Presentation is loading. Please wait.

Presentation is loading. Please wait.

Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology.

Published byEmory Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology."— Presentation transcript:

1 Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology

2 Goal Source Code (C, Java) Object Code Proof that Object Code Implements Source Code Compiler Proof Checker YesNo

3 Proposed Approach Source Internal Representation Parser Analysis & Transformation Binary Code Simple Code Generator Internal Representation Equivalence Proof Analysis & Transformation Internal Representation Equivalence Proof

4 Key Aspects Majority of compiler structured as a sequence of transformations on standard intermediate format Compiler generates a proof for each transformation Separate verification frameworks for Parser Transformations Code generator Today: Proving Transformations Correct

5 Overview of Framework Compiler operates on compilation units procedure, loop nest, method Set of externally visible variables global variables, instance variables Correctness condition transformation preserves final values of externally visible variables original and transformed programs terminate under same conditions

6 Example i  0 i  i + 3 g  2 * i i < 24 exit g  0 g  g + 6 g < 48 exit Externally visible variable: g

7 Structure of A Transformation Analysis to discover program properties reaching definitions available expressions Program transformation constant and copy propagation common subexpression elimination Correctness of transformation often depends on correctness of analysis result

8 Two Stage Proof Structure Prove analysis results correct Classic Floyd approach for proving program properties Use analysis results to prove simulation relations between original and transformed programs State equality of expressions at corresponding program points under certain execution conditions

9 Standard and Simulation Invariants Invariants for program analysis results p - “The condition c is always true at the program point p” Simulation invariants for transformations p 1 - p 2 “For all executions of the transformed program that reach the program point p 2 with the condition c 2 true, there exists an execution of the original program that reaches p 1 with c 1 true such that e 1 = e 2 ”

10 Example i  0 i  i + 3 g  2 * i i < 24 exit g  0 g  g + 6 g < 48 exit 1 2 3 4 5 a b c d 4 4 - c 5 - d 2 - b Correctness Condition

11 Proving Standard Invariants Proof rules propagate invariants backwards through control flow graph Substitution at assignment statements Add condition in at conditional branches Propagate along all edges at join points g  2 * i i < 24 3 4 4 3

12 Proving Simulation Invariants Each proof rule propagates one of the two sides of invariant ( p 1 - p 2 ) Right side propagated in transformed program Propagate along all edges at join points Left side propagated in original program Propagate along one edge at join points Can use other invariants (both standard and simulation) to prove propagated invariant

13 Simulation Invariant Proof Example Given { 2 - b, 4 - c, 5 - d } and { 4} i  0 i  i + 3 g  2 * i i < 24 exit g  0 g  g + 6 g < 48 exit Prove 2 - b 1 2 3 4 5 a b c d

14 Propagate Right Hand Side g  0 g  g + 6 g < 48 exit To prove 2 - b Propagate RHS to a, c Must Prove 2 - a 2 - c a b c d

15 Propagate Left Hand Side To prove 2 - a Propagate LHS to 1 1 - a To prove 2 - c Propagate LHS to 4 4 - c i  0 i  i + 3 g  2 * i i < 24 exit 1 2 3 4 5

16 Use Other Invariants Want to prove 4 - c But 4 - c is one of given invariants So we can substitute 2 * i in for g, and reduce our problem to proving 2 * i < 48 implies i < 24 2 * i = 2 * i

17 Primary Advantages Open Compilation Framework Anyone can provide transformations No need to trust provider Buggier Compilers Incorrect compilation much less serious problem Compiler writers can focus on Aggressive optimizations Latest language developments NOT on correct compilation in all cases

18 Key Challenge Compiler must be able to control machine at very low level for efficiency Pointers Register Allocation Instruction Selection Condition Codes

19 Pointer Problem Cannot use simple expression substitution in presence of pointers Aliasing may cause substitution to produce incorrect result Solution: Define substitution in the presence of a set of aliases Compiler uses pointer analysis to produce alias invariants at each program point Proof rules use alias invariants

20 Pointer Details Handling aliasing uncertainty Must prove result for both aliased and unaliased cases Flow-insensitive analyses Change semantics of source language slightly to make analysis results valid Provide derived rules specifically to support validation of flow-insensitive results

21 Low Level Details Register Allocation Instruction Selection Condition Codes

22 Standard Compiler Structure Source Machine-Independent Representation Parser Machine-Independent Analyses and Transformations Machine-Dependent Representation Machine-Specific Analyses and Transformations Binary Code Code Generation Lowering

23 Proposed Compiler Structure Source Single Standard Representation Parser Analyses and Transformations Single Standard Representation Analyses and Transformations Binary Code Code Generation Lowering

24 Simple Code Generation Basic Approach Each node in control flow graph Corresponds to single instruction in generated code Code generator can be very simple Issues: Registers in machine-independent IR Implicitly set state (condition codes) Instruction selection

25 Register Allocation Have a dedicated variable represent each register Not semantically distinct from other variables in intermediate representation But code generator for the specific machine understands representation Allocates dedicated variables in registers Can represent results of register allocation in an ostensibly machine-independent IR

26 Condition Codes Instruction may have multiple effects Write registers, set condition codes Solution: Macro Instructions Define macro instructions as a sequence of basic nodes in IR System automatically derives proof rules for macro instructions Code generator produces one instruction for each macro instruction Approach works for instruction selection

27 Limitation Proof rules are based on concepts of partial correctness Not designed to prove equivalences that depend on termination of loops g  0 g  g + 6 g < 48 exit g  48 exit

28 Proved Transformations Constant Propagation and Folding Copy Propagation Dead Code Elimination Branch Movement Induction Variable Elimination Loop Unrolling Branch Elimination

29 Related Work Totally Correct Compilation Verifix Guttman, Ramsdell, Wand Synchronous Languages Cimatti, Giunchiglia, Pecchiari, Pietra, Profeta, Romano, Traverso, Yu Pnueli, Siegal, Singerman Proof-Carrying Code Necula, Lee

30 Conclusion Credible Compilation for Imperative Languages Basic Concepts Standard Invariants Simulation Invariants Proof rules for propagating invariants Support for low-level details Pointers Registers and Condition Codes Instruction Selection

Download ppt "Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology."

Similar presentations

Data-Flow Analysis II CS 671 March 13, 2008. CS 671 – Spring 2008 1 Data-Flow Analysis Gather conservative, approximate information about what a program.

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Synopsys University Courseware Copyright © 2012 Synopsys, Inc. All rights reserved. Compiler Optimization and Code Generation Lecture - 3 Developed By:

Synopsys University Courseware Copyright © 2012 Synopsys, Inc. All rights reserved. Compiler Optimization and Code Generation Lecture - 3 Developed By:
School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.

School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.
Intermediate Code Generation

Intermediate Code Generation
Lecture 11: Code Optimization CS 540 George Mason University.

Lecture 11: Code Optimization CS 540 George Mason University.
Chapter 9 Code optimization Section 0 overview 1.Position of code optimizer 2.Purpose of code optimizer to get better efficiency –Run faster –Take less.

Chapter 9 Code optimization Section 0 overview 1.Position of code optimizer 2.Purpose of code optimizer to get better efficiency –Run faster –Take less.
1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.

1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.
ECE 454 Computer Systems Programming Compiler and Optimization (I) Ding Yuan ECE Dept., University of Toronto

ECE 454 Computer Systems Programming Compiler and Optimization (I) Ding Yuan ECE Dept., University of Toronto
Control-Flow Graphs & Dataflow Analysis CS153: Compilers Greg Morrisett.

Control-Flow Graphs & Dataflow Analysis CS153: Compilers Greg Morrisett.
Chapter 10 Code Optimization. A main goal is to achieve a better performance Front End Code Gen Intermediate Code source Code target Code user Machine-

Chapter 10 Code Optimization. A main goal is to achieve a better performance Front End Code Gen Intermediate Code source Code target Code user Machine-
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
1 CS 201 Compiler Construction Lecture 7 Code Optimizations: Partial Redundancy Elimination.

1 CS 201 Compiler Construction Lecture 7 Code Optimizations: Partial Redundancy Elimination.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
1 CS 201 Compiler Construction Lecture 5 Code Optimizations: Copy Propagation & Elimination.

1 CS 201 Compiler Construction Lecture 5 Code Optimizations: Copy Propagation & Elimination.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.
CS 536 Spring 20011 Intermediate Code. Local Optimizations. Lecture 22.

CS 536 Spring Intermediate Code. Local Optimizations. Lecture 22.
1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.

1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.

Similar presentations

Ads by Google