Proof Carrying Code and Proof Preserving Program Transformations

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

CSC 4181 Compiler Construction Code Generation & Optimization.
De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
8. Static Single Assignment Form Marcus Denker. © Marcus Denker SSA Roadmap  Static Single Assignment Form (SSA)  Converting to SSA Form  Examples.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Course Outline Traditional Static Program Analysis Software Testing
Lecture 11: Code Optimization CS 540 George Mason University.
Course Outline Traditional Static Program Analysis –Theory Compiler Optimizations; Control Flow Graphs Data-flow Analysis – today’s class –Classic analyses.
1 CS 201 Compiler Construction Lecture 7 Code Optimizations: Partial Redundancy Elimination.
1 Data flow analysis Goal : collect information about how a procedure manipulates its data This information is used in various optimizations For example,
ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages
Introduction to Code Optimization Comp 412 Copyright 2010, Keith D. Cooper & Linda Torczon, all rights reserved. Students enrolled in Comp 412 at Rice.
1 CS 201 Compiler Construction Lecture 5 Code Optimizations: Copy Propagation & Elimination.
Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
1 Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Overview of program analysis Mooly Sagiv html://
Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.
Describing Syntax and Semantics
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
CS 363 Comparative Programming Languages Semantics.
Reasoning about programs March CSE 403, Winter 2011, Brun.
Chapter 3 Part II Describing Syntax and Semantics.
Semantics In Text: Chapter 3.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 12: Abstract Interpretation IV Roman Manevich Ben-Gurion University.
From Hoare Logic to Matching Logic Reachability Grigore Rosu and Andrei Stefanescu University of Illinois, USA.
13 Aug 2013 Program Verification. Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs.
Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.
CS412/413 Introduction to Compilers Radu Rugina Lecture 18: Control Flow Graphs 29 Feb 02.
1 Control Flow Graphs. 2 Optimizations Code transformations to improve program –Mainly: improve execution time –Also: reduce program size Can be done.
PLC '06 Experience in Testing Compiler Optimizers Using Comparison Checking Masataka Sassa and Daijiro Sudo Dept. of Mathematical and Computing Sciences.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 8: Static Analysis II Roman Manevich Ben-Gurion University.
Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology.
CS 412/413 Spring 2005Introduction to Compilers1 CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 30: Loop Optimizations and Pointer Analysis.
Code Optimization Code produced by compilation algorithms can often be improved (ideally optimized) in terms of run-time speed and the amount of memory.
Describing Syntax and Semantics
Introduction to Optimization
Matching Logic An Alternative to Hoare/Floyd Logic
Reasoning About Code.
Reasoning about code CSE 331 University of Washington.
(One-Path) Reachability Logic
Formal Methods in Software Engineering 1
State your reasons or how to keep proofs while optimizing code
Fall Compiler Principles Lecture 8: Loop Optimizations
Securing A Compiler Transformation
Machine-Independent Optimization
Introduction to Optimization
Lecture 5 Floyd-Hoare Style Verification
Programming Languages 2nd edition Tucker and Noonan
Compiler Code Optimizations
Semantics In Text: Chapter 3.
Resolution Proofs for Combinational Equivalence
Fall Compiler Principles Lecture 10: Loop Optimizations
Types and Type Checking (What is it good for?)
Data Flow Analysis Compiler Design
Introduction to Optimization
Formal Methods in software development
Program correctness Axiomatic semantics
Programming Languages 2nd edition Tucker and Noonan
Code Optimization.
Presentation transcript:

Proof Carrying Code and Proof Preserving Program Transformations Ando Saabas, Institute of Cybernetics CDC Seminar, 21.01.2008

Proof Carrying Code Proof-Carrying Code is based on the idea that the code producer should provide some evidence that the program she distributes is safe and/or functionally correct. The program is thus shipped with a certificate that attests that it has the desired properties. Before running a program, the code user could then check this certificate

PCC vs Digital Signatures A digital signature identifies the origin of the program It has no direct connection with program semantics A digital signature is a syntactic checksum A proof is a semantic checksum

Where would proofs come from? For basic safety properties, they can be inferred automatically For more complex safety and/or functional correctness properties, the code producer would use some verification environment to prove the source program correct But programs are distributed in compiled form

PCC framework ? Code producer Code user Yes No Specification Source program Runtime environent Yes Compiled program Program verification environment ? Compiler + Proof compiler Proof checker Proof of the compiled program No Program proof

Proof compilation For non-optimizing compilers it is easy: proof compilation is (almost) identity Not so if optimizations take place

Dead code elimination f 9 p : s = c ¤ n ^ g f s = c ¤ n ^ p g f 9 p : Precondition f 9 p : s = ^ 1 i g f s = ^ p 1 i g while i < n s = s + c; skip; i++; while i < n s = s + c; p = p * c; i++; Invariant f 9 p : s = c ¤ i ^ · n g f s = c ¤ i ^ p · n g Postcondition f 9 p : s = c ¤ n ^ g f s = c ¤ n ^ p g

Constant propagation f s = c ¤ n ^ p g f s = ^ p 1 i g f s = 5 ¤ i ^ p Precondition f s = ^ p 1 i g c = 5; while i < n s = s + c; p = p * c; i++; c = 5; while i < n s = s + 5; p = p * 5; i++; Invariant f s = 5 ¤ i ^ p · n g f s = c ¤ i ^ p · n 5 g f s = c ¤ i ^ p < n g Postcondition f s = c ¤ n ^ p g

Proof compilation For non-optimizing compilers it is easy: proof compilation is (almost) identity Not so if optimizations take place Many different optimizations, each have their own particular effect on the proof Need a systematic approach for dealing with this

Enter type systems Optimizations are mostly based on dataflow analyses Dataflow analyses can be described as type systems Type systems can have an optimization component Idea: types can guide the transformation of the proofs

Proof transformation ? ? Source Specification program Runtime Compiled Verification Environment Proof checker Runtime Source program Analyzer Type derivation Program optimizer Proof optimzer Compiled program Proof of the compiled ? Compiler + ? Program proof

Liveness and dead code elimination A variable is said to be live at the exit from a program point, if there exists a path from that program point to a use of the variable, that does not redefine the variable. Live variable analysis determines, for each program point which variables may be live at that point Used in dead code elimination

Live variable analysis The types and subtyping relation of the type system correspond to the poset of the analysis: The intuitive meaning of a program typing is that, given a set of variables d which are live at the end of the program s, the variables in the pretype d’ may be live at the beginning of the program. ( D ; · ) = P V a r ¶ s : d ¡ !

Type system for liveness analysis

Optimizations via type systems Program optimizations can be explained via an extended version of the type system. Apart from assigning types to statements, it also defines the corresponding optimized forms. A typing judgement has the form where is the s’ optimized form of s. s : d ¡ ! ,

Type system for dead code elimination

Soundness of dead code elimination The typesystematic formulation of dead code elimination leads to a simple correctness proof At corresponding program points, the states of the original and optimized program agree on all variables which are live This can be shown by induction on the typing derivation

Proof optimization Optimization preserves Hoare triple derivability (P|d is obtained from P by quantifying out all program variables not in d). The constructive proof gives us “proof optimization”: transformation of Hoare triples alongside with programs.

Scalability Applied for partial redundancy elimination performs common subexpression elimination and code motion at the same time changes the structure of the code requires 4 dataflow analyses Can applied for resource usage proofs

Scalability Can be used for optimization which require bidirectional analyses. Can be applied to CFG based program and analysis descriptions Java bytecode analyses: dead store elimination load pop pair elimination store load pair elimination etc

Conclusions We have shown the benefits of the typesystematic approach to dataflow analyses leads to simple soundness proofs is a viable option for proof transformation and can be applied to a very wide array of optimizations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.