1 / 19

Have Your Verified Compiler And Extend It Too

Have Your Verified Compiler And Extend It Too. Zachary Tatlock Sorin Lerner UC San Diego. Compiler Correctness. Building robust compilers is difficult complex interactions resist testing. Compiler bugs are contagious invalidate source level guarantees.

naif
Télécharger la présentation

Have Your Verified Compiler And Extend It Too

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Have Your Verified CompilerAnd Extend It Too Zachary Tatlock Sorin Lerner UC San Diego

  2. Compiler Correctness Building robust compilers is difficult complex interactions resist testing Compiler bugs are contagious invalidate source level guarantees Few users extend their compiler hand optimized, unreadable code

  3. Verified Compilers • Implement compiler in proof assistant • Prove compiler correct interactively • CompCert [Leroy], Lambda Tamer [Chlipala] Strong Guarantee Difficult to Extend

  4. DSL-based Compilers • Domain Specific Language for optimizations • DSL opts proven correct automatically • Rhodium [POPL 05], PEC [PLDI 09] Easier to Extend Weaker Guarantee

  5. Contribution Add Extensibility DSL Execution Engine + Correctness Proof stronger guarantee CompCert XCert CompCert Reduce TCB weaker guarantee PEC PEC harder to extend easier to extend

  6. Extensible & Correct Compiler Correct Compiler Rewrite Rule Main Theorem Proved in Coq : XCert Rules Locally Correct XCert Correct ?  Rewrite PEC Locally Correct • Formal Correctness Proof in Coq • Bulk of the development effort ? [PLDI 09] CompCert CompCert ? XCert C Asm

  7. Extensible & Correct Compiler Rewrite Rule 2  1 PEC 3 Challenges and Evaluation [PLDI 09] CompCert XCert C Asm

  8. [PLDI 09] PEC • Rewrite Rule • Find & Replace • Match Pattern • Cx < 10 • Ix • Apply Subst while(C) I++ I++ while(C) I+= 2 x = 0 while(x < 10) x ++ x ++ return x x = 0 while(x < 10) x += 2 return x

  9. [PLDI 09] PEC A PEC Checker Convert to CFG Guess Sync Points Check w/ SMT while(C) I++ I++ while(C) I+= 2 A C C C C !C !C I ++ I ++ I +=2 I +=2 I ++ I ++ B A  

  10. PEC XCert Module Rule in Coq SMT Checks A B

  11. Extensible & Correct Compiler Rewrite Rule 2  1 PEC 3 Challenges and Evaluation [PLDI 09] XCert

  12. XCert Correctness Proof • Small Step • Execute instruction • Step state S to S’ S S’

  13. XCert Correctness Proof • Equivalent Executions • Initial Equiv • Prove Simulation Diagram • CompCert Small Step Library: • Sim Diagram Progs Equiv Final Equiv L R L’ R’ < L ~ R L  L’ ? <  R’ : R  R’ L’ ~ R’

  14. XCert Simulation Diagram XCert Module A A A B A B

  15. Extensible & Correct Compiler Rewrite Rule 2  1 PEC 3 Challenges and Evaluation [PLDI 09] XCert

  16. Challenges (see paper) XCert Execution Engine • CFG pattern matching • CFG splicing XCert Correctness Proof • Managing case explosion • Verified validation [Tristan and Leroy] • Preserving non-terminating behaviors

  17. Evaluation Engine : 1,000 lines of Coq functional code Proof : 3,000 lines of Coq proof script Trusted Computing Base (TCB) • Compcert : Coq + Coq encoding of C sem • XCert adds : SMT + SMT encoding of C sem

  18. Evaluation Extensibility: Support PEC Opts [PLDI 09] • No manual proof effort or TCB increase • Maintain Compcert end-to-end correctness Sample of Optimizations Run:

  19. Extensible & Correct Compiler Rewrite Rule 2  1 PEC [PLDI 09] XCert Thank You!

More Related