1 / 19

Have Your Verified Compiler And Extend It Too

Building robust compilers is difficult due to complex interactions that resist testing. Compiler bugs can invalidate source-level guarantees, and few users extend their compiler leading to hand-optimized, unreadable code. Verified Compilers allow implementing compilers in a proof assistant and proving compiler correctness interactively. DSL-based compilers offer easier extensibility but with weaker guarantees. This contribution adds extensibility to DSL execution engines while maintaining correctness proof with a stronger guarantee than existing solutions like CompCert and PEC. The rewrite rules and main theorems are proved in Coq, ensuring local correctness. Challenges include evaluation and managing case explosion, but the execution engine supports CFG pattern matching and splicing. The evaluation shows 1,000 lines of Coq functional code and 3,000 lines of Coq proof script for a trusted computing base. Extensibility evaluation supports PEC optimizations without manual proof effort, maintaining end-to-end correctness of Compcert. The sample of optimizations includes the Extensible & Correct Compiler Rewrite Rule.

naif
Télécharger la présentation

Have Your Verified Compiler And Extend It Too

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Have Your Verified CompilerAnd Extend It Too Zachary Tatlock Sorin Lerner UC San Diego

  2. Compiler Correctness Building robust compilers is difficult complex interactions resist testing Compiler bugs are contagious invalidate source level guarantees Few users extend their compiler hand optimized, unreadable code

  3. Verified Compilers • Implement compiler in proof assistant • Prove compiler correct interactively • CompCert [Leroy], Lambda Tamer [Chlipala] Strong Guarantee Difficult to Extend

  4. DSL-based Compilers • Domain Specific Language for optimizations • DSL opts proven correct automatically • Rhodium [POPL 05], PEC [PLDI 09] Easier to Extend Weaker Guarantee

  5. Contribution Add Extensibility DSL Execution Engine + Correctness Proof stronger guarantee CompCert XCert CompCert Reduce TCB weaker guarantee PEC PEC harder to extend easier to extend

  6. Extensible & Correct Compiler Correct Compiler Rewrite Rule Main Theorem Proved in Coq : XCert Rules Locally Correct XCert Correct ?  Rewrite PEC Locally Correct • Formal Correctness Proof in Coq • Bulk of the development effort ? [PLDI 09] CompCert CompCert ? XCert C Asm

  7. Extensible & Correct Compiler Rewrite Rule 2  1 PEC 3 Challenges and Evaluation [PLDI 09] CompCert XCert C Asm

  8. [PLDI 09] PEC • Rewrite Rule • Find & Replace • Match Pattern • Cx < 10 • Ix • Apply Subst while(C) I++ I++ while(C) I+= 2 x = 0 while(x < 10) x ++ x ++ return x x = 0 while(x < 10) x += 2 return x

  9. [PLDI 09] PEC A PEC Checker Convert to CFG Guess Sync Points Check w/ SMT while(C) I++ I++ while(C) I+= 2 A C C C C !C !C I ++ I ++ I +=2 I +=2 I ++ I ++ B A  

  10. PEC XCert Module Rule in Coq SMT Checks A B

  11. Extensible & Correct Compiler Rewrite Rule 2  1 PEC 3 Challenges and Evaluation [PLDI 09] XCert

  12. XCert Correctness Proof • Small Step • Execute instruction • Step state S to S’ S S’

  13. XCert Correctness Proof • Equivalent Executions • Initial Equiv • Prove Simulation Diagram • CompCert Small Step Library: • Sim Diagram Progs Equiv Final Equiv L R L’ R’ < L ~ R L  L’ ? <  R’ : R  R’ L’ ~ R’

  14. XCert Simulation Diagram XCert Module A A A B A B

  15. Extensible & Correct Compiler Rewrite Rule 2  1 PEC 3 Challenges and Evaluation [PLDI 09] XCert

  16. Challenges (see paper) XCert Execution Engine • CFG pattern matching • CFG splicing XCert Correctness Proof • Managing case explosion • Verified validation [Tristan and Leroy] • Preserving non-terminating behaviors

  17. Evaluation Engine : 1,000 lines of Coq functional code Proof : 3,000 lines of Coq proof script Trusted Computing Base (TCB) • Compcert : Coq + Coq encoding of C sem • XCert adds : SMT + SMT encoding of C sem

  18. Evaluation Extensibility: Support PEC Opts [PLDI 09] • No manual proof effort or TCB increase • Maintain Compcert end-to-end correctness Sample of Optimizations Run:

  19. Extensible & Correct Compiler Rewrite Rule 2  1 PEC [PLDI 09] XCert Thank You!

More Related