1 / 65

Provably Correct Compilers (Part 2)

Provably Correct Compilers (Part 2). Nazrul Alam and Krishnaprasad Vikram April 21, 2005. Today’s Focus…. Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules (Rhodium Paper). Sorin Lerner, Todd Millstein, Erika Rice, Craig Chambers.

sahara
Download Presentation

Provably Correct Compilers (Part 2)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Provably Correct Compilers (Part 2) Nazrul Alam and Krishnaprasad Vikram April 21, 2005

  2. Today’s Focus… Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules (Rhodium Paper) Sorin Lerner, Todd Millstein, Erika Rice, Craig Chambers

  3. Rhodium: Successor of Cobalt • Increased expressiveness • New model for expressing opts: local propagation rules with explicit dataflow facts • Heap summaries • Infinite analysis domains • Flow-sensitive and -insensitive • Intraprocedural and interprocedural • Some Rhodium opts not expressible in Cobalt: • Arithmetic invariant detection, integer range analysis, loop-induction-variable strength reduction, Andersen's may-point-to analysis with allocation-site summaries

  4. Recap from Last Class • Optimization needs analysis. • Each analysis is formulated as a global path condition in Cobalt. • In Rhodium it is done with local rules.

  5. Similarities with Cobalt… (Also helpful for refreshing your memory..:)

  6. Rdm Opt Rdm Opt Rdm Opt Given Rhodium Execution engine Checker Written by programmer

  7. Rdm Opt Rdm Opt Rdm Opt Given Rhodium Execution engine Checker Written by programmer

  8. Checker Checker Checker Rdm Opt Rdm Opt Rdm Opt

  9. if (…) { x := …; } else { y := …; } …; Checker Checker Checker Checker Checker Checker Compiler Rhodium Execution engine Exec Rdm Opt Rdm Opt Rdm Opt

  10. Automatic Theorem Prover Verification Task Rdm Opt Verification Task Checker Show that for any original program: behavior of original program = behavior of optimized program Verification Task

  11. Automatic Theorem Prover Verification Task Rdm Opt Verification Task Verification Task

  12. Automatic Theorem Prover Verification Task Rdm Opt Verification Task Verification Task

  13. Automatic Theorem Prover Three techniques to simplify Verification Task Rdm Opt • Rhodium is declarative • no loops, no branches, no program counter • declare intent using rules • execution engine takes care of the rest

  14. Automatic Theorem Prover Three techniques to simplify Verification Task Rdm Opt • Rhodium is declarative • no loops, no branches, no program counter • declare intent using rules • execution engine takes care of the rest

  15. Automatic Theorem Prover Three techniques to simplify Verification Task Heuristics not affecting correctness Part that must be reasoned about Rdm Opt • Rhodium is declarative • Factor out heuristics • legal transformations • vs. profitable transformations

  16. Automatic Theorem Prover Three techniques to simplify Verification Task Heuristics not affecting correctness Part that must be reasoned about • Rhodium is declarative • Factor out heuristics • legal transformations • vs. profitable transformations

  17. Automatic Theorem Prover Three techniques to simplify Verification Task • Rhodium is declarative • Factor out heuristics • Split verification task • opt-dependent • vs. opt-independent opt-dependent opt-independent

  18. Automatic Theorem Prover Three techniques to simplify Verification Task • Rhodium is declarative • Factor out heuristics • Split verification task • opt-dependent • vs. opt-independent

  19. Automatic Theorem Prover Three techniques to simplify Verification Task • Rhodium is declarative • Factor out heuristics • Split verification task • opt-dependent • vs. opt-independent

  20. Automatic Theorem Prover Three techniques to simplify Verification Task • Rhodium is declarative • Factor out heuristics • Split verification task • Result: • Expressive language • Automated correctness checking

  21. Where is the difference? Rohodium’s local rules are different from Cobalt’s global condition Then how exactly Rhodium works?

  22. a b a b c MustPointTo analysis a = &b c = a d = *c d = b

  23. mustPointTo(a, b) mustPointTo(c, b) mustPointTo(a, b) a b a b c MustPointTo info in Rhodium a = &b c = a d = *c

  24. mustPointTo(a, b) mustPointTo(a, b) mustPointTo(c, b) mustPointTo(c, b) mustPointTo(a, b) mustPointTo(a, b) a a b b a a b b c c MustPointTo info in Rhodium a = &b a = &b c = a c = a d = *c d = *c

  25. mustPointTo(a, b) mustPointTo(c, b) mustPointTo(a, b) a b a b c MustPointTo info in Rhodium define fact mustPointTo(X:Var,Y:Var) with meaning σ(X)== σ(&Y) a = &b Fact correct on edge if: whenever program execution reaches edge, meaning of fact evaluates to true in the program state c = a d = *c

  26. mustPointTo(a, b) mustPointTo(c, b) mustPointTo(a, b) a b a b c Propagating facts define fact mustPointTo(X:Var,Y:Var) with meaning σ(X)== σ(&Y) a = &b c = a d = *c

  27. mustPointTo(a, b) mustPointTo(c, b) mustPointTo(a, b) a b a b c Propagating facts define fact mustPointTo(X:Var,Y:Var) with meaning σ(X) == σ(&Y) a = &b a = &b if currStmt == [X = &Y] then mustPointTo(X,Y)@out if currStmt == [X = &Y] then mustPointTo(X,Y)@out c = a d = *c

  28. mustPointTo(a, b) mustPointTo(c, b) mustPointTo(a, b) a b a b c Propagating facts define fact mustPointTo(X:Var,Y:Var) with meaning σ(X) == σ(&Y) a = &b if currStmt == [X = &Y] then mustPointTo(X,Y)@out c = a d = *c

  29. a b a b c Propagating facts define fact mustPointTo(X:Var,Y:Var) with meaning σ(X) == σ(&Y) a = &b if currStmt == [X = &Y] then mustPointTo(X,Y)@out mustPointTo(a, b) mustPointTo(a, b) if mustPointTo(X,Y)@in currStmt == [Z = X] then mustPointTo(Z,Y)@out c = a c = a mustPointTo(a, b) mustPointTo(c, b) mustPointTo(c, b) d = *c

  30. mustPointTo(a, b) mustPointTo(c, b) mustPointTo(a, b) a b a b c Propagating facts define fact mustPointTo(X:Var,Y:Var) with meaning σ(X )== σ(&Y) a = &b if currStmt == [X = &Y] then mustPointTo(X,Y)@out if mustPointTo(X,Y)@in currStmt == [Z = X] then mustPointTo(Z,Y)@out c = a d = *c

  31. mustPointTo(a, b) a b a b c Transformations define fact mustPointTo(X:Var,Y:Var) with meaning σ(X )== σ(&Y) a = &b if currStmt == [X = &Y] then mustPointTo(X,Y)@out if mustPointTo(X,Y)@in currStmt == [Z = X] then mustPointTo(Z,Y)@out c = a mustPointTo(a, b) if mustPointTo(X,Y)@in currStmt == [Z = *X] then transform to [Z = Y] mustPointTo(c, b) mustPointTo(c, b) d = *c d = *c d = b

  32. mustPointTo(a, b) a b a b c Transformations define fact mustPointTo(X:Var,Y:Var) with meaning σ(X )== σ(&Y) a = &b if currStmt == [X = &Y] then mustPointTo(X,Y)@out if mustPointTo(X,Y)@in currStmt == [Z = X] then mustPointTo(Z,Y)@out c = a mustPointTo(a, b) if mustPointTo(X,Y)@in currStmt == [Z = *X] then transform to [Z = Y] mustPointTo(c, b) d = *c d = b

  33. Semantics of a Rhodium opt • Run propagation rules in a loop until there are no more changes (optimistic iterative analysis) • Then run transformation rules • Then run profitability heuristics • For better precision, combine propagation rules and transformations rules.

  34. Rhodium is more expressive

  35. Cobalt: Simple Pointer Analysis

  36. Rhodium version..

  37. And Rhodium can do more… …..Can not be expressed in Cobalt

  38. Arithmetic Simplification Optimization

  39. Arithmetic Simplification Optimization (Cont.)

  40. Loop induction-variable strength reduction

  41. Loop induction-variable strength reduction (cont.)

  42. Checking Rhodium optimizations

  43. Compiler Rhodium Execution engine Exec if (…) { x := …; } else { y := …; } …; Rdm Opt Rdm Opt Checker Checker Checker Rhodium correctness checker Rdm Opt

  44. Checker Checker Rhodium correctness checker Rdm Opt

  45. Checker Rhodium correctness checker Rdm Opt Checker Automatic theorem prover

  46. Rhodium correctness checker Rhodium optimization define fact … if … then … if … then transform … Profitability heuristics Checker Automatic theorem prover

  47. Rhodium correctness checker Rhodium optimization define fact … if … then … if … then transform … Checker Automatic theorem prover

  48. Lemma For any Rhodium opt: If Local VCs are true Then opt is correct Proof «¬  $  \ r t  l Rhodium correctness checker Rhodium optimization Opt-independent define fact … if … then … if … then transform … Checker VCGen VCGen LocalVC LocalVC Opt-dependent Automatic theorem prover

  49. Local correctness of prop. rules Fact correct on edge iff: define fact mustPointTo(X,Y) with meaning σ(X) == σ(&Y) whenever program execution reaches edge, meaning of fact evaluates to true in the program state if mustPointTo(X,Y)@in  currStmt == [Z = X] then mustPointTo(Z,Y)@out

  50. Assume: X == &Y(in)  out= step (in , [Z = X] ) Show: Z == &Y(out) Local correctness of prop. rules define fact mustPointTo(X,Y) with meaning σ(X)==σ(&Y) Local VC (generated and proven automatically) Assume: All incoming facts are correct if mustPointTo(X,Y)@in  currStmt == [Z = X] Propagated factis correct Show: then mustPointTo(Z,Y)@out

More Related