The bedrock structured programming system: combining generative metaprogramming and hoare logic in an extensible program verifier

@article{Chlipala2013TheBS,
  title={The bedrock structured programming system: combining generative metaprogramming and hoare logic in an extensible program verifier},
  author={A. Chlipala},
  journal={Proceedings of the 18th ACM SIGPLAN international conference on Functional programming},
  year={2013}
}
  • A. Chlipala
  • Published 2013
  • Computer Science
  • Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
We report on the design and implementation of an extensible programming language and its intrinsic support for formal verification. Our language is targeted at low-level programming of infrastructure like operating systems and runtime systems. It is based on a cross-platform core combining characteristics of assembly languages and compiler intermediate languages. From this foundation, we take literally the saying that C is a "macro assembly language": we introduce an expressive notion of… Expand
Correct-by-Construction Program Derivation from Specifications to Assembly Language
  • 2014
We present a Coq-based system to certify the entire process of implementing declarative mathematical specifications with efficient assembly code. That is, we produce formal assemblycode librariesExpand
Compiler verification meets cross-language linking via data abstraction
TLDR
Coq verification of a compiler for a high-level language is described, such that the compiler correctness theorem allows us to derive partial-correctness Hoare-logic theorems for programs built by linking the assembly code output by the authors' compiler and assembly code produced by other means. Expand
Compilation Using Correct-by-Construction Program Synthesis
TLDR
A novel approach to the extraction and compilation of embedded domain-specific languages developed in a proof assistant (Coq) is presented, showing how it allows us to extend correctness guarantees all the way to a verification-aware assembly language. Expand
Extensible Extraction of Efficient Imperative Programs with Foreign Functions, Manually Managed Memory, and Proofs
TLDR
This work presents an original approach to sound program extraction in a proof assistant, using syntax-driven automation to derive correct-by-construction imperative programs from nondeterministic functional source code, and completes the first proof-generating pipeline that goes automatically from high-level specifications to assembly code. Expand
Formalising Executable Specifications of Low-Level Systems
TLDR
This paper introduces DEC and its semantics, presents its interpreter based on the type soundness proof and extracted to Haskell, introduces a Hoare logic to reason about DEC code, and uses this logic to verify properties of Pip as a case study, comparing the new proofs with thosebased on the shallow embedding. Expand
RefinedC: A Foundational Refinement Type System for C Based on Separation Logic Programming
Given the central role that C continues to play in systems software, and the difficulty of writing safe and correct C code, it remains a grand challenge to develop effective formal methods forExpand
Verified low-level programming embedded in F*
TLDR
Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependently- typed variant of ML aimed at program verification, and its application to high-assurance optimized cryptographic libraries. Expand
A Proof Theory for Loop-Parallelizing Transformations
TLDR
The groundwork for verified parallelizing compilers is laid by developing a general theory to prove the soundness of parallelizing transformations and an exploration of the theory behind the correctness of parallelization, where the preservation of nondeterminism is considered and bisimulation-based proof techniques are developed. Expand
The End of History? Using a Proof Assistant to Replace Language Design with Library Design
TLDR
Fiat, a library for the Coq proof assistant, turns languages into easily comprehensible libraries via the key idea of modularizing functionality and performance away from each other, the former via macros that desugar into higher-order logic and the latter via optimization scripts that derive efficient code from logical programs. Expand
Verification Techniques for Low-Level Programs
We explore the application of highly expressive logical and automated reasoning techniques to the analysis of computer programs. We begin with an introduction to formal methods by describingExpand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 34 REFERENCES
Certified assembly programming with embedded code pointers
TLDR
A simple and general technique for solving the ECP problem for Hoare-logic-based PCC systems by adding a small amount of syntax to the assertion language and showing how to combine semantic consequence relation with syntactic proof techniques is presented. Expand
High-level separation logic for low-level code
TLDR
A separation logic tailored for this purpose that has been applied to x86 machine-code programs and is built from an assertion logic on machine states over which a specification logic that encapsulates uses of frames and step indexing is constructed. Expand
Explicitly heterogeneous metaprogramming with MetaHaskell
TLDR
MetaHaskell is presented, an extension of Haskell 98 that provides modular syntactic and type system support for type safe metaprogramming with multiple object languages and demonstrates the flexibility of the approach through three object languages: a core ML language, a linear variant of the coreML language, and a subset of C. Expand
Xoc, an extension-oriented compiler for systems programming
TLDR
An extension-oriented compiler for C called xoc is described, which gives extension writers full control over program syntax and semantics while hiding many compiler internals and concisely defines powerful compiler extensions that can be combined. Expand
Mostly-automated verification of low-level programs in computational separation logic
TLDR
The Bedrock framework is introduced, which supports mostly-automated proofs about programs with the full range of features needed to implement, e.g., language runtime systems and some dramatic improvements compared to past work in classical verification. Expand
Modular verification of concurrent assembly code with dynamic thread creation and termination
TLDR
This work adapt and generalize the rely-guarantee methodology to the assembly level and shows how to specify the semantics of thread "fork" with argument passing and provides a foundation for certifying realistic multi-threaded programs and makes an important advance toward generating proof-carrying concurrent code. Expand
Macros as multi-stage computations: type-safe, generative, binding macros in MacroML
TLDR
This paper develops and presents MacroML, an extension of ML that supports inlining, recursive macros, and the definition of new binding constructs, and shows that MacroML is stage- and type-safe: macro expansion does not depend on runtime evaluation, and both stages do not "go wrong". Expand
A general framework for certifying garbage collectors and their mutators
TLDR
This work defines a formal garbage collector interface general enough to reason about a variety of algorithms while allowing the mutator to ignore implementation-specific details of the collector, and mechanically verify assembly implementations of mark-sweep, copying and incremental copying GCs in Coq. Expand
seL4: formal verification of an OS kernel
TLDR
To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel. Expand
Modular verification of assembly code with stack-based control abstractions
TLDR
This paper presents a simple but flexible Hoare-style framework for modular verification of assembly code with all kinds of stackbased control abstractions, including function call/return, tail call, setjmp/longjmp, weak continuation, stack cutting, stack unwinding, multi-return function call, coroutines, and thread context switch. Expand
...
1
2
3
4
...