SlideShare a Scribd company logo

Formal Verification of Programming Languages

Jason Reich
Jason Reich

This document summarizes the history of formally verifying programming language compiler implementations from the 1960s to the 2000s. It discusses early work proving correctness of compilers for simple languages by McCarthy and Painter in the 1960s and Milner and Weyhrauch in the 1970s. It then outlines subsequent work extending these ideas to more complex languages through the 1980s-2000s using proof assistants. Recent work by Leroy and Chlipala have proved compilers for realistic languages, but questions remain around scaling to larger systems and trust in the verification tools.

1 of 27
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Formal Verification of Programming Language Implementations Ph.D. Literature Seminar Jason S. Reich <jason@cs.york.ac.uk> University of York December 8, 2009
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Compile from a simple arithmetic language to machine code for a simple register machine. Example taken from [McCart67]
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Compile from a simple arithmetic language to machine code for a simple register machine. Source language Numeric constants Variables Addition e.g. (x + 3) + (x + (y + 2)) Example taken from [McCart67]
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Compile from a simple arithmetic language to machine code for a simple register machine. Target language Source language Load Immediate into ac Numeric constants LOAD into ac from Variables address/register Addition STOre ac value to address/register e.g. (x + 3) + (x + (y + 2)) ADD register value to ac Example taken from [McCart67]
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Arithmetic expression compiler in Haskell compile : : Source −> I n t −> Target compile ( Const v ) t = [ L i v ] compile ( Var x ) t = [ Load x ] compile (Sum e1 e2 ) t = c o m p i l e e1 t ++ [ Sto ( "t + " ++ show t ) ] ++ c o m p i l e e2 ( t + 1 ) ++ [ Add ( "t + " ++ show t ) ]
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language When compiled and executed, is the value in the accumulator the result of the source arithmetic expression? (x + 3) + (x + (y + 2)) compiled to machine code? 1 LOAD x 8 LOAD y 2 STO t 9 STO t + 2 3 LI 3 10 LI 2 4 ADD t 11 ADD t + 2 5 STO t 12 ADD t + 1 6 LOAD x 13 ADD t 7 STO t + 1 n.b. Where x and y are known memory locations and t + k are registers.
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Why use high-level languages? Rapid development Easier to understand, maintain and modify Less likely to make mistakes Easier to reason about and infer properties Architecture portability But...
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Can you trust your compiler? Use a compiler to translate from a high-level language to a low-level Compilers are programs (generally) written by people People make mistakes Can silently turn “a correct program into an incorrect executable” [Leroy09] GHC 6.10.x is ≈ 800, 000 lines of code and has had 737 bugs reported in the bug tracker as of 04/12/2009 [GHC] Can we formally verify a compiler?
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Can you trust your compiler? Use a compiler to translate from a high-level language to a low-level Compilers are programs (generally) written by people People make mistakes Can silently turn “a correct program into an incorrect executable” [Leroy09] GHC 6.10.x is ≈ 800, 000 lines of code and has had 737 bugs reported in the bug tracker as of 04/12/2009 [GHC] Can we formally verify a compiler?
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Can you trust your compiler? Use a compiler to translate from a high-level language to a low-level Compilers are programs (generally) written by people People make mistakes Can silently turn “a correct program into an incorrect executable” [Leroy09] GHC 6.10.x is ≈ 800, 000 lines of code and has had 737 bugs reported in the bug tracker as of 04/12/2009 [GHC] Can we formally verify a compiler?
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions McCarthy and Painter, 1967 “Correctness of a compiler for arithmetic expressions” [McCart67] Describe, in first-order predicate logic; Source language semantics Target language semantics A compilation process Reason that the compiler maintains semantic equivalence
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions McCarthy and Painter, 1967 Semantic equivalence in [McCart67] ∀e ∈ Expressions, ∀µ : Variable Mappings • interpret(e, µ) ≡ acValue(emulate(compile(e), mkState(µ))) Very limited, small toy source and target language Proof performed by hand Logical framework and proof presented in under ten pages Shows that proving a compiler correct is possible
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Milner and Weyhrauch, 1972 “Proving compiler correctness in a mechanised logic” [Milner72] Provide an LCF machine-checked proof of the McCarthy-Painter example Proceed towards mechanically proving a compiler for a more complex language to a stack machine Claim to have “no significant doubt that the remainder of the proof can be done on machine” [Milner72]
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Morris, 1973 “Advice on structuring compilers and proving them correct” [Morris73] Proves by hand the correctness of a compiler for a source language that contains assignment, conditionals, loops, arithmetic, booleans operations and local definitions “Essence” of the advice presented in [Morris73] compile Source language −−→ −− Target language    Target semantics Source semantics Source meanings ←−− −− Target meanings decode
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Thatcher, Wagner and Wright, 1980 Advice presented in [Thatch80] compile Source language −−→ −− Target language    Target semantics Source semantics Source meanings −−→ −− Target meanings encode “More on advice on structuring compilers and proving them correct” [Thatch80] Provides a correct compiler for a more advanced target language than [Morris73] Claim that mechanised theorem proving tools required further development
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions The “structuring compilers” series Discuss constructing algebras to describe languages How to move from one algebra to another Encode abstract state to concrete or decode to abstract? “there is not enough information in the [abstract] state to recover the [concrete] state completely” [Moore89] Further paper “Even more on advice on structuring compilers and proving them correct: changing an arrow” [Orejas81] [Moore89] discusses this issue from a practical perspective
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions The “structuring compilers” series Discuss constructing algebras to describe languages How to move from one algebra to another Encode abstract state to concrete or decode to abstract? “there is not enough information in the [abstract] state to recover the [concrete] state completely” [Moore89] Further paper “Even more on advice on structuring compilers and proving them correct: changing an arrow” [Orejas81] [Moore89] discusses this issue from a practical perspective
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions The “structuring compilers” series Discuss constructing algebras to describe languages How to move from one algebra to another Encode abstract state to concrete or decode to abstract? “there is not enough information in the [abstract] state to recover the [concrete] state completely” [Moore89] Further paper “Even more on advice on structuring compilers and proving them correct: changing an arrow” [Orejas81] [Moore89] discusses this issue from a practical perspective
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Meijer, 1994 “More advice on proving a compiler correct: Improve a correct compiler” [Meijer94] Given a interpreter for a source language, can we transform it into a compiler to and residual interpreter for the target language? A functional decomposition problem (i.e. interpreter = emulator ◦ compiler ) Demonstrate this technique for a first-order imperative language compiling to a three-address code machine While quite feasible for first-order languages, becomes far more difficult for higher-order languages
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Berghofer and Stecker, 2003 “Extracting a formally verified, fully executable compiler from a proof assistant” [Bergho03] Proves a compiler for a subset of the Java source language to Java bytecode Includes typechecking, abstract syntax tree annotation and bytecode translation Isabelle/HOL used to prove properties about an abstract compiler Isabelle code extraction to produce an executable compiler
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Dave, 2003 Papers listed against decade published Maulik A. Dave’s bibliography for “Compiler Verification” [Dave03] Ninety-nine papers listed Ninety-one of those listed were published after 1990 Interestingly neither the Milner and Weyhrauch paper nor the Meijer are included
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Dave, 2003 Papers listed against decade published Maulik A. Dave’s bibliography for “Compiler Verification” [Dave03] Ninety-nine papers listed Ninety-one of those listed were published after 1990 Interestingly neither the Milner and Weyhrauch paper nor the Meijer are included
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Dave, 2003 Papers listed against decade published Maulik A. Dave’s bibliography for “Compiler Verification” [Dave03] Ninety-nine papers listed Ninety-one of those listed were published after 1990 Interestingly neither the Milner and Weyhrauch paper nor the Meijer are included
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Recent work Leroy’s “A formally verified compiler back-end” [Leroy09] Proves a compiler for Cminor to PowerPC assembler Chlipala’s “A verified compiler for an impure functional language” [Chlipa10] For a toy (but still quite feature rich) functional source language to instructions register-based machine Both use the Coq proof assistant and code extraction Both decompose the problem into compilation to several intermediate languages Both express worries that the proof assistant itself contain bugs that would invalidate correctness
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Conclusions Compilers have been proved correct for progressively larger source languages Rapidly became apparent that some kind of proof assistant is required Decomposition of large compilers is a key factor for success Programs are only verified when all surrounding elements are verified
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Open questions What about compilers for larger target languages and more advanced compilation facilities? Are our mechanised assistants producing valid proofs? Are there other ways to decompose the problem? Are particular language paradigms more amenable to compiler verification? Why haven’t the concepts of [Meijer94] been more widely used? What other ways are there of decomposing the compiler verification problem?
Motivation 1960s 1970s 1980s 1990s 2000s Conclusions More information Slides and bibliography will be made available at; http://www-users.cs.york.ac.uk/~jason/ Jason S. Reich <jason@cs.york.ac.uk>

Recommended

Formal Verification of Programming Languages
Formal Verification of Programming LanguagesFormal Verification of Programming Languages
Formal Verification of Programming Languages
Jason Reich
 
Rcpp: Seemless R and C++
Rcpp: Seemless R and C++Rcpp: Seemless R and C++
Rcpp: Seemless R and C++
Romain Francois
 
Cs6503 theory of computation april may 2017
Cs6503 theory of computation april may 2017Cs6503 theory of computation april may 2017
Cs6503 theory of computation april may 2017
appasami
 
Cs2303 theory of computation november december 2015
Cs2303 theory of computation november december 2015Cs2303 theory of computation november december 2015
Cs2303 theory of computation november december 2015
appasami
 
Model toc
Model tocModel toc
Model toc
GUNASUNDARI C
 
Liszt los alamos national laboratory Aug 2011
Liszt los alamos national laboratory Aug 2011Liszt los alamos national laboratory Aug 2011
Liszt los alamos national laboratory Aug 2011
Ed Dodds
 
Maclennan chap5-pascal
Maclennan chap5-pascalMaclennan chap5-pascal
Maclennan chap5-pascal
Serghei Urban
 
Reporte de observación
Reporte de observaciónReporte de observación
Reporte de observación
Paola Garcia Velazquez
 

Recommended

Formal Verification of Programming Languages
Formal Verification of Programming LanguagesFormal Verification of Programming Languages
Formal Verification of Programming Languages
Jason Reich
 
Rcpp: Seemless R and C++
Rcpp: Seemless R and C++Rcpp: Seemless R and C++
Rcpp: Seemless R and C++
Romain Francois
 
Cs6503 theory of computation april may 2017
Cs6503 theory of computation april may 2017Cs6503 theory of computation april may 2017
Cs6503 theory of computation april may 2017
appasami
 
Cs2303 theory of computation november december 2015
Cs2303 theory of computation november december 2015Cs2303 theory of computation november december 2015
Cs2303 theory of computation november december 2015
appasami
 
Model toc
Model tocModel toc
Model toc
GUNASUNDARI C
 
Liszt los alamos national laboratory Aug 2011
Liszt los alamos national laboratory Aug 2011Liszt los alamos national laboratory Aug 2011
Liszt los alamos national laboratory Aug 2011
Ed Dodds
 
Maclennan chap5-pascal
Maclennan chap5-pascalMaclennan chap5-pascal
Maclennan chap5-pascal
Serghei Urban
 
Reporte de observación
Reporte de observaciónReporte de observación
Reporte de observación
Paola Garcia Velazquez
 
Actividad nº1
Actividad nº1Actividad nº1
Actividad nº1
bebo07
 
Diaporama Montceau
Diaporama MontceauDiaporama Montceau
Diaporama Montceau
guesteee797
 
Day 1 evidence
Day 1 evidenceDay 1 evidence
Day 1 evidence
Crickh10
 
Chapter iii(oop)
Chapter iii(oop)Chapter iii(oop)
Chapter iii(oop)
Chhom Karath
 
Paul
PaulPaul
PaulMohamed Youssef
 
Bhakti Vedanta Darshana July 2016
Bhakti Vedanta Darshana July 2016Bhakti Vedanta Darshana July 2016
Bhakti Vedanta Darshana July 2016
ISKCON Bangalore
 
Chapter iii(advance function)
Chapter iii(advance function)Chapter iii(advance function)
Chapter iii(advance function)
Chhom Karath
 
E+ 09 06
E+ 09 06E+ 09 06
E+ 09 06
omosvita
 
Chapter v(error)
Chapter v(error)Chapter v(error)
Chapter v(error)
Chhom Karath
 
ECG RECORDING ‘ELECTROCARDIOGRAM’
ECG RECORDING ‘ELECTROCARDIOGRAM’ECG RECORDING ‘ELECTROCARDIOGRAM’
ECG RECORDING ‘ELECTROCARDIOGRAM’
Muhammad Nasrullah
 
Tarta de manzana
Tarta de manzanaTarta de manzana
Tarta de manzana
tartasypostres
 
Bg 01 01
Bg 01 01Bg 01 01
Bg 01 01
ISKCON Chowpatty
 
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
NCCV
 
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
NCCV
 
Water Treatment Technology
Water Treatment TechnologyWater Treatment Technology
Water Treatment Technology
Nilay Patel
 
''E3: Realidad Virtual y los tipos de juegos''
''E3: Realidad Virtual y los tipos de juegos''''E3: Realidad Virtual y los tipos de juegos''
''E3: Realidad Virtual y los tipos de juegos''
NiLen A.R ♥
 
Manicura casero
Manicura caseroManicura casero
Manicura casero
Diane Gonzales Allende
 
Pascal programming language
Pascal programming languagePascal programming language
Pascal programming language
Verónica Meo Laos
 
Chapter1.pptx
Chapter1.pptxChapter1.pptx
Chapter1.pptx
SREEVIDYAP10
 
Compiler
CompilerCompiler
Compiler
alekhya57
 
Another programming language - jeszcze jeden język
Another programming language - jeszcze jeden językAnother programming language - jeszcze jeden język
Another programming language - jeszcze jeden język
Jarek Ratajski
 
Javascript Art for Kids - Library Program
Javascript Art for Kids - Library ProgramJavascript Art for Kids - Library Program
Javascript Art for Kids - Library Program
Rino Landa
 

More Related Content

Viewers also liked

Actividad nº1
Actividad nº1Actividad nº1
Actividad nº1
bebo07
 
Diaporama Montceau
Diaporama MontceauDiaporama Montceau
Diaporama Montceau
guesteee797
 
Day 1 evidence
Day 1 evidenceDay 1 evidence
Day 1 evidence
Crickh10
 
Chapter iii(oop)
Chapter iii(oop)Chapter iii(oop)
Chapter iii(oop)
Chhom Karath
 
Bhakti Vedanta Darshana July 2016
Bhakti Vedanta Darshana July 2016Bhakti Vedanta Darshana July 2016
Bhakti Vedanta Darshana July 2016
ISKCON Bangalore
 
Chapter iii(advance function)
Chapter iii(advance function)Chapter iii(advance function)
Chapter iii(advance function)
Chhom Karath
 
E+ 09 06
E+ 09 06E+ 09 06
E+ 09 06
omosvita
 
Chapter v(error)
Chapter v(error)Chapter v(error)
Chapter v(error)
Chhom Karath
 
ECG RECORDING ‘ELECTROCARDIOGRAM’
ECG RECORDING ‘ELECTROCARDIOGRAM’ECG RECORDING ‘ELECTROCARDIOGRAM’
ECG RECORDING ‘ELECTROCARDIOGRAM’
Muhammad Nasrullah
 
Tarta de manzana
Tarta de manzanaTarta de manzana
Tarta de manzana
tartasypostres
 
Bg 01 01
Bg 01 01Bg 01 01
Bg 01 01
ISKCON Chowpatty
 
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
NCCV
 
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
NCCV
 
Water Treatment Technology
Water Treatment TechnologyWater Treatment Technology
Water Treatment Technology
Nilay Patel
 
''E3: Realidad Virtual y los tipos de juegos''
''E3: Realidad Virtual y los tipos de juegos''''E3: Realidad Virtual y los tipos de juegos''
''E3: Realidad Virtual y los tipos de juegos''
NiLen A.R ♥
 
Manicura casero
Manicura caseroManicura casero
Manicura casero
Diane Gonzales Allende
 

Viewers also liked (17)

Actividad nº1
Actividad nº1Actividad nº1
Actividad nº1
 
Diaporama Montceau
Diaporama MontceauDiaporama Montceau
Diaporama Montceau
 
Day 1 evidence
Day 1 evidenceDay 1 evidence
Day 1 evidence
 
Chapter iii(oop)
Chapter iii(oop)Chapter iii(oop)
Chapter iii(oop)
 
Paul
PaulPaul
Paul
 
Bhakti Vedanta Darshana July 2016
Bhakti Vedanta Darshana July 2016Bhakti Vedanta Darshana July 2016
Bhakti Vedanta Darshana July 2016
 
Chapter iii(advance function)
Chapter iii(advance function)Chapter iii(advance function)
Chapter iii(advance function)
 
E+ 09 06
E+ 09 06E+ 09 06
E+ 09 06
 
Chapter v(error)
Chapter v(error)Chapter v(error)
Chapter v(error)
 
ECG RECORDING ‘ELECTROCARDIOGRAM’
ECG RECORDING ‘ELECTROCARDIOGRAM’ECG RECORDING ‘ELECTROCARDIOGRAM’
ECG RECORDING ‘ELECTROCARDIOGRAM’
 
Tarta de manzana
Tarta de manzanaTarta de manzana
Tarta de manzana
 
Bg 01 01
Bg 01 01Bg 01 01
Bg 01 01
 
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
Секция 2. Сидоренко Валерий (Агентство логистики идей "Интериум")
 
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
БЕЛАНОВСКИЙ Ю. - Что необходимо для социального корпоративного волонтёрства? ...
 
Water Treatment Technology
Water Treatment TechnologyWater Treatment Technology
Water Treatment Technology
 
''E3: Realidad Virtual y los tipos de juegos''
''E3: Realidad Virtual y los tipos de juegos''''E3: Realidad Virtual y los tipos de juegos''
''E3: Realidad Virtual y los tipos de juegos''
 
Manicura casero
Manicura caseroManicura casero
Manicura casero
 

Similar to Formal Verification of Programming Languages

Pascal programming language
Pascal programming languagePascal programming language
Pascal programming language
Verónica Meo Laos
 
Chapter1.pptx
Chapter1.pptxChapter1.pptx
Chapter1.pptx
SREEVIDYAP10
 
Compiler
CompilerCompiler
Compiler
alekhya57
 
Another programming language - jeszcze jeden język
Another programming language - jeszcze jeden językAnother programming language - jeszcze jeden język
Another programming language - jeszcze jeden język
Jarek Ratajski
 
Javascript Art for Kids - Library Program
Javascript Art for Kids - Library ProgramJavascript Art for Kids - Library Program
Javascript Art for Kids - Library Program
Rino Landa
 
R programming language
R programming languageR programming language
R programming language
Keerti Verma
 
Sugar Presentation - YULHackers March 2009
Sugar Presentation - YULHackers March 2009Sugar Presentation - YULHackers March 2009
Sugar Presentation - YULHackers March 2009
spierre
 
Lesson 1-3 Fundamentals of Programming.pptx
Lesson 1-3 Fundamentals of Programming.pptxLesson 1-3 Fundamentals of Programming.pptx
Lesson 1-3 Fundamentals of Programming.pptx
DysRobles
 
Issues in the design of Code Generator
Issues in the design of Code GeneratorIssues in the design of Code Generator
Issues in the design of Code Generator
Darshan sai Reddy
 
Game development
Game developmentGame development
Game development
Asido_
 
ACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and Language
Marko Rodriguez
 
Trends in Programming Technology you might want to keep an eye on af Bent Tho...
Trends in Programming Technology you might want to keep an eye on af Bent Tho...Trends in Programming Technology you might want to keep an eye on af Bent Tho...
Trends in Programming Technology you might want to keep an eye on af Bent Tho...
InfinIT - Innovationsnetværket for it
 
NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...
NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...
NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...
The Statistical and Applied Mathematical Sciences Institute
 
From concept to cloud a look at modern software development
From concept to cloud a look at modern software developmentFrom concept to cloud a look at modern software development
From concept to cloud a look at modern software development
Software Guru
 
The Next Mainstream Programming Language: A Game Developer's Perspective
The Next Mainstream Programming Language: A Game Developer's PerspectiveThe Next Mainstream Programming Language: A Game Developer's Perspective
The Next Mainstream Programming Language: A Game Developer's Perspective
kfrdbs
 
Compilers Design
Compilers DesignCompilers Design
Compilers Design
Akshaya Arunan
 
Internationalisation And Globalisation
Internationalisation And GlobalisationInternationalisation And Globalisation
Internationalisation And Globalisation
Alan Dean
 
Chapter 1 1
Chapter 1 1Chapter 1 1
Chapter 1 1
bolovv
 
Univ of va intentional introduction 2013 01-31
Univ of va intentional introduction 2013 01-31Univ of va intentional introduction 2013 01-31
Univ of va intentional introduction 2013 01-31
Magnus Christerson
 
Reduce course notes class xii
Reduce course notes class xiiReduce course notes class xii
Reduce course notes class xii
Syed Zaid Irshad
 

Similar to Formal Verification of Programming Languages (20)

Pascal programming language
Pascal programming languagePascal programming language
Pascal programming language
 
Chapter1.pptx
Chapter1.pptxChapter1.pptx
Chapter1.pptx
 
Compiler
CompilerCompiler
Compiler
 
Another programming language - jeszcze jeden język
Another programming language - jeszcze jeden językAnother programming language - jeszcze jeden język
Another programming language - jeszcze jeden język
 
Javascript Art for Kids - Library Program
Javascript Art for Kids - Library ProgramJavascript Art for Kids - Library Program
Javascript Art for Kids - Library Program
 
R programming language
R programming languageR programming language
R programming language
 
Sugar Presentation - YULHackers March 2009
Sugar Presentation - YULHackers March 2009Sugar Presentation - YULHackers March 2009
Sugar Presentation - YULHackers March 2009
 
Lesson 1-3 Fundamentals of Programming.pptx
Lesson 1-3 Fundamentals of Programming.pptxLesson 1-3 Fundamentals of Programming.pptx
Lesson 1-3 Fundamentals of Programming.pptx
 
Issues in the design of Code Generator
Issues in the design of Code GeneratorIssues in the design of Code Generator
Issues in the design of Code Generator
 
Game development
Game developmentGame development
Game development
 
ACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and Language
 
Trends in Programming Technology you might want to keep an eye on af Bent Tho...
Trends in Programming Technology you might want to keep an eye on af Bent Tho...Trends in Programming Technology you might want to keep an eye on af Bent Tho...
Trends in Programming Technology you might want to keep an eye on af Bent Tho...
 
NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...
NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...
NCCU: Statistics in the Criminal Justice System, R basics and Simulation - Pr...
 
From concept to cloud a look at modern software development
From concept to cloud a look at modern software developmentFrom concept to cloud a look at modern software development
From concept to cloud a look at modern software development
 
The Next Mainstream Programming Language: A Game Developer's Perspective
The Next Mainstream Programming Language: A Game Developer's PerspectiveThe Next Mainstream Programming Language: A Game Developer's Perspective
The Next Mainstream Programming Language: A Game Developer's Perspective
 
Compilers Design
Compilers DesignCompilers Design
Compilers Design
 
Internationalisation And Globalisation
Internationalisation And GlobalisationInternationalisation And Globalisation
Internationalisation And Globalisation
 
Chapter 1 1
Chapter 1 1Chapter 1 1
Chapter 1 1
 
Univ of va intentional introduction 2013 01-31
Univ of va intentional introduction 2013 01-31Univ of va intentional introduction 2013 01-31
Univ of va intentional introduction 2013 01-31
 
Reduce course notes class xii
Reduce course notes class xiiReduce course notes class xii
Reduce course notes class xii
 

Recently uploaded

June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 

Recently uploaded (20)

June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 

Formal Verification of Programming Languages

  • 1. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Formal Verification of Programming Language Implementations Ph.D. Literature Seminar Jason S. Reich <jason@cs.york.ac.uk> University of York December 8, 2009
  • 2. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Compile from a simple arithmetic language to machine code for a simple register machine. Example taken from [McCart67]
  • 3. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Compile from a simple arithmetic language to machine code for a simple register machine. Source language Numeric constants Variables Addition e.g. (x + 3) + (x + (y + 2)) Example taken from [McCart67]
  • 4. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Compile from a simple arithmetic language to machine code for a simple register machine. Target language Source language Load Immediate into ac Numeric constants LOAD into ac from Variables address/register Addition STOre ac value to address/register e.g. (x + 3) + (x + (y + 2)) ADD register value to ac Example taken from [McCart67]
  • 5. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language Arithmetic expression compiler in Haskell compile : : Source −> I n t −> Target compile ( Const v ) t = [ L i v ] compile ( Var x ) t = [ Load x ] compile (Sum e1 e2 ) t = c o m p i l e e1 t ++ [ Sto ( "t + " ++ show t ) ] ++ c o m p i l e e2 ( t + 1 ) ++ [ Add ( "t + " ++ show t ) ]
  • 6. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Compiling an arithmetic language When compiled and executed, is the value in the accumulator the result of the source arithmetic expression? (x + 3) + (x + (y + 2)) compiled to machine code? 1 LOAD x 8 LOAD y 2 STO t 9 STO t + 2 3 LI 3 10 LI 2 4 ADD t 11 ADD t + 2 5 STO t 12 ADD t + 1 6 LOAD x 13 ADD t 7 STO t + 1 n.b. Where x and y are known memory locations and t + k are registers.
  • 7. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Why use high-level languages? Rapid development Easier to understand, maintain and modify Less likely to make mistakes Easier to reason about and infer properties Architecture portability But...
  • 8. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Can you trust your compiler? Use a compiler to translate from a high-level language to a low-level Compilers are programs (generally) written by people People make mistakes Can silently turn “a correct program into an incorrect executable” [Leroy09] GHC 6.10.x is ≈ 800, 000 lines of code and has had 737 bugs reported in the bug tracker as of 04/12/2009 [GHC] Can we formally verify a compiler?
  • 9. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Can you trust your compiler? Use a compiler to translate from a high-level language to a low-level Compilers are programs (generally) written by people People make mistakes Can silently turn “a correct program into an incorrect executable” [Leroy09] GHC 6.10.x is ≈ 800, 000 lines of code and has had 737 bugs reported in the bug tracker as of 04/12/2009 [GHC] Can we formally verify a compiler?
  • 10. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Can you trust your compiler? Use a compiler to translate from a high-level language to a low-level Compilers are programs (generally) written by people People make mistakes Can silently turn “a correct program into an incorrect executable” [Leroy09] GHC 6.10.x is ≈ 800, 000 lines of code and has had 737 bugs reported in the bug tracker as of 04/12/2009 [GHC] Can we formally verify a compiler?
  • 11. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions McCarthy and Painter, 1967 “Correctness of a compiler for arithmetic expressions” [McCart67] Describe, in first-order predicate logic; Source language semantics Target language semantics A compilation process Reason that the compiler maintains semantic equivalence
  • 12. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions McCarthy and Painter, 1967 Semantic equivalence in [McCart67] ∀e ∈ Expressions, ∀µ : Variable Mappings • interpret(e, µ) ≡ acValue(emulate(compile(e), mkState(µ))) Very limited, small toy source and target language Proof performed by hand Logical framework and proof presented in under ten pages Shows that proving a compiler correct is possible
  • 13. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Milner and Weyhrauch, 1972 “Proving compiler correctness in a mechanised logic” [Milner72] Provide an LCF machine-checked proof of the McCarthy-Painter example Proceed towards mechanically proving a compiler for a more complex language to a stack machine Claim to have “no significant doubt that the remainder of the proof can be done on machine” [Milner72]
  • 14. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Morris, 1973 “Advice on structuring compilers and proving them correct” [Morris73] Proves by hand the correctness of a compiler for a source language that contains assignment, conditionals, loops, arithmetic, booleans operations and local definitions “Essence” of the advice presented in [Morris73] compile Source language −−→ −− Target language    Target semantics Source semantics Source meanings ←−− −− Target meanings decode
  • 15. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Thatcher, Wagner and Wright, 1980 Advice presented in [Thatch80] compile Source language −−→ −− Target language    Target semantics Source semantics Source meanings −−→ −− Target meanings encode “More on advice on structuring compilers and proving them correct” [Thatch80] Provides a correct compiler for a more advanced target language than [Morris73] Claim that mechanised theorem proving tools required further development
  • 16. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions The “structuring compilers” series Discuss constructing algebras to describe languages How to move from one algebra to another Encode abstract state to concrete or decode to abstract? “there is not enough information in the [abstract] state to recover the [concrete] state completely” [Moore89] Further paper “Even more on advice on structuring compilers and proving them correct: changing an arrow” [Orejas81] [Moore89] discusses this issue from a practical perspective
  • 17. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions The “structuring compilers” series Discuss constructing algebras to describe languages How to move from one algebra to another Encode abstract state to concrete or decode to abstract? “there is not enough information in the [abstract] state to recover the [concrete] state completely” [Moore89] Further paper “Even more on advice on structuring compilers and proving them correct: changing an arrow” [Orejas81] [Moore89] discusses this issue from a practical perspective
  • 18. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions The “structuring compilers” series Discuss constructing algebras to describe languages How to move from one algebra to another Encode abstract state to concrete or decode to abstract? “there is not enough information in the [abstract] state to recover the [concrete] state completely” [Moore89] Further paper “Even more on advice on structuring compilers and proving them correct: changing an arrow” [Orejas81] [Moore89] discusses this issue from a practical perspective
  • 19. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Meijer, 1994 “More advice on proving a compiler correct: Improve a correct compiler” [Meijer94] Given a interpreter for a source language, can we transform it into a compiler to and residual interpreter for the target language? A functional decomposition problem (i.e. interpreter = emulator ◦ compiler ) Demonstrate this technique for a first-order imperative language compiling to a three-address code machine While quite feasible for first-order languages, becomes far more difficult for higher-order languages
  • 20. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Berghofer and Stecker, 2003 “Extracting a formally verified, fully executable compiler from a proof assistant” [Bergho03] Proves a compiler for a subset of the Java source language to Java bytecode Includes typechecking, abstract syntax tree annotation and bytecode translation Isabelle/HOL used to prove properties about an abstract compiler Isabelle code extraction to produce an executable compiler
  • 21. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Dave, 2003 Papers listed against decade published Maulik A. Dave’s bibliography for “Compiler Verification” [Dave03] Ninety-nine papers listed Ninety-one of those listed were published after 1990 Interestingly neither the Milner and Weyhrauch paper nor the Meijer are included
  • 22. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Dave, 2003 Papers listed against decade published Maulik A. Dave’s bibliography for “Compiler Verification” [Dave03] Ninety-nine papers listed Ninety-one of those listed were published after 1990 Interestingly neither the Milner and Weyhrauch paper nor the Meijer are included
  • 23. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Dave, 2003 Papers listed against decade published Maulik A. Dave’s bibliography for “Compiler Verification” [Dave03] Ninety-nine papers listed Ninety-one of those listed were published after 1990 Interestingly neither the Milner and Weyhrauch paper nor the Meijer are included
  • 24. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Recent work Leroy’s “A formally verified compiler back-end” [Leroy09] Proves a compiler for Cminor to PowerPC assembler Chlipala’s “A verified compiler for an impure functional language” [Chlipa10] For a toy (but still quite feature rich) functional source language to instructions register-based machine Both use the Coq proof assistant and code extraction Both decompose the problem into compilation to several intermediate languages Both express worries that the proof assistant itself contain bugs that would invalidate correctness
  • 25. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Conclusions Compilers have been proved correct for progressively larger source languages Rapidly became apparent that some kind of proof assistant is required Decomposition of large compilers is a key factor for success Programs are only verified when all surrounding elements are verified
  • 26. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions Open questions What about compilers for larger target languages and more advanced compilation facilities? Are our mechanised assistants producing valid proofs? Are there other ways to decompose the problem? Are particular language paradigms more amenable to compiler verification? Why haven’t the concepts of [Meijer94] been more widely used? What other ways are there of decomposing the compiler verification problem?
  • 27. Motivation 1960s 1970s 1980s 1990s 2000s Conclusions More information Slides and bibliography will be made available at; http://www-users.cs.york.ac.uk/~jason/ Jason S. Reich <jason@cs.york.ac.uk>