an abstract stack based approach to verified
play

An Abstract Stack Based Approach to Verified Compositional - PowerPoint PPT Presentation

Jan 27, 2023 •41 likes •251 views

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

  1. An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSupélec 2 ’19 – January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 1 / 16

  2. Verified compilation CompCert : verified C compiler (Leroy et al. , first released in 2008) Clight C Cshm Cminor CminorSel RTL LTL Linear Mach Asm Used as a basis for a large number of extensions: • alternate semantics: CompCertTSO (weak memory model, Sevcík et al. , JACM’13), CompCertS (undefined pointer arithmetic, Besson et al. , ITP’17) • a more concrete view of the stack: Quantitative CompCert (merge the stack blocks into a single stack region, Carbonneaux et al. , PLDI’14) • compositional compilation: Compositional CompCert (Stewart et al. , POPL ’15), compositional semantics (Ramananandro et al. , CPP’15), SepCompCert (Kang et al. , POPL ’16) Open problems: • verified compilation to machine code • port all compiler passes of CompCert, including challenging inlining and tailcall recognition • verified compilation of heterogeneous modules (mix C and Asm modules) Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 2 / 16

  3. Contribution: Stack-Aware CompCert A version of CompCert with: 1 compilation to machine code • merge the stack blocks into a unique stack region • eliminate CompCert’s pseudo-instructions • generate machine code 2 complete extension: we support all CompCert passes • including challenging optimizations (function inlining, tailcall elimination) 3 compositional compilation • stack access policy • mix C and Asm programs Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 3 / 16

  4. CompCert: memory model and values b p 1 ( b i , 0 ) void swap( int * p1, int * p2){ b p 2 int tmp = *p1; ( b j , 0 ) *p1 = *p2; b tmp *p2 = tmp; 3 } b i int main(){ 3 int i = 3, j = 9; int * x = &i; b j 9 int * y = &j; swap(x,y); b x ( b i , 0 ) return 0; } b y ( b j , 0 ) Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 4 / 16

  5. CompCert: compilation and memory model The memory model stays the same throughout compilation, but the memory blocks change shapes. Clight C Cminor Asm b i b i b j b j main b x b y 0 / b p 1 swap b p 2 b tmp The stack frames in Asm are in distinct blocks! Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 5 / 16

  6. The abstract stack We maintain an abstract stack in memory states, that reflects the structure of the concrete stack. Abstract stack: a list of abstract frames. b i An abstract frame records useful information about a concrete b j stack frame: b main • the size of this stack frame at the assembly level; b x • which blocks are part of that stack frame; b y • which locations of these blocks are public or private 32 32 Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 6 / 16

  7. Abstract stack: example Clight Asm C Cminor b i b i The abstract stack at the C level is: b j b j 32 main b p 1 b i b x b p 2 b j b y b main ; b tmp b x b y 0 / b p 1 16 16 32 swap b p 2 b swap b tmp Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 7 / 16

  8. Abstract stack: example The abstract stack at the Asm level is: Clight C Cminor Asm b main b i b i b swap b j b j 32 ; main b x b y b main 16 32 0 / b p 1 16 Stack-access policy: we may write to swap b p 2 • all of b swap b swap b tmp • public locations in b main Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 7 / 16

  9. Abstract stack primitives Semantics of all intermediate languages instrumented with push_frame and pop_frame b swap 16 at function call at function return b main b main b main push_frame pop_frame 32 32 32 Key argument for merging stack blocks : The push_frame primitive only succeeds if the sum of the frames’ sizes is lower than MAX_STACK . Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 8 / 16

  10. Preservation of stack usage with compilation Since the semantics include stack consumption, it must be preserved by compilation Property to ensure : at each program point, the size of source stack should be larger than (or equal to) the size of target stack. Target Source The sizes of the source and target stacks are equal. f f | f | + | g | = | f | + | g | g g Recall | f | is the size of f ’s stack frame at the Asm level! Regular case Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 9 / 16

  11. Preservation of stack usage with compilation Since the semantics include stack consumption, it must be preserved by compilation Property to ensure : at each program point, the size of source stack should be larger than (or equal to) the size of target stack. Target Source Target Source void g(){ void g(){ ⇒ G; G; f f } } void f(){ void f(){ g(); ⇒ G; } } g The sizes of the source stack is larger than the target stack. | f | + | g | ≥ | f | Function inlining Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 9 / 16

  12. Preservation of stack usage with compilation Since the semantics include stack consumption, it must be preserved by compilation Property to ensure : at each program point, the size of source stack should be larger than (or equal to) the size of target stack. Target Source void g(){ void g(){ G; G; } } Target Source void f(){ void f(){ F; ⇒ F; ⇒ tail g(); G; f f } } The sizes of the source stack is larger than the target stack. Tailcall inlining | f | ≥ | f | Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 9 / 16

  13. Preservation of stack usage with compilation Since the semantics include stack consumption, it must be preserved by compilation Property to ensure : at each program point, the size of source stack should be larger than (or equal to) the size of target stack. Target Source void g(){ void g(){ ⇒ G; G; } } Target Source void f(){ void f(){ F; F; ⇒ tail g(); G; g f } } Problem: How to compare the sizes of the source and target stacks Tailcall inlining ? | g | ≥ | f | Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 9 / 16

  14. Preservation of stack usage with compilation Since the semantics include stack consumption, it must be preserved by compilation Property to ensure : at each program point, the size of source stack should be larger than (or equal to) the size of target stack. Target Source void g(){ void g(){ ⇒ G; G; Target Source } } void f(){ void f(){ F; F; g f f tail g(); ⇒ G; } } Tailcall inlining We keep the history of tailcalled functions: max ( | f | , | g | ) ≥ | f | Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 9 / 16

  15. The structure of the abstract stack The abstract stack is actually a list of list of abstract frames. abstract frame stage of abstract frames Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 10 / 16

  16. From CompCert Assembly to Machine Code glob glob glob mem code stack code stack code stack CompCert Asm “Single-Stack” Asm “Flat” Asm Plain Memory instruction encoding merging stack blocks pseudo-instructions (RockSalt: Morrisett et al. , elimination PLDI’12) flat memory layout Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 11 / 16

  17. Eliminating pseudo-instructions Caller Callee s 1 s 2 s 3 call allocframe • • • Single-Stack Asm RSP ← RSP - sz; store RA RA ← next(PC) RSP ← RSP - 8; store (next(PC)) RSP ← RSP - (sz - 8) • • • Real Asm call allocframe s ′ s ′ s ′ 1 2 3 Mismatch between CompCert semantics and expected semantics We get rid of the pseudo-register RA and can do away with pseudo-instructions (simple pointer arithmetic) Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 12 / 16

  18. Stack access policy Accessible locations are either top-frame locations or public locations. b swap 16 at function call at function return b main b main b main push_frame pop_frame 32 32 32 Yuting Wang, Pierre Wilke , Zhong Shao An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code 13 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evaluating arithmetic expressions Stack-based algorithms are used for syntactical analysis (

Evaluating arithmetic expressions Stack-based algorithms are used for syntactical analysis (

ITI 1121. Introduction to Computing II Marcel Turcotte School of Electrical Engineering and Computer Science Version of February 2, 2013 Abstract Abstract data type: Stack Stack-based algorithms These lecture notes are meant to

1.69k views • 153 slides
A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting Wang and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota, Minneapolis ESOP 2016, Eindhoven, Netherlands

1.06k views • 88 slides
Outline and Reading The Stack ADT (2.1.1) Stacks Applications of Stacks (2.1.1) Array-based

Outline and Reading The Stack ADT (2.1.1) Stacks Applications of Stacks (2.1.1) Array-based

Outline and Reading The Stack ADT (2.1.1) Stacks Applications of Stacks (2.1.1) Array-based implementation (2.1.1) Growable array-based stack (1.5) Stacks 2 Abstract Data Types (ADTs) The Stack ADT An abstract data The Stack ADT

197 views • 4 slides
Stack ADT Tiziana Ligorio 1 Todays Plan Questons? Stack ADT 2 Abstract Data Types

Stack ADT Tiziana Ligorio 1 Todays Plan Questons? Stack ADT 2 Abstract Data Types

Stack ADT Tiziana Ligorio 1 Todays Plan Questons? Stack ADT 2 Abstract Data Types Bag List Stack 3 Stack 34 A data structure representing a stack of things Objects can be pushed onto the stack or popped from the stack

1.62k views • 116 slides
Stacks Outline and Reading The Stack ADT (4.2.1) Applications of Stacks (4.2.3) Array-based

Stacks Outline and Reading The Stack ADT (4.2.1) Applications of Stacks (4.2.3) Array-based

Stacks Outline and Reading The Stack ADT (4.2.1) Applications of Stacks (4.2.3) Array-based implementation (4.2.2) Growable array-based stack Stacks 2 Abstract Data Types (ADTs) An abstract data Example: ADT modeling a type (ADT) is

359 views • 20 slides
6.2. An abstract datatype for stacks Stacks of objects of type : stack Operations value

6.2. An abstract datatype for stacks Stacks of objects of type : stack Operations value

Ch.6: Abstract Datatypes 6.2. An abstract datatype for stacks 6.2. An abstract datatype for stacks Stacks of objects of type : stack Operations value emptyStack TYPE: stack VALUE: the empty stack function isEmptyStack S TYPE: stack

440 views • 22 slides
The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer science. The stack is an abstract data type that has two main operations. These are push which adds an element to the top of the stack and pop which

754 views • 8 slides
11. Fundamental Data Structures Abstract data types stack, queue, implementation variants for

11. Fundamental Data Structures Abstract data types stack, queue, implementation variants for

11. Fundamental Data Structures Abstract data types stack, queue, implementation variants for linked lists [Ottman/Widmayer, Kap. 1.5.1-1.5.2, Cormen et al, Kap. 10.1.-10.2] 295 Abstract Data Types We recall A stack is an abstract data type

674 views • 56 slides
CHAPTER 3 & 4 Stacks & Queues The Collection Framework 1 10/26/2017 Stack Abstract Data

CHAPTER 3 & 4 Stacks & Queues The Collection Framework 1 10/26/2017 Stack Abstract Data

10/26/2017 CHAPTER 3 & 4 Stacks & Queues The Collection Framework 1 10/26/2017 Stack Abstract Data Type A stack is one of the most commonly used data structures in computer science A stack can be compared to a Pez dispenser

645 views • 31 slides
1 Array-based Stack (2.1.1) Algorithm pop (): if isEmpty () then A simple way of throw

1 Array-based Stack (2.1.1) Algorithm pop (): if isEmpty () then A simple way of throw

Elementary Data Structures Stacks, Queues, Vectors, Lists & Sequences Trees The Stack ADT (2.1.1) The Stack ADT stores arbitrary objects Insertions and deletions Auxiliary stack follow the last-in first-out operations: scheme

473 views • 13 slides
Stacks O tline Outline The Stack ADT Applications of Stacks Applications of Stacks

Stacks O tline Outline The Stack ADT Applications of Stacks Applications of Stacks

Stacks O tline Outline The Stack ADT Applications of Stacks Applications of Stacks Array-based implementation Growable array based stack Growable array-based stack Stacks 2 Abst act Data T pes (ADTs) Abstract Data Types (ADTs) An

582 views • 30 slides
Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim

Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim

Formally-Verified ASN.1 Protocol C-language Stack 1 Carnegie Mellon University 2 Digamma.ai Vadim Zaliva 1 Nika Pona 2 What is ASN.1? At Digamma.ai we are verifying a compiler for ASN.1 The ASN.1 is a language for defining data

215 views • 21 slides
Stack and Queue ADT Stack Queue 2 ADT Example All main programs rely on concept of

Stack and Queue ADT Stack Queue 2 ADT Example All main programs rely on concept of

Advanced Programming Stack - Queue Summary Stack and Queue ADT Stack Queue 2 ADT Example All main programs rely on concept of Abstract It is possible to define an ADT corresponding Data Type (ADT). to a generic set of elements,

350 views • 7 slides
Dynamic Synthetic Environments for Defence A Service Based Approach Andrew Churchward

Dynamic Synthetic Environments for Defence A Service Based Approach Andrew Churchward

IT 2 EC 2020 IT 2 EC Extended Abstract Template Presentation/Panel Dynamic Synthetic Environments for Defence A Service Based Approach Andrew Churchward Principal Engineer XPI Simulation Ltd, UK Abstract The provision of a dynamic and

312 views • 3 slides
On- -line diagnostic of a PEM fuel cell stack line diagnostic of a PEM fuel cell stack On based

On- -line diagnostic of a PEM fuel cell stack line diagnostic of a PEM fuel cell stack On based

International Symposium on Diagnostic Tools for Fuel Cell Technologies Trondheim, June 24th, 2009 On- -line diagnostic of a PEM fuel cell stack line diagnostic of a PEM fuel cell stack On based on the electrical power converter based on the

477 views • 20 slides
Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping etc. Implementations of stacks using array linked list The Stack ADT A stack is a list with the restriction that insertions and

566 views • 44 slides
Processing Recap Processing is a language a library an environment Variables A

Processing Recap Processing is a language a library an environment Variables A

Module 01 Processing Recap Processing is a language a library an environment Variables A variable is a named value. It has a type (which cant change) and a current value (which can change). Variables A declaration introduces

735 views • 58 slides
On Banach spaces which are weak sequentially dense in its bidual Jos e Rodr guez

On Banach spaces which are weak sequentially dense in its bidual Jos e Rodr guez

On Banach spaces which are weak sequentially dense in its bidual Jos e Rodr guez Universidad de Murcia Workshop on Banach spaces and Banach lattices Madrid, September 9, 2019 Research supported by Agencia Estatal de Investigaci

808 views • 44 slides
SYSC3601 Microprocessor Systems Unit 3: The Intel 8086 Addressing Modes & Instruction

SYSC3601 Microprocessor Systems Unit 3: The Intel 8086 Addressing Modes & Instruction

SYSC3601 Microprocessor Systems Unit 3: The Intel 8086 Addressing Modes & Instruction Encoding Topics/Reading 1. Addressing modes (Brey Ch 3) 2. Assembly and Machine Language Instruction Encoding (Brey Ch 4-7 and Appendix B) SYSC3601 2

651 views • 36 slides
Divergence-free discontinuous Galerkin method for ideal compressible MHD equations Praveen

Divergence-free discontinuous Galerkin method for ideal compressible MHD equations Praveen

Divergence-free discontinuous Galerkin method for ideal compressible MHD equations Praveen Chandrashekar praveen@math.tifrbng.res.in http://cpraveen.github.io Center for Applicable Mathematics Tata Institute of Fundamental Research

582 views • 35 slides
When Seeing Isnt Believing: On Feasibility and Detectability of Scapegoating in Network

When Seeing Isnt Believing: On Feasibility and Detectability of Scapegoating in Network

When Seeing Isnt Believing: On Feasibility and Detectability of Scapegoating in Network Tomography Shangqing Zhao , University of South Florida Zhuo Lu, University of South Florida Cliff Wang,

651 views • 28 slides
? Which intermediate 4 pixels to turn on? 3 (3,2) 2 1 0 1 2 3 4 5 6 7 8 9 10 11

? Which intermediate 4 pixels to turn on? 3 (3,2) 2 1 0 1 2 3 4 5 6 7 8 9 10 11

Recall: Line drawing algorithm Programmer specifies (x,y) of end pixels Need algorithm to determine pixels on line path 8 Line: (3,2) -> (9,6) 7 (9,6) 6 5 ? Which intermediate 4 pixels to turn on? 3 (3,2) 2 1 0 1 2 3 4

374 views • 34 slides
Operational Semantics Coalgebraically Bartek Klin University of Cambridge, Warsaw University

Operational Semantics Coalgebraically Bartek Klin University of Cambridge, Warsaw University

Operational Semantics Coalgebraically Bartek Klin University of Cambridge, Warsaw University CMCS, Paphos, 27/03/10 Summary Structural Operational Semantics is about Defining transition relations by induction CMCS, Paphos, 27/03/10 2 / 37

1.28k views • 124 slides
Gorman-Lancaster Approach to Estimating Demand for New Good Gorman (1956, 1980) and Lancaster

Gorman-Lancaster Approach to Estimating Demand for New Good Gorman (1956, 1980) and Lancaster

Econ 350 Gorman-Lancaster Approach to Estimating Demand for New Good Gorman (1956, 1980) and Lancaster (1966, 1971) consider the problem of estimat- ing the demand for a new good. Goods X Characteristics Z Goods are packages of underlying

663 views • 28 slides

More recommend