Calculating Correct Compilers Patrick Bahr 1 Graham Hutton 2 1 - - PowerPoint PPT Presentation

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Faculty of Science

Calculating Correct Compilers

Patrick Bahr1 Graham Hutton2

1University of Copenhagen,

Department of Computer Science paba@diku.dk

2University of Nottingham,

Functional Programming Laboratory graham.hutton@nottingham.ac.uk

10th January, 2014 Slide 1

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Introduction

Goals

• Derive compiler implementation from denotational semantics
• Derivation by formal calculations

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 2

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Introduction

Goals

• Derive compiler implementation from denotational semantics
• Derivation by formal calculations
• Result: compiler + virtual machine + correctness proof

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 2

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Introduction

Goals

• Derive compiler implementation from denotational semantics
• Derivation by formal calculations
• Result: compiler + virtual machine + correctness proof

Our approach

• simple, goal-oriented calculations
• little prior knowledge needed

(e.g. “Target machine has a stack.”)

• full correctness proof as a byproduct
• wide variety of language features: arithmetic, exceptions,

state, lambda calculi, loops, non-determinism, interrupts

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 2

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Calculate a Compiler in 3 Steps

1 Define evaluation function in compositional manner.

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 3

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Calculate a Compiler in 3 Steps

1 Define evaluation function in compositional manner. 2 Calculate a version that uses a stack and continuations.

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 3

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Calculate a Compiler in 3 Steps

1 Define evaluation function in compositional manner. 2 Calculate a version that uses a stack and continuations. 3 Defunctionalise to produce a compiler and a virtual machine.

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 3

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Toy Example: Simple Arithmetic Language

Step 1: Semantics of the language

Syntax

data Expr = Val Int | Add Expr Expr

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 4

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Toy Example: Simple Arithmetic Language

Step 1: Semantics of the language

Syntax

data Expr = Val Int | Add Expr Expr

Semantics

eval :: Expr → Int eval (Val n) = n eval (Add x y) = eval x + eval y

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 4

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS

Type Definitions

type Stack = [Int ] type Cont = Stack → Stack

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 5

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS

Type Definitions

type Stack = [Int ] type Cont = Stack → Stack evalC :: Expr → Cont → Cont

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 5

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS

Type Definitions

type Stack = [Int ] type Cont = Stack → Stack evalC :: Expr → Cont → Cont

Specification

evalC e c s = c (eval e : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 5

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS

Type Definitions

type Stack = [Int ] type Cont = Stack → Stack evalC :: Expr → Cont → Cont

Specification

evalC e c s = c (eval e : s) Constructive induction: “prove” specification by induction on e

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 5

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS

Type Definitions

type Stack = [Int ] type Cont = Stack → Stack evalC :: Expr → Cont → Cont

Specification

evalC e c s = c (eval e : s) Constructive induction: “prove” specification by induction on e definition of evalC

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 5

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The easy case: Val

evalC (Val n) c s

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The easy case: Val

evalC (Val n) c s = { specification of evalC } c (eval (Val n) : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The easy case: Val

evalC (Val n) c s = { specification of evalC } c (eval (Val n) : s) evalC e c s = c (eval e : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The easy case: Val

evalC (Val n) c s = { specification of evalC } c (eval (Val n) : s) = { definition of eval } c (n : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The easy case: Val

evalC (Val n) c s = { specification of evalC } c (eval (Val n) : s) = { definition of eval } c (n : s) eval (Val n) = n

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The easy case: Val

evalC (Val n) c s = { specification of evalC } c (eval (Val n) : s) = { definition of eval } c (n : s) = { define: push n c s = c (n : s) } push n c s

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) evalC e c s = c (eval e : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) = { definition of eval } c ((eval x + eval y) : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) = { definition of eval } c ((eval x + eval y) : s) eval (Add x y) = eval x + eval y

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) = { definition of eval } c ((eval x + eval y) : s) Induction Hypothesis For all c′ and s′: evalC x c′ s′ = c′ (eval x : s′) evalC y c′ s′ = c′ (eval y : s′)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) = { definition of eval } c ((eval x + eval y) : s) = { define: add c (n : m : s) = c ((m + n) : s) } add c (eval y : eval x : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) = { definition of eval } c ((eval x + eval y) : s) = { define: add c (n : m : s) = c ((m + n) : s) } add c (eval y : eval x : s) = { induction hypothesis for y } evalC y (add c) (eval x : s) evalC y c′ s′ = c′ (eval y : s′)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

The interesting case: Add

evalC (Add x y) c s = { specification of evalC } c (eval (Add x y) : s) = { definition of eval } c ((eval x + eval y) : s) = { define: add c (n : m : s) = c ((m + n) : s) } add c (eval y : eval x : s) = { induction hypothesis for y } evalC y (add c) (eval x : s) = { induction hypothesis for x } evalC x (evalC y (add c)) s evalC x c′ s′ = c′ (eval x : s′)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS (cont.)

Derived definition

evalC :: Expr → Cont → Cont evalC (Val n) c s = push n c s evalC (Add x y) c s = evalC x (evalC y (add c)) s

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 8

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS (cont.)

Derived definition

evalC :: Expr → Cont → Cont evalC (Val n) c = push n c evalC (Add x y) c = evalC x (evalC y (add c))

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 8

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS (cont.)

Derived definition

evalC :: Expr → Cont → Cont evalC (Val n) c = push n c evalC (Add x y) c = evalC x (evalC y (add c)) push :: Int → Cont → Cont push n c s = c (n : s) add :: Cont → Cont add c (n : m : s) = c ((m + n) : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 8

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 2: Transformation into CPS (cont.)

Derived definition

evalC :: Expr → Cont → Cont evalC (Val n) c = push n c evalC (Add x y) c = evalC x (evalC y (add c)) push :: Int → Cont → Cont push n c s = c (n : s) add :: Cont → Cont add c (n : m : s) = c ((m + n) : s)

Identity continuation

evalS :: Expr → Cont evalS e = evalC e halt halt :: Cont halt s = s

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 8

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation

evalS :: Expr → Cont evalS e = evalC e halt evalC :: Expr → Cont → Cont evalC (Val n) c = push n c evalC (Add x y) c = evalC x (evalC y (add c)) halt :: Cont push :: Int → Cont → Cont add :: Cont → Cont

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation

evalS :: Expr → Cont evalS e = evalC e halt evalC :: Expr → Cont → Cont evalC (Val n) c = push n c evalC (Add x y) c = evalC x (evalC y (add c)) data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation

evalS :: Expr → Cont evalS e = evalC e halt evalC :: Expr → Cont → Cont evalC (Val n) c = push n c evalC (Add x y) c = evalC x (evalC y (add c)) data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Or equivalently: data Code = HALT | PUSH Int Code | ADD Code Code

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation

evalS :: Expr → Code evalS e = evalC e HALT evalC :: Expr → Code → Code evalC (Val n) c = PUSH n c evalC (Add x y) c = evalC x (evalC y (ADD c)) data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Or equivalently: data Code = HALT | PUSH Int Code | ADD Code Code

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation

comp :: Expr → Code comp e = comp’ e HALT comp’ :: Expr → Code → Code comp’ (Val n) c = PUSH n c comp’ (Add x y) c = comp’ x (comp’ y (ADD c)) data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Or equivalently: data Code = HALT | PUSH Int Code | ADD Code Code

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation

comp :: Expr → Code comp e = comp’ e HALT comp’ :: Expr → Code → Code comp’ (Val n) c = PUSH n c comp’ (Add x y) c = comp’ x (comp’ y (ADD c)) data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code

Example

comp (Val 1 ‘Add‘ Val 2) PUSH 1 $ PUSH 2 $ ADD $ HALT

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation (cont.)

data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Type Code represents the function type Cont (= Stack → Stack).

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 10

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation (cont.)

data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Type Code represents the function type Cont (= Stack → Stack).

Interpretation function

exec :: Code → Cont exec HALT = halt exec (PUSH n c) = push n (exec c) exec (ADD c) = add (exec c)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 10

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation (cont.)

data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Type Code represents the function type Cont (= Stack → Stack).

Interpretation function

exec :: Code → Cont exec HALT s = s exec (PUSH n c) s = exec c (n : s) exec (ADD c) (n : m : s) = exec c ((m + n) : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 10

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Step 3: Defunctionalisation (cont.)

data Code where HALT :: Code PUSH :: Int → Code → Code ADD :: Code → Code Type Code represents the function type Cont (= Stack → Stack).

Virtual Machine

exec :: Code → Cont exec HALT s = s exec (PUSH n c) s = exec c (n : s) exec (ADD c) (n : m : s) = exec c ((m + n) : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 10

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Compiler Correctness

evalC e c s = c (eval e : s) (Specification)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 11

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Compiler Correctness

evalC e c s = c (eval e : s) (Specification) proved by constructive induction

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 11

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Compiler Correctness

evalC e c s = c (eval e : s) (Specification) exec (comp e) s = evalS e s (Defunctionalisation)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 11

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Compiler Correctness

evalC e c s = c (eval e : s) (Specification) exec (comp e) s = evalS e s (Defunctionalisation) evalS e = evalC e halt (Definition of evalS)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 11

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Compiler Correctness

evalC e c s = c (eval e : s) (Specification) exec (comp e) s = evalS e s (Defunctionalisation) evalS e = evalC e halt (Definition of evalS) exec (comp e) s = eval e : s (Compiler correctness)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 11

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

A Language with Exceptions

Skip this

data Expr = Val Int | Add Expr Expr | Throw | Catch Expr Expr

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 12

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

A Language with Exceptions

Skip this

data Expr = Val Int | Add Expr Expr | Throw | Catch Expr Expr eval :: Expr → Maybe Int eval (Val n) = Just n eval (Add x y) = case eval x of Nothing → Nothing Just n → case eval y of Nothing → Nothing Just m → Just (n + m) eval Throw = Nothing eval (Catch x h) = case eval x of Nothing → eval h Just n → Just n

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 12

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

A Language with Exceptions

Skip this

data Expr = Val Int | Add Expr Expr | Throw | Catch Expr Expr eval :: Expr → Maybe Int eval (Val n) = Just n eval (Add x y) = case eval x of Nothing → Nothing Just n → case eval y of Nothing → Nothing Just m → Just (n + m) eval Throw = Nothing eval (Catch x h) = case eval x of Nothing → eval h Just n → Just n

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 12

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Partial Specifications

Partial Type Definition

type Stack = [Elem] data Elem = VAL Int | . . .

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 13

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Partial Specifications

Partial Type Definition

type Stack = [Elem] data Elem = VAL Int | . . .

Partial Specification of evalC

evalC e c s = c (eval e : s)

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 13

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Partial Specifications

Partial Type Definition

type Stack = [Elem] data Elem = VAL Int | . . .

Partial Specification of evalC

evalC e c s = c (VAL n : s) if eval e = Just n evalC e c s = ?? if eval e = Nothing

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 13

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Partial Specifications

Partial Type Definition

type Stack = [Elem] data Elem = VAL Int | . . .

Partial Specification of evalC

evalC e c s = c (VAL n : s) if eval e = Just n evalC e c s = fail s if eval e = Nothing where fail :: Stack → Stack is left unspecified

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 13

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Resulting Compiler

comp :: Expr → Code comp e = comp′ e HALT comp′ :: Expr → Code → Code comp′ (Val n) c = PUSH n c comp′ (Add x y) c = comp′ x (comp′ y (ADD c)) comp′ Throw c = FAIL comp′ (Catch x h) c = MARK (comp′ h c) (comp′ x (UNMARK c))

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 14

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Resulting Virtual Machine

exec :: Code → Cont exec (PUSH n c) s = exec c (VAL n : s) exec (MARK h c) s = exec c (HAN h : s) . . . exec FAIL s = fail s

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 15

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Resulting Virtual Machine

exec :: Code → Cont exec (PUSH n c) s = exec c (VAL n : s) exec (MARK h c) s = exec c (HAN h : s) . . . exec FAIL s = fail s fail :: Cont fail (VAL n : s) = fail s fail (HAN h : s) = exec h s fail [ ] = [ ]

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 15

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Summary

• simple, goal-oriented calculations; no magic
• little prior knowledge needed

(by using partial specifications)

• full correctness proof
• formalisation in Coq
• scales to wide variety of language features

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 16

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Summary

• simple, goal-oriented calculations; no magic
• little prior knowledge needed

(by using partial specifications)

• full correctness proof
• formalisation in Coq
• scales to wide variety of language features
• arithmetic
• exceptions (synchronous, asynchronous)
• state (local, global)
• lambda calculi (call-by-value, -name, -need)
• loops (bounded, unbounded)
• non-determinism

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 16

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Future work

• Simplify reasoning for “cyclic” features (fixed points, loops)
• Simplify reasoning register machines
• Support for sharing (i.e. graph structures)
• Derivation of compilers for fixed instruction sets

Patrick Bahr, Graham Hutton — Calculating Correct Compilers — 10th January, 2014 Slide 17