towards deductive compilation implementing a partial
play

Towards Deductive Compilation: Implementing a Partial Evaluator Via - PowerPoint PPT Presentation

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool Reiner H ahnle (joint work with Richard Bubel and Ran Ji) Chalmers University of Technology Department of Computer Science and Engineering 10


  1. Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool Reiner H¨ ahnle (joint work with Richard Bubel and Ran Ji) Chalmers University of Technology Department of Computer Science and Engineering 10 March 2011 Seminar “Deduction at Scale” Schloss Ringberg, March 2011 Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 1 / 20

  2. Introduction Starting Point Program verification tool (KeY) based on Dynamic logic for Java source code First-order theorem proving Symbolic execution Invariant reasoning Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 2 / 20

  3. Introduction Starting Point Program verification tool (KeY) based on Dynamic logic for Java source code First-order theorem proving Symbolic execution Invariant reasoning Constructing a specialized program from a verification proof attempt Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 2 / 20

  4. Overview of Symbolic Execution {a!= ♥✉❧❧ && a.length >0} h = a.length; ⇐ pc l = 0; ✇❤✐❧❡ (a[(h-l)/2] >0) { body } rest Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  5. Overview of Symbolic Execution a!= ♥✉❧❧ && a.length>0 {a!= ♥✉❧❧ && a.length >0} ✇❤✐❧❡ (a[(h-l)/2] >0) { ⇐ h=a.length body } l=0 { h := a.length | l := 0 } rest 1 Precondition is path condition in SE tree; nodes have symbolic state Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  6. Overview of Symbolic Execution a!= ♥✉❧❧ && a.length>0 {a!= ♥✉❧❧ && a.length >0} ✐♥t _i = a.length -0; ⇐ h=a.length ✐♥t _j = _i/2; ✐♥t _k = a[_j]; l=0 { h := a.length | l := 0 } ❜♦♦❧❡❛♥ _g = (_k >0); ✇❤✐❧❡ (_g) { body } rest 1 Precondition is path condition in SE tree; nodes have symbolic state 2 Local program transformation: simple, side-effect free expressions Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  7. Overview of Symbolic Execution a!= ♥✉❧❧ && a.length>0 {a!= ♥✉❧❧ && a.length >0} ❜♦♦❧❡❛♥ _g = (_k >0); ⇐ h=a.length ✇❤✐❧❡ (_g) { body l=0 } rest _k=a[a.length/2] 1 Precondition is path condition in SE tree; nodes have symbolic state 2 Local program transformation: simple, side-effect free expressions Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  8. Overview of Symbolic Execution a!= ♥✉❧❧ && a.length>0 {a!= ♥✉❧❧ && a.length >0} simplification ❜♦♦❧❡❛♥ _g = (_k >0); ⇐ h=a.length ✇❤✐❧❡ (_g) { body l=0 } k c e rest h _k=a[a.length/2] c 1 Precondition is path condition in SE tree; nodes have symbolic state 2 Local program transformation: simple, side-effect free expressions 3 First-order reasoning required for simplification, checking bounds Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  9. Overview of Symbolic Execution {a!= ♥✉❧❧ && a.length >0} _g=... ✇❤✐❧❡ (_g) { body } ✇❤✐❧❡ rest _g && I !_g && I body rest 1 Precondition is path condition in SE tree; nodes have symbolic state 2 Local program transformation: simple, side-effect free expressions 3 First-order reasoning required for simplification, checking bounds 4 Execute loop under suitable invariant Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  10. Overview of Symbolic Execution {a!= ♥✉❧❧ && a.length >0} _g=... ✇❤✐❧❡ (_g) { body } ✇❤✐❧❡ rest _g && I !_g && I body rest 1 Precondition is path condition in SE tree; nodes have symbolic state 2 Local program transformation: simple, side-effect free expressions 3 First-order reasoning required for simplification, checking bounds 4 Execute loop under suitable invariant 5 View SE as depth left first AST traversal (inlined first argument of ; ) Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  11. Overview of Symbolic Execution {a!= ♥✉❧❧ && a.length >0} _g=... ✇❤✐❧❡ (_g) { body } ✇❤✐❧❡ rest _g && I !_g && I body rest Observations Transformation of complex assignments, symbolic state simplification: 1 single static assignment (SSA) form easily obtainable If strongest postcondition not needed, can use tr✉❡ as invariant 2 Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  12. Overview of Symbolic Execution {a!= ♥✉❧❧ && a.length >0} _g=... ✇❤✐❧❡ (_g) { body } ✇❤✐❧❡ rest _g && I !_g && I body rest Observations Transformation of complex assignments, symbolic state simplification: 1 single static assignment (SSA) form easily obtainable If strongest postcondition not needed, can use tr✉❡ as invariant 2 May synthesize specialized program by bottom-up AST traversal: 3 Backward Analysis used variables, etc. Program Specialisation dead code elimination, condition evaluation Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 3 / 20

  13. Program Logic Calculus Calculus Γ 1 = ⇒ U 1 [ p 1 ] Γ n = ⇒ U n [ p n ] . . . ruleName Γ = ⇒ U [ p ] Notation: Γ: path conditions (set of formulas) U : update (information from the program has been excuted) p : Java program (program to be excuted) Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 4 / 20

  14. Program Logic Calculus Calculus Γ 1 = ⇒ U 1 [ p 1 ] Γ n = ⇒ U n [ p n ] . . . ruleName Γ = ⇒ U [ p ] Notation: Γ: path conditions (set of formulas) U : update (information from the program has been excuted) p : Java program (program to be excuted) rule application from bottom-to-top postcondition ignored Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 4 / 20

  15. Interleaving Symbolic Execution and Partial Evaluation Proof-Search Space Reduction can be achieved by adding calculus rules performing (or invoking) a basic partial evaluator (FMCO 2009): constant propagation constant expression evaluation dead-code elimination Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 5 / 20

  16. Interleaving Symbolic Execution and Partial Evaluation Proof-Search Space Reduction can be achieved by adding calculus rules performing (or invoking) a basic partial evaluator (FMCO 2009): constant propagation constant expression evaluation dead-code elimination One reason why this is a good idea: Proof branching during symbolic execution creates new static input values: U ( b ) = ⇒ U [ ack=true;r ] U ( ¬ b ) = ⇒ U [ ack=false;r ] = ⇒ U [ if (b) {ack=true;} else {ack=false;} r ] Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 5 / 20

  17. Interleaving Symbolic Execution and Partial Evaluation Proof-Search Space Reduction can be achieved by adding calculus rules performing (or invoking) a basic partial evaluator (FMCO 2009): constant propagation constant expression evaluation dead-code elimination One reason why this is a good idea: Proof branching during symbolic execution creates new static input values: U ( b ) = ⇒ U [ ack=true;r ] U ( ¬ b ) = ⇒ U [ ack=false;r ] = ⇒ U [ if (b) {ack=true;} else {ack=false;} r ] Can we extract a specialized program out of a verification proof? Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 5 / 20

  18. Program Specialization Extended Symbolic State Node Γ = ⇒ U [ p ] Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 6 / 20

  19. Program Specialization Extended Symbolic State Node Γ = ⇒ U [ p ] | ( Fwd )( Bk ) Sequent annotated with ( Fwd )( Bk ) : program analysis and synthesis results from AST traversal Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 6 / 20

  20. Program Specialization Extended Symbolic State Node Γ = ⇒ U [ p ] | ( Fwd )( Bk ) Sequent annotated with ( Fwd )( Bk ) : program analysis and synthesis results from AST traversal Fwd : program information maintained in forward analysis Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 6 / 20

  21. Program Specialization Extended Symbolic State Node Γ = ⇒ U [ p ] | ( Fwd )( Bk ) Sequent annotated with ( Fwd )( Bk ) : program analysis and synthesis results from AST traversal Fwd : program information maintained in forward analysis ◮ program variables potentially read in continuation of p Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 6 / 20

  22. Program Specialization Extended Symbolic State Node Γ = ⇒ U [ p ] | ( Fwd )( Bk ) Sequent annotated with ( Fwd )( Bk ) : program analysis and synthesis results from AST traversal Fwd : program information maintained in forward analysis ◮ program variables potentially read in continuation of p Bk = sp , use : program information synthesized in backward analysis Bubel/H¨ ahnle/Ji (CTH) Deductive Compilation 10 March 2011 6 / 20

Recommend


More recommend