F d Future INSTR-2014, Novosibirsk 2014/02/24 3/1 M. Fukushima Inst. for Cosmic Ray Research, Univ. of Tokyo 1 1. Introduction:

608 views • 36 slides
Daltons Atomic Theory 1. All matter consists of tiny particles. 2. Atoms are indestructible

Daltons Atomic Theory 1. All matter consists of tiny particles. 2. Atoms are indestructible

Daltons Atomic Theory 1. All matter consists of tiny particles. 2. Atoms are indestructible and unchangeable. 3. Elements are characterized by the mass of their atoms. 4. When elements react, their atoms combine in simple, whole-number

198 views • 7 slides
Spectrum of kaonic atom and kaon-nucleus interaction revisited 2018.11.11-12 Hadron structure

Spectrum of kaonic atom and kaon-nucleus interaction revisited 2018.11.11-12 Hadron structure

Spectrum of kaonic atom and kaon-nucleus interaction revisited 2018.11.11-12 Hadron structure and interaction in dense matter @KEK Tokai campus Yutaro IIZAWA 1 , 2 Daisuke JIDO 2 , 1 Natsumi IKENO 3 Junko YAMAGATA-SEKIHARA 4 Satoru

413 views • 28 slides
S h o w e r u n i v e r s a l i t y @ A u g e r A l e x a n d e r

S h o w e r u n i v e r s a l i t y @ A u g e r A l e x a n d e r

S h o w e r u n i v e r s a l i t y @ A u g e r A l e x a n d e r S c h u l z , K I T 2 1 . 0 9 . 2 0 1 6 H A P Wo r k s h o p T o p i c 2 E r l a n g e n , 2 1 2

245 views • 22 slides
Particle physics at the Pierre Auger Observatory Jan Ebr* for the Pierre Auger Collaboration

Particle physics at the Pierre Auger Observatory Jan Ebr* for the Pierre Auger Collaboration

Particle physics at the Pierre Auger Observatory Jan Ebr* for the Pierre Auger Collaboration *Institute of Physics, ASCR Prague MESON 2014, Krakow 2. 6. 2014 Jan Ebr for the Pierre Auger Collaboration, 2. 6. 2014, MESON 2014 Krakow 2/20

495 views • 20 slides
Learning and Teaching Academy All about Aurora! The beginnings of the Aurora Programme 7,204

Learning and Teaching Academy All about Aurora! The beginnings of the Aurora Programme 7,204

Learning and Teaching Academy All about Aurora! The beginnings of the Aurora Programme 7,204 Aurora alumni 1600 1456 1400 1233 1200 1119 1000 998 962 859 800 600 577 400 200 0 0 2012 2013 2014 2015 2016 2017 2018 2019

239 views • 12 slides
3/3/2009 Outline Monitoring Streams : A New Class of Data Management Applications Motivation

3/3/2009 Outline Monitoring Streams : A New Class of Data Management Applications Motivation

3/3/2009 Outline Monitoring Streams : A New Class of Data Management Applications Motivation -5 assumptions of traditional DBMS -Monitoring applications -Rethink the fundamental Aurora System Model CPSC 504: DATA Aurora

266 views • 4 slides

More recommend