Download High-Assurance Transformation System HATS-GUI

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts
no text concepts found
Transcript 
A Framework for Verifying High-Assurance
Transformation System
(HATS)
Fares Fraij
December 3, 2003
Outline
•
•
•
•
•
•
•
Introduction
HATS architecture
HATS transformation rules and control strategies
Example of transformation rules
Sandia Secure Processor (SSP)
HATS model in ACL2
Proving properties about the HATS model
Introduction …(1)
• HATS is a language independent program
transformation system
• goal is to perform program transformation in a
provable correct fashion
– HATS transforms target program written in abstract
language to concrete output language (SDT)
– Transformation language program (TLP) consists of
sequence of transformation rules and a control strategy
Introduction …(2)
HATS High-Level Overview
Target
Program in
specification
language
HATS
SDT in an
implementation
language
HATS Architecture
Target file
Target Parser
Parsed target
HATS
Rewriting
Engine
SDT
Prettyprinter
Core Domain
(Grammar, lexer)
Program
Parser
Transformation
language
program
Parsed transformation
language program
User-defined
functions
Output
Text
HATS transformation rules and
control strategies
• Two universal control operators
– Once:
has three arguments:
• Traversal mode
• Identifier whose value is the SDT that is to be transformed
• Identifier whose value is the transformation sequence
– Fix:
Is usually avoided
Example of transformation rules
Transformation rule: (* x (+ y z))  (+ (* x y) (* x z))
*tree0*
*transformed-tree0*
Sandia Secure Processor (SSP)
• class loader (CL) for the SSP is correct if and only if:
source: JVM(C(source))  SSP(CL(C(source)))
– Where:
– Source is the Java source code of an application written in a
subset of Java supported by the SSP
– C is a function denotes a trusted Java compiler
– JVM(x) is the execution of the application x using the virtual
machine JVM
– SSP(x) is the execution of the application x using the SSP
– CL(C(source)) is the ROM image results from applying the class
loader CL to the class files produced by C(source)
HATS model in ACL2
• HATS system is described in terms of :
– state consists of:
•
•
•
•
Input SDT (sdt)
Transformation rules (trnsf)
Control strategy (ctrl)
Program Counter (pc-trnsf) to keep track of the next
transformation to be applied
• PC (pc-tree) to keep track of the candidate node in the SDT
• haltp predicate to determine whether the execution has
reached its end
– state transition: applies the current transformation rules to the
current tree nodes according to the control strategy
Related documents
Harold Wilhite is a Professor of Social Anthropology and Research
Harold Wilhite is a Professor of Social Anthropology and Research
1. Consider a market in which quantity demanded is 10,000 units
1. Consider a market in which quantity demanded is 10,000 units
7.6 Applications of Inclusion
7.6 Applications of Inclusion
Bill Holmes
Bill Holmes
Extension AND CAPACITY BUILDING
Extension AND CAPACITY BUILDING
39. PERFORMING LINEAR TRANSFORMATION
39. PERFORMING LINEAR TRANSFORMATION
the communication for social change forum
the communication for social change forum
document 8475271
document 8475271
Lorem ispum dolor lorem ipsum dolor amet
Lorem ispum dolor lorem ipsum dolor amet
MATH 2360-D01 WEEK 10
MATH 2360-D01 WEEK 10
20.201 Prodrug Metabolism Mini Case Study 11 November 2013 New York Times
20.201 Prodrug Metabolism Mini Case Study 11 November 2013 New York Times
Activity 58
Activity 58