Technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro.

Slides:

Advertisements

Similar presentations

A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,

Advertisements

Chapter 4: Control Structures I (Selection)

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Technology from seed Automatic Equivalence Checking of UF+IA Programs Nuno Lopes and José Monteiro.

Semantics Static semantics Dynamic semantics attribute grammars

Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 

Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California,

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

Technology from seed Weakest Precondition Synthesis for Compiler Optimizations Nuno Lopes and José Monteiro.

Partial correctness © Marcelo d’Amorim 2010.

ISBN Chapter 3 Describing Syntax and Semantics.

Program Proving Notes Ellen L. Walker.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 1.

Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.

From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.

VS 3 : Verification and Synthesis using SMT Solvers SMT Solvers for Program Verification Saurabh Srivastava * Sumit Gulwani ** Jeffrey S. Foster * * University.

Program Verification using Templates over Predicate Abstraction Saurabh Srivastava University of Maryland, College Park Sumit Gulwani Microsoft Research,

Describing Syntax and Semantics

Floyd Hoare Logic. Semantics A programming language specification consists of a syntactic description and a semantic description. Syntactic description:symbols.

From Concept to Silicon How an idea becomes a part of a new chip at ATI Richard Huddy ATI Research.

Have Your Verified Compiler And Extend It Too Zachary Tatlock Sorin Lerner UC San Diego.

CC0002NI – Computer Programming Computer Programming Er. Saroj Sharan Regmi Week 7.

1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.

B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.

Chapter 25 Formal Methods Formal methods Specify program using math Develop program using math Prove program matches specification using.

Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

Saeed Ghanbartehrani Summer 2015 Lecture Notes #5: Programming Structures IE 212: Computational Methods for Industrial Engineering.

The Volcano Optimizer Generator Extensibility and Efficient Search.

Operators Precedence - Operators with the highest precedence will be executed first. Page 54 of the book and Appendix B list C's operator precedence. Parenthesis.

Reasoning about programs March CSE 403, Winter 2011, Brun.

Integrating high-level constructs into programming languages Language extensions to make programming more productive Underspecified programs –give assertions,

Chapter 3 Part II Describing Syntax and Semantics.

Semantics In Text: Chapter 3.

COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.

Provably Correct Peephole Optimizations with Alive.

13 Aug 2013 Program Verification. Proofs about Programs Why make you study logic? Why make you do proofs? Because we want to prove properties of programs.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications Chapter.

Cs7100(Prasad)L18-9WP1 Axiomatic Semantics Predicate Transformers.

C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.

Proving Optimizations Correct using Parameterized Program Equivalence University of California, San Diego Sudipta Kundu Zachary Tatlock Sorin Lerner.

Finding and Understanding Bugs in C Compilers Xuejun Yang Yang Chen Eric Eide John Regehr University of Utah.

The PLA Model: On the Combination of Product-Line Analyses 강태준.

IST 210: PHP Logic IST 210: Organization of Data IST2101.

Matching Logic An Alternative to Hoare/Floyd Logic

Reasoning About Code.

Reasoning about code CSE 331 University of Washington.

Proving Loops Testing debugging and verification

Propositional Calculus: Boolean Algebra and Simplification

Programming Languages and Compilers (CS 421)

Improving Reliability of Compilers

Semantics In Text: Chapter 3.

Formal Methods in software development

Advanced Compiler Design

The Zoo of Software Security Techniques

Program Verification with Hoare Logic

COP4020 Programming Languages

Presentation transcript:

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Expectations for Compilers Improve performance Reduce code size Reduce energy consumption 2

technology from seed LLVM 3.2 introduced a Loop Vectorizer Performance improvement of % in benchmarks Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Compilers Do Deliver 3

technology from seed Yang, Chen, Eide, Regehr [PLDI’12]: –79 bugs in GCC (25 P1) –202 bugs in LLVM –2 wrong-code bugs in CompCert Le, Afshari, Su [PLDI’14]: –40 wrong-code bugs in GCC –42 wrong-code bugs in LLVM Last week: –395 open wrong-code bug reports in GCC –14 open wrong-code bug reports in LLVM Automatic Synthesis of Weakest Preconditions for Compiler Optimizations But Compilers are Full of Bugs 4

technology from seed +0.5M LoC added to LLVM last year 20k commits Over 4M LoC in LLVM Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Churn in Compiler’s code 5

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Compilers by Dragon’s Lenses FrontendOptimizersBackend

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Loop Unswitching while I < N do if B then S 1 else S 2 I := I + 1 if B then while I < N do S 1 I := I + 1 else while I < N do S 2 I := I + 1 → S 1, S 2 are template statements B is a template Boolean expression 7

technology from seed Transformation function Precondition Profitability heuristic Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Specifying Compiler Optimizations 8

technology from seed Automatic weakest precondition synthesis for compiler optimizations Automatic partial equivalence checking, applied to compiler optimization verification Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Contributions 9

technology from seed Deriving preconditions by hand is hard; WPs are often non-trivial WPs derived by hand are often wrong! Weaker preconditions expose more optimization opportunities Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Why WP Synthesis for Compiler Optimizations? 10

technology from seed // For a logical right shift, we can fold if the comparison is not // signed. We can also fold a signed comparison if the shifted mask // value and the shifted comparison value are not negative. // These constraints are not obvious, but we can prove that they are // correct using an SMT solver such as "Z3" : // Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Verification to the Rescue: LLVM PR17827 if (ShiftOpcode == Instruction::AShr) { // There may be some constraints that make this possible, // but nothing simple has been discovered yet. CanFold = false; } lib/Transforms/InstCombine/InstCombineCompares.cpp 11

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Loop Unswitching while I < N do if B then S 1 else S 2 I := I + 1 if B then while I < N do S 1 I := I + 1 else while I < N do S 2 I := I + 1 → 12

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Loop Unswitching: Example Instantiation … while I < N do if N > 5 then A := A + N else A := A + 1 I := I + 1 … if N > 5 then while I < N do A := A + N I := I + 1 else while I < N do A := A + 1 I := I + 1 → while I < N do if B then S 1 else S 2 I := I

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Loop Unswitching: Weakest Precondition while I < N do if B then S 1 else S 2 I := I + 1 if B then while I < N do S 1 I := I + 1 else while I < N do S 2 I := I + 1 → 14

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Language of Preconditions 15

technology from seed Books and developers already informally speak about read and write sets Similar to PEC’s Can be efficiently discharged using current compiler technology: –Memory dependence analysis –Alias/pointer analysis –Loop analysis –Range analysis –… Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Language of Preconditions: Suitability 16

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Synthesizing WP for Loop Unswitching while I < N do if B then S 1 else S 2 I := I + 1 if B then while I < N do S 1 I := I + 1 else while I < N do S 2 I := I + 1 → 17

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 1) Find counterexample while I < N do if B then S 1 else S 2 I := I + 1 if B then while I < N do S 1 I := I + 1 else while I < N do S 2 I := I + 1 → B I < N S 1 I := I + 1 I < N S 1 I := I + 1 I ≥ N Pre = true 18

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 2) Synthesize WP for counterexample: VC Gen 19

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 2) Synthesize WP for counterexample: Conditional Ackermannization B 0 and B 1 are equal if the values of the variables in R(B) are equal 20

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 2) Synthesize WP for counterexample: Final constraint S = Read/Write sets V = Vars from VCGen, Must-write vars B I < N S 1 I := I + 1 I < N S 1 I := I + 1 I ≥ N 21

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 2) Synthesize WP for counterexample: Disjunction of all models B I < N S 1 I := I + 1 I < N S 1 I := I + 1 I ≥ N 22

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 3) Iterate until no more counterexamples can be found while I < N do if B then S 1 else S 2 I := I + 1 if B then while I < N do S 1 I := I + 1 else while I < N do S 2 I := I + 1 → 23

technology from seed 1) Find counterexample 2) Generate WP that rules out the counterexample 3) Iterate until no more counterexamples can be found Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Algorithm 24

technology from seed Model generalization Exploit UNSAT cores Bias towards R/W and W/W intersections Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Optimizations 25

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations PSyCO: Results 26

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Example of Synthesized WP: Software Pipelining Precondition: (Weaker than PEC’s [PLDI’09]) 27

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Verifying Optimizations with CORK 28

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations CORK: Partial Equivalence Checking of UF+IA Programs 29

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations CORK: Polynomial Interpolation 30

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations CORK: Results 31

technology from seed Apply to production compilers Synthesize implementation of optimizations (pattern matching, VC Gen, code transformation) Explain reasons for optimization failure Preserve debug info automatically Preserve analysis data across optimizations Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Future Work 32

technology from seed There is significant on-going effort to improve compilers, which compromises correctness Presented the first algorithm for the automatic synthesis of WPs for compiler optimizations Presented the first algorithm for automatic partial equivalence checking of UF+IA programs –Applied to verification of compiler optimizations Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Conclusion 33

technology from seed

Automatic Synthesis of Weakest Preconditions for Compiler Optimizations CORK: UFs -> Polynomials 35

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations 2) Synthesize WP for counterexample: Must-write vs may-write If a variable is in the write set of a statement, it may or may not be written. 36

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Optimizers by Dragon’s Lenses Optimization nOptimization 1 Analysis 1Analysis n … 37

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations An Optimizer from the Future Pattern Matching VC Gen Code Transformer Analysis 1 Analysis n … 38

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations An Optimizer from the Future: Pattern Matching Pattern Matching VC Gen Code Transformer Analysis 1 Analysis n … … while I < N do if N > 5 then A := A + N else A := A + 1 I := I + 1 … if B then S 1 39

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations An Optimizer from the Future: Verification Pattern Matching VC Gen Code Transformer Analysis 1 Analysis n … + Precondition = φ Duality HSF Terminator … Range Analysis Alias Analysis Scalar Evolution … 40

technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations An Optimizer from the Future: Code Transformation Pattern MatchingVC Gen Code Transformer Analysis 1 Analysis n … if B then S 1 if B then skip A := A + 1 if N > 5 then skip 41