a logical study of program equivalence
play

A Logical Study of Program Equivalence Guilhem Jaber Ecole des - PowerPoint PPT Presentation

Feb 02, 2023 •147 likes •1.09k views

A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola PhD Defense Institut Henri Poincar e (Paris) July 11th 2014 1 / 38 Why study the Equivalence of Programs ? Specification of programs

  1. A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola PhD Defense Institut Henri Poincar´ e (Paris) July 11th 2014 1 / 38

  2. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. 2 / 38

  3. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. Compiler optimizations. � Towards verified compilers. 2 / 38

  4. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. Compiler optimizations. � Towards verified compilers. Representation independence of Data � Parametricity, Free theorems. 2 / 38

  5. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. Compiler optimizations. � Towards verified compilers. Representation independence of Data � Parametricity, Free theorems. Crucial in denotational semantics � Full-abstraction result. 2 / 38

  6. What kind of Equivalence ? Contextual Equivalence � Programs seen as black boxes. 3 / 38

  7. What kind of Equivalence ? Contextual Equivalence � Programs seen as black boxes. Extensional behavior of programs � Observational equivalence. 3 / 38

  8. What kind of Equivalence ? Contextual Equivalence � Programs seen as black boxes. Extensional behavior of programs � Observational equivalence. Depends on the language contexts are written in � discriminating power of contexts, � from purely functional languages to assembly code. 3 / 38

  9. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } 4 / 38

  10. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 4 / 38

  11. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 4 / 38

  12. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 No pointer arithmetic: ( ℓ + 1) is ill-typed But equality test: ℓ 1 == ℓ 2 is well-typed 4 / 38

  13. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 No pointer arithmetic: ( ℓ + 1) is ill-typed But equality test: ℓ 1 == ℓ 2 is well-typed Full recursion (via“Landin”knot). 4 / 38

  14. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 No pointer arithmetic: ( ℓ + 1) is ill-typed But equality test: ℓ 1 == ℓ 2 is well-typed Full recursion (via“Landin”knot). Contextual equivalence of M 1 , M 2 : ∀ C . ∀ h . ( C [ M 1 ] ⇓ , h ) ⇐ ⇒ ( C [ M 2 ] ⇓ , h ) 4 / 38

  15. Synchronization of Callbacks (I/II) λ f . f () is not equivalent to λ f . f (); f () 5 / 38

  16. Synchronization of Callbacks (I/II) λ f . f () is not equivalent to λ f . f (); f () � Contexts can check how many time f is called. � Callbacks are fully observable! C [ • ] def = let x = ref 0 in • ( λ . x :=! x + 1 ); if ! x > 1 then Ω else () can discriminate them. 5 / 38

  17. Synchronization of Callbacks (II/II) λ f . ( f 1 ) + ( f 2 ) is not equivalent to λ f . ( f 2 ) + ( f 1 ) 6 / 38

  18. Synchronization of Callbacks (II/II) λ f . ( f 1 ) + ( f 2 ) is not equivalent to λ f . ( f 2 ) + ( f 1 ) � Arguments given to callbacks must be related. C [ • ] def = let x = ref 0 in • ( λ y . x := y ); if ! x == 1 then Ω else () can discriminate them. 6 / 38

  19. Disclosure of Locations (I/II) λ . let x = ref0 in 1 is equivalent to λ . 1 � The creation of the reference bounded to x is not observable by the context. � It is private to the term! 7 / 38

  20. Disclosure of Locations (II/II) λ f . let x = ref0 in fx ; x := 1 is not equivalent to λ f . let x = ref0 in fx ; x := 2 8 / 38

  21. Disclosure of Locations (II/II) λ f . let x = ref0 in fx ; x := 1 is not equivalent to λ f . let x = ref0 in fx ; x := 2 � The reference bounded to x is disclosed to the context. � It can look inside afterward to see what is stored. C [ • ] def = let z = ref ( ref 0 ) in • ( λ y . z := y ); if !! z == 1 then Ω else () can discriminate them. 8 / 38

  22. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. 9 / 38

  23. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. Nominal Game Semantics (Murawski & Tzevelekos, LICS’11) � Fully-abstract for RefML � Trace representation (Laird, ICALP’07) � automata-based interpretation: Algorithmic Game Semantics. 9 / 38

  24. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. Nominal Game Semantics (Murawski & Tzevelekos, LICS’11) � Fully-abstract for RefML � Trace representation (Laird, ICALP’07) � automata-based interpretation: Algorithmic Game Semantics. Kripke Logical Relations � World as heap-invariants (Pitts & Stark) � Evolution of invariants (Ahmed, Dreyer, Neis & Birkedal). 9 / 38

  25. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. Nominal Game Semantics (Murawski & Tzevelekos, LICS’11) � Fully-abstract for RefML � Trace representation (Laird, ICALP’07) � automata-based interpretation: Algorithmic Game Semantics. Kripke Logical Relations � World as heap-invariants (Pitts & Stark) � Evolution of invariants (Ahmed, Dreyer, Neis & Birkedal). Bisimulations � Environmental Bisimulations (Pierce & Sumii, Koutavas, Wand) � Open Bisimulations (Lassen, Levy, Stovring). � Parametric Bisimulations (Hur, Dreyer & Vafeiadis). 9 / 38

  26. The Ultimate Goal of this Thesis Formalize proofs of equivalence of programs: � in a Proof Assistant based on Dependent Type Theory (Coq), � abstracting over bureaucracy details (step-indexing, evolution of worlds,...). 10 / 38

  27. The Ultimate Goal of this Thesis Formalize proofs of equivalence of programs: � in a Proof Assistant based on Dependent Type Theory (Coq), � abstracting over bureaucracy details (step-indexing, evolution of worlds,...). Model-check equivalence of programs: � Only need to give precise enough invariants on heaps and their evolution w.r.t. control flow (i.e. worlds), � Model-check a formula, representing the equivalence of programs, with such worlds. 10 / 38

  28. The Ultimate Goal of this Thesis Formalize proofs of equivalence of programs: � in a Proof Assistant based on Dependent Type Theory (Coq), � abstracting over bureaucracy details (step-indexing, evolution of worlds,...). Model-check equivalence of programs: � Only need to give precise enough invariants on heaps and their evolution w.r.t. control flow (i.e. worlds), � Model-check a formula, representing the equivalence of programs, with such worlds. Decide equivalence of programs: � undecidable in general, even without recursion and with bounded integers (Murawski & Tzevelekos) � but for fragments of the language � by generating such worlds, � need completeness of our approach. 10 / 38

  29. Formalize Proofs of Equivalence of Programs (in MLTT) Want to abstract over bureaucracy details: Step-indexing (Appel & McAlester, Ahmed) � Necessary to break circularity in definitions, � But“pollutes”the proof with tedious details. 11 / 38

  30. Formalize Proofs of Equivalence of Programs (in MLTT) Want to abstract over bureaucracy details: Step-indexing (Appel & McAlester, Ahmed) � Necessary to break circularity in definitions, � But“pollutes”the proof with tedious details. Solution: use modality ⊲ to abstract over it. � Using G¨ odel-Lob Logic (Appel, Mellies, Richards & Vouillon, Nakano). 11 / 38

  31. Formalize Proofs of Equivalence of Programs (in MLTT) Want to abstract over bureaucracy details: Step-indexing (Appel & McAlester, Ahmed) � Necessary to break circularity in definitions, � But“pollutes”the proof with tedious details. Solution: use modality ⊲ to abstract over it. � Using G¨ odel-Lob Logic (Appel, Mellies, Richards & Vouillon, Nakano). Problem: extend this solution to Type Theory � Guarded Recursive Types in Topos of Tree (Birkedal et al.). 11 / 38

Recommend

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation normal form of propositional formulae Valentin Goranko Stockholm University September 2016 Goranko Logical equivalence of propositional formulae

336 views • 7 slides
Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation normal form of propositional formulae Valentin Goranko Stockholm University September 2016 Goranko Logical equivalence of propositional formulae

703 views • 52 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville /

Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville /

Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville / Geoffrey Tien 1 Announcements Pre-class quiz #4, due Sunday, Jan.26, 19:00 Epp 4e/5e: Chapter 2.3 Pre-class quiz #5, due Sunday, Feb.02, 19:00

212 views • 19 slides
1 Problem : Outline 4-Segment LED Display Prereqs, Learning Goals, and Quiz Notes Problem :

1 Problem : Outline 4-Segment LED Display Prereqs, Learning Goals, and Quiz Notes Problem :

snick Outline snack Prereqs, Learning Goals, and Quiz Notes Problems and Discussion CPSC 121: Models of Computation Logical equivalence practice 2016W2 How to write a logical equivalence proof A flaw in our model

138 views • 10 slides
Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College

Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College

Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College London Wood, Drossopoulou (Imperial College London) Program Equivalence October 2014 1 / 30 Context Program maintenance is a common and important

1.02k views • 61 slides
Revision on propositional logic: Propositions. Logical Connectives. Truth values and truth

Revision on propositional logic: Propositions. Logical Connectives. Truth values and truth

Revision on propositional logic: Propositions. Logical Connectives. Truth values and truth tables. Propositional formulae. Tautologies. Logical equivalence. Logical consequence. Logical correctness of propositional arguments. Valentin Goranko

600 views • 20 slides
Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley

Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley

Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley Weimer, UVA Zachary P . Fry, UVA Stephanie Forrest, UNM Automated Program Repair Given a program, a notion of correct behavior, and evidence

679 views • 30 slides
On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo Perrin June 3, 2019 Fq14, Vancouver Setting up the background Cryptographic properties Equivalence classes CCZ-equivalence Cryptographic

885 views • 63 slides
From Program Synthesis to Optimal Program . . . Optimal Program Synthesis Logical Interpretation

From Program Synthesis to Optimal Program . . . Optimal Program Synthesis Logical Interpretation

Need for Data . . . Program Synthesis Wave Algorithm for . . . Boolean Logic . . . From Program Synthesis to Optimal Program . . . Optimal Program Synthesis Logical Interpretation . . . A Seemingly Natural . . . Counter-Example to . . .

725 views • 24 slides
Equational Logic. Part 1 Roland Backhouse February 6th, 2001 2 Outline The Logical

Equational Logic. Part 1 Roland Backhouse February 6th, 2001 2 Outline The Logical

1 Equational Logic. Part 1 Roland Backhouse February 6th, 2001 2 Outline The Logical Connectives. Properties of Equality. Properties of Equivalence. Negation 3 Logical Connectives Proofs involve two components: Reasoning

523 views • 27 slides
Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program Transformations VPT 2018 Thessaloniki 20 April 2018 Bernhard Beckert, Timo Bingman, Moritz Kiefer, Peter Sanders, Mattias Ulbrich , Alexander Weigl www.kit.edu

968 views • 60 slides
Checking NFA Equivalence with Bisimulations up to Congruence Filippo Bonchi and Damien Pous

Checking NFA Equivalence with Bisimulations up to Congruence Filippo Bonchi and Damien Pous

Checking NFA Equivalence with Bisimulations up to Congruence Filippo Bonchi and Damien Pous CNRS, LIP, ENS Lyon POPL, Roma, 25.1.2o13 Language equivalence of finite automata Useful for model checking: check that a program refines its

1.36k views • 92 slides
On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin June 18, 2018 BFA2018 Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G x B F A x C x , where A B C

1.11k views • 98 slides
Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Propositional Logic Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically) equivalent if A ( F ) = A ( G ) for every assignment A that is suitable for both F and G . We write F G to denote that F and G

276 views • 12 slides
Program Equivalence in Linear Contexts Yu Zhang Institute of Software, Chinese Academy of

Program Equivalence in Linear Contexts Yu Zhang Institute of Software, Chinese Academy of

Program Equivalence in Linear Contexts Yu Zhang Institute of Software, Chinese Academy of Sciences Joint work with Yuxing Deng (BASICS, SJTU) Beijing November 5, 2013 An Example Are the following two programs contextually equivalent? def

450 views • 22 slides
An observational study of equivalence links in cultural heritage linked data for agents Nuno

An observational study of equivalence links in cultural heritage linked data for agents Nuno

An observational study of equivalence links in cultural heritage linked data for agents Nuno Freire, Hugo Manguinhas, Antoine Isaac TPDL 2020 Theory and Practice in Digital Libraries 2020 CC BY-SA Introduction We conducted an

307 views • 14 slides
Logical agents Chapter 7 Chapter 7 1 Outline Wumpus world Logic in generalmodels and

Logical agents Chapter 7 Chapter 7 1 Outline Wumpus world Logic in generalmodels and

Revised by Hankui Zhuo, March 21, 2018 Logical agents Chapter 7 Chapter 7 1 Outline Wumpus world Logic in generalmodels and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability Inference rules

817 views • 69 slides
Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

2.1k views • 197 slides
Todays Expedition TED highlights Equivalence Relations Equivalence Classes and

Todays Expedition TED highlights Equivalence Relations Equivalence Classes and

Todays Expedition TED highlights Equivalence Relations Equivalence Classes and Partitions Boolean Algebra Boolean functions Sum of Products expansion Logic gates and circuits Sections 8.5, 11.1-11.3 in the text

541 views • 15 slides
Virtual Memory Logical address space can therefore be much larger than physical address

Virtual Memory Logical address space can therefore be much larger than physical address

CSC 4103 - Operating Systems Background Spring 2007 Virtual memory separation of user logical memory from physical memory. Only part of the program needs to be in memory for Lecture - XIII execution. Virtual Memory Logical

309 views • 7 slides
Core & Logical Structure of Arguments September 10 th , 2018 Paid Study Announcement

Core & Logical Structure of Arguments September 10 th , 2018 Paid Study Announcement

CS4001: Computing, Society and Professionalism Sauvik Das | Assistant Professor Core & Logical Structure of Arguments September 10 th , 2018 Paid Study Announcement Contact Hue Watson <hwatson@gatech.edu> Elements of an Argument An

697 views • 30 slides
Equivalence Relations {( a , b ) | a and b are from the the same state}. Observe that these

Equivalence Relations {( a , b ) | a and b are from the the same state}. Observe that these

Equivalence Relations http://localhost/~senning/courses/ma229/slides/equivalence-relations/slide01.html Equivalence Relations http://localhost/~senning/courses/ma229/slides/equivalence-relations/slide02.html Equivalence Relations prev | slides

235 views • 4 slides
Section 4.2: Equivalence Relations What is equality? What is equivalence? Equality is

Section 4.2: Equivalence Relations What is equality? What is equivalence? Equality is

Section 4.2: Equivalence Relations What is equality? What is equivalence? Equality is more basic, fundamental concept. Every element in a set is equal only to itself. The basic equality relation {(x,x) | x S} We tend to assume

893 views • 61 slides

More recommend