150 likes | 241 Vues
Introduction to Our Research on Certifying Compiler. Zhaopeng Li (In Chinese: 李兆鹏 ) Email: zpli@mail.ustc.edu.cn Certifying Compiler Group USTC-Yale Joint Research Center September 4, 2009. Outline. Motivation. Previous Work. On-going Work. Demonstration. Goal of Our Center.
E N D
Introduction to Our Research on Certifying Compiler Zhaopeng Li (In Chinese: 李兆鹏) Email: zpli@mail.ustc.edu.cn Certifying Compiler Group USTC-Yale Joint Research Center September 4, 2009
Outline Motivation Previous Work On-going Work Demonstration
Goal of Our Center Building Certified System Software • Verification Framework • Language: x86/MIPS assembly Lang. • Logic: domain-specific logics • Proof: developed in Coq manually Methodology! Shortcoming: Development under this framework is costly.
Motivation Lift the verification framework to source-level. ★ productivity ★ user-friendly Generate proof by automated theorem prover.★ automation★ support proof-carrying code
Motivation (cont.) Specifications C Code Proof Compcert Specifications Assembly Code Proof Compcert [Xavier Leroy et al.]★ a Certified C Compiler ★ Realistic (Optimization) Difference from a certified compiler?
Previous Work Lang.:Subset of C Logic : Pointer Logic Annotated C Code Manual Proof in Coq Pointer Logic Certifying Compiler Pointer Logic Certifying Compiler Front-end Back-end VCGen Proof-Gen VC Proof Proof assistant Coq Annotatedx86 Assembly Code Proof
Previous Work (cont.) • Prototype I : a Certifying Compiler • Language: PointerC(subset of C) • Logic: Pointer Logic (long access path, alias inference) • Supported data structures • (circular) singly-linked list • (circular) doubly-linked list • tree
On-going Work overview List_create: push ebp mov esp, ebp sub esp, 8 jmp L0 L0 : … L1 : /*n>0 | emp*/ struct list* list_create(int n) { … while(n>0) /*n>=0 | list(p)*/ {… } return p; } /* true | list(res)*/ Lemma wf_L0: … Lemma wf_L1: … Lemma … CComp Compiler SCAP Framework C-like language + Separation Logic
On-going Work (cont.) • Prototype II : CComp • Language: C-like(subset of C) • Logic: Separation Logic (fragment) • Build-in automated theorem provers • Support data structures: list/tree
On-going Work (cont.) Lang.:Subset of C Logic : Separation Logic Annotated C Code Build-in Automated Theorem Prover CComp Certifying Compiler Front-end Back-end VCGen Proof-Gen VC Proof ATP Annotatedx86 Assembly Code Proof
Automated Theorem Prover Prover for fragment of Separation Logic Linear integer Arithmetic Prover Formulas Proof (Proof Term Checkable by Coq) Other Domain-Specific Provers (list, and etc.) Proof Tree Proof Output Automated Theorem Prover Fragment of Separation Logic : separation star / emp / p|->_ Build-in Predicates : list/lseg/dlist/dlseg/tree…
Automated Theorem Prover (cont.) • Prover for linear integer arithmetic • Based on Simplex decision procedure • Output coq-compatible proof term • Build using coq libraries (ZArith … ) • Check using coqc • Provide interfaces to VCGen & other provers
Automated Theorem Prover (cont.) • Prover for separation logic • Support a fragment (star/ |->/list/lseg/dlist/dlseg/tree) • Using linear integer arithmetic prover to prove equality • Output coq-compatible proof term (on-going work) • More powerful than Smallfoot
Demonstration • Simin Yang • Automated linear integer arithmetic prover • Test cases on integer arithmetic • Zhong Zhuang • Automated prover for fragment of separation logic • Test cases manipulating on linked list