crellvm verified credible compilation for llvm
play

Crellvm: Verified Credible Compilation for LLVM Seoul National - PowerPoint PPT Presentation

Dec 27, 2023 •28 likes •978 views

Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang* Yoonseung Kim * Youngju Song* Juneyoung Lee Sanghoon Park Mark Dongyeon Shin Yonghyun Kim Sungkeun Cho Joonwon Choi (MIT) Chung-Kil

  1. Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang* Yoonseung Kim * Youngju Song* Juneyoung Lee Sanghoon Park Mark Dongyeon Shin Yonghyun Kim Sungkeun Cho Joonwon Choi (MIT) Chung-Kil Hur Kwangkeun Yi * The first three authors are listed alphabetically.

  2. Reliability of Production Compilers  Stable in most common cases  Unstable in corner cases • Csmith: 79 from GCC / 202 from LLVM • EMI: 79 from GCC / 68 from LLVM  Problematic in practice • Low-level systems code 2

  3. Reliability of Production Compilers  Stable in most common cases  Unstable in corner cases • Csmith: 79 from GCC / 202 from LLVM • EMI: 79 from GCC / 68 from LLVM  Problematic in practice • Low-level systems code  Goal: Improving reliability in corner cases 2

  4. Approaches to Improving Reliability src Compiler tgt 3

  5. Approaches to Improving Reliability  (Random) Testing src • Cannot guarantee high reliability Compiler ✔ Test tgt 3

  6. Approaches to Improving Reliability  (Random) Testing src • Cannot guarantee high reliability Verified ✔  Compiler Verification Compiler • Too expensive to apply to tgt major optimizations of LLVM 3

  7. Approaches to Improving Reliability  (Random) Testing src • Cannot guarantee high reliability  Compiler Verification Compiler • Too expensive to apply to ✔ Verified tgt major optimizations of LLVM  Translation Validation • High reliability but not too expensive 3

  8. Approaches to Improving Reliability  (Random) Testing src • Cannot guarantee high reliability  Compiler Verification Proof Compiler Checker ProofGen • Too expensive to apply to tgt major optimizations of LLVM Yes / No  Translation Validation • High reliability but not too expensive • Credible Compilation [Rinard & Marinov 1999] 3

  9. Approaches to Improving Reliability  (Random) Testing src • Cannot guarantee high reliability  Compiler Verification Proof Compiler Checker ProofGen • Too expensive to apply to tgt major optimizations of LLVM Yes / No  Translation Validation fails with • High reliability but not too expensive logical reason • Credible Compilation [Rinard & Marinov 1999] 3

  10. Approaches to Improving Reliability  (Random) Testing src • Cannot guarantee high reliability Verified ✔  Compiler Verification Proof Compiler Checker ProofGen • Too expensive to apply to tgt major optimizations of LLVM Yes / No  Translation Validation fails with • High reliability but not too expensive logical reason • Verified Credible Compilation • Credible Compilation [Rinard & Marinov 1999] 3

  11. Our Work: Crellvm  Crellvm • Developed a verified credible compilation framework for LLVM • Designed a logic specialized for translation validation • Verified its proof checker in Coq  Case studies • 3 major optimizations: mem2reg, gvn, licm • >100 peephole optimizations: instcombine  Result • Found 4 long-standing miscompilation bugs (all confirmed, 3 fixed) 4

  12. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { r := *p foo(r) foo(undef) *p := 42 } } 5

  13. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { r := *p foo(r) foo(undef) *p := 42 } } 5

  14. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { r := *p foo(r) foo(undef) *p := 42 } } 5

  15. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { undef r := *p foo(r) foo(undef) *p := 42 } } 5

  16. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { undef undef r := *p foo(r) foo(undef) *p := 42 } } 5

  17. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { undef undef r := *p foo(r) foo(undef) *p := 42 } } 5

  18. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { r := *p foo(r) foo(undef) *p := 42 } } 5

  19. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { r := *p 42 foo(r) foo(undef) *p := 42 } } 5

  20. Example: A Bug We Found in mem2reg  Credible compilation may detect bugs that testing misses.  Simplified code from SPEC Benchmark: p := alloca() ⇒ loop { loop { undef r := *p 42 foo(r) foo(undef) *p := 42 } } 5

  21. Example: A Bug We Found in mem2reg Why testing missed this bug?  Credible compilation may detect bugs that testing misses. Because foo ignores r: foo(r):  Simplified code from SPEC Benchmark: ... s = r & 0x0 ... p := alloca() ⇒ loop { loop { undef r := *p 42 foo(r) foo(undef) *p := 42 } } 5

  22. Crellvm framework 6 / 22

  23. Crellvm Framework Compilation Validation src.ll Optimizer Optimizer Proof ProofGen Proof Checker Yes / No tgt.ll tgt'.ll llvm-diff Yes (same) / No (not same) Validation succeeds if both are “Yes” 7

  24. Crellvm Framework Compilation Validation src.ll Optimizer Optimizer Proof ProofGen Proof Checker Yes / No tgt.ll tgt'.ll llvm-diff Yes (same) / No (not same) Validation succeeds if both are “Yes” 7

  25. Crellvm Framework Compilation Validation src.ll Optimizer Optimizer Proof ProofGen Proof Checker Yes / No tgt.ll tgt'.ll llvm-diff Yes (same) / No (not same) Validation succeeds if both are “Yes” 7

  26. Crellvm Framework Compilation Validation src.ll Optimizer Optimizer Proof ProofGen Proof Checker Yes / No tgt.ll tgt'.ll α -equivalence llvm-diff checking Yes (same) / No (not same) Validation succeeds if both are “Yes” 7

  27. Crellvm Framework Compilation Validation src.ll Verified ✔ Optimizer Optimizer Proof ProofGen Proof Checker Yes / No tgt.ll tgt'.ll α -equivalence llvm-diff checking Yes (same) / No (not same) Validation succeeds if both are “Yes” 7

  28. Crellvm Framework Compilation Validation src.ll Verified ✔ Optimizer Optimizer Proof ProofGen Proof Checker Yes / No tgt.ll tgt'.ll Based on a logic for Based on a logic for Based on a logic for α -equivalence llvm-diff optimization validation optimization validation optimization validation checking Yes (same) / No (not same) Validation succeeds if both are “Yes” 7

  29. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine x := add a 1 x := add a 1 10 : ⁞ ⁞ y := add x 2 y := add a 3 20 : foo(y) foo(y) 21 : 8 / 22

  30. Extensible ERHL: A Logic for Optimization Validation Relational Hoare  Assoc-add optimization in instcombine Logic x := add a 1 x := add a 1 10 : ⁞ ⁞ y := add x 2 y := add a 3 20 : foo(y) foo(y) 21 : 8 / 22

  31. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine x := add a 1 x := add a 1 10 : ⁞ ⁞ y := add x 2 y := add a 3 20 : foo(y) foo(y) 21 : 8 / 22

  32. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine x := add a 1 x := add a 1 10 : ⁞ ⁞ y := add x 2 y := add a 3 20 : foo(y) foo(y) 21 : 8 / 22

  33. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine x := add a 1 x := add a 1 10 : ⁞ ⁞ y := add x 2 y := add a 3 20 : foo(y) foo(y) 21 : 8 / 22

  34. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine x := add a 1 x := add a 1 10 : ⁞ ⁞ y := add x 2 y := add a 3 20 : Optimized foo(y) foo(y) 21 : 8 / 22

  35. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine MD = ∅ { } x := add a 1 x := add a 1 10 : { x 𝒕𝒔𝒅 = add a 𝒕𝒔𝒅 𝟐 MD = ∅ } Relational ⁞ ⁞ assertions { x 𝒕𝒔𝒅 = add a 𝒕𝒔𝒅 𝟐 MD = ∅ } y := add x 2 y := add a 3 20 : { MD = ∅ } foo(y) foo(y) 21 : MD = ∅ { } 8 / 22

  36. ERHL: A Logic for Optimization Validation  Assoc-add optimization in instcombine MD = ∅ { } x := add a 1 x := add a 1 10 : { x 𝒕𝒔𝒅 = add a 𝒕𝒔𝒅 𝟐 MD = ∅ } ⁞ ⁞ { x 𝒕𝒔𝒅 = add a 𝒕𝒔𝒅 𝟐 MD = ∅ } Pre- assertion y := add x 2 y := add a 3 20 : { MD = ∅ } Post- assertion foo(y) foo(y) 21 : MD = ∅ { } 8 / 22

  37. ERHL: A Logic for Optimization Validation (Relational Property)  Assoc-add optimization in instcombine All registers contain same value MD = ∅ { } in SRC & TGT x := add a 1 x := add a 1 10 : { x 𝒕𝒔𝒅 = add a 𝒕𝒔𝒅 𝟐 MD = ∅ } ⁞ ⁞ { x 𝒕𝒔𝒅 = add a 𝒕𝒔𝒅 𝟐 MD = ∅ } y := add x 2 y := add a 3 20 : { MD = ∅ } foo(y) foo(y) 21 : MD = ∅ { } 8 / 22

Recommend

Dynamic Compilation using LLVM Alexander Matz Institute of Computer Engineering University of

Dynamic Compilation using LLVM Alexander Matz Institute of Computer Engineering University of

Dynamic Compilation using LLVM Alexander Matz Institute of Computer Engineering University of Heidelberg alexander.matz@ziti.uni-heidelberg.de Outline Motivation Architecture and Comparison Just-In-Time Compilation with LLVM

398 views • 36 slides
MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 POPL20 January 24, 2020 1 Inria Paris 2 cole normale suprieure PSL University

1.12k views • 93 slides
How to cross compile with LLVM based tools Peter Smith, Linaro Introduction and assumptions

How to cross compile with LLVM based tools Peter Smith, Linaro Introduction and assumptions

How to cross compile with LLVM based tools Peter Smith, Linaro Introduction and assumptions What we are covering Today What is cross compilation? How does cross compilation work with Clang and LLVM? The extra bits you need

304 views • 28 slides
A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting Wang and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota, Minneapolis ESOP 2016, Eindhoven, Netherlands

1.06k views • 88 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Full functional verification Method: Come up with a complete specification of the program Prove the program

852 views • 52 slides
Building a Modern Database Using LLVM Skye Wanderman-Milne, Cloudera skye@cloudera.com LLVM

Building a Modern Database Using LLVM Skye Wanderman-Milne, Cloudera skye@cloudera.com LLVM

Building a Modern Database Using LLVM Skye Wanderman-Milne, Cloudera skye@cloudera.com LLVM Developers Meeting, Nov. 6-7 Overview What is Cloudera Impala? Why code generation? Writing IR vs. cross compilation Results What is

1.01k views • 27 slides
LLVM IR and the IoT Dvid Juhsz david.juhasz@imsystech.com 4/2/2018 1 FOSDEM 2018 LLVM

LLVM IR and the IoT Dvid Juhsz david.juhasz@imsystech.com 4/2/2018 1 FOSDEM 2018 LLVM

A unique processor architecture meeting LLVM IR and the IoT Dvid Juhsz david.juhasz@imsystech.com 4/2/2018 1 FOSDEM 2018 LLVM devroom Compiling with LLVM High-Level Programming Language LLVM LLVM Front-end LLVM Assembly / IR LLVM

434 views • 22 slides
Magic Behind Xcode Compilation Mobile Warsaw, 2015 > whoami Twitter: @1101_debian Github:

Magic Behind Xcode Compilation Mobile Warsaw, 2015 > whoami Twitter: @1101_debian Github:

Magic Behind Xcode Compilation Mobile Warsaw, 2015 > whoami Twitter: @1101_debian Github: @AlexDenisov Freenode: AlexDenisov Blog: http://lowlevelbits.org Outline Compilation process LLVM/Clang Q & A Compilation

1.16k views • 75 slides
VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 PARKAS SYNCHRON19 November 28, 2019 1 Inria Paris 2 DI ENS PSL University 3 Sorbonne University THE PROBLEM Adding the modular

1.41k views • 124 slides
1 Global Value Numbering Global Value Numbering (cont) How do we handle control flow? Idea

1 Global Value Numbering Global Value Numbering (cont) How do we handle control flow? Idea

LLVM Compiler Infrastructure Reuse Optimization Source: LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation by Lattner and Adve Idea Eliminate redundant operations in the dynamic execution of instructions

566 views • 5 slides
Porting LLVM to a new OS Kai Nacke 31 January 2016 LLVM devroom @ FOSDEM16 Porting LLVM

Porting LLVM to a new OS Kai Nacke 31 January 2016 LLVM devroom @ FOSDEM16 Porting LLVM

Porting LLVM to a new OS Kai Nacke 31 January 2016 LLVM devroom @ FOSDEM16 Porting LLVM There are two possible goals Run LLVM tools on OS Generate code for OS / CPU architecture Mission is to run LLVM on previously unsupported

603 views • 11 slides
Lect ure # 03 ADVANCED DATABASE SYSTEMS Query Compilation @ Andy_Pavlo // 15- 721 // Spring

Lect ure # 03 ADVANCED DATABASE SYSTEMS Query Compilation @ Andy_Pavlo // 15- 721 // Spring

Lect ure # 03 ADVANCED DATABASE SYSTEMS Query Compilation @ Andy_Pavlo // 15- 721 // Spring 2018 2 Background Code Generation / Transpilation JIT Compilation (LLVM) Real-world Implementations CMU 15-721 (Spring 2018) 3 H EKATO N REM

849 views • 56 slides
An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

251 views • 21 slides
The Many Faces of Instrumentation: Debugging and Better Performance using LLVM in HPC What are

The Many Faces of Instrumentation: Debugging and Better Performance using LLVM in HPC What are

The Many Faces of Instrumentation: Debugging and Better Performance using LLVM in HPC What are LLVM, Clang, and Flang? How is LLVM Being Improved for HPC. What Facilities for Tooling Exist in LLVM? Opportunities for the Future!

572 views • 38 slides
LLVM/Clang Mouna Abidi & Manel Grichi 1 Plan What is LLVM? How will you be using it?

LLVM/Clang Mouna Abidi & Manel Grichi 1 Plan What is LLVM? How will you be using it?

LLVM/Clang Mouna Abidi & Manel Grichi 1 Plan What is LLVM? How will you be using it? LLVM Architecture Compiler Simple case study Conclusion 2 What is LLVM? Low Level Virtual Machine Modern Compiler

1.34k views • 19 slides
LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan

LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan

LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan Rupprecht (Google) Introduction LLVM binary utilities (aka binutils) include: llvm-readobj/llvm-readelf llvm-objdump llvm-objcopy

352 views • 8 slides
JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed Execution Phases Assembly Loading & Initialization JIT Compilation JIT Optimizations Whats new in NGEN 4.0? When to use NGEN? 2 Running Code

484 views • 46 slides
Instruction Selection for LLVM-- Aslan Askarov aslan@cs.au.dk The x86 assembly language

Instruction Selection for LLVM-- Aslan Askarov aslan@cs.au.dk The x86 assembly language

Compilation 2016 Instruction Selection for LLVM-- Aslan Askarov aslan@cs.au.dk The x86 assembly language Assembler produces object file that contains segments (address ranges with a purpose) Segments containing runnable

375 views • 10 slides
An LLVM Refinement Checker and its Applications YIJI ZHANG 1 , LENORE D. ZUCK 1 , KEDAR NAMJOSHI 2

An LLVM Refinement Checker and its Applications YIJI ZHANG 1 , LENORE D. ZUCK 1 , KEDAR NAMJOSHI 2

An LLVM Refinement Checker and its Applications YIJI ZHANG 1 , LENORE D. ZUCK 1 , KEDAR NAMJOSHI 2 UNIVERSITY OF ILLINOIS AT CHICAGO 1 , BELL LABS 2 PRESENTER: JORDAN TORF 1 Compilers should not miscompile! What could go wrong? Compilation:

363 views • 8 slides
Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale

Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale

Towards a Coq-verified compiler from Esterel to circuits: 2 years later Lionel R ieg Yale University Synchron 2016 December 5th, 2016 1/20 Objective: prove the compilation scheme for Esterel Esterel Synchronous dataflow language

960 views • 74 slides
Building, Testing and Debugging a Simple out-of-tree LLVM Pass October 29, 2015, LLVM

Building, Testing and Debugging a Simple out-of-tree LLVM Pass October 29, 2015, LLVM

Building, Testing and Debugging a Simple out-of-tree LLVM Pass October 29, 2015, LLVM Developers Meeting LLVM 3.7 Resources https://github.com/quarkslab/ llvm-dev-meeting-tutorial-2015 1 Instruction Booklet a = b + c a = b

794 views • 62 slides
LLVM Simone Campanoni simonec@eecs.northwestern.edu Problems with Canvas? Problems with slides?

LLVM Simone Campanoni simonec@eecs.northwestern.edu Problems with Canvas? Problems with slides?

LLVM Simone Campanoni simonec@eecs.northwestern.edu Problems with Canvas? Problems with slides? Any problems? Outline Introduction to LLVM CAT steps Hacking LLVM LLVM LLVM is a great, hackable compiler for C/C++ languages

1.68k views • 44 slides
Enabling Automatic Partitioning of Data-Parallel Kernels with Polyhedral Compilation Alexander

Enabling Automatic Partitioning of Data-Parallel Kernels with Polyhedral Compilation Alexander

Enabling Automatic Partitioning of Data-Parallel Kernels with Polyhedral Compilation Alexander Matz, Holger Frning Heidelberg University, Germany LLVM Performance Workshop @CGO 2018 Sat 24 Feb 2018, Vienna, Austria Multi GPU in the Real

430 views • 19 slides

More recommend