a logical study of program equivalence
play

A Logical Study of Program Equivalence Guilhem Jaber Ecole des - PowerPoint PPT Presentation

Feb 02, 2023 •147 likes •1.09k views

A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola PhD Defense Institut Henri Poincar e (Paris) July 11th 2014 1 / 38 Why study the Equivalence of Programs ? Specification of programs

  1. A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola PhD Defense Institut Henri Poincar´ e (Paris) July 11th 2014 1 / 38

  2. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. 2 / 38

  3. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. Compiler optimizations. � Towards verified compilers. 2 / 38

  4. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. Compiler optimizations. � Towards verified compilers. Representation independence of Data � Parametricity, Free theorems. 2 / 38

  5. Why study the Equivalence of Programs ? Specification of programs � Equivalence between a program we can trust and an optimized one. Compiler optimizations. � Towards verified compilers. Representation independence of Data � Parametricity, Free theorems. Crucial in denotational semantics � Full-abstraction result. 2 / 38

  6. What kind of Equivalence ? Contextual Equivalence � Programs seen as black boxes. 3 / 38

  7. What kind of Equivalence ? Contextual Equivalence � Programs seen as black boxes. Extensional behavior of programs � Observational equivalence. 3 / 38

  8. What kind of Equivalence ? Contextual Equivalence � Programs seen as black boxes. Extensional behavior of programs � Observational equivalence. Depends on the language contexts are written in � discriminating power of contexts, � from purely functional languages to assembly code. 3 / 38

  9. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } 4 / 38

  10. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 4 / 38

  11. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 4 / 38

  12. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 No pointer arithmetic: ( ℓ + 1) is ill-typed But equality test: ℓ 1 == ℓ 2 is well-typed 4 / 38

  13. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 No pointer arithmetic: ( ℓ + 1) is ill-typed But equality test: ℓ 1 == ℓ 2 is well-typed Full recursion (via“Landin”knot). 4 / 38

  14. For what kind of Language: RefML A typed call-by-value λ -calculus: ( λ x : τ. M ) v → M { v / x } with Integers and Booleans: if b then 0 else n + 1 with higher-order references: ref 2 , ref ( λ x . M ) stored in heap via locations: ( ref v , h ) → ( ℓ, h · [ ℓ �→ v ]) ( ℓ fresh in h ) mutable: x :=! x + 1 No pointer arithmetic: ( ℓ + 1) is ill-typed But equality test: ℓ 1 == ℓ 2 is well-typed Full recursion (via“Landin”knot). Contextual equivalence of M 1 , M 2 : ∀ C . ∀ h . ( C [ M 1 ] ⇓ , h ) ⇐ ⇒ ( C [ M 2 ] ⇓ , h ) 4 / 38

  15. Synchronization of Callbacks (I/II) λ f . f () is not equivalent to λ f . f (); f () 5 / 38

  16. Synchronization of Callbacks (I/II) λ f . f () is not equivalent to λ f . f (); f () � Contexts can check how many time f is called. � Callbacks are fully observable! C [ • ] def = let x = ref 0 in • ( λ . x :=! x + 1 ); if ! x > 1 then Ω else () can discriminate them. 5 / 38

  17. Synchronization of Callbacks (II/II) λ f . ( f 1 ) + ( f 2 ) is not equivalent to λ f . ( f 2 ) + ( f 1 ) 6 / 38

  18. Synchronization of Callbacks (II/II) λ f . ( f 1 ) + ( f 2 ) is not equivalent to λ f . ( f 2 ) + ( f 1 ) � Arguments given to callbacks must be related. C [ • ] def = let x = ref 0 in • ( λ y . x := y ); if ! x == 1 then Ω else () can discriminate them. 6 / 38

  19. Disclosure of Locations (I/II) λ . let x = ref0 in 1 is equivalent to λ . 1 � The creation of the reference bounded to x is not observable by the context. � It is private to the term! 7 / 38

  20. Disclosure of Locations (II/II) λ f . let x = ref0 in fx ; x := 1 is not equivalent to λ f . let x = ref0 in fx ; x := 2 8 / 38

  21. Disclosure of Locations (II/II) λ f . let x = ref0 in fx ; x := 1 is not equivalent to λ f . let x = ref0 in fx ; x := 2 � The reference bounded to x is disclosed to the context. � It can look inside afterward to see what is stored. C [ • ] def = let z = ref ( ref 0 ) in • ( λ y . z := y ); if !! z == 1 then Ω else () can discriminate them. 8 / 38

  22. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. 9 / 38

  23. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. Nominal Game Semantics (Murawski & Tzevelekos, LICS’11) � Fully-abstract for RefML � Trace representation (Laird, ICALP’07) � automata-based interpretation: Algorithmic Game Semantics. 9 / 38

  24. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. Nominal Game Semantics (Murawski & Tzevelekos, LICS’11) � Fully-abstract for RefML � Trace representation (Laird, ICALP’07) � automata-based interpretation: Algorithmic Game Semantics. Kripke Logical Relations � World as heap-invariants (Pitts & Stark) � Evolution of invariants (Ahmed, Dreyer, Neis & Birkedal). 9 / 38

  25. How to prove equivalence of programs of RefML ? Contextual equivalence is hard to reason on � Quantification over any contexts and heaps. Nominal Game Semantics (Murawski & Tzevelekos, LICS’11) � Fully-abstract for RefML � Trace representation (Laird, ICALP’07) � automata-based interpretation: Algorithmic Game Semantics. Kripke Logical Relations � World as heap-invariants (Pitts & Stark) � Evolution of invariants (Ahmed, Dreyer, Neis & Birkedal). Bisimulations � Environmental Bisimulations (Pierce & Sumii, Koutavas, Wand) � Open Bisimulations (Lassen, Levy, Stovring). � Parametric Bisimulations (Hur, Dreyer & Vafeiadis). 9 / 38

  26. The Ultimate Goal of this Thesis Formalize proofs of equivalence of programs: � in a Proof Assistant based on Dependent Type Theory (Coq), � abstracting over bureaucracy details (step-indexing, evolution of worlds,...). 10 / 38

  27. The Ultimate Goal of this Thesis Formalize proofs of equivalence of programs: � in a Proof Assistant based on Dependent Type Theory (Coq), � abstracting over bureaucracy details (step-indexing, evolution of worlds,...). Model-check equivalence of programs: � Only need to give precise enough invariants on heaps and their evolution w.r.t. control flow (i.e. worlds), � Model-check a formula, representing the equivalence of programs, with such worlds. 10 / 38

  28. The Ultimate Goal of this Thesis Formalize proofs of equivalence of programs: � in a Proof Assistant based on Dependent Type Theory (Coq), � abstracting over bureaucracy details (step-indexing, evolution of worlds,...). Model-check equivalence of programs: � Only need to give precise enough invariants on heaps and their evolution w.r.t. control flow (i.e. worlds), � Model-check a formula, representing the equivalence of programs, with such worlds. Decide equivalence of programs: � undecidable in general, even without recursion and with bounded integers (Murawski & Tzevelekos) � but for fragments of the language � by generating such worlds, � need completeness of our approach. 10 / 38

  29. Formalize Proofs of Equivalence of Programs (in MLTT) Want to abstract over bureaucracy details: Step-indexing (Appel & McAlester, Ahmed) � Necessary to break circularity in definitions, � But“pollutes”the proof with tedious details. 11 / 38

  30. Formalize Proofs of Equivalence of Programs (in MLTT) Want to abstract over bureaucracy details: Step-indexing (Appel & McAlester, Ahmed) � Necessary to break circularity in definitions, � But“pollutes”the proof with tedious details. Solution: use modality ⊲ to abstract over it. � Using G¨ odel-Lob Logic (Appel, Mellies, Richards & Vouillon, Nakano). 11 / 38

  31. Formalize Proofs of Equivalence of Programs (in MLTT) Want to abstract over bureaucracy details: Step-indexing (Appel & McAlester, Ahmed) � Necessary to break circularity in definitions, � But“pollutes”the proof with tedious details. Solution: use modality ⊲ to abstract over it. � Using G¨ odel-Lob Logic (Appel, Mellies, Richards & Vouillon, Nakano). Problem: extend this solution to Type Theory � Guarded Recursive Types in Topos of Tree (Birkedal et al.). 11 / 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation normal form of propositional formulae Valentin Goranko Stockholm University September 2016 Goranko Logical equivalence of propositional formulae

336 views • 7 slides
Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.3 Logical equivalence Negation normal form of propositional formulae Valentin Goranko Stockholm University September 2016 Goranko Logical equivalence of propositional formulae

703 views • 52 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville /

Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville /

Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville / Geoffrey Tien 1 Announcements Pre-class quiz #4, due Sunday, Jan.26, 19:00 Epp 4e/5e: Chapter 2.3 Pre-class quiz #5, due Sunday, Feb.02, 19:00

212 views • 19 slides
1 Problem : Outline 4-Segment LED Display Prereqs, Learning Goals, and Quiz Notes Problem :

1 Problem : Outline 4-Segment LED Display Prereqs, Learning Goals, and Quiz Notes Problem :

snick Outline snack Prereqs, Learning Goals, and Quiz Notes Problems and Discussion CPSC 121: Models of Computation Logical equivalence practice 2016W2 How to write a logical equivalence proof A flaw in our model

138 views • 10 slides
Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College

Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College

Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College London Wood, Drossopoulou (Imperial College London) Program Equivalence October 2014 1 / 30 Context Program maintenance is a common and important

1.02k views • 61 slides
Revision on propositional logic: Propositions. Logical Connectives. Truth values and truth

Revision on propositional logic: Propositions. Logical Connectives. Truth values and truth

Revision on propositional logic: Propositions. Logical Connectives. Truth values and truth tables. Propositional formulae. Tautologies. Logical equivalence. Logical consequence. Logical correctness of propositional arguments. Valentin Goranko

600 views • 20 slides
Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley

Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley

Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley Weimer, UVA Zachary P . Fry, UVA Stephanie Forrest, UNM Automated Program Repair Given a program, a notion of correct behavior, and evidence

679 views • 30 slides
On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo Perrin June 3, 2019 Fq14, Vancouver Setting up the background Cryptographic properties Equivalence classes CCZ-equivalence Cryptographic

885 views • 63 slides
From Program Synthesis to Optimal Program . . . Optimal Program Synthesis Logical Interpretation

From Program Synthesis to Optimal Program . . . Optimal Program Synthesis Logical Interpretation

Need for Data . . . Program Synthesis Wave Algorithm for . . . Boolean Logic . . . From Program Synthesis to Optimal Program . . . Optimal Program Synthesis Logical Interpretation . . . A Seemingly Natural . . . Counter-Example to . . .

725 views • 24 slides
Equational Logic. Part 1 Roland Backhouse February 6th, 2001 2 Outline The Logical

Equational Logic. Part 1 Roland Backhouse February 6th, 2001 2 Outline The Logical

1 Equational Logic. Part 1 Roland Backhouse February 6th, 2001 2 Outline The Logical Connectives. Properties of Equality. Properties of Equivalence. Negation 3 Logical Connectives Proofs involve two components: Reasoning

523 views • 27 slides
Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program Transformations VPT 2018 Thessaloniki 20 April 2018 Bernhard Beckert, Timo Bingman, Moritz Kiefer, Peter Sanders, Mattias Ulbrich , Alexander Weigl www.kit.edu

968 views • 60 slides
Checking NFA Equivalence with Bisimulations up to Congruence Filippo Bonchi and Damien Pous

Checking NFA Equivalence with Bisimulations up to Congruence Filippo Bonchi and Damien Pous

Checking NFA Equivalence with Bisimulations up to Congruence Filippo Bonchi and Damien Pous CNRS, LIP, ENS Lyon POPL, Roma, 25.1.2o13 Language equivalence of finite automata Useful for model checking: check that a program refines its

1.36k views • 92 slides
On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin June 18, 2018 BFA2018 Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G x B F A x C x , where A B C

1.11k views • 98 slides
Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Propositional Logic Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically) equivalent if A ( F ) = A ( G ) for every assignment A that is suitable for both F and G . We write F G to denote that F and G

276 views • 12 slides
Program Equivalence in Linear Contexts Yu Zhang Institute of Software, Chinese Academy of

Program Equivalence in Linear Contexts Yu Zhang Institute of Software, Chinese Academy of

Program Equivalence in Linear Contexts Yu Zhang Institute of Software, Chinese Academy of Sciences Joint work with Yuxing Deng (BASICS, SJTU) Beijing November 5, 2013 An Example Are the following two programs contextually equivalent? def

450 views • 22 slides
Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios stabilization scenarios Junichi Fujino NIES, Japan The 9th AIM International Workshop; 12-13, March 2004 National Institute for Environmental Studies,

547 views • 20 slides
ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang

ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang

ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang Mathur 2 Stefan Schwoon 3 1 Computer Science Department University of Missouri Columbia, Missouri, USA 2 Department of Computer Science and Engineering

398 views • 35 slides
Higher-Order Acausal Models 2nd International Workshop on Equation-Based Object-Oriented

Higher-Order Acausal Models 2nd International Workshop on Equation-Based Object-Oriented

Higher-Order Acausal Models 2nd International Workshop on Equation-Based Object-Oriented Languages and Tools (EOOLT) Paphos, Cyprus, July 8, 2008 Peter Fritzson David Broman Department of Computer and Department of Computer and Information

674 views • 30 slides
RECURSIVE DEEP MODELS FOR SEMANTIC COMPOSITIONALITY OVER A SENTIMENT TREEBANK Richard Socher,

RECURSIVE DEEP MODELS FOR SEMANTIC COMPOSITIONALITY OVER A SENTIMENT TREEBANK Richard Socher,

RECURSIVE DEEP MODELS FOR SEMANTIC COMPOSITIONALITY OVER A SENTIMENT TREEBANK Richard Socher, Alex Perelygin, Jean Y. Wu, Jason Chuang, Christopher D. Manning, Andrew Y. Ng and Christopher Potts Presented By: Dwayne Campbell Overview

298 views • 19 slides
United Electronic Recycling Agenda United Electronic Recycling Introduction Customer

United Electronic Recycling Agenda United Electronic Recycling Introduction Customer

United Electronic Recycling Agenda United Electronic Recycling Introduction Customer Benefits Why are we Recycling? What are we Recycling? Recycling Process Customer Engagement United Electronic Recycling Introduction

311 views • 10 slides
Recycling Cart Program: 2019 Expansion City of Reading Public Works Department

Recycling Cart Program: 2019 Expansion City of Reading Public Works Department

Recycling Cart Program: 2019 Expansion City of Reading Public Works Department Sustainability/Solid Waste Division Presentation Roadmap Why Recycle? Fundamental Need 1. Pilot Program Overview 2. Resident Feedback? Positive 3. Expansion

201 views • 16 slides
My Recycling Presentation Mayra Chanon Washington High School South Bend, IN The moment I got

My Recycling Presentation Mayra Chanon Washington High School South Bend, IN The moment I got

My Recycling Presentation Mayra Chanon Washington High School South Bend, IN The moment I got accepted into the Student Recycling Leadership Corps, I already had two prospective ideas in mind for my two recycling projects. 1 st Project

561 views • 21 slides
DRAFT Metropolitan Nashville and Davidson County Davidson County Solid Waste Region Board and

DRAFT Metropolitan Nashville and Davidson County Davidson County Solid Waste Region Board and

DRAFT Metropolitan Nashville and Davidson County Davidson County Solid Waste Region Board and Solid Waste Task Force Meeting May 21, 2019 The State of Solid Waste Management in Metro Nashville and Davidson County MSW Waste Landfilled,

522 views • 20 slides

More recommend