Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware.

Similar presentations


Presentation on theme: "Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware."— Presentation transcript:

1 Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware IP

2 Automated tactics for separation logic Version 1 Certified verifier for a fragment of separation logic in Coq Without predicates ( list, tree … ) Prover written in SML handle these predicates and output proof trace Tactic to reconstruct proof from these proof trace in Coq Version 2 Hard coded list and tree into the certified verifier Use a forked version Coq which supports native arrays to speed up the verifier Version 3 ( Ongoing ) More generic way to support user defined predicates

3 Reconstruct Z3 Proof Reconstruct proof in VeriML using output from Z3

4 Start from SAT Solvers

5 Example

6 SAT Modulo Theories(SMT solver)

7 Example

8 Interaction between SAT and SMT ABCDE

9 Reconstruct proof If sat: apply the assignment and check the result is true If unsat: check the resolution tree Checking resolution step (SAT solver) Checking theory lemmas (SMT solver) Combination of theories

10 What we need resolution checker checker for each theory checker for the resolution tree which calls these two kinds of checkers at each step

11 Example

12

13

14

15

16 Encoding in VeriML

17 Interpretation

18 Start from SAT solver Resolution Chain: List Nat Resolve : Clause->Clause->Clause resolution between clause C1 and C2. Resolution checker: Resolution Chain-> Clause for resolution chain [n1,n2,…n] and state S, R(..(R( S[n1], S[n2]),…),S[n]) Proof trace: List (clauseID*Resolution Chain) Reconstruct the proof: List.fold (fun (id,rc) => set s (resolution_checker rc) id) trace After this, we have the empty clause in state which indicates the state is not valid

19 Example Initial State: [ [2,4], [2,5,6], [3,6], [7] ] Resolutions: [ (5,[1,3,0]), (6,[2,3] ), (7,[5,6]) ] Resolve two clause: [2,4] [2,5,6]  [2,6] ( a modified merge sort )

20 Naïve framework for SMT solver Certificate from different theories Inductive cert: | sat_solver sat_cert | euf_solver euf_cert | lia_solver lia_cert …. Trace might be like: List (clauseID*cert) Checkers for each theory And finally the checker for SMT solver checker s trace = List.fold (fun (id,cert) => set s (cert_checker cert) id

21 ProblemWitness SMT Resolution CNF EUF LIA VeriML Checker

22 Z3 Proof Example 34 Axiom 19 core rules : mostly are propositional reasoning 5 equality rules : refl, symm, trans, … 7 quantifier rules : quant-inst, quant-intro, … 3 theory rules : rewrite, inconsistent, …

23 Reconstruction Overall approach: one proof method for every Z3 inference rule depth-first traversal of Z3 proof

24 Conclusion A prototype to reconstruct zChaff(SAT solver) proof Very slow in performance Ongoing with Z3 reconstruction

25 Safe Incremental Type Checker Type checking is more and more an interaction between the programmer and the type-checker The richer the type system is, the more expensive type checking gets Example Type inference ( unification) Dependent types Very large term ( proof term ) Complex language ( C++ )

26 Goal Reuse already-computed results Recheck only the modified part and where it affects Example let f x = x + 1 in (f 2) let f x = 2 * (x + 1) in (f 2) let f x = (let y = true in x + 1) in (f 2) let f x = x > 1 in (f 2)

27 Benefit fast type checking modified code this could also be used to tactic language, and refinement? typed version control as we always have well-typed program and its type derivations “undo” for free

28

29 Difficulties

30 A language to store typing derivations VeriML support contextual terms in computation language, thus possible to present typing derivations How to make it generic? A language to describe delta between different versions Got stuck here

31 Scratch

32

33 Certifying Code Transformation How to certify code transformation? Verified Compiler Translation Validation VeriML approach

34 Verified Compiler

35 Translation Validation

36 Approach with VeriML

37 Naïve Example

38

39 Scratch ImplementationLogical language Heap implementation Language definition and semantics Computation language Symbolic execution(VCGen) Tacitc to proof Hoare Triple Practical Code transformation examples

40 Conclusion The thing we need to proof isn't less than translation validation we can do it in a single lanuguage which easier to write proof with and we get more proof The whole picture is still vague

41 Proof Carrying Hardware Current work A formalization of Intel 8051 microcontroller in Coq RC5 hash algorithm Proof certain ports won’t “leak” secret


Download ppt "Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware."

Similar presentations


Ads by Google