skip to main content
research-article

Lem: reusable engineering of real-world semantics

Published:19 August 2014Publication History
Skip Abstract Section

Abstract

Recent years have seen remarkable successes in rigorous engineering: using mathematically rigorous semantic models (not just idealised calculi) of real-world processors, programming languages, protocols, and security mechanisms, for testing, proof, analysis, and design. Building these models is challenging, requiring experimentation, dialogue with vendors or standards bodies, and validation; their scale adds engineering issues akin to those of programming to the task of writing clear and usable mathematics. But language and tool support for specification is lacking. Proof assistants can be used but bring their own difficulties, and a model produced in one, perhaps requiring many person-years effort and maintained over an extended period, cannot be used by those familiar with another.

We introduce Lem, a language for engineering reusable large-scale semantic models. The Lem design takes inspiration both from functional programming languages and from proof assistants, and Lem definitions are translatable into OCaml for testing, Coq, HOL4, and Isabelle/HOL for proof, and LaTeX and HTML for presentation. This requires a delicate balance of expressiveness, careful library design, and implementation of transformations - akin to compilation, but subject to the constraint of producing usable and human-readable code for each target. Lem's effectiveness is demonstrated by its use in practice.

References

  1. A. Asperti, C. Sacerdoti Coen, E. Tassi, and S. Zacchiroli. User interaction with the Matita proof assistant. J. Autom. Reason., 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. L. Augustsson. Compiling pattern matching. In Functional Programming Languages and Computer Architecture, LNCS 201. 1985. ISBN 978-3-540-15975-9. 10.1007/3-540-15975-4_48. URL http://dx.doi.org/10.1007/3-540-15975-4_48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Batty, S. Owens, S. Sarkar, P. Sewell, and T. Weber. Mathematizing C++ concurrency. In Proc. POPL, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Batty, K. Memarian, S. Owens, S. Sarkar, and P. Sewell. Clarifying and compiling C/C++ concurrency: from C++ 11 to POWER. In Proc. POPL, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. Berghofer, L. Bulwahn, and F. Haftmann. Turning inductive into equational specifications. In Proc. TPHOLs, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. Bishop, M. Fairbairn, M. Norrish, P. Sewell, M. Smith, and K. Wansbrough. Rigorous specification and conformance testing techniques for network protocols, as applied to TCP, UDP, and Sockets. In Proc. SIGCOMM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Bodin, A. Charguéraud, D. Filaretti, P. Gardner, S. Maffeis, D. Naudziuniene, A. Schmitt, and G. Smith. A trusted mechanised JavaScript specification. In Proc. POPL, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. T. Coquand. An analysis of girard's paradox. In Logic in Computer Science, 1986.Google ScholarGoogle Scholar
  9. C. Ellison and G. Rosu. An executable formal semantics of C with applications. In Proc. POPL, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. A. C. J. Fox and M. O. Myreen. A trustworthy monadic formalization of the ARMv7 instruction set architecture. In Proc. ITP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. S. Goel, W. A. H. Jr., and M. Kaufmann. Abstract Stobjs and their application to ISA modeling. In Proc. ACL2 Workshop, 2013.Google ScholarGoogle ScholarCross RefCross Ref
  12. M. J. C. Gordon, J. Reynolds, W. A. H. Jr., and M. Kaufmann. An integration of HOL and ACL2. In Proc. FMCAD, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Hurd. The OpenTheory standard theory library. In NASA Formal Methods, LNCS 6617, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. C. Kaliszyk and A. Krauss. Scalable LCF-Style proof translation. In Proc. ITP, LNCS 7998, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Keller and B. Werner. Importing HOL Light into Coq. In Proc. ITP, LNCS 6172, 2010. ISBN 3-642-14051-3, 978-3-642-14051-8. 10.1007/978-3-642-14052-5_22. URL http://dx.doi.org/10.1007/978-3-642-14052-5_22. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. C. Klein, J. Clements, C. Dimoulas, C. Eastlund, M. Felleisen, M. Flatt, J. A. McCarthy, J. Rafkind, S. Tobin-Hochstadt, and R. B. Findler. Run your research: on the effectiveness of lightweight mechanization. In Proc. POPL, 2012. ISBN 978-1-4503-1083-3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In Proc. SOSP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. Kumar, M. O. Myreen, M. Norrish, and S. Owens. CakeML: A Verified Implementation of ML. In Proc. POPL, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43 (4): 363--446, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. J. Lim and T. Reps. TSL: A system for generating abstract interpreters and its application to machine-code analysis. TOPLAS, 35 (1), 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. S. Mador-Haim, L. Maranget, S. Sarkar, K. Memarian, J. Alglave, S. Owens, R. Alur, M. M. K. Martin, P. Sewell, and D. Williams. An axiomatic memory model for POWER multiprocessors. In CAV, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. L. Maranget. Compiling pattern matching to good decision trees. In Proc. Workshop on ML, 2008. ISBN 978-1-60558-062-3. 10.1145/1411304.1411311. URL http://doi.acm.org/10.1145/1411304.1411311. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. J. Meseguer. Twenty years of rewriting logic. In Proc. WRLA, WRLA'10, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. G. Morrisett, G. Tan, J. Tassarotti, J.-B. Tristan, and E. Gan. RockSalt: better, faster, stronger SFI for the x86. In Proc. PLDI, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. S. Owens. A sound semantics for OCaml light. In Proc. ESOP, LNCS 4960, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. S. Owens, P. Böhm, F. Zappa Nardelli, and P. Sewell. Lem: A lightweight tool for heavyweight semantics. In Proc. ITP, LNCS 6898, pages 363--369, 2011. "Rough Diamond" section. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. G. Politz, M. J. Carroll, B. S. Lerner, J. Pombrio, and S. Krishnamurthi. A tested semantics for getters, setters, and eval in JavaScript. In Proc. DSL, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. T. Rittweiler and F. Haftmann. Haskabelle - converting Haskell source files to Isabelle/HOL theories. http://isabelle.in.tum.de/haskabelle.html.Google ScholarGoogle Scholar
  29. G. Roşu and T. F. Şerbănuţă. An overview of the K semantic framework. J. Logic and Algebraic Programming, 79 (6): 397--434, 2010.Google ScholarGoogle ScholarCross RefCross Ref
  30. S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams. Understanding POWER multiprocessors. In Proc. PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. S. Sarkar, K. Memarian, S. Owens, M. Batty, P. Sewell, L. Maranget, J. Alglave, and D. Williams. Synchronising C/C++ and POWER. In Proc. PLDI, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Sewell, Sarkar, Owens, Zappa Nardelli, and Myreen}cacmP. Sewell, S. Sarkar, S. Owens, F. Zappa Nardelli, and M. O. Myreen. x86-TSO: A rigorous and usable programmer's model for x86 multiprocessors. C. ACM, 53 (7): 89--97, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. P. Sewell, F. Zappa Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strni73353;a. Ott: Effective tool support for the working semanticist. J. Funct. Program., 20 (1): 71--122, 2010. ISSN 0956-7968. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. Sozeau. Subset coercions in Coq. In TYPES, volume 4502 of Lecture Notes in Computer Science, pages 237--252, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. M. G. J. van den Brand, A. Deursen, J. Heering, H. A. d. Jong, M. Jonge, T. Kuipers, P. Klint, L. Moonen, P. A. Olivier, J. Scheerder, J. J. Vinju, E. Visser, and J. Visser. The ASF+SDF meta-environment: A component-based language development environment. In Proc. LDTA, ENTCS 44, 2001.Google ScholarGoogle Scholar
  36. J. Ševčík, V. Vafeiadis, F. Zappa Nardelli, S. Jagannathan, and P. Sewell. CompCertTSO: A verified compiler for relaxed-memory concurrency. J. ACM, 60 (3): 22:1--22:50, June 2013. ISSN 0004-5411. 10.1145/2487241.2487248. URL http://doi.acm.org/10.1145/2487241.2487248. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. D. Vytiniotis, S. L. P. Jones, T. Schrijvers, and M. Sulzmann. OutsideIn(X) modular type inference with local assumptions. J. Funct. Program., 21 (4-5): 333--412, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. P. Wadler. Views: a way for pattern matching to cohabit with data abstraction. In Proc. POPL, 1987. ISBN 0-89791-215-2. 10.1145/41625.41653. URL http://doi.acm.org/10.1145/41625.41653. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. F. Wiedijk. Encoding the HOL Light logic in Coq, 2007. Note.Google ScholarGoogle Scholar
  40. J. Zhao, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Formalizing the LLVM intermediate representation for verified program transformations. In Proc. POPL, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Lem: reusable engineering of real-world semantics

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!