towards demonstrably correct compilation of java bytecode
play

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE - PowerPoint PPT Presentation

Oct 06, 2023 •251 likes •827 views

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of Dsseldorf FMCO 2008 Nice Sophia-Antipolis PART 1: BACKGROUND BACKGROUND DeCCo (Demonstrably Correct Compiler) By Susan Stepney, Logica + AWE

  1. (TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of Düsseldorf FMCO 2008 Nice Sophia-Antipolis

  2. PART 1: BACKGROUND

  3. BACKGROUND DeCCo (Demonstrably Correct Compiler) By Susan Stepney, Logica + AWE [1992-2001] From: PASP Pascal-like language To: ASP Custom RISC Processor One major step for Hoare’s Grand Challenge

  4. DECCO: PROCESS Z Specification of PASP Z Specification of ASP (+ ASPAL + XASPAL) Translation Rules in Z: PASP → ASP Proven by hand Translated by hand into Prolog DCGT

  5. DECCO: PROCESS Z Specification of PASP Z Specification of ASP (+ ASPAL + XASPAL) Translation Rules in Z: PASP → ASP Proven by hand Translated by hand into Prolog DCGT

  6. “We believe that the methodology provides us with a high level of confidence in the correctness of the embedded software required to drive high integrity controllers.” Source: Decco Website http://www-users.cs.york.ac.uk/~susan/bib/ss/hic.htm

  7. DRAWBACKS tied to PASP, difficult to get PASP programmers proven by hand + translation by hand translation Z → Prolog only correct under certain assumptions Prolog code was hard to maintain, Prolog performance issues, a few bugs Infrastructure DCGT Z Operators

  8. JASP PROJECT Investigate existing Decco system Move from PASP to Java Bytecode Provide recommendations for future developments Adapt existing Decco System for JavaBC ? Move from Prolog to Haskell ? Investigate other alternatives, ...

  9. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  10. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  11. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  12. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  13. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  14. THE PROLOG SYSTEM LPA WinProlog: only on Windows, no modules idiosyncratic features were used default mode gives no warnings singleton variables, predicate redefinition, ...

  15. JASP CONCLUSIONS Try to automate more of compiler construction Move from Z to B (or other approaches) Automatic Code generation Formal proofs Tool support

  16. PART 2: A LITTLE BACKGROUND ABOUT B

  17. A quick overview of B

  18. B-Method • Invented by Abrial • Successor of Z • Allows to write high-level specifications & code (B0) • Aimed at tool support

  19. B: Logical Predicates

  20. B: SETS {x,y,... | P} set comprehensions (partial list)

  21. B: Relations (partial list)

  22. B: Functions f(x) function application %(x,y,..).(P|E) lambda abstraction

  23. B Development Process Preliminary design Software Consistency requirement B Abstract Model proof specification Detailed design Refinement proof Functional test Consistency B Concrete Model proof Translation Ada code Manual Semi-automatic Automatic Source: Siemens Transportation Systems

  25. ETHZ Southampton Newcastle Aabo Nokia Bosch Siemens Transportation SAP Space Systems Finland

  26. PART 3: COMPILER CONSTRUCTION WITH B

  27. JASP: FIRST EXPERIMENT Small Subset of Java Bytecode no methods, objects, ... istore, iload, iconst, imul, ... Simple model of the processor Three-Address code of Dragon Book LDI, LDM, STM, MUL, ...

  28. MACHINE JavaBC0 SETS Opcodes IDEA CONSTANTS PrgOpcode,PrgArg1,PrgArg2, Exp,StackLayout,BYTE, MAXVAR,VARS,MAXBYTE, PSIZE VARIABLES PC,Stack,Vars, Finished OPERATIONS (StackSize),(StackTop),(NzVarVal), Model JavaBC as B terminate,ex_nop,ex_goto, ex_return,(ex_ifle),(ex_istore), (ex_iconst),(ex_iload),(ex_imul), (ex_iadd),(ex_iinc),current_opcode Model RISC as B REFINES REFINEMENT JavaBCR1 Refine JavaBC into compiled VARIABLES PC,Finished OPERATIONS version StackSize,StackTop,NzVarVal, ex_istore,ex_iconst,ex_iload, ex_imul,ex_iadd,ex_iinc, ex_ifle opcodes translated into RISC INCLUDES MACHINE RISC CONSTANTS correctness established by NrReg,MSize,RBYTE, MAXRBYTE B refinement VARIABLES R,MEM OPERATIONS LDI,LDM,STM, ADD,MUL,SUBT, ISPOS

  29. EXAMPLE BYTECODE 0: iconst_2 1: istore_1 public class Power { 2: iconst_5 public static void main(String args[]) 3: istore_2 { 4: iload_2 int base = 2; 5: istore_3 int exp = 5; 6: iconst_1 int i = exp; 7: istore 4 int res = 1; 9: iload_3 while (i>0) { 10: ifle 25 i--; 13: iinc 3, -1 res = res*base; 16: iload 4 } 18: iload_1 System.out.println(res); 2 19: imul } 20: istore 4 Operand Local } 22: goto 9 Stack Variables 25: return

  30. HOW TO COMPILE How to compile to RISC with limited memory and registers (2) ? Local variables statically known: ok What about the stack ??

  31. STACK LAYOUT 0: iconst_2 1: istore_1 2: iconst_5 3: istore_2 4: iload_2 Every program point: 5: istore_3 6: iconst_1 same stack layout, 7: istore 4 no matter which path 9: iload_3 10: ifle 25 13: iinc 3, -1 16: iload 4 int 18: iload_1 19: imul int 20: istore 4 Operand 22: goto 9 25: return Stack

  32. HOW TO COMPILE Infer stack layout: int int for every program point: size of stack ... upper bound must exist treat like local variables ! imul no need to maintain a stack pointer !! int ...

  33. INFERRING STACK LAYOUT By abstract interpretation Prolog interpreter for Java BC run it on abstract domain of types {int, ...} [Demo] In Java 6: Stacklayout actually already in class file

  34. TRUSTING STACKLAYOUT INFO Remember: we want formally verified compilation How can we trust the code that computed the stack layout info? We don’t have to ! Build properties of correct stack layout into B formal model Computed stack layout needs to be checked for those properties

  35. Model of Model of Java RISC Bytecode Processor Refines Calls Model of Compiled Java Bytecode

  36. THE B MODEL OF JAVABC PROPERTIES INVARIANT PSIZE : NATURAL1 & PC: 1..PSIZE & PrgOpcode: 1..PSIZE --> Opcodes & Stack: seq(INTEGER) & PrgArg1: 1..PSIZE --> VARS & Vars: VARS +->INTEGER & PrgArg2: 1..PSIZE --> BYTE & Finished: BOOL & ... size(Stack) = StackLayout(PC) StackLayout: 1..PSIZE --> VARS /* for each Program Point: indicate size of stack */ & StackLayout(1) = 0 & /* Initially stack is empty */ ... !pc1.(pc1:1..PSIZE => ((PrgOpcode(pc1)/=goto & PrgOpcode(pc1)/=return) => pc1+1 <= PSIZE )) & !pc2.(pc2:1..PSIZE & PrgOpcode(pc2) = goto => (PrgArg1(pc2):1..PSIZE & StackLayout(PrgArg1(pc2)) = StackLayout(pc2)) ) ...

  37. THE B MODEL OF JAVABC OPERATIONS ex_iload(A1) = PRE PrgOpcode(PC) = iload & A1=PrgArg1(PC) & A1:dom(Vars) THEN AdvancePC || Proven correct: Stack := Stack <- Vars(A1) END; PC remains within program bounds statically computed Stack Layout is always correct if properties satisfied

  38. Quote “Every formal model I have seen, proven or not, which has not been animated contained errors” Christophe Metayer, Systerel (liberal translation from French based on verbal communication)

  39. Quote “Every formal model I have seen, proven or not, which has not been animated contained errors” Christophe Metayer, Systerel (liberal translation from French based on verbal communication)

  40. OUR TOOL Model Checking Languages: B, (LTL, Symmetry) CSP, Z, CSP||B, ... Animation Refinement Checking Used for Industrial Teaching B Applications

  42. Model of Model of Java RISC Bytecode Processor Refines Calls Model of Compiled Java Bytecode

  43. MACHINE RISC CONSTANTS NrReg, /* Number of registers */ MSize, /* Memory Size */ B MODEL RBYTE, MAXRBYTE OF RISC PROPERTIES MAXRBYTE = 31 & /* 127 & */ NrReg:INT & NrReg>1 & MSize:INTEGER & MSize>1 & RBYTE = (-MAXRBYTE-1)..MAXRBYTE & NrReg =2 & MSize = 4*(MAXRBYTE+1)-1 VARIABLES R, /* Register Contents */ MEM /* Memory Contents */ INVARIANT R: 1..NrReg --> INTEGER & MEM: 0..MSize --> INTEGER INITIALISATION R := %x.(x:1..NrReg | 0) || MEM := %y.(y:0..MSize | 0) OPERATIONS LDI(r,imm) = PRE r:1..NrReg & imm:RBYTE THEN R(r) := imm END; LDM(r,mem) = PRE mem:0..MSize & r:1..NrReg THEN R(r) := MEM(mem) END; STM(r,mem) = PRE mem:0..MSize & r:1..NrReg THEN MEM(mem) := R(r) END; ADD(r1,r2,r3) = PRE r1: 1..NrReg & r2: 1..NrReg & r3: 1..NrReg THEN R(r1) := R(r2)+R(r3) END; MUL(r1,r2,r3) = PRE r1: 1..NrReg & r2: 1..NrReg & r3: 1..NrReg THEN R(r1) := R(r2)*R(r3) END; SUBT(r1,r2,r3) = PRE r1: 1..NrReg & r2: 1..NrReg & r3: 1..NrReg THEN R(r1) := R(r2)-R(r3) END; res <-- ISPOS(r) = PRE r:1..NrReg THEN IF R(r)> 0 THEN res := TRUE ELSE res := FALSE END

  44. Model of Model of Java RISC Bytecode Processor Refines Calls Model of Compiled Java Bytecode

Recommend

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

The Java programming environment Introduction to JVM Based on material produced by Bill Venners 1 2 The Java platform The role of the virtual machime byte code generated by the Java front-end is an intermediate representation (IR)

834 views • 3 slides
Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values, terms, ... Typing and operational semantics JVM Compiler Definition Proof Techniques Compilation and Bytecode Verification

643 views • 18 slides
Compiling Techniques Lecture 10: Introduction to Java ByteCode Christophe Dubach 10 November

Compiling Techniques Lecture 10: Introduction to Java ByteCode Christophe Dubach 10 November

Introduction Java ByteCode Details Compiling Techniques Lecture 10: Introduction to Java ByteCode Christophe Dubach 10 November 2015 Christophe Dubach Compiling Techniques Introduction Java ByteCode Details Coursework: Block and

570 views • 23 slides
A Block-Based Bytecode Format to Simplify and Improve Just-in-Time Compilation Christian Wimmer

A Block-Based Bytecode Format to Simplify and Improve Just-in-Time Compilation Christian Wimmer

A Block-Based Bytecode Format to Simplify and Improve Just-in-Time Compilation Christian Wimmer cwimmer@uci.edu www.christianwimmer.at June 2009 Department of Computer Science University of California, Irvine Method Granularity Software

384 views • 7 slides
Specification language and WP calculus for Java Bytecode. joint work in progress Mariela

Specification language and WP calculus for Java Bytecode. joint work in progress Mariela

Specification language and WP calculus for Java Bytecode. joint work in progress Mariela Pavlova, Lilian Burdy INRIA Sophia-Antipolis spopS p. 1 Motivation Proof Carrying ByteCode Proof obligations. What is the language in which

443 views • 31 slides
Java ByteCode Manuel Oriol June 7th, 2007 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 7th, 2007 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 7th, 2007 Byte Code? The Java language is compiled into an intermediary form called byte code It ensures portability The byte code is a succession of instructions that manipulate a stack Each

928 views • 56 slides
Java ByteCode Manuel Oriol June 8th, 2006 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 8th, 2006 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 8th, 2006 Byte Code? The Java language is compiled into an intermediary form called byte code It ensures portability The byte code is a succession of instructions that manipulate a stack Each

723 views • 57 slides
Decompiling Boolean Expressions from Java TM Bytecode Mangala Gowri Nanda (IBM-IRL) and S.

Decompiling Boolean Expressions from Java TM Bytecode Mangala Gowri Nanda (IBM-IRL) and S.

Decompiling Boolean Expressions from JavaTM Bytecode Decompiling Boolean Expressions from Java TM Bytecode Mangala Gowri Nanda (IBM-IRL) and S. Arun-Kumar (IIT Delhi) Decompiling Boolean Expressions from JavaTM Bytecode Introduction The

570 views • 37 slides
On the Challenges in Extracting Metrics from Java Bytecode A/Prof. Jean-Guy Schneider

On the Challenges in Extracting Metrics from Java Bytecode A/Prof. Jean-Guy Schneider

On the Challenges in Extracting Metrics from Java Bytecode A/Prof. Jean-Guy Schneider jschneider@swin.edu.au Where it all began 12.7: 0.6973 .7 12.6: 0.6443 Gini Coefficient of Synthetic Fields .6 12.5: 0.5820 .5 4.7:

385 views • 25 slides
Machine Assisted Reasoning for Multi - Threaded Java Bytecode Mikael Lagerkvist April 2005

Machine Assisted Reasoning for Multi - Threaded Java Bytecode Mikael Lagerkvist April 2005

Background The Semantics of the JVM Examples Conclusion and Further Work Machine Assisted Reasoning for Multi - Threaded Java Bytecode Mikael Lagerkvist April 2005 Mikael Lagerkvist Machine Assisted Reasoning for Java Bytecode Background

420 views • 30 slides
Java Bytecode to Hardware Made Easy with Bluespec SystemVerilog Flavius Gruian Mehmet Ali Arslan

Java Bytecode to Hardware Made Easy with Bluespec SystemVerilog Flavius Gruian Mehmet Ali Arslan

Java Bytecode to Hardware Made Easy with Bluespec SystemVerilog Flavius Gruian Mehmet Ali Arslan Lund University, Sweden {Flavius.Gruian, Mehmet_Ali.Arslan}@cs.lth.se Java Technologies for Real-time and Embedded Systems, 2012 1 / 15 Outline

498 views • 26 slides
Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU,

Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU,

Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU, and Fred MESNARD Dipartimento di Informatica, Universit` a di Verona, Italy Oakland University, U.S.A. IREMIA, universit e de la R eunion,

216 views • 17 slides
1 Java Release History Enhancements in JDK 5 (= Java 1.5) Generics 1995 (1.0) First

1 Java Release History Enhancements in JDK 5 (= Java 1.5) Generics 1995 (1.0) First

CS 242 Outline Java Virtual machine overview Language Overview Loader and initialization History and design goals Linker and verifier Classes and Inheritance Bytecode interpreter Object features Method

180 views • 17 slides
Manipulao de Bytecode Java Mantendo o esprito Hacker no mundo das linguagens de alto nvel

Manipulao de Bytecode Java Mantendo o esprito Hacker no mundo das linguagens de alto nvel

Manipulao de Bytecode Java Mantendo o esprito Hacker no mundo das linguagens de alto nvel Andr Luiz Breves de Oliveira andre.breves@gmail.com class Hello { public static void main(String[] args) { System.out.println(&quot;Hello

217 views • 21 slides
Resumable Java Bytecode Process Mobility for the JVM Jan Pedersen and Brian Kauke Overview The

Resumable Java Bytecode Process Mobility for the JVM Jan Pedersen and Brian Kauke Overview The

Resumable Java Bytecode Process Mobility for the JVM Jan Pedersen and Brian Kauke Overview The ProcessJ language Transparent process mobility Implementing mobility in the Java/JCSP translation Intro to ProcessJ ProcessJ is a new

285 views • 25 slides
True separate compilation of Java classes Davide Ancona, Giovanni Lagorio, Elena Zucca DISI -

True separate compilation of Java classes Davide Ancona, Giovanni Lagorio, Elena Zucca DISI -

True separate compilation of Java classes Davide Ancona, Giovanni Lagorio, Elena Zucca DISI - University of Genova, Italy APPSEM-II Workshop - Nottingham This talk is based on True Separate Compilation of Java Classes [in PPDP02] and

489 views • 14 slides
Altering Java Semantics via Bytecode Manipulation Eric Tanter, Marc S egura-Devillechaise,

Altering Java Semantics via Bytecode Manipulation Eric Tanter, Marc S egura-Devillechaise,

Jinline Altering Java Semantics via Bytecode Manipulation Eric Tanter, Marc S egura-Devillechaise, Jacques Noy e, Jos e Piquer { etanter, jpiquer } @dcc.uchile.cl { msegura, jnoye } @emn.fr. DCCUniversity of Chile (Chile),

218 views • 17 slides
The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

Virtual Machines in Compilation Virtual Machines in Compilation Abstract Syntax Tree compile Compilation 2007 Compilation 2007 Virtual Machine Code The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code

541 views • 11 slides
Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA JavaPathFinder project and E. Clarkes course material Java PathFinder JPF is an explicit state software model checker for Java bytecode JPF is a Java

888 views • 35 slides
APPLICATION REQUIREMENTS AND EFFICIENCY OF EMBEDDED JAVA BYTECODE MULTI-CORES JTRES 2010 Martin

APPLICATION REQUIREMENTS AND EFFICIENCY OF EMBEDDED JAVA BYTECODE MULTI-CORES JTRES 2010 Martin

Fakultt Informatik Institut fr Technische Informatik, Professur fr VLSI-Entwurfssysteme, Diagnostik und Architektur APPLICATION REQUIREMENTS AND EFFICIENCY OF EMBEDDED JAVA BYTECODE MULTI-CORES JTRES 2010 Martin Zabel, Rainer G. Spallek

661 views • 16 slides
Removing Useless Variables in Cost Analysis of Java Bytecode Elvira Albert DSIC, Universidad

Removing Useless Variables in Cost Analysis of Java Bytecode Elvira Albert DSIC, Universidad

Removing Useless Variables in Cost Analysis of Java Bytecode Elvira Albert DSIC, Universidad Complutense de Madrid CLIP, Universidad Polit ecnica de Madrid Joint work with P. Arenas, S. Genaim, G. Puebla, and D. Zanardini ACM SAC - Software

684 views • 40 slides
The Java Virtual Machine Martin Schberl Overview Review Java/JVM JVM Bytecodes

The Java Virtual Machine Martin Schberl Overview Review Java/JVM JVM Bytecodes

The Java Virtual Machine Martin Schberl Overview Review Java/JVM JVM Bytecodes Bytecode examples Class information Parameter passing On projects JVMHW The Java virtual machine 2 Java System Overview JVMHW The Java

688 views • 46 slides
COSTA: A COSt and Termination Analyzer for Java (bytecode) Programs Elvira Albert and Germ an

COSTA: A COSt and Termination Analyzer for Java (bytecode) Programs Elvira Albert and Germ an

COSTA: A COSt and Termination Analyzer for Java (bytecode) Programs Elvira Albert and Germ an Puebla Ecole Normale Sup erieure (ENS) Paris, Sept 2, 2011 Elvira Albert The COSTA Group The COSTA Team Staff: E. Albert P. Arenas J.

1k views • 74 slides
Plan for today Get you started with C++ C++ is not Java Compilation environment The

Plan for today Get you started with C++ C++ is not Java Compilation environment The

Plan for today Get you started with C++ C++ is not Java Compilation environment The very, very basics Preparation for Lab 1 History of C++ History of C++ 1969 UNIX Why bring this up Created to play space

247 views • 9 slides

More recommend