Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware.

Slides:

Advertisements

Similar presentations

SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.

Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

SLD-resolution Introduction Most general unifiers SLD-resolution

Semantics Static semantics Dynamic semantics attribute grammars

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov

A.Darbari¹, B. Fischer², J. Marques-Silva³ ¹ARM, Cambridge ²University of Southampton ³University College Dublin Industrial-Strength.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.

Inference and Reasoning. Basic Idea Given a set of statements, does a new statement logically follow from this. For example If an animal has wings and.

Agents That Reason Logically Copyright, 1996 © Dale Carnegie & Associates, Inc. Chapter 7 Spring 2004.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.

CS 355 – Programming Languages

VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Proof translation from CVC3 to Hol light Yeting Ge Acsys Mar 5, 2008.

Computability and Complexity 9-1 Computability and Complexity Andrei Bulatov Logic Reminder (Cnt’d)

PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.

Describing Syntax and Semantics

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.

1 First order theories. 2 Satisfiability The classic SAT problem: given a propositional formula , is  satisfiable ? Example:  Let x 1,x 2 be propositional.

Proof Systems KB |- Q iff there is a sequence of wffs D1,..., Dn such that Dn is Q and for each Di in the sequence: a) either Di is in KB or b) Di can.

SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

1 Knowledge Based Systems (CM0377) Lecture 4 (Last modified 5th February 2001)

Introduction to Satisfiability Modulo Theories

Logical Agents Logic Propositional Logic Summary

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

CS 363 Comparative Programming Languages Semantics.

1 MVD 2010 University of Iowa New York University Comparing Proof Systems for Linear Real Arithmetic Using LFSC Andrew Reynolds September 17, 2010.

Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

Refinements to techniques for verifying shape analysis invariants in Coq Kenneth Roe GBO Presentation 9/30/2013 The Johns Hopkins University.

A Certifying Compiler and Pointer Logic Zhaopeng Li Software Security Lab. Department of Computer Science and Technology, University of Science and Technology.

Unification Algorithm Input: a finite set Σ of simple expressions Output: a mgu for Σ (if Σ is unifiable) 1. Set k = 0 and  0 = . 2. If Σ  k is a singleton,

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

ISBN Chapter 3 Describing Semantics.

Chapter 3 Part II Describing Syntax and Semantics.

Semantics In Text: Chapter 3.

Automated Reasoning Early AI explored how to automated several reasoning tasks – these were solved by what we might call weak problem solving methods as.

Automated reasoning with propositional and predicate logics Spring 2007, Juris Vīksna.

Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.

1 First order theories (Chapter 1, Sections 1.4 – 1.5) From the slides for the book “Decision procedures” by D.Kroening and O.Strichman.

All-Path Reachability Logic Andrei Stefanescu 1, Stefan Ciobaca 2, Radu Mereuta 1,2, Brandon Moore 1, Traian Serbanuta 3, Grigore Rosu 1 1 University of.

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.

CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University

Knowledge Repn. & Reasoning Lecture #9: Propositional Logic UIUC CS 498: Section EA Professor: Eyal Amir Fall Semester 2005.

Formal Verification – Robust and Efficient Code Lecture 1

Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.

Mostly-Automated Verification of Low-Level Programs in Computational Separation Logic Adam Chlipala Harvard University PLDI 2011.

CENG 424-Logic for CS Introduction Based on the Lecture Notes of Konstantin Korovin, Valentin Goranko, Russel and Norvig, and Michael Genesereth.

Introduction to Logic for Artificial Intelligence Lecture 2

Recursive stack-based version of Back-chaining using Propositional Logic

Matching Logic An Alternative to Hoare/Floyd Logic

Lazy Proofs for DPLL(T)-Based SMT Solvers

Jared Davis The University of Texas at Austin April 6, 2006

Resolution Proofs for Combinational Equivalence

Follow-up of MoU objectives

Presentation transcript:

Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware IP

Automated tactics for separation logic Version 1 Certified verifier for a fragment of separation logic in Coq Without predicates ( list, tree … ) Prover written in SML handle these predicates and output proof trace Tactic to reconstruct proof from these proof trace in Coq Version 2 Hard coded list and tree into the certified verifier Use a forked version Coq which supports native arrays to speed up the verifier Version 3 ( Ongoing ) More generic way to support user defined predicates

Reconstruct Z3 Proof Reconstruct proof in VeriML using output from Z3

Start from SAT Solvers

Example

SAT Modulo Theories(SMT solver)

Example

Interaction between SAT and SMT ABCDE

Reconstruct proof If sat: apply the assignment and check the result is true If unsat: check the resolution tree Checking resolution step (SAT solver) Checking theory lemmas (SMT solver) Combination of theories

What we need resolution checker checker for each theory checker for the resolution tree which calls these two kinds of checkers at each step

Example

Encoding in VeriML

Interpretation

Start from SAT solver Resolution Chain: List Nat Resolve : Clause->Clause->Clause resolution between clause C1 and C2. Resolution checker: Resolution Chain-> Clause for resolution chain [n1,n2,…n] and state S, R(..(R( S[n1], S[n2]),…),S[n]) Proof trace: List (clauseID*Resolution Chain) Reconstruct the proof: List.fold (fun (id,rc) => set s (resolution_checker rc) id) trace After this, we have the empty clause in state which indicates the state is not valid

Example Initial State: [ [2,4], [2,5,6], [3,6], [7] ] Resolutions: [ (5,[1,3,0]), (6,[2,3] ), (7,[5,6]) ] Resolve two clause: [2,4] [2,5,6]  [2,6] ( a modified merge sort )

Naïve framework for SMT solver Certificate from different theories Inductive cert: | sat_solver sat_cert | euf_solver euf_cert | lia_solver lia_cert …. Trace might be like: List (clauseID*cert) Checkers for each theory And finally the checker for SMT solver checker s trace = List.fold (fun (id,cert) => set s (cert_checker cert) id

ProblemWitness SMT Resolution CNF EUF LIA VeriML Checker

Z3 Proof Example 34 Axiom 19 core rules : mostly are propositional reasoning 5 equality rules : refl, symm, trans, … 7 quantifier rules : quant-inst, quant-intro, … 3 theory rules : rewrite, inconsistent, …

Reconstruction Overall approach: one proof method for every Z3 inference rule depth-first traversal of Z3 proof

Conclusion A prototype to reconstruct zChaff(SAT solver) proof Very slow in performance Ongoing with Z3 reconstruction

Safe Incremental Type Checker Type checking is more and more an interaction between the programmer and the type-checker The richer the type system is, the more expensive type checking gets Example Type inference ( unification) Dependent types Very large term ( proof term ) Complex language ( C++ )

Goal Reuse already-computed results Recheck only the modified part and where it affects Example let f x = x + 1 in (f 2) let f x = 2 * (x + 1) in (f 2) let f x = (let y = true in x + 1) in (f 2) let f x = x > 1 in (f 2)

Benefit fast type checking modified code this could also be used to tactic language, and refinement? typed version control as we always have well-typed program and its type derivations “undo” for free

Difficulties

A language to store typing derivations VeriML support contextual terms in computation language, thus possible to present typing derivations How to make it generic? A language to describe delta between different versions Got stuck here

Scratch

Certifying Code Transformation How to certify code transformation? Verified Compiler Translation Validation VeriML approach

Verified Compiler

Translation Validation

Approach with VeriML

Naïve Example

Scratch ImplementationLogical language Heap implementation Language definition and semantics Computation language Symbolic execution(VCGen) Tacitc to proof Hoare Triple Practical Code transformation examples

Conclusion The thing we need to proof isn't less than translation validation we can do it in a single lanuguage which easier to write proof with and we get more proof The whole picture is still vague

Proof Carrying Hardware Current work A formalization of Intel 8051 microcontroller in Coq RC5 hash algorithm Proof certain ports won’t “leak” secret