introduction to our research on certifying compiler zhaopeng li (in chinese: 李兆鹏 ) email:...
TRANSCRIPT
Introduction to Our Research on
Certifying Compiler
Zhaopeng Li (In Chinese: 李兆鹏 )Email: [email protected]
Certifying Compiler Group
USTC-Yale Joint Research Center
September 4, 2009
Outline
Goal of Our Center
Building Certified System Software
Building Certified System Software
Verification Framework Language: x86/MIPS assembly Lang. Logic: domain-specific logics Proof: developed in Coq manually
Verification Framework Language: x86/MIPS assembly Lang. Logic: domain-specific logics Proof: developed in Coq manually
Methodology!
Methodology!
Shortcoming: Development under this framework is costly.
Motivation
Lift the verification framework to source-level. ★ productivity ★ user-friendly
Lift the verification framework to source-level. ★ productivity ★ user-friendly
Generate proof by automated theorem prover.★ automation ★ support proof-carrying code
Generate proof by automated theorem prover.★ automation ★ support proof-carrying code
Motivation (cont.)
Compcert [Xavier Leroy et al.]★ a Certified C Compiler★ Realistic (Optimization)
Compcert [Xavier Leroy et al.]★ a Certified C Compiler★ Realistic (Optimization)
CompcertCompcert
C CodeC Code
Assembly Code
Assembly Code
ProofProof
ProofProof
Difference from acertified compiler?Difference from acertified compiler?
Specifications
Specifications
Previous Work
Pointer Logic Certifying Compiler
Pointer Logic Certifying Compiler
AnnotatedC Code
AnnotatedC Code
Annotatedx86 Assembly
Code
Annotatedx86 Assembly
Code Proof
Front-endFront-end
VCGenVCGen
Proof assistantCoq
Proof-GenProof-Gen
Back-endBack-end
VC Proof
Pointer Logic Certifying CompilerPointer Logic Certifying Compiler
Lang.:Subset of CLogic : Pointer Logic
Manual Proof in Coq
Previous Work (cont.)
Prototype I : a Certifying Compiler Language: PointerC (subset of C) Logic: Pointer Logic
(long access path, alias inference) Supported data structures
(circular) singly-linked list(circular) doubly-linked listtree
On-going Work
/*n>0 | emp*/struct list* list_create(int n) { … while(n>0) /*n>=0 | list(p)*/ {… } return p;}/* true | list(res)*/
/*n>0 | emp*/struct list* list_create(int n) { … while(n>0) /*n>=0 | list(p)*/ {… } return p;}/* true | list(res)*/
C-like language + Separation Logic
Lemma wf_L0: …Lemma wf_L1: …Lemma …
List_create: push ebp mov esp, ebp sub esp, 8 jmp L0L0 : …L1 :
SCAP Framework
overview
CCompCompilerCComp
Compiler
On-going Work (cont.)
Prototype II : CComp Language: C-like(subset of C)
Logic: Separation Logic (fragment)
Build-in automated theorem provers
Support data structures: list/tree
On-going Work (cont.)
CComp Certifying Compiler
CComp Certifying Compiler
AnnotatedC Code
AnnotatedC Code
Annotatedx86 Assembly
Code
Annotatedx86 Assembly
Code Proof
Front-endFront-end
VCGenVCGen
Proof-GenProof-Gen
Back-endBack-end
VC Proof
Lang.:Subset of CLogic : Separation Logic
Build-in Automated
Theorem Prover
ATPATP
Automated Theorem Prover
Linear integer
ArithmeticProver
Formulas
Prover for fragment of
Separation Logic OtherDomain-Specific
Provers (list, and etc.)
Automated Theorem Prover
Proof Tree Proof Output
Proof(Proof TermCheckable
by Coq)
Fragment of Separation Logic : separation star / emp / p|->_ Build-in Predicates : list/lseg/dlist/dlseg/tree…
Automated Theorem Prover (cont.)
Prover for linear integer arithmeticBased on Simplex decision
procedureOutput coq-compatible proof term
• Build using coq libraries (ZArith … )• Check using coqc
Provide interfaces to VCGen & other provers
Automated Theorem Prover (cont.)
Prover for separation logicSupport a fragment (star/ |->/list/lseg/dlist/dlseg/tree)Using linear integer arithmetic
prover to prove equalityOutput coq-compatible proof term (on-going work)More powerful than Smallfoot
Demonstration
Simin Yang Automated linear integer arithmetic
prover Test cases on integer arithmetic
Zhong Zhuang Automated prover for fragment of
separation logic Test cases manipulating on linked list
Thanks!