Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker...
-
Upload
shawn-tyler -
Category
Documents
-
view
214 -
download
0
Transcript of Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker...
• Automated tactics for separation logic• VeriML
• Reconstruct Z3 Proof • Safe incremental type checker• Certifying code transformation
• Proof carrying hardware IP
Automated tactics for separation logic• Version 1
• Certified verifier for a fragment of separation logic in Coq• Without predicates ( list, tree … )
• Prover written in SML handle these predicates and output proof trace
• Tactic to reconstruct proof from these proof trace in Coq
• Version 2• Hard coded list and tree into the certified verifier• Use a forked version Coq which supports native arrays to speed up
the verifier
• Version 3 ( Ongoing )• More generic way to support user defined predicates
Reconstruct Z3 Proof
• Reconstruct proof in VeriML using output from Z3
Start from SAT Solvers• Decide propositional satisfiablity of sets of clauses:
• Proof Witness from SAT solver:• If satisfiable: assignment of all the variables• If unsatisfiable: proof by resolution of the empty clause
• Resolution rule:
𝑥∨𝐴𝑥∨𝐵𝐴∨𝐵
Example• Satisfiable:
• Unsatisfiable:
𝑥1∨¬𝑥2∨𝑥3¬𝑥3𝑥1∨¬𝑥2
𝑥1∨ 𝑥2
𝑥1
¬𝑥1∨𝑥3¬ 𝑥3¬𝑥1
∎
SAT Modulo Theories(SMT solver)• Atoms can be formulas from other theories
• Congruence Closure(EUF)• Linear Arithmetic(LIA)• ….
• Proof witness• If satisfiable: assignment of all the variables• If unsatisfiable: proof by resolution of the empty clause while some
leaves are now lemmas from theories
Example• Satisfiable :
• Unsatisfiable:
𝑥≠ 𝑦∨ 𝑓 (𝑥 )= 𝑓 (𝑦 ) 𝑥=𝑦𝑓 (𝑥 )= 𝑓 (𝑦 )
𝑓 (𝑥 )≠ 𝑓 (𝑦 )
∎
Interaction between SAT and SMT
• With boolean abstraction:
• • First try: A:true, B:true, C:true, D:true, E:false
• Unsat by a multi-theory solver, thus we add a theory:
• Repeat until sat or no more model can be found
A B C D E
Reconstruct proof
• If sat: apply the assignment and check the result is true
• If unsat: check the resolution tree• Checking resolution step (SAT solver)• Checking theory lemmas (SMT solver)• Combination of theories
What we need
• resolution checker • checker for each theory• checker for the resolution tree which calls these two kinds of checkers at each step
Example
𝑥1∨¬𝑥2∨𝑥3¬𝑥3❑ 𝑥1∨ 𝑥2
❑¬𝑥1∨𝑥3¬ 𝑥3
❑❑
Example
𝑥1∨¬𝑥2∨𝑥3¬𝑥3𝑥1∨¬𝑥2
𝑥1∨ 𝑥2
❑¬𝑥1∨𝑥3¬ 𝑥3
❑❑
Example
𝑥1∨¬𝑥2∨𝑥3¬𝑥3𝑥1∨¬𝑥2
𝑥1∨ 𝑥2
𝑥1
¬𝑥1∨𝑥3¬ 𝑥3❑
❑
Example
𝑥1∨¬𝑥2∨𝑥3¬𝑥3𝑥1∨¬𝑥2
𝑥1∨ 𝑥2
𝑥1
¬𝑥1∨𝑥3¬ 𝑥3¬𝑥1
❑
Example
𝑥1∨¬𝑥2∨𝑥3¬𝑥3𝑥1∨¬𝑥2
𝑥1∨ 𝑥2
𝑥1
¬𝑥1∨𝑥3¬ 𝑥3¬𝑥1
∎
Encoding in VeriML• Only consider CNF clause• Variable
• Assignment: Nat-> Bool• Literal :
• Clause: List Literal• State: List ( clauseID * Clause )
• get : S -> clauseID -> C set: S -> clauseID -> C -> S
• Proof trace: ??• A realistic Checker: State -> Trace -> Bool
Interpretation• Given assignment • Var: v• Literal: • Clause: • Valid state
• Soundness of checker:
Start from SAT solver• Resolution Chain: List Nat• Resolve : Clause->Clause->Clause
• resolution between clause C1 and C2.
• Resolution checker: Resolution Chain-> Clause• for resolution chain [n1,n2,…n] and state S,• R(..(R( S[n1], S[n2]),…),S[n])
• Proof trace: List (clauseID*Resolution Chain)• Reconstruct the proof:
• List.fold (fun (id,rc) => set s (resolution_checker rc) id) trace• After this, we have the empty clause in state which indicates the
state is not valid
Example
𝑥1∨¬𝑥2∨𝑥3¬𝑥3𝑥1∨¬𝑥2
𝑥1∨ 𝑥2
𝑥1
¬𝑥1∨𝑥3¬ 𝑥3¬𝑥1
∎
Initial State: [ [2,4], [2,5,6], [3,6], [7] ]Resolutions: [ (5,[1,3,0]) , (6,[2,3] ) , (7,[5,6]) ]Resolve two clause: [2,4] [2,5,6] [2,6] ( a modified merge sort )
Naïve framework for SMT solver• Certificate from different theories• Inductive cert:
• | sat_solver sat_cert• | euf_solver euf_cert• | lia_solver lia_cert• ….
• Trace might be like: List (clauseID*cert)• Checkers for each theory• And finally the checker for SMT solver
• checker s trace = • List.fold (fun (id,cert) => set s (cert_checker cert) id
•
Problem Witness
SMT
Resolution
CNF
EUF
LIA
VeriML Checker
Z3 Proof• Example
• 34 Axiom• 19 core rules : mostly are propositional reasoning• 5 equality rules : refl, symm, trans, …• 7 quantifier rules : quant-inst, quant-intro, …• 3 theory rules : rewrite, inconsistent, …
Reconstruction
• Overall approach:• one proof method for every Z3 inference rule• depth-first traversal of Z3 proof
Conclusion
• A prototype to reconstruct zChaff(SAT solver) proof• Very slow in performance
• Ongoing with Z3 reconstruction
Safe Incremental Type Checker
• Type checking is more and more an interaction between the programmer and the type-checker
• The richer the type system is, the more expensive type checking gets
• Example• Type inference ( unification)• Dependent types • Very large term ( proof term )• Complex language ( C++ )
Goal
• Reuse already-computed results• Recheck only the modified part and where it affects
• Example
let f x = x + 1 in (f 2)
let f x = 2 * (x + 1) in (f 2)
let f x = (let y = true in x + 1) in (f 2)
let f x = x > 1 in (f 2)
• Benefit• fast type checking modified code
• this could also be used to tactic language, and refinement?
• typed version control as we always have well-typed program and its type derivations
• “undo” for free
• If we simply use memorization• We can only do syntactic comparison• We can’t do
• weakening: let x = 1 and let y = 2 in x let x = 1 and let y = 2 in x
• -equivalence• other possible user extensible conversions
• it’s outside typing rule
Difficulties• A language to describe delta between different versions
• Slice the code into each typing step
• A language to store typing derivations• Higher order terms with meta variables
• Build it up• Repository : store type derivations• Delta: describe difference between two versions of code• Incremental checker: check : repo -> delta -> repo
• try to reduce the complexity to
• A language to store typing derivations• VeriML support contextual terms in computation language, thus
possible to present typing derivations• How to make it generic?
• A language to describe delta between different versions• Got stuck here
Scratch
• Given signature: • t1 = g a
• t2 = g (g a)
Certifying Code Transformation
• How to certify code transformation?• Verified Compiler• Translation Validation
• VeriML approach
Verified Compiler
Translation Validation
Approach with VeriML
Naïve Example
Scratch
• ImplementationLogical language• Heap implementation• Language definition and semantics
• Computation language• Symbolic execution(VCGen)• Tacitc to proof Hoare Triple• Practical Code transformation examples
Conclusion• The thing we need to proof isn't less than translation
validation• we can do it in a single lanuguage which easier to write proof with
and we get more proof
• The whole picture is still vague
Proof Carrying Hardware
• Current work• A formalization of Intel 8051 microcontroller in Coq• RC5 hash algorithm • Proof certain ports won’t “leak” secret