adding support for c contracts to clang
play

ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student - PowerPoint PPT Presentation

Mar 02, 2024 •28 likes •418 views

and some thoughts around their application Javier Lpez-Gmez 8th April 2019 Computer Science and Engineering Department, University Carlos III of Madrid ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture

  1. …and some thoughts around their application Javier López-Gómez 8th April 2019 Computer Science and Engineering Department, University Carlos III of Madrid ADDING SUPPORT FOR C++ CONTRACTS TO CLANG

  2. A CS PhD. student (Computer Architecture and Technology Area) Spent some time hacking the Linux kernel, embedded software, electronics… (low-level stuff!) Now: working on Clang for the last year 1/27 Who am I?

  3. 1 Introduction 2 Background 3 Supporting the P0542R5 TS in Clang 4 CSV: an extension to TSan that uses contracts 5 Conclusion 2/27 Agenda

  4. 1 Introduction 2 Background 3 Supporting the P0542R5 TS in Clang 4 CSV: an extension to TSan that uses contracts 5 Conclusion 3/27 Agenda

  5. …or other (non-standard) user-defjned macro/function. This might be improved! 4/27 In C++17… Compile-time: static_assert(…) Run-time: C89 assert(…) But assert(…) is a macro which expands to nothing for a production build.

  6. 5/27 Declaration (probably in a header fjle): But in C++20 we might have… int f(int x) [[expects default: x > 0]] // low-cost precondition [[expects audit: sanity_chk(x)]] // high computational cost [[ensures ret: ret > 0]]; // postcondition Defjnition (in .cpp fjle): int f(int x) { … }

  7. 1 Introduction 2 Background 3 Supporting the P0542R5 TS in Clang 4 CSV: an extension to TSan that uses contracts 5 Conclusion 6/27 Agenda

  8. function. Precondition: What are the expectations of the function? —Evaluated at function entry Postconditions: What must the function ensure upon termination? —Evaluated at function exit Assertion: 7/27 The C++ contract TS (P0542R5) (1/5) P0542R5: a proposal to support contracts in C++. Contract: the set of preconditions, postconditions and assertions associated to a [[expects: …]] [[ensures: …]]

  9. function. Precondition: What are the expectations of the function? —Evaluated at function entry Postconditions: What must the function ensure upon termination? —Evaluated at function exit Assertion: 7/27 The C++ contract TS (P0542R5) (1/5) P0542R5: a proposal to support contracts in C++. Contract: the set of preconditions, postconditions and assertions associated to a [[expects: …]] [[ensures: …]]

  10. function. Precondition: What are the expectations of the function? —Evaluated at function entry Postconditions: What must the function ensure upon termination? —Evaluated at function exit Assertion: 7/27 The C++ contract TS (P0542R5) (1/5) P0542R5: a proposal to support contracts in C++. Contract: the set of preconditions, postconditions and assertions associated to a [[expects: …]] [[ensures: …]]

  11. function. Precondition: What are the expectations of the function? —Evaluated at function entry Postconditions: What must the function ensure upon termination? —Evaluated at function exit Assertion: 7/27 The C++ contract TS (P0542R5) (1/5) P0542R5: a proposal to support contracts in C++. Contract: the set of preconditions, postconditions and assertions associated to a [[expects: …]] [[ensures: …]]

  12. function. Precondition: What are the expectations of the function? —Evaluated at function entry Postconditions: What must the function ensure upon termination? —Evaluated at function exit Assertion: Do I need to defjne this? 7/27 The C++ contract TS (P0542R5) (1/5) P0542R5: a proposal to support contracts in C++. Contract: the set of preconditions, postconditions and assertions associated to a [[expects: …]] [[ensures: …]]

  13. function. Precondition: What are the expectations of the function? —Evaluated at function entry Postconditions: What must the function ensure upon termination? —Evaluated at function exit Assertion: Do I need to defjne this? A predicate that should hold at a specifjc location of the function body. 7/27 The C++ contract TS (P0542R5) (1/5) P0542R5: a proposal to support contracts in C++. Contract: the set of preconditions, postconditions and assertions associated to a [[expects: …]] [[ensures: …]] [[assert: …]]

  14. A translation is carried out in a specifjc build level (off, default, audit). 8/27 The C++ contract TS (P0542R5) (2/5) You can include an assertion level [[assert HERE: …]] … axiom. Not evaluated at run-time (useful for static analysis/optimizer). default/audit. Indicate the relative computational cost of the checks.

  15. and can be used to refer to the return value of the function. 9/27 The C++ contract TS (P0542R5) (3/5) ensures -only: an identifjer may be introduced [[ensures default HERE: …]]

  16. Alternatively, the user can specify a handler (per-translation). 10/27 The C++ contract TS (P0542R5) (4/5) By default, a violated contract invokes std::terminate() . std::terminate() may optionally be called after return. void (const std::contract_violation &); // the type of a handler class contract_violation { public: int line_number() const noexcept; string_view file_name() const noexcept; string_view function_name() const noexcept; string_view comment() const noexcept; string_view assertion_level() const noexcept; };

  17. Alternatively, the user can specify a handler (per-translation). 10/27 The C++ contract TS (P0542R5) (4/5) By default, a violated contract invokes std::terminate() . std::terminate() may optionally be called after return. void (const std::contract_violation &); // the type of a handler class contract_violation { public: int line_number() const noexcept; string_view file_name() const noexcept; string_view function_name() const noexcept; string_view comment() const noexcept; string_view assertion_level() const noexcept; };

  18. A contract… …has no observable effect on a correct program (except performance): UB if side-effects. …might be a convenient to provide additional information to the optimizer/3 rd -party libraries. 11/27 The C++ contract TS (P0542R5) (5/5)

  19. 1 Introduction 2 Background 3 Supporting the P0542R5 TS in Clang 4 CSV: an extension to TSan that uses contracts 5 Conclusion 12/27 Agenda

  20. xxx.cpp Lex IR etc.) 13/27 Required changes to the Clang FE (1/2) Parse Sema AST CodeGen Figure 1: Patched Clang components Parse. Updated due to the proposed grammar changes for contract attributes. Sema. Most of the code is here (Decl injection, merging attributes, instantiation, AST. Small changes to the ASTContext and FunctionDecl classes. CodeGen. Run-time checks code generation.

  21. 14/27 … pre/post-conditions will be forced inline. (1) (synthesized): evaluates … post-conditions. (2) Required changes to the Clang FE (2/2) (1) : copy the f FunctionDecl; the copy ( g ) owns the original body of f EmitGlobal(g) g f GenerateCode(f) (2) : body of f replaced Figure 2: CodeGen for functions that have pre-conditions + calls g + evaluates

  22. 15/27 Required changes to the Clang FE (3/3) int f(int x) define i32 @_Z1fi ( i32 returned %x) [[expects: x==2]]; local_unnamed_addr #0 { … entry: % cmp = icmp eq i32 %x, 2 int f(int x) { br i1 %cmp, label %if.end, return x; label %if.then } if.then: tail call void @_ZSt9terminatev() #2 unreachable if.end: ret i32 2 } Figure 3: A function (+precondition) and its LLVM IR

  23. 16/27 “axiom mode”) Applying the “p1290r0” fjx ISSUE: Assuming contracts that were not checked was a source of UB. FIX: Do not assume unchecked contracts (except axiom (depending on the Added the -axiom-mode= command line option.

  24. 17/27 Evaluation (1/2) What? GNU libstdc++ std::basic_string How? Replaced the __glibcxx_assert macro by [[assert: …]] or [[expects: …]] and compared the run-time overhead (10000 iterations).

  25. 18/27 Evaluation (2/2) Benchmark 6(-O2) - Time Comparison Benchmark 2(-O2) - Time Comparison 4500 5000 No Contracts Version No Contracts Version 4500 Contracts Version 4400 Contracts Version 4000 4300 Time(milliseconds) Time(milliseconds) 3500 4200 3000 4100 2500 4000 2000 3900 1500 3800 1000 3700 500 3600 0 0 1000 2000 3000 4000 5000 6000 0 1000 2000 3000 4000 5000 6000 String Size(characters) String Size(characters) Figure 5: Find and replace 3-char substring Figure 4: Swap characters ( -O2 ) in a random string ( -O2 )

  26. Open-sourced (GitHub) 1 : 1 To be rebased on top of the current development branch and submitted for code review. 19/27 DEMO: a P0542R5-enabled Clang Try it: http://fragata.arcos.inf.uc3m.es/ https://github.com/arcosuc3m/clang-contracts/

  27. interface third party libraries. To prove this point, we built something on top of this… 20/27 But wait, that’s not all! C++ contracts may also be used as annotations for static analyzers ( axiom ) or to

  28. 1 Introduction 2 Background 3 Supporting the P0542R5 TS in Clang 4 CSV: an extension to TSan that uses contracts 5 Conclusion 21/27 Agenda

  29. (only 1 producer + 1 consumer). (that use C++ contracts). 22/27 ISSUE: TSan and lock-free data structures ISSUE: ThreadSanitizer reports false positives using a Boost lock-free SPSC queue FIX: extend ThreadSanitizer to honour user-defjned data structure semantics

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Even Better C++ Performance and Productivity Enhancing Clang to Support Just-in-Time Compilation

Even Better C++ Performance and Productivity Enhancing Clang to Support Just-in-Time Compilation

Even Better C++ Performance and Productivity Enhancing Clang to Support Just-in-Time Compilation of Templates Hal Finkel Leadership Computing Facility Argonne National Laboratory hfinkel@anl.gov

454 views • 42 slides
Integrating GPU Support for OpenMP Offloading Directives into Clang Carlo Bertolli , Samuel F.

Integrating GPU Support for OpenMP Offloading Directives into Clang Carlo Bertolli , Samuel F.

Integrating GPU Support for OpenMP Offloading Directives into Clang Carlo Bertolli , Samuel F. Antao, Gheorghe-Teodor Bercea, Arpith C. Jacob, Alexandre E. Eichenberger, Tong Chen, Zehra Sura, Hyojin Sung, Georgios Rokos, David Appelhans, Kevin

597 views • 32 slides
An update on Clang-based C++ Tooling Manuel Klimek Daniel Jasper Tomorrowland (from Euro LLVM

An update on Clang-based C++ Tooling Manuel Klimek Daniel Jasper Tomorrowland (from Euro LLVM

An update on Clang-based C++ Tooling Manuel Klimek Daniel Jasper Tomorrowland (from Euro LLVM DevMeeting 2012) Tools Editor integration clang-format Emacs clang-lint Vim clang-rename Eclipse

122 views • 8 slides
How the Judiciary should or could support the new ADR Procedure in Construction Contracts

How the Judiciary should or could support the new ADR Procedure in Construction Contracts

How the Judiciary should or could support the new ADR Procedure in Construction Contracts Stavros Pavlou Senior and Managing Partner Patrikios Pavlou & Associates LLC 24 th April 2018 ADR in FIDIC Contracts and the Cyprus Perspective The

500 views • 10 slides
Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs at compile time by inspecting your source code Bugs it finds are more sophisticated than warnings or Clang-Tidy Clang Static Analyzer 1

544 views • 29 slides
Life of an instruction in Clang / LLVM Francis Visoiu Mistrih - francis@lse.epita.fr 1 / 20

Life of an instruction in Clang / LLVM Francis Visoiu Mistrih - francis@lse.epita.fr 1 / 20

Life of an instruction in Clang / LLVM Francis Visoiu Mistrih - francis@lse.epita.fr 1 / 20 Clang foo.c - C int foo(int a, int b) { return a + b; } 2 / 20 Clang AST clang-check -ast-dump foo.c TranslationUnitDecl 0x29eaa20

225 views • 20 slides
The Clang AST A Tutorial by Manuel Klimek You'll learn: 1. The basic structure of the Clang AST

The Clang AST A Tutorial by Manuel Klimek You'll learn: 1. The basic structure of the Clang AST

The Clang AST A Tutorial by Manuel Klimek You'll learn: 1. The basic structure of the Clang AST 2. How to navigate the AST 3. Tools to understand the AST 4. Interfaces to code against the AST (Tooling, AST matchers, etc) The Structure of the

602 views • 44 slides
Clacc 2019: An Update on OpenACC Support for Clang and LLVM Joel E. Denny, Seyong Lee, Jeffrey S.

Clacc 2019: An Update on OpenACC Support for Clang and LLVM Joel E. Denny, Seyong Lee, Jeffrey S.

Clacc 2019: An Update on OpenACC Support for Clang and LLVM Joel E. Denny, Seyong Lee, Jeffrey S. Vetter Future Technologies Group, ORNL https://ft.ornl.gov/ dennyje@ornl.gov April 8, 2019 EuroLLVM ORNL is managed by UT-Battelle, LLC for the

224 views • 18 slides
clang-format Automatic formatting for C++ (Daniel Jasper - djasper@google.com) Why? A

clang-format Automatic formatting for C++ (Daniel Jasper - djasper@google.com) Why? A

clang-format Automatic formatting for C++ (Daniel Jasper - djasper@google.com) Why? A consistent coding style is important Formatting is tedious Clang's source files contain ~25% whitespace characters Sema::NameClassification

511 views • 24 slides
Switching a Linux distributions main toolchain to LLVM/Clang Bernhard Bero

Switching a Linux distributions main toolchain to LLVM/Clang Bernhard Bero

Switching a Linux distributions main toolchain to LLVM/Clang Bernhard Bero Rosenkrnzer, OpenMandriva/LinDev EuroLLVM 2019 When and why did we do it? Made the decision and started the transition around the time of the clang 3.5

204 views • 18 slides
GCC/Clang Optimizations for Embedded Linux Khem Raj, Comcast Embedded Linux Conference &

GCC/Clang Optimizations for Embedded Linux Khem Raj, Comcast Embedded Linux Conference &

GCC/Clang Optimizations for Embedded Linux Khem Raj, Comcast Embedded Linux Conference & OpenIOT summit Portland, OR Introduction To Clang Native compiler FrontEnd to LLVM Infrastructure Supports C/C++ and Objective-C The

517 views • 20 slides
Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at) google.com GOTO Aarhus 2013 Outline Chromium Background Numbers Clang Background Error Messages Warnings Tools Conclusion Introducing

429 views • 27 slides
Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly

Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly

Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly Buka, Matt Morehouse; Google October 2017 Agenda Fuzzing Fuzzing Clang/LLVM Fuzzing Clang/LLVM better (structure-aware)

914 views • 35 slides
3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal

3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal

3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal Incapacity to Enter Contracts 3.4 Third-Party Beneficiary Contracts 3.5 Assignment and Delegation of Contract Rights and Duties 3.6 Statute of Frauds

1.16k views • 97 slides
Adding virtualization support in MIPS 4Kc-based MPSoCs Omitted for blind review occupation.

Adding virtualization support in MIPS 4Kc-based MPSoCs Omitted for blind review occupation.

Adding virtualization support in MIPS 4Kc-based MPSoCs Omitted for blind review occupation. Experiments demonstrate the overhead of the Abstract Virtualization has emerged as a feasible technique for Embedded Systems, providing safer

237 views • 7 slides
Adding Low-Cost Hardware Barrier Support to Small Commodity Clusters Torsten Hfler Department

Adding Low-Cost Hardware Barrier Support to Small Commodity Clusters Torsten Hfler Department

History Our Design MPI Implementation Performance Conclusions and Future Work Adding Low-Cost Hardware Barrier Support to Small Commodity Clusters Torsten Hfler Department of Computer Science TU Chemnitz June 24, 2006 university-logo

630 views • 28 slides
Pseudo-random graphs and bit probe schemes with one-sided error Andrei Romashchenko CNRS, LIF de

Pseudo-random graphs and bit probe schemes with one-sided error Andrei Romashchenko CNRS, LIF de

Pseudo-random graphs and bit probe schemes with one-sided error Andrei Romashchenko CNRS, LIF de Marseille & IITP of RAS (Moscow) CSR 2011, June 14 Andrei Romashchenko (CNRS & IITP) Pseudo-random graphs & bit probe CSR 2011, June

831 views • 51 slides
Lecture 16: Randomized Computation Arijit Bishnu 22.04.2010 Introduction Probabilistic Turing

Lecture 16: Randomized Computation Arijit Bishnu 22.04.2010 Introduction Probabilistic Turing

Introduction Probabilistic Turing Machine and the class BPP One-Sided and Zero-Sided Error Error Reduction for BPP Relation Lecture 16: Randomized Computation Arijit Bishnu 22.04.2010 Introduction Probabilistic Turing Machine and the class BPP

867 views • 48 slides
Introduction to Sample Size and Power Tamuno Alfred, PhD Biostatistician DataCamp Designing

Introduction to Sample Size and Power Tamuno Alfred, PhD Biostatistician DataCamp Designing

DataCamp Designing and Analyzing Clinical Trials in R DESIGNING AND ANALYZING CLINICAL TRIALS IN R Introduction to Sample Size and Power Tamuno Alfred, PhD Biostatistician DataCamp Designing and Analyzing Clinical Trials in R Statistical

951 views • 68 slides
Classified Matchings under one sided preferences Meghana Nasre IIT Madras Recent Trends in

Classified Matchings under one sided preferences Meghana Nasre IIT Madras Recent Trends in

Classified Matchings under one sided preferences Classified Matchings under one sided preferences Meghana Nasre IIT Madras Recent Trends in Algorithms NISER, Bhubaneshwar Feb 07, 2019 joint work with Prajakta Nimbhorkar (CMI) and Nada Pulath

1.71k views • 108 slides
Ethereum: State of Knowledge and Research Perspectives Motivation Technical overview Open

Ethereum: State of Knowledge and Research Perspectives Motivation Technical overview Open

Ethereum: State of Knowledge and Research Perspectives Sergei Tikhomirov Ethereum: State of Knowledge and Research Perspectives Motivation Technical overview Open problems Cryptography Consensus Sergei Tikhomirov Scalability Privacy

587 views • 26 slides
Contracts as a support to static analysis of open systems Work in progress Nadia Bel Hadj Aissa

Contracts as a support to static analysis of open systems Work in progress Nadia Bel Hadj Aissa

Introduction Information flow example W CET example Contracts as a support to static analysis of open systems Work in progress Nadia Bel Hadj Aissa Dorina Ghindici Gilles Grimaud Isabelle Simplot-Ryl INRIA/LIFL/Univ. Lille 1 FLACOS07 1

465 views • 20 slides
Thank you for joining this webinar on the Open Networks Standard Flexibility Contract. We

Thank you for joining this webinar on the Open Networks Standard Flexibility Contract. We

Thank you for joining this webinar on the Open Networks Standard Flexibility Contract. We will start this webinar at 14:03. If you are unable to play the audio through your device, you can dial in by calling 020 3478 5289 and using access

176 views • 13 slides
Debugging Objects & Graphics What debugging includes The object of objects Two

Debugging Objects & Graphics What debugging includes The object of objects Two

As you arrive: 1. Start up your computer and plug it in Plus in-class time 2. Log into Angel and go to CSSE 120 working on these 3. Do the Attendance Widget the PIN is on the board concepts, continued 4. Go to the course Schedule Page

528 views • 28 slides

More recommend