17 research outputs found
The Verified CakeML Compiler Backend
The CakeML compiler is, to the best of our knowledge, the most realistic veri?ed compiler for a functional programming language to date. The architecture of the compiler, a sequence of intermediate languages through which high-level features are compiled away incrementally, enables veri?cation of each compilation pass at inappropriate level of semantic detail.Partsofthecompilerâs implementation resemble mainstream (unveri?ed) compilers for strict functional languages, and it support several important features and optimisations. These include ef?cient curried multi-argument functions, con?gurable data representations, ef?cient exceptions, register allocation,and more. The compiler produces machine code for ?ve architectures: x86-64, ARMv6, ARMv8, MIPS-64, and RISC-V. The generatedmachine code contains the veri?edruntime system which includes averi?ed generational copying garbage collect or and averi?edarbitraryprecisionarithmetic(bignum)library. In this paper we present the overall design of the compiler backend, including its 12 intermediate languages. We explain how the semantics and proofs ?t together, and provide detail on how the compiler has been bootstrapped inside the logic of a theorem prover. The entire development has been carried out within the HOL4 theorem prover
Characteristic Formulae for Liveness Properties of Non-Terminating CakeML Programs
There are useful programs that do not terminate, and yet standard Hoare logics are not able to prove liveness properties about non-terminating programs. This paper shows how a Hoare-like programming logic framework (characteristic formulae) can be extended to enable reasoning about the I/O behaviour of programs that do not terminate. The approach is inspired by transfinite induction rather than coinduction, and does not require non-terminating loops to be productive. This work has been developed in the HOL4 theorem prover and has been integrated into the ecosystem of proof tools surrounding the CakeML programming language
cake_lpr: Verified Propagation Redundancy Checking in CakeML
Modern SAT solvers can emit independently checkable proof certificates to validate their results. The state-of-the-art proof system that allows for compact proof certificates is propagation redundancy (PR). However, the only existing method to validate proofs in this system with a formally verified tool requires a transformation to a weaker proof system, which can result in a significant blowup in the size of the proof and increased proof validation time. This paper describes the first approach to formally verify PR proofs on a succinct representation; we present (i) a new Linear PR (LPR) proof format, (ii) a tool to efficiently convert PR proofs into LPR format, and (iii) cake_lpr, a verified LPR proof checker developed in CakeML. The LPR format is backwards compatible with the existing LRAT format, but extends the latter with support for the addition of PR clauses. Moreover, cake_lpr is verified using CakeMLâs binary code extraction toolchain, which yields correctness guarantees for its machine code (binary) implementation. This further distinguishes our clausal proof checker from existing ones because unverified extraction and compilation tools are removed from its trusted computing base. We experimentally show that LPR provides efficiency gains over existing proof formats and that the strong correctness guarantees are obtained without significant sacrifice in the performance of the verified executable
Lassie: HOL4 Tactics by Example
Proof engineering efforts using interactive theorem proving have yielded
several impressive projects in software systems and mathematics. A key obstacle
to such efforts is the requirement that the domain expert is also an expert in
the low-level details in constructing the proof in a theorem prover. In
particular, the user needs to select a sequence of tactics that lead to a
successful proof, a task that in general requires knowledge of the exact names
and use of a large set of tactics.
We present Lassie, a tactic framework for the HOL4 theorem prover that allows
individual users to define their own tactic language by example and give
frequently used tactics or tactic combinations easier-to-remember names. The
core of Lassie is an extensible semantic parser, which allows the user to
interactively extend the tactic language through a process of definitional
generalization. Defining tactics in Lassie thus does not require any knowledge
in implementing custom tactics, while proofs written in Lassie retain the
correctness guarantees provided by the HOL4 system. We show through case
studies how Lassie can be used in small and larger proofs by novice and more
experienced interactive theorem prover users, and how we envision it to ease
the learning curve in a HOL4 tutorial
Dandelion: Certified Approximations of Elementary Functions
Elementary function operations such as sin and exp cannot in general be computed exactly on today's digital computers, and thus have to be approximated. The standard approximations in library functions typically provide only a limited set of precisions, and are too inefficient for many applications. Polynomial approximations that are customized to a limited input domain and output accuracy can provide superior performance. In fact, the Remez algorithm computes the best possible approximation for a given polynomial degree, but has so far not been formally verified. This paper presents Dandelion, an automated certificate checker for polynomial approximations of elementary functions computed with Remez-like algorithms that is fully verified in the HOL4 theorem prover. Dandelion checks whether the difference between a polynomial approximation and its target reference elementary function remains below a given error bound for all inputs in a given constraint. By extracting a verified binary with the CakeML compiler, Dandelion can validate certificates within a reasonable time, fully automating previous manually verified approximations
Verified Propagation Redundancy and Compositional UNSAT Checking in CakeML
Modern SAT solvers can emit independently-checkable proof certificates to validate their results. The state-of-the-art proof system that allows for compact proof certificates is propagation redundancy (PR). However, the only existing method to validate proofs in this system with a formally verified tool requires a transformation to a weaker proof system, which can result in a significant blowup in the size of the proof and increased proof validation time. This article describes the first approach to formally verify PR proofs on a succinct representation. We present (i) a new Linear PR (LPR) proof format, (ii) an extension of the DPR-trim tool to efficiently convert PR proofs into LPR format, and (iii) cake_lpr, a verified LPR proof checker developed in CakeML. We also enhance these tools with (iv) a new compositional proof format designed to enable separate (parallel) proof checking. The LPR format is backwards compatible with the existing LRAT format, but extends LRAT with support for the addition of PR clauses. Moreover, cake_lpr is verified using CakeML âs binary code extraction toolchain, which yields correctness guarantees for its machine code (binary) implementation. This further distinguishes our clausal proof checker from existing checkers because unverified extraction and compilation tools are removed from its trusted computing base. We experimentally show that: LPR provides efficiency gains over existing proof formats; cake_lpr âs strong correctness guarantees are obtained without significant sacrifice in its performance; and the compositional proof format enables scalable parallel proof checking for large proofs
Touring the MetaCoq Project (Invited Paper)
International audienc
Touring the MetaCoq Project (Invited Paper)
International audienc
Trace-Relating Compiler Correctness and Secure Compilation
Compiler correctness is, in its simplest form, defined as the inclusion of
the set of traces of the compiled program into the set of traces of the
original program, which is equivalent to the preservation of all trace
properties. Here traces collect, for instance, the externally observable events
of each execution. This definition requires, however, the set of traces of the
source and target languages to be exactly the same, which is not the case when
the languages are far apart or when observations are fine-grained. To overcome
this issue, we study a generalized compiler correctness definition, which uses
source and target traces drawn from potentially different sets and connected by
an arbitrary relation. We set out to understand what guarantees this
generalized compiler correctness definition gives us when instantiated with a
non-trivial relation on traces. When this trace relation is not equality, it is
no longer possible to preserve the trace properties of the source program
unchanged. Instead, we provide a generic characterization of the target trace
property ensured by correctly compiling a program that satisfies a given source
property, and dually, of the source trace property one is required to show in
order to obtain a certain target property for the compiled code. We show that
this view on compiler correctness can naturally account for undefined behavior,
resource exhaustion, different source and target values, side-channels, and
various abstraction mismatches. Finally, we show that the same generalization
also applies to many secure compilation definitions, which characterize the
protection of a compiled program against linked adversarial code.Comment: ESOP'20 camera ready version together with online appendi
Bounded Verification for Finite-Field-Blasting (In a Compiler for Zero Knowledge Proofs)
Zero Knowledge Proofs (ZKPs) are cryptographic protocols
by which a prover convinces a verifier of the truth of a statement with-
out revealing any other information. Typically, statements are expressed
in a high-level language and then compiled to a low-level representation
on which the ZKP operates. Thus, a bug in a ZKP compiler can com-
promise the statement that the ZK proof is supposed to establish. This
paper takes a step towards ZKP compiler correctness by partially veri-
fying a field-blasting compiler pass, a pass that translates Boolean and
bit-vector logic into equivalent operations in a finite field. First, we define
correctness for field-blasters and ZKP compilers more generally. Next, we
describe the specific field-blaster using a set of encoding rules and de-
fine verification conditions for individual rules. Finally, we connect the
rules and the correctness definition by showing that if our verification
conditions hold, the field-blaster is correct. We have implemented our
approach in the CirC ZKP compiler and have proved bounded versions
of the corresponding verification conditions. We show that our partially
verified field-blaster does not hurt the performance of the compiler or its
output; we also report on four bugs uncovered during verification