Abstract
Recent years have seen remarkable successes in rigorous engineering: using mathematically rigorous semantic models (not just idealised calculi) of real-world processors, programming languages, protocols, and security mechanisms, for testing, proof, analysis, and design. Building these models is challenging, requiring experimentation, dialogue with vendors or standards bodies, and validation; their scale adds engineering issues akin to those of programming to the task of writing clear and usable mathematics. But language and tool support for specification is lacking. Proof assistants can be used but bring their own difficulties, and a model produced in one, perhaps requiring many person-years effort and maintained over an extended period, cannot be used by those familiar with another.
We introduce Lem, a language for engineering reusable large-scale semantic models. The Lem design takes inspiration both from functional programming languages and from proof assistants, and Lem definitions are translatable into OCaml for testing, Coq, HOL4, and Isabelle/HOL for proof, and LaTeX and HTML for presentation. This requires a delicate balance of expressiveness, careful library design, and implementation of transformations - akin to compilation, but subject to the constraint of producing usable and human-readable code for each target. Lem's effectiveness is demonstrated by its use in practice.
- A. Asperti, C. Sacerdoti Coen, E. Tassi, and S. Zacchiroli. User interaction with the Matita proof assistant. J. Autom. Reason., 2006. Google Scholar
Digital Library
- L. Augustsson. Compiling pattern matching. In Functional Programming Languages and Computer Architecture, LNCS 201. 1985. ISBN 978-3-540-15975-9. 10.1007/3-540-15975-4_48. URL http://dx.doi.org/10.1007/3-540-15975-4_48. Google Scholar
Digital Library
- M. Batty, S. Owens, S. Sarkar, P. Sewell, and T. Weber. Mathematizing C++ concurrency. In Proc. POPL, 2011. Google Scholar
Digital Library
- M. Batty, K. Memarian, S. Owens, S. Sarkar, and P. Sewell. Clarifying and compiling C/C++ concurrency: from C++ 11 to POWER. In Proc. POPL, 2012. Google Scholar
Digital Library
- S. Berghofer, L. Bulwahn, and F. Haftmann. Turning inductive into equational specifications. In Proc. TPHOLs, 2009. Google Scholar
Digital Library
- S. Bishop, M. Fairbairn, M. Norrish, P. Sewell, M. Smith, and K. Wansbrough. Rigorous specification and conformance testing techniques for network protocols, as applied to TCP, UDP, and Sockets. In Proc. SIGCOMM, 2005. Google Scholar
Digital Library
- M. Bodin, A. Charguéraud, D. Filaretti, P. Gardner, S. Maffeis, D. Naudziuniene, A. Schmitt, and G. Smith. A trusted mechanised JavaScript specification. In Proc. POPL, 2014. Google Scholar
Digital Library
- T. Coquand. An analysis of girard's paradox. In Logic in Computer Science, 1986.Google Scholar
- C. Ellison and G. Rosu. An executable formal semantics of C with applications. In Proc. POPL, 2012. Google Scholar
Digital Library
- A. C. J. Fox and M. O. Myreen. A trustworthy monadic formalization of the ARMv7 instruction set architecture. In Proc. ITP, 2010. Google Scholar
Digital Library
- S. Goel, W. A. H. Jr., and M. Kaufmann. Abstract Stobjs and their application to ISA modeling. In Proc. ACL2 Workshop, 2013.Google Scholar
Cross Ref
- M. J. C. Gordon, J. Reynolds, W. A. H. Jr., and M. Kaufmann. An integration of HOL and ACL2. In Proc. FMCAD, 2006. Google Scholar
Digital Library
- J. Hurd. The OpenTheory standard theory library. In NASA Formal Methods, LNCS 6617, 2011. Google Scholar
Digital Library
- C. Kaliszyk and A. Krauss. Scalable LCF-Style proof translation. In Proc. ITP, LNCS 7998, 2013. Google Scholar
Digital Library
- C. Keller and B. Werner. Importing HOL Light into Coq. In Proc. ITP, LNCS 6172, 2010. ISBN 3-642-14051-3, 978-3-642-14051-8. 10.1007/978-3-642-14052-5_22. URL http://dx.doi.org/10.1007/978-3-642-14052-5_22. Google Scholar
Digital Library
- C. Klein, J. Clements, C. Dimoulas, C. Eastlund, M. Felleisen, M. Flatt, J. A. McCarthy, J. Rafkind, S. Tobin-Hochstadt, and R. B. Findler. Run your research: on the effectiveness of lightweight mechanization. In Proc. POPL, 2012. ISBN 978-1-4503-1083-3. Google Scholar
Digital Library
- G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In Proc. SOSP, 2009. Google Scholar
Digital Library
- R. Kumar, M. O. Myreen, M. Norrish, and S. Owens. CakeML: A Verified Implementation of ML. In Proc. POPL, 2014. Google Scholar
Digital Library
- X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43 (4): 363--446, 2009. Google Scholar
Digital Library
- J. Lim and T. Reps. TSL: A system for generating abstract interpreters and its application to machine-code analysis. TOPLAS, 35 (1), 2013. Google Scholar
Digital Library
- S. Mador-Haim, L. Maranget, S. Sarkar, K. Memarian, J. Alglave, S. Owens, R. Alur, M. M. K. Martin, P. Sewell, and D. Williams. An axiomatic memory model for POWER multiprocessors. In CAV, 2012. Google Scholar
Digital Library
- L. Maranget. Compiling pattern matching to good decision trees. In Proc. Workshop on ML, 2008. ISBN 978-1-60558-062-3. 10.1145/1411304.1411311. URL http://doi.acm.org/10.1145/1411304.1411311. Google Scholar
Digital Library
- J. Meseguer. Twenty years of rewriting logic. In Proc. WRLA, WRLA'10, 2010. Google Scholar
Digital Library
- G. Morrisett, G. Tan, J. Tassarotti, J.-B. Tristan, and E. Gan. RockSalt: better, faster, stronger SFI for the x86. In Proc. PLDI, 2012. Google Scholar
Digital Library
- S. Owens. A sound semantics for OCaml light. In Proc. ESOP, LNCS 4960, 2008. Google Scholar
Digital Library
- S. Owens, P. Böhm, F. Zappa Nardelli, and P. Sewell. Lem: A lightweight tool for heavyweight semantics. In Proc. ITP, LNCS 6898, pages 363--369, 2011. "Rough Diamond" section. Google Scholar
Digital Library
- J. G. Politz, M. J. Carroll, B. S. Lerner, J. Pombrio, and S. Krishnamurthi. A tested semantics for getters, setters, and eval in JavaScript. In Proc. DSL, 2012. Google Scholar
Digital Library
- T. Rittweiler and F. Haftmann. Haskabelle - converting Haskell source files to Isabelle/HOL theories. http://isabelle.in.tum.de/haskabelle.html.Google Scholar
- G. Roşu and T. F. Şerbănuţă. An overview of the K semantic framework. J. Logic and Algebraic Programming, 79 (6): 397--434, 2010.Google Scholar
Cross Ref
- S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams. Understanding POWER multiprocessors. In Proc. PLDI, 2011. Google Scholar
Digital Library
- S. Sarkar, K. Memarian, S. Owens, M. Batty, P. Sewell, L. Maranget, J. Alglave, and D. Williams. Synchronising C/C++ and POWER. In Proc. PLDI, 2012. Google Scholar
Digital Library
- Sewell, Sarkar, Owens, Zappa Nardelli, and Myreen}cacmP. Sewell, S. Sarkar, S. Owens, F. Zappa Nardelli, and M. O. Myreen. x86-TSO: A rigorous and usable programmer's model for x86 multiprocessors. C. ACM, 53 (7): 89--97, 2010. Google Scholar
Digital Library
- P. Sewell, F. Zappa Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strni73353;a. Ott: Effective tool support for the working semanticist. J. Funct. Program., 20 (1): 71--122, 2010. ISSN 0956-7968. Google Scholar
Digital Library
- M. Sozeau. Subset coercions in Coq. In TYPES, volume 4502 of Lecture Notes in Computer Science, pages 237--252, 2007. Google Scholar
Digital Library
- M. G. J. van den Brand, A. Deursen, J. Heering, H. A. d. Jong, M. Jonge, T. Kuipers, P. Klint, L. Moonen, P. A. Olivier, J. Scheerder, J. J. Vinju, E. Visser, and J. Visser. The ASF+SDF meta-environment: A component-based language development environment. In Proc. LDTA, ENTCS 44, 2001.Google Scholar
- J. Ševčík, V. Vafeiadis, F. Zappa Nardelli, S. Jagannathan, and P. Sewell. CompCertTSO: A verified compiler for relaxed-memory concurrency. J. ACM, 60 (3): 22:1--22:50, June 2013. ISSN 0004-5411. 10.1145/2487241.2487248. URL http://doi.acm.org/10.1145/2487241.2487248. Google Scholar
Digital Library
- D. Vytiniotis, S. L. P. Jones, T. Schrijvers, and M. Sulzmann. OutsideIn(X) modular type inference with local assumptions. J. Funct. Program., 21 (4-5): 333--412, 2011. Google Scholar
Digital Library
- P. Wadler. Views: a way for pattern matching to cohabit with data abstraction. In Proc. POPL, 1987. ISBN 0-89791-215-2. 10.1145/41625.41653. URL http://doi.acm.org/10.1145/41625.41653. Google Scholar
Digital Library
- F. Wiedijk. Encoding the HOL Light logic in Coq, 2007. Note.Google Scholar
- J. Zhao, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Formalizing the LLVM intermediate representation for verified program transformations. In Proc. POPL, 2012. Google Scholar
Digital Library
Index Terms
Lem: reusable engineering of real-world semantics
Recommendations
Lem: reusable engineering of real-world semantics
ICFP '14: Proceedings of the 19th ACM SIGPLAN international conference on Functional programmingRecent years have seen remarkable successes in rigorous engineering: using mathematically rigorous semantic models (not just idealised calculi) of real-world processors, programming languages, protocols, and security mechanisms, for testing, proof, ...
Soundness and Completeness Proofs by Coinductive Methods
We show how codatatypes can be employed to produce compact, high-level proofs of key results in logic: the soundness and completeness of proof systems for variations of first-order logic. For the classical completeness result, we first establish an ...
Psi-Calculi in Isabelle
This paper presents a mechanisation of psi-calculi, a parametric framework for modelling various dialects of process calculi including (but not limited to) the pi-calculus, the applied pi-calculus, and the spi calculus. psi-calculi are significantly ...







Comments