Verifying Compilers using Multi-Language Semantics Amal Ahmed - PowerPoint PPT Presentation

Verifying Compilers using Multi-Language Semantics Amal Ahmed (with James T. Perconti) Northeastern University Thursday, October 17, 13

Semantics-preserving compilation s � t s ≈ t ⇒ = compiles to same meaning Thursday, October 17, 13

Problem: Closed-World Assumption Correct compilation guarantee only applies to whole programs! P s � P t Thursday, October 17, 13

Problem: Closed-World Assumption Correct compilation guarantee only applies to whole programs! P s e s � � low-level P t e t libraries Thursday, October 17, 13

Problem: Closed-World Assumption Correct compilation guarantee only applies to whole programs! P s e s from � � � different compiler & source lang. P t e t Thursday, October 17, 13

Why Whole Programs? s � t s ≈ t ⇒ = expressed how? Thursday, October 17, 13

Why Whole Programs? P s � P t P s ≈ P t ⇒ = expressed how? CompCert → P i → P i +1 P s �− → . . . �− → . . . s �− �− s → ∗ P j + n → P j P t �− → . . . �− → . . . t �− �− t Thursday, October 17, 13

Correct Compilation of Components? e S ≈ e T e s expressed how? � e t Thursday, October 17, 13

Correct Compilation of Components? e S ≈ e T e s expressed how? � e t e ′ t Thursday, October 17, 13

Correct Compilation of Components? e S ≈ e T e s e ′ t expressed how? � e t e ′ t Thursday, October 17, 13

Correct Compilation of Components? Need a semantics of source-target e s interoperability: e ′ t ST e t T S e s � e t e ′ t Thursday, October 17, 13

Correct Compilation of Components? Need a semantics of source-target e s interoperability: ST e ′ t ST e t T S e s � e t e ′ t Thursday, October 17, 13

Correct Compilation of Components? e s ST e ′ t � T S ( e s ( ST e ′ t )) ≈ ctx e t e ′ t e t e ′ t Thursday, October 17, 13

Correct Compilation of Components e s def e S ≈ e T � = e S ≈ ctx ST e T e t Thursday, October 17, 13

Our Approach (multi-pass compiler) S I T Thursday, October 17, 13

Our Approach (multi-pass compiler) S I T SIT Thursday, October 17, 13

Our Approach (multi-pass compiler) S IS e S SI e I I T SIT Thursday, October 17, 13

Our Approach (multi-pass compiler) S IS e S SI e I I T I e I IT e T T SIT Thursday, October 17, 13

Our Approach (multi-pass compiler) Compiler Correctness e S S e S ≈ ctx SI e I � IS e S SI e I I e I T I e I IT e T e I ≈ ctx IT e T � T e T SIT Thursday, October 17, 13

Our Approach Compiler Correctness e S e S ≈ ctx SI e I � e I e I ≈ ctx IT e T � e T Thursday, October 17, 13

Our Approach Compiler Correctness e S e S ≈ ctx SI e I � e I SI e I ≈ ctx SI ( IT e T ) � e T Thursday, October 17, 13

Our Approach Compiler Correctness e S e S ≈ ctx SI e I � SI e I ≈ ctx SI ( IT e T ) } e S ≈ ctx SIT e T e I � e T Thursday, October 17, 13

Our Compiler: System F to TAL e F Closure Conversion τ C � e C Allocation τ A � e A Code Generation τ T � e T Thursday, October 17, 13

Combined language FCAT • Boundaries mediate between F - & & & τ A τ T τ C τ τ τ CF τ e τ FC e • Operational semantics C → ∗ CF τ v �− CF τ e �− → v AC τ e τ CA e τ FC e �− → ∗ τ FC v �− → v A • Boundary cancellation T A τ e τ AT e τ FCCF τ e ≈ ctx e : τ T CF τ τ FC e ≈ ctx e : τ C FCAT Thursday, October 17, 13

Combined language FCAT • Boundaries mediate between F - & & & τ A τ T τ C τ τ τ CF τ e τ FC e • Operational semantics C → ∗ CF τ v �− CF τ e �− → v AC τ e τ CA e τ FC e �− → ∗ τ FC v �− → v A • Boundary cancellation T A τ e τ AT e τ FCCF τ e ≈ ctx e : τ T CF τ τ FC e ≈ ctx e : τ C FCAT Thursday, October 17, 13

Combined language FCAT • Boundaries mediate between F - & & & τ A τ T τ C τ τ τ CF τ e τ FC e • Operational semantics C → ∗ CF τ v �− CF τ e �− → v AC τ e τ CA e τ FC e �− → ∗ τ FC v �− → v A • Boundary cancellation T A τ e τ AT e τ FCCF τ e ≈ ctx e : τ T CF τ τ FC e ≈ ctx e : τ C FCAT Thursday, October 17, 13

Challenges / Roadmap for rest of talk F+C: Interoperability semantics F with type abstraction in both languages CF τ e τ FC e C C+A: Interoperability when compiler pass allocates code & AC τ e τ CA e tuples on heap A A+T: What is ? What is ? e v T A τ e τ AT e How to define contextual equiv. for TAL components ? T How to define logical relation? FCAT Thursday, October 17, 13

Challenges / Roadmap for rest of talk F+C: Interoperability semantics F with type abstraction in both languages CF τ e τ FC e C C+A: Interoperability when compiler pass allocates code & AC τ e τ CA e tuples on heap A A+T: What is ? What is ? e v T A τ e τ AT e How to define contextual equiv. for TAL components ? T How to define logical relation? FCAT Thursday, October 17, 13

Abstract Types & Interoperability Add new type & new value form L � τ � FC v L � τ � Add new type & define ⌈ α ⌉ [ τ / α ] = τ � C � ⌈ α ⌉ Requires novel admissibility relations in logical relation . (draft paper: www.ccs.neu.edu/home/amal/voc.pdf) Thursday, October 17, 13

Challenges / Roadmap F+C: Interoperability semantics F with type abstraction in both languages CF τ e τ FC e C C+A: Interoperability when compiler pass allocates code & AC τ e τ CA e tuples on heap A A+T: What is ? What is ? e v T A τ e τ AT e How to define contextual equiv. for TAL components ? T How to define logical relation? FCAT Thursday, October 17, 13

Challenges / Roadmap F+C: Interoperability semantics F with type abstraction in both languages CF τ e τ FC e C C+A: Interoperability when compiler pass allocates code & AC τ e τ CA e tuples on heap A A+T: What is ? What is ? e v T A τ e τ AT e How to define contextual equiv. for TAL components ? T How to define logical relation? FCAT Thursday, October 17, 13

A ⌧ ::= ↵ | unit | int | 9 ↵ . ⌧ | µ ↵ . ⌧ | box ::= 8 [ ↵ ] . ( ⌧ ) ! ⌧ | h ⌧ , . . . , ⌧ i e ::= ( t , H ) | t ::= x | () | n | t p t | if0 t t t | ` | t [] t | t [ ⌧ ] t | pack h ⌧ , t i as 9 ↵ . ⌧ | unpack h ↵ , x i = t in t | fold µ α . τ t | unfold t | balloc h t i | read [ i ] t p ::= + | � | ⇤ v ::= () | n | pack h ⌧ , v i as 9 ↵ . ⌧ | fold µ α . τ v | ` | v [ ⌧ ] | | h i | · H ::= · | H , ` 7! h h ::= � [ ↵ ]( x : ⌧ ) . t | h v , . . . , v i ! h H 0 | e 0 i Reduction Relation (selected cases) h H | e i 7� h H | ( t , H 0 ) i 7� ! h ( H , H 0 ) | t i dom( H ) \ dom( H 0 ) = ; h H | E [ ` [ ⌧ 0 ] v ] i 7� ! h H | E [ t [ ⌧ 0 / ↵ ][ v / x ]] i H ( ` ) = � [ ↵ ]( x : ⌧ ) . t Thursday, October 17, 13

T ::= ↵ | unit | int | 9 ↵ . ⌧ | µ ↵ . ⌧ ⌧ Type | ref h ⌧ , . . . , ⌧ i | box ::= 8 [ ∆ ] . { � ; � } q | h ⌧ , . . . , ⌧ i Heap value type ::= · | � , r: ⌧ � Register file type ::= ⇣ | • | ⌧ :: � � Stack type q ::= ✏ | r | i | end[ ⌧ ; � ] Return marker ::= · | ∆ , ↵ | ∆ , ⇣ | ∆ , ✏ ∆ Type variable environment ::= ⌧ | � | q ! Instantiation of type variable r ::= r1 | r2 | · · · | r7 | ra Register ::= code[ ∆ ] { � ; � } q . I | h w , . . . , w i h Heap value w ::= () | n | ` | pack h ⌧ , w i as 9 ↵ . ⌧ Word value | fold µ α . τ w | w[ ! ] u ::= w | r | pack h ⌧ , u i as 9 ↵ . ⌧ Small value | fold µ α . τ u | u[ ! ] I ::= ◆ ; I | jmp u | ret q , r Instruction sequence Instruction Thursday, October 17, 13

T | | ::= aop r d , r s , u | bnz r , u | mv r d , u ◆ Instruction | ralloc r d , n | balloc r d , n | ld r d , r s [i] | st r d [i] , r s | unpack h ↵ , r d i u | unfold r d , u | salloc n | sfree n | sld r d , i | sst i , r s aop ::= add | sub | mult Arithmetic operation e ::= (I , H) | I Component v ::= ret q , r Term value E ::= (E I , · ) Evaluation context E I ::= [ · ] Instruction evaluation context H ::= · | H , ` 7! h Heap or Heap fragment R ::= · | R , r 7! w Register file S ::= nil | w :: S Stack M ::= (H , R , S: � ) Memory ! h M 0 | e 0 i Reduction h M | e i 7� Thursday, October 17, 13

Typing TAL Components reg-file return typing marker Ψ ; ∆ ; � ; � ; q ` e : ⌧ ; � 0 type result environ type heap stack stack type typing type on return Thursday, October 17, 13

Well-typed Components in T Ψ ; ∆ ; � ; � ; q ` e : ⌧ ; � 0 ` Ψ ` H : Ψ e boxheap( Ψ e ) ret-type( q , � , � ) = ⌧ ; � 0 ( Ψ , Ψ e ) ; ∆ ; � ; � ; q ` I Ψ ; ∆ ; � ; � ; q ` (I , H) : ⌧ ; � 0 Thursday, October 17, 13

Well-typed Instruction Sequence where q � = � Ψ ; ∆ ; χ ; σ ; q ⊢ I Ψ ; ∆ 0 ; � 0 ; � 0 ; q 0 ` I Ψ ; ∆ ; � ; � ; q ` ◆ ) ∆ 0 ; � 0 ; � 0 ; q 0 Ψ ; ∆ ; � ; � ; q ` ◆ ; I � (r) = box 8 [] . { r 0 : ⌧ ; � } q 0 � (r 0 ) = ⌧ Ψ ; ∆ ; � ; � ; r ` ret r , r 0 � (r) = ⌧ Ψ ; ∆ ; � ; � ; end[ ⌧ ; � ] ` ret end[ ⌧ ; � ] , r Thursday, October 17, 13