Have Your Verified Compiler And Extend It Too Zachary Tatlock Sorin Lerner UC San Diego.

Slides:

Advertisements

Similar presentations

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

Advertisements

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

Mining Specifications Glenn Ammons, Dept. Computer Science University of Wisconsin Rastislav Bodik, Computer Science Division University of California,

1 Regression-Verification Benny Godlin Ofer Strichman Technion.

A Rely-Guarantee-Based Simulation for Verifying Concurrent Program Transformations Hongjin Liang, Xinyu Feng & Ming Fu Univ. of Science and Technology.

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

ISBN Chapter 3 Describing Syntax and Semantics.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro.

CS 355 – Programming Languages

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Applied Automated Theorem Proving CSE 291 Instructor: Sorin Lerner.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.

A Type System for Expressive Security Policies David Walker Cornell University.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.

Chair of Software Engineering Automatic Verification of Computer Programs.

On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.

Provably Correct Compilers (Part 2) Nazrul Alam and Krishnaprasad Vikram April 21, 2005.

Describing Syntax and Semantics

Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.

Automatically Checking the Correctness of Program Analyses and Transformations.

Have Your Compiler and Extend It Too Zachary Tatlock UC San Diego Correctness Guaranteed.

VeriML DARPA CRASH Project Progress Report Antonis Stampoulis October 5 th, 2012 A language-based, dependently-typed, user-extensible approach to proof.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.

Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.

Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.

Functional Verification Figure 1.1 p 6 Detection of errors in the design Before fab for design errors, after fab for physical errors.

CS527 Topics in Software Engineering (Software Testing and Analysis) Darko Marinov September 9, 2010.

An overview of Coq Xinyu Feng USTC Erasmus Mundus NordSecMob Scholar at DTU.

Refinements to techniques for verifying shape analysis invariants in Coq Kenneth Roe GBO Presentation 9/30/2013 The Johns Hopkins University.

QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs By Koen Claessen, Juhn Hughes ME: Mike Izbicki.

Reasoning about programs March CSE 403, Winter 2011, Brun.

Semantics In Text: Chapter 3.

Code Motion for MPI Performance Optimization The most common optimization in MPI applications is to post MPI communication earlier so that the communication.

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

Getting Started in PL Design Research Stephanie Weirich University of Pennsylvania.

Andrey Karaulov, Alexander Strabykin Institute for System Programming Russian Academy of Sciences SYRCoSE: Spring Young Researchers Colloquium on Software.

FUNCTIONAL PROGRAMING AT WORK - HASKELL AND DOMAIN SPECIFIC LANGUAGES Dr. John Peterson Western State Colorado University.

Carnegie Mellon Vadim Zaliva, Franz Franchetti Carnegie Mellon University Department of Electrical and Computer Engineering Funded by the DARPA I2O HACMS.

CS 5150 Software Engineering Lecture 22 Reliability 3.

Proving Optimizations Correct using Parameterized Program Equivalence University of California, San Diego Sudipta Kundu Zachary Tatlock Sorin Lerner.

Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.

Software Engineering Algorithms, Compilers, & Lifecycle.

The PLA Model: On the Combination of Product-Line Analyses 강태준.

1 Sections 7.2 – 7.7 Nested Control Statements Fundamentals of Java: AP Computer Science Essentials, 4th Edition Lambert / Osborne.

COSC 5V90 Functional Programming and Interactive Theorem Proving

Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.

Instructor: Sorin Lerner

Types for Programs and Proofs

Matching Logic An Alternative to Hoare/Floyd Logic

A Verified Compiler for an Impure Functional Language

Hongjin Liang, Xinyu Feng & Ming Fu

Program Verification Using

Benjamin Goldberg Compiler Verification and Optimization

An overview of Coq Xinyu Feng USTC.

Compilers have many bugs

Srinivas Aluri Jaimin Mehta

Language-based Security

Building “Correct” Compilers

CSE 1020:Software Development

An overview of Coq.

Presentation transcript:

Have Your Verified Compiler And Extend It Too Zachary Tatlock Sorin Lerner UC San Diego

Compiler Correctness Building robust compilers is difficult complex interactions resist testing Compiler bugs are contagious invalidate source level guarantees Few users extend their compiler hand optimized, unreadable code

Verified Compilers  Implement compiler in proof assistant  Prove compiler correct interactively  CompCert [Leroy], Lambda Tamer [Chlipala] Strong Guarantee Difficult to Extend

DSL-based Compilers  Domain Specific Language for optimizations  DSL opts proven correct automatically  Rhodium [POPL 05], PEC [PLDI 09] Easier to Extend Weaker Guarantee

Contribution PEC CompCert harder to extend easier to extend stronger guarantee weaker guarantee DSL Execution Engine + Correctness Proof Reduce TCB Add Extensibility PEC XCertCompCert

XCert Rewrite Rule PEC Extensible & Correct Compiler Rewrite Locally Correct CompCert C Asm Correct Compiler Main Theorem Proved in Coq : XCert Rules Locally Correct XCert Correct  Formal Correctness Proof in Coq  Bulk of the development effort [PLDI 09]

Extensible & Correct Compiler 1 Rewrite Rule PEC CompCert C Asm 2 XCert Challenges and Evaluation 3 [PLDI 09]

Rewrite Rule  Find & Replace  Match Pattern C  x < 10 IxIx  Apply Subst while(C ) I += 2 while(C ) I ++ PEC x = 0 while(x < 10) x += 2 return x x = 0 while(x < 10) x ++ return x [PLDI 09]

I ++ !C!C C I +=2 !C!C C PEC Checker 1.Convert to CFG 2.Guess Sync Points 3.Check w/ SMT A B PEC SMT Checked A  A A  B while(C ) I += 2 while(C ) I ++ C I +=2 I ++ C A A [PLDI 09]

XCert Module 1.Rule in Coq 2.SMT Checks A B SMT Checked A  A A  B PEC

Extensible & Correct Compiler 1 Rewrite Rule PEC 2 XCert [PLDI 09] Challenges and Evaluation 3

XCert Correctness Proof Small Step  Execute instruction  Step state S to S’ S S’

Equivalent Executions  Initial Equiv  Prove Simulation Diagram  CompCert Small Step Library: Sim Diagram Progs Equiv L L’ R R’ L ~ R < < L  L’  R’ L’ ~ R’: R  R’ Final Equiv XCert Correctness Proof

XCert Simulation Diagram XCert Module A A A B A B SMT Checked A  A A  B

Extensible & Correct Compiler 1 Rewrite Rule PEC 2 XCert [PLDI 09] Challenges and Evaluation 3

Challenges (see paper) XCert Execution Engine  CFG pattern matching  CFG splicing XCert Correctness Proof  Managing case explosion  Verified validation [Tristan and Leroy]  Preserving non-terminating behaviors

Evaluation Engine:1,000 lines of Coq functional code Proof :3,000 lines of Coq proof script Trusted Computing Base (TCB)  Compcert:Coq + Coq encoding of C sem  XCert adds:SMT+ SMT encoding of C sem

Evaluation Extensibility: Support PEC Opts [PLDI 09]  No manual proof effort or TCB increase  Maintain Compcert end-to-end correctness Sample of Optimizations Run: Loop Invariant Code HoistLoop Peeling Software PipeliningConditional Speculation Loop UnswitchingPartial Redundancy Elim

1 Rewrite Rule PEC 2 XCert [PLDI 09] Extensible & Correct Compiler Thank You!