Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rahul Sharma, Eric Schkufza, Berkeley Churchill, Alex Aiken.

Published byToby Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Rahul Sharma, Eric Schkufza, Berkeley Churchill, Alex Aiken."— Presentation transcript:

1 Rahul Sharma, Eric Schkufza, Berkeley Churchill, Alex Aiken

2  Prove two programs are equivalent  Compiler optimizations  Validate refactorings  Cross checking different implementations  Old and well studied problem  Undecidable in general  Major challenge: prove equivalence of loops  Straight line programs relatively easy

3  Prove equivalence of two binaries … while … … while … … Trustworthy Compiler CompCert, gcc –O0 Optimizing Compiler gcc –O3, icc –O3

4 Straight Line Code Straight Line Code Trustworthy Compiler CompCert, gcc –O0 STOKE (ASPLOS 13) Random mutations … while … … while … …

5  Do not support “while” loops: [CHR00], [FH02], [FH05], [AEF + 05], [SBC + 05], [MSF06]  Do not reason about termination: [SDE + 08], [GS09], [RE11], [LHM + 12], [PY13], [LMS + 13]  Translation validation: [Nec00],[GZB05], …  Need information from the compiler

6  Decompose proof movq 8(rsp), rdi #rdi != 0 movq 8(rsp), rdi decq rdi movq rdi, 8(rsp) retq movq 8(rsp), r9 #r9 != 0 decq r9retq a a’ bb’ cc’

7  Given a simulation relation, proofs for loops reduce to proofs for loop free fragments  Use decision procedures  Main challenge: infer a simulation relation  Infer synchronization points  Infer invariants  We use compilers as black boxes  Mine relations from concrete executions

8  Run some tests to get data  From executions, unit tests, random tests, etc.

9 B retq B’ retq 2nn B;B n

10  Attempt to detect synchronization points  Number of times program points are executed  Values align movq 8(rsp), rdi #rdi != 0 movq 8(rsp), rdi decq rdi movq rdi, 8(rsp) retq movq 8(rsp), r9 #r9 != 0 decq r9retq n 1n n+1 n

11  Invariants are restricted to equalities  Infer invariants from observed data values 8(rsp)rdi 22 11 00 movq 8(rsp), rdi #rdi != 0 movq 8(rsp), rdi decq rdi movq rdi, 8(rsp) retq

12  Invariants are restricted to equalities  Infer invariants from observed data values 8(rsp)rdir9’ 222 111 000 movq 8(rsp), r9 #r9 != 0 decq r9retq

13 8(rsp)rdir9’ 222 111 000

14  The executions are synchronized  The invariants are maintained movq 8(rsp), rdi #rdi != 0 movq 8(rsp), rdi decq rdi movq rdi, 8(rsp) retq movq 8(rsp), r9 #r9 != 0 decq r9retq a a’ bb’ cc’ States equal Live outs equal

15  The executions are synchronized  The invariants are maintained  Queries in quantifier free bitvector arithmetic  Complete SMT solvers!  Incorporate counter-examples in relations  Sound but not complete  If checking succeeds then equivalent  Can fail to infer a sound simulation relation

16  Insufficient data to infer a sound relation  Expressiveness of invariants  Inequalities, quantifiers, etc.  Expressiveness of SMT solver  Floating point, multiply, divide, etc.

17  Run tests and generate data  https://github.com/eschkufz/x64asm https://github.com/eschkufz/x64asm  Nullspace computation  libIML: integer matrix library  SMT solver: Z3

18  Compute kernel inside OpenSSL  Validating CompCert against gcc  Stochastic optimization for loops

19  Multiplication kernel  Extensive performance tests  Run the kernel ~15 million times  Choose 16 random tests for inference  Compile with gcc –O0 and gcc –O3  Successfully prove equivalence

20

21

22 ProgramStoke vs gcc -O0Stoke vs gcc –O3 Bansal1.58X1.04X SAXPY9.22X1.48X

23  Prove equivalence of loops in two stages  Infer simulation relation  Check the inferred relation using SMT solvers  Use runtime data for inference  No change required to the compilers  Better verifiers lead to better optimizers

24  M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program., 69(1-3):35–45, 2007  T. Nguyen, D. Kapur, W. Weimer, and S. Forrest. Using dynamic analysis to discover polynomial and array invariants. ICSE 2012  P. Garg, C. Löding, P. Madhusudan, D. Neider: Learning Universally Quantified Invariants of Linear Data Structures. CAV 2013  R. Sharma, S. Gupta, B. Hariharan, A. Aiken, P. Liang, A. V. Nori: A Data Driven Approach for Algebraic Loop Invariants. ESOP 2013  R. Sharma, S. Gupta, B. Hariharan, A. Aiken, A. V. Nori: Verification as Learning Geometric Concepts. SAS 2013  A.V. Nori, R. Sharma: Termination proofs from tests. ESEC/SIGSOFT FSE 2013

Download ppt "Rahul Sharma, Eric Schkufza, Berkeley Churchill, Alex Aiken."

Similar presentations

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.

Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Termination Proofs from Tests

Termination Proofs from Tests
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.
1 Regression-Verification Benny Godlin Ofer Strichman Technion.

1 Regression-Verification Benny Godlin Ofer Strichman Technion.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.

1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
SymDiff: Leveraging Program Verification for Comparing Programs Shuvendu Lahiri Research in Software Engineering (RiSE), Microsoft Research, Redmond Contributors:

SymDiff: Leveraging Program Verification for Comparing Programs Shuvendu Lahiri Research in Software Engineering (RiSE), Microsoft Research, Redmond Contributors:
Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya Nori (Stanford, UC Berkeley, Microsoft Research India) Verification as Learning.

Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya Nori (Stanford, UC Berkeley, Microsoft Research India) Verification as Learning.
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.

Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.
Technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro.

Technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro.
Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates.

Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates.
Discovering Affine Equalities Using Random Interpretation Sumit Gulwani George Necula EECS Department University of California, Berkeley.

Discovering Affine Equalities Using Random Interpretation Sumit Gulwani George Necula EECS Department University of California, Berkeley.
1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.

1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.
CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.

CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.

Similar presentations

Ads by Google