Zulip Chat Archive
Stream: new members
Topic: the C abstract machine and code extraction
Huỳnh Trần Khanh (Jun 03 2021 at 15:40):
Is it possible to implement the C abstract machine with inductive types? Where can I get started? I want to be able to reason about C programs and I'm willing to put in some work to formalize C semantics.
Huỳnh Trần Khanh (Jun 03 2021 at 15:42):
As a side note: I'm really infatuated with inductive types since they can be used to formalize many models. They are just so powerful.
Johan Commelin (Jun 03 2021 at 15:45):
You might be interested in Mario's mm0 and mm1
Johan Commelin (Jun 03 2021 at 15:45):
Then you don't have to implement everything yourself. But you don't get 100% pure C
Huỳnh Trần Khanh (Jun 03 2021 at 15:47):
Thanks. But how does that relate to my question though? I thought mm0 was just an insanely fast verifier that is incredibly, incredibly low level and had nothing to do with formalizing C semantics.
Eric Wieser (Jun 03 2021 at 15:49):
It might help to think about the type of statement you want to formalize
Mario Carneiro (Jun 03 2021 at 16:06):
Actually I've been building a verified compiler for a C-like language in mm0. But probably a closer match to your question is CompCert, which formalized (most of) the semantics of C inside Coq and built a verified compiler for it. I got some ways through porting it to lean many years ago
Mario Carneiro (Jun 03 2021 at 16:08):
I also object to "incredibly, incredibly low level". It's somewhat low level but quite a bit higher level than metamath
Mario Carneiro (Jun 03 2021 at 16:09):
and in principle the only thing stopping it from being even more usable is more UX work that I don't have the time to work on since it's basically a one man project right now
Horatiu Cheval (Jun 03 2021 at 18:35):
Maybe the IMP chapter from software foundations would be a lighter introduction to this? It walks you through representing a basic imperative language in Coq and proving stuff about the behaviour of programs in it.
Chris B (Jun 03 2021 at 19:40):
There's also the new-ish SF volume "Verifiable C": https://softwarefoundations.cis.upenn.edu/vc-current/index.html. It uses coq, but it's probably a pretty good on-ramp for reasoning about C in a CiC-flavored ITP. Volume 6 was just released, and is about seapration logic, which might be of interest as well.
Kevin Buzzard (Jun 03 2021 at 23:19):
I learnt a lot about lean by doing all the exercises from the first volume of that series in Lean.
Huỳnh Trần Khanh (Jun 04 2021 at 01:42):
(removed)
Huỳnh Trần Khanh (Jun 04 2021 at 02:24):
(removed)
Huỳnh Trần Khanh (Jun 04 2021 at 04:04):
Mario Carneiro said:
Actually I've been building a verified compiler for a C-like language in mm0. But probably a closer match to your question is CompCert, which formalized (most of) the semantics of C inside Coq and built a verified compiler for it. I got some ways through porting it to lean many years ago
Is the code for an older version of Lean? I just cloned the Lean port and the code doesn't seem to work...
Huỳnh Trần Khanh (Jun 04 2021 at 04:04):
And by "work" I mean the code verifies cleanly
Huỳnh Trần Khanh (Jun 04 2021 at 04:05):
This is what I am seeing: Screenshot-from-2021-06-04-11-05-21.png
Bryan Gin-ge Chen (Jun 04 2021 at 04:09):
Since the latest timestamp in Mario's repo is from early Jun 2017, I suspect that the code only works with Lean 3.1.0: https://github.com/leanprover/lean/releases
Huỳnh Trần Khanh (Jun 04 2021 at 04:11):
The data.nat.bquant looks like the code is written for Lean 2 though. Let me rollback to Lean 2 and see if the code works or not.
Huỳnh Trần Khanh (Jun 04 2021 at 04:14):
Oh, and I have to install Emacs. The horror!
Bryan Gin-ge Chen (Jun 04 2021 at 04:17):
I think you're right,data.nat.bquant was already moved to old_library in even in Lean 3.0.0: https://github.com/leanprover/lean/blob/dae1c9dac28d1db1865ae2b1b3a39408b8ee5504/old_library/data/nat/bquant.lean
Mario Carneiro (Jun 04 2021 at 08:50):
I'm pretty sure it is lean 3 code, not lean 2, although like Bryan says it's quite old
Mario Carneiro (Jun 04 2021 at 08:53):
But there are very few proofs outside a few files, it's mostly defining inductive types and I think the syntax for that is still basically the same, so updating the project shouldn't be too bad
Mario Carneiro (Jun 04 2021 at 08:53):
just remove the imports of nonexisting files
Last updated: Dec 20 2023 at 11:08 UTC