u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Faculty of Science Proving Correctness of Compilers Using Structured Graphs Patrick Bahr University of Copenhagen, Department of Computer Science paba@di.ku.dk Symposium on Functional and Logic Programming, Kanazawa, Japan; 6th June, 2014 Slide 1
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Introduction Trade-off in software verification: cleverness of vs. ease of implementation reasoning Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 2
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Introduction Trade-off in software verification: cleverness of vs. ease of implementation reasoning Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 2
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Trade-off in Compiler Verification Example: Hutton & Wright “Compiling Exceptions Correctly” Two compilers for a simple language with exceptions: Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 3
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Trade-off in Compiler Verification Example: Hutton & Wright “Compiling Exceptions Correctly” Two compilers for a simple language with exceptions: • Simple but unrealistic compiler (tree shaped code!) � simple proofs Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 3
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Trade-off in Compiler Verification Example: Hutton & Wright “Compiling Exceptions Correctly” Two compilers for a simple language with exceptions: • Simple but unrealistic compiler (tree shaped code!) � simple proofs • More realistic compiler with explicit jumps � much more complicated proofs Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 3
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Trade-off in Compiler Verification Example: Hutton & Wright “Compiling Exceptions Correctly” Two compilers for a simple language with exceptions: • Simple but unrealistic compiler (tree shaped code!) � simple proofs • More realistic compiler with explicit jumps � much more complicated proofs Our Proposal: an intermediate approach • Transform compiler: use (acyclic) graphs instead of trees • Lift the correctness property from the tree-based to the graph-based compiler. Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 3
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Example: A Simple Language with Exceptions Based on Hutton & Wright “Compiling Exceptions Correctly” Source Language Arithmetic expressions + exceptions: data Expr = Val Int | Add Expr Expr | Throw | Catch Expr Expr Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 4
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Example: A Simple Language with Exceptions Based on Hutton & Wright “Compiling Exceptions Correctly” Source Language Arithmetic expressions + exceptions: data Expr = Val Int | Add Expr Expr | Throw | Catch Expr Expr Target Language Instruction set for a simple stack machine: data Code = PUSH Int Code | ADD Code | HALT | MARK Code Code | UNMARK Code | THROW Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 4
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e A Simple Compiler Targeting A Stack Machine comp A :: Expr → Code → Code Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 5
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e A Simple Compiler Targeting A Stack Machine comp A :: Expr → Code → Code comp :: Expr → Code comp e = comp A e HALT Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 5
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e A Simple Compiler Targeting A Stack Machine comp A :: Expr → Code → Code comp A ( Val n ) c = PUSH n c comp A ( Add x y ) c = comp A x ( comp A y ( ADD c )) comp A Throw c = THROW comp A ( Catch x h ) c = MARK ( comp A h c ) ( comp A x ( UNMARK c )) comp :: Expr → Code comp e = comp A e HALT Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 5
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e A Simple Compiler Targeting A Stack Machine comp A :: Expr → Code → Code comp A ( Val n ) c = PUSH n ⊲ c comp A ( Add x y ) c = comp A x ⊲ comp A y ⊲ ADD ⊲ c comp A Throw c = THROW comp A ( Catch x h ) c = MARK ( comp A h ⊲ c ) ⊲ comp A x ⊲ UNMARK ⊲ c comp :: Expr → Code comp e = comp A e ⊲ HALT Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 5
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Semantics & Correctness Semantics Given by evaluator eval & virtual machine exec eval :: Expr → Maybe Int exec :: Code → Stack → Stack Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 6
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Semantics & Correctness data Maybe a = Just a Semantics | Nothing Given by evaluator eval & virtual machine exec eval :: Expr → Maybe Int exec :: Code → Stack → Stack Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 6
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Semantics & Correctness Semantics Given by evaluator eval & virtual machine exec eval :: Expr → Maybe Int exec :: Code → Stack → Stack Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 6
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Semantics & Correctness Semantics Given by evaluator eval & virtual machine exec eval :: Expr → Maybe Int exec :: Code → Stack → Stack Theorem (compiler correctness) � [ Val n ] if eval e = Just n exec ( comp e ) [ ] = [ ] if eval e = Nothing Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 6
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Semantics & Correctness Semantics Given by evaluator eval & virtual machine exec eval :: Expr → Maybe Int exec :: Code → Stack → Stack Theorem (compiler correctness) � [ Val n ] if eval e = Just n exec ( comp e ) [ ] = [ ] if eval e = Nothing Goal • Avoid the code duplication produced by the compiler. • Retain the simple equational reasoning to prove correctness. Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 6
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e How Do We Achieve This? 1 trees ⇒ structured graphs (trees + explicit let bindings) Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 7
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e How Do We Achieve This? 1 trees ⇒ structured graphs (trees + explicit let bindings) 2 The VM is a fold, i.e. exec = fold execAlg Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 7
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e How Do We Achieve This? 1 trees ⇒ structured graphs (trees + explicit let bindings) 2 The VM is a fold, i.e. exec = fold execAlg 3 On graphs, the VM is defined as a fold with the same algebra: exec G = fold G execAlg Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 7
u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e How Do We Achieve This? 1 trees ⇒ structured graphs (trees + explicit let bindings) 2 The VM is a fold, i.e. exec = fold execAlg 3 On graphs, the VM is defined as a fold with the same algebra: exec G = fold G execAlg 4 By parametricity, we obtain: fold G alg = fold alg ◦ unravel for all alg Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 7
Recommend
More recommend
![Quicksort [4] In the last class Recursive Procedures Proving Correctness of Recursive](https://c.sambuz.com/989590/quicksort-s.jpg)
![Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk],](https://c.sambuz.com/1025585/proving-correctness-of-a-garbage-collector-via-local-s.jpg)
