Advertisement

Verified Software Toolchain

(Invited Talk)
  • Andrew W. Appel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6602)

Abstract

The software toolchain includes static analyzers to check assertions about programs; optimizing compilers to translate programs to machine language; operating systems and libraries to supply context for programs. Our Verified Software Toolchain verifies with machine-checked proofs that the assertions claimed at the top of the toolchain really hold in the machine-language program, running in the operating-system context, on a weakly-consistent-shared-memory machine.

Our verification approach is modular, in that proofs about operating systems or concurrency libraries are oblivious of the programming language or machine language, proofs about compilers are oblivious of the program logic used to verify static analyzers, and so on. The approach is scalable, in that each component is verified in the semantic idiom most natural for that component.

Finally, the verification is foundational: the trusted base for proofs of observable properties of the machine-language program includes only the operational semantics of the machine language, not the source language, the compiler, the program logic, or any other part of the toolchain—even when these proofs are carried out by source-level static analyzers.

In this paper I explain some semantic techniques for building a verified toolchain.

Keywords

Program Logic Operational Semantic Machine Language Source Language Separation Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ahmed, A., Appel, A.W., Richards, C.D., Swadi, K.N., Tan, G., Wang, D.C.: Semantic foundations for typed assembly languages. ACM Trans. Program. Lang. Syst. 32(3), 1–67 (2010)CrossRefGoogle Scholar
  2. 2.
    Ahmed, A., Appel, A.W., Virga, R.: A stratified semantics of general references embeddable in higher-order logic. In: 17th Annual IEEE Symp. on Logic in Computer Science, pp. 75–86 (June 2002)Google Scholar
  3. 3.
    Ahmed, A., Appel, A.W., Virga, R.: An indexed model of impredicative polymorphism and mutable references (January 2003), http://www.cs.princeton.edu/~appel/papers/impred.pdf
  4. 4.
    Ahmed, A.J.: Semantics of Types for Mutable State. PhD thesis, Princeton University, Princeton, NJ, Tech Report TR-713-04 (November 2004)Google Scholar
  5. 5.
    Appel, A.W.: Foundational proof-carrying code. In: Symp. on Logic in Computer Science (LICS 2001), pp. 247–258. IEEE, Los Alamitos (2001)Google Scholar
  6. 6.
    Appel, A.W., Melliès, P.-A., Richards, C.D., Vouillon, J.: A very modal model of a modern, major, general type system. In: Proc. 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2007), pp. 109–122 (January 2007)Google Scholar
  7. 7.
    Appel, A.W., Michael, N.G., Stump, A., Virga, R.: A trustworthy proof checker. J. Automated Reasoning 31, 231–260 (2003)CrossRefzbMATHGoogle Scholar
  8. 8.
    Birkedal, L., Reus, B., Schwinghammer, J., Stovring, K., Thamsborg, J., Yang, H.: Step-indexed Kripke models over recursive worlds (2010) (submitted for publication)Google Scholar
  9. 9.
    Blazy, S., Dargaye, Z., Leroy, X.: Formal verification of a C compiler front-end. In: Symp. on Formal Methods, pp. 460–475 (2006)Google Scholar
  10. 10.
    Boehm, H.-J.: Threads cannot be implemented as a library. In: PLDI 2005: 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, New York, pp. 261–268 (2005)Google Scholar
  11. 11.
    Bornat, R., Calcagno, C., O’Hearn, P., Parkinson, M.: Permission accounting in separation logic. In: POPL 2005, pp. 259–270 (2005)Google Scholar
  12. 12.
    Boudol, G., Petri, G.: Relaxed memory models: an operational approach. In: POPL 2009, pp. 392–403 (2009)Google Scholar
  13. 13.
    Chen, J., Wu, D., Appel, A.W., Fang, H.: A provably sound TAL for back-end optimization. In: PLDI 2003: Proc. 2003 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 208–219 (June 2003)Google Scholar
  14. 14.
    Crary, K., Sarkar, S.: Foundational certified code in the twelf metalogical framework. ACM Trans. Comput. Logic 9(3), 1–26 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Dockins, R., Appel, A.W.: Observational oracular semantics for compiler correctness and language metatheory (2011) (in preparation)Google Scholar
  16. 16.
    Dockins, R., Hobor, A., Appel, A.W.: A fresh look at separation algebras and share accounting. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 161–177. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Feng, X., Ni, Z., Shao, Z., Guo, Y.: An open framework for foundational proof-carrying code. In: Proc. 2007 ACM SIGPLAN International Workshop on Types in Language Design and Implementation (TLDI 2007), January 2007, pp. 67–78. ACM Press, New York (2007)CrossRefGoogle Scholar
  18. 18.
    Gotsman, A., Berdine, J., Cook, B., Rinetzky, N., Sagiv, M.: Local reasoning for storable locks and threads. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 19–37. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Gotsman, A., Berdine, J., Cook, B., Sagiv, M.: Thread-modular shape analysis. In: PLDI 2007: 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation (2007)Google Scholar
  20. 20.
    Hobor, A.: Oracle Semantics. PhD thesis, Princeton University (2008)Google Scholar
  21. 21.
    Hobor, A., Appel, A.W., Nardelli, F.Z.: Oracle semantics for concurrent separation logic. In: Gairing, M. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 353–367. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Hobor, A., Dockings, R., Appel, A.W.: A theory of indirection via approximation. In: POPL 2010: Proc. 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 171–184 (January 2010)Google Scholar
  23. 23.
    Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine and compiler. ACM Trans. on Programming Languages and Systems 28, 619–695 (2006)CrossRefGoogle Scholar
  24. 24.
    Leroy, X.: Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In: POPL 2006, pp. 42–54 (2006)Google Scholar
  25. 25.
    Leroy, X., Blazy, S.: Formal verification of a C-like memory model and its uses for verifying program transformations. Journal of Automated Reasoning 41(1), 1–31 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Mansky, W.: Automating separation logic for Concurrent C minor. Undergraduate thesis (May 2008)Google Scholar
  27. 27.
    Necula, G.: Proof-carrying code. In: 24th ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, pp. 106–119. ACM Press, New York (1997)CrossRefGoogle Scholar
  28. 28.
    O’Hearn, P.W.: Resources, concurrency and local reasoning. Theoretical Computer Science 375(1), 271–307 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Parkinson, M.J.: Local Reasoning for Java. PhD thesis, University of Cambridge (2005)Google Scholar
  30. 30.
    Schirmer, N.: Verification of Sequential Imperative Programs in Isabelle/HOL. PhD thesis, Technische Universität München (2006)Google Scholar
  31. 31.
    Sewell, P., Sarkar, S., Owens, S., Nardelli, F.Z., Myreen, M.O.: x86-tso: a rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM 53(7), 89–97 (2010)CrossRefGoogle Scholar
  32. 32.
    Wu, D., Appel, A.W., Stump, A.: Foundational proof checkers with small witnesses. In: 5th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming (August 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Andrew W. Appel
    • 1
  1. 1.Princeton UniversityUSA

Personalised recommendations