Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Heapster tutorial #1727

Merged
merged 27 commits into from
Oct 5, 2022
Merged

Heapster tutorial #1727

merged 27 commits into from
Oct 5, 2022

Conversation

scuellar
Copy link
Collaborator

Add a tutorial to get up to speed with Heapster.

### Build the Coq backend for Saw

In this tutorial we will also interact with Heapster's Coq output. So you'll need
to follow the instructions in the README in the `saw-core-coq` subdirectory.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a link to that README

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you have in mind for this link? Do you mean a hyperlink to the README in the master branch in github?

The location would be different if the tutorial is being read online or locally. That's why I tend to use local commands when I can.


**TODO: How do we check if this is properly installed before continuing?**

Before continuing, return to the top-level directory with `cd ..`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be cd ../..

```

(The alternative command `make examples/linked_list.bc` won't work
because the shorcut is not defined in the Makefile of heapster.)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused by this comment, because make linked_list.bc works for me (when run in the heapster-saw/examples directory)

#### 3. Load the file and extract the two function specifications.

To load a file into heapster you can use `heapster_init_env`. Let's
check it's documentation first
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: "it's" -> "its"

#### 4. Writing heapster specifications for your functions

##### Pen and paper specification

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should use the term "Heapster types" instead of "Heapster specifications", because, like you say later, Heapster types aren't full functional specifications, but instead mostly deal with memory shapes and whether LLVM values are pointers or word values.

"unfoldList (Vec 64 Bool)";
```

Its first four arguments are the same as for `heapster_define_perm`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Explain the rw argument, because this is the first example that uses it

name, the third is its arguments (of which there are none), the fourth
is the type of value that the permission applies to, and the fifth is
its definition. the new permission is created and added to the
environment.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mention that uses of named permissions are written like int64<>, where the <> is the empty list of arguments.

@scuellar
Copy link
Collaborator Author

@eddywestbrook This has been updated with:

  • Simple examples
  • Quick view of array and list examples
  • Added notation for pretty printing terms

@scuellar scuellar changed the title (WIP) Heapster tutorial Heapster tutorial Sep 14, 2022
@scuellar scuellar marked this pull request as ready for review September 21, 2022 15:16
@scuellar
Copy link
Collaborator Author

scuellar commented Sep 21, 2022

This PR also fixes alignment in CompMExtra.v to match the standard linter. This is not mentioned in the commits, but it's obvious in the diff.

The only substantive changes to CompMExtra.v are in the new module CompMExtraNotation

Copy link
Contributor

@RyanGlScott RyanGlScott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm learning Heapster myself, so I found this to be quite helpful. I jotted down some minor spelling suggestions and general questions that I had while reading this.

heapster-saw/doc/tutorial/tutorial.md Outdated Show resolved Hide resolved
- [Tutorial to learn the basics of heapster-saw](#tutorial-to-learn-the-basics-of-heapster-saw)
- [Building](#building)
- [Build Saw](#build-saw)
- [Build the Coq backend for Saw](#build-the-coq-backend-for-saw)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A minor thing: this tutorial is inconsistent about how it capitalizes "SAW", as it also uses "Saw" (as is used here) and "saw" at various points. It would be worth picking one convention and using it throughout the tutorial. Similary for "SAWScript" versus "sawscript".

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, please use SAW and SAWScript

heapster-saw/doc/tutorial/tutorial.md Outdated Show resolved Hide resolved
heapster-saw/doc/tutorial/tutorial.md Outdated Show resolved Hide resolved
heapster-saw/doc/tutorial/tutorial.md Outdated Show resolved Hide resolved
We will not go into detail about the proof, but notice that the
important steps are handled by custom automation. Namely we use the
commands `prove_refinement_match_letRecM_l` and `prove_refinement` to
handle refinments with and without recursion (respectively). The rest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
handle refinments with and without recursion (respectively). The rest
handle refinements with and without recursion (respectively). The rest

but we need a new predicate for lists. Before we look at the
definition of a `List64<rw>` lets focus on its permission type. First
of all, `List64<rw>` takes a single argument `rw:rwmodality` which
determines if the list is readable or writable, jus like 3D
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
determines if the list is readable or writable, jus like 3D
determines if the list is readable or writable, just like 3D

Comment on lines 1207 to 1213
the definition shows the diferent cases for a list, separated by a
coma. In the first case, a `List64` can be a null pointer, expressed
with the type `eq(llvmword(0))`. In the second case, a list is a
pointer where offset `0` is the head, an `Int64`, and offset `8` it's
the tail, is recursively a `List64<rw>`. In the later case,
both elements are tagged with `rw`, describing if they are readable or
writable, as determined by the argument to `List64<rw>`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
the definition shows the diferent cases for a list, separated by a
coma. In the first case, a `List64` can be a null pointer, expressed
with the type `eq(llvmword(0))`. In the second case, a list is a
pointer where offset `0` is the head, an `Int64`, and offset `8` it's
the tail, is recursively a `List64<rw>`. In the later case,
both elements are tagged with `rw`, describing if they are readable or
writable, as determined by the argument to `List64<rw>`.
The definition shows the diferent cases for a list, separated by a
comma. In the first case, a `List64` can be a null pointer, expressed
with the type `eq(llvmword(0))`. In the second case, a list is a
pointer where offset `0` is the head, an `Int64`, and offset `8` is
the tail, is recursively a `List64<rw>`. In the later case,
both elements are tagged with `rw`, describing if they are readable or
writable, as determined by the argument to `List64<rw>`.


To define [permissions](doc/Permissions.md) which can describe
unbounded data structures, you can use the
`heapster_define_recursive_perm` command. here is how to use the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
`heapster_define_recursive_perm` command. here is how to use the
`heapster_define_recursive_perm` command. Here is how to use the


Its first four arguments are the same as for `heapster_define_perm`,
namely the environment, the name, the arguments and the type of value
that the permission applies to. The fifth argument is its permision
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
that the permission applies to. The fifth argument is its permision
that the permission applies to. The fifth argument is its permission

Copy link
Contributor

@eddywestbrook eddywestbrook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good, Santiago, thanks! Please do address the typos pointed out by Ryan before merging this.

Typo, spelling, and grammar corrections from Ryan

Co-authored-by: Ryan Scott <[email protected]>
Copy link
Contributor

@eddywestbrook eddywestbrook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for writing this tutorial, Santiago!

@eddywestbrook eddywestbrook added PR: ready to merge Magic flag for pull requests to ask Mergify to merge given an approval and a successful CI run documentation Issues involving documentation subsystem: heapster Issues specifically related to memory verification using Heapster labels Oct 4, 2022
@mergify mergify bot merged commit 5f6b24d into GaloisInc:master Oct 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Issues involving documentation PR: ready to merge Magic flag for pull requests to ask Mergify to merge given an approval and a successful CI run subsystem: heapster Issues specifically related to memory verification using Heapster
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants