Proving Correctness of Compilers Using Structured Graphs Patrick - - PowerPoint PPT Presentation

proving correctness of compilers using structured graphs
SMART_READER_LITE
LIVE PREVIEW

Proving Correctness of Compilers Using Structured Graphs Patrick - - PowerPoint PPT Presentation

Mar 08, 2023 414 likes •628 views

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e Faculty of Science Proving Correctness of Compilers Using Structured Graphs Patrick Bahr University of Copenhagen, Department of Computer

slide-1
SLIDE 1

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Faculty of Science

Proving Correctness of Compilers Using Structured Graphs

Patrick Bahr

University of Copenhagen, Department of Computer Science paba@di.ku.dk

Symposium on Functional and Logic Programming, Kanazawa, Japan; 6th June, 2014 Slide 1

slide-2
SLIDE 2

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Introduction Trade-off in software verification:

cleverness of implementation ease of reasoning vs.

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 2

slide-3
SLIDE 3

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Trade-off in Compiler Verification

Example: Hutton & Wright “Compiling Exceptions Correctly”

Two compilers for a simple language with exceptions:

  • Simple but unrealistic compiler (tree shaped code!)

simple proofs

  • More realistic compiler with explicit jumps

much more complicated proofs

Our Proposal: an intermediate approach

  • Transform compiler: use (acyclic) graphs instead of trees
  • Lift the correctness property from the tree-based to the

graph-based compiler.

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 3

slide-4
SLIDE 4

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Example: A Simple Language with Exceptions

Based on Hutton & Wright “Compiling Exceptions Correctly”

Source Language

Arithmetic expressions + exceptions: data Expr = Val Int | Add Expr Expr | Throw | Catch Expr Expr

Target Language

Instruction set for a simple stack machine: data Code = PUSH Int Code | ADD Code | HALT | MARK Code Code | UNMARK Code | THROW

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 4

slide-5
SLIDE 5

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

A Simple Compiler

Targeting A Stack Machine

compA :: Expr → Code → Code compA (Val n) c = PUSH n c compA (Add x y) c = compA x (compA y (ADD c)) compA Throw c = THROW compA (Catch x h) c = MARK (compA h c) (compA x (UNMARK c)) comp :: Expr → Code comp e = compA e HALT

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 5

slide-6
SLIDE 6

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

A Simple Compiler

Targeting A Stack Machine

compA :: Expr → Code → Code compA (Val n) c = PUSH n ⊲ c compA (Add x y) c = compA x ⊲ compA y ⊲ ADD ⊲ c compA Throw c = THROW compA (Catch x h) c = MARK (compA h ⊲ c) ⊲ compA x ⊲ UNMARK ⊲ c comp :: Expr → Code comp e = compA e ⊲ HALT

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 5

slide-7
SLIDE 7

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Semantics & Correctness

Semantics

Given by evaluator eval & virtual machine exec eval :: Expr → Maybe Int exec :: Code → Stack → Stack

Theorem (compiler correctness)

exec (comp e) [ ] =

  • [Val n]

if eval e = Just n [ ] if eval e = Nothing

Goal

  • Avoid the code duplication produced by the compiler.
  • Retain the simple equational reasoning to prove correctness.

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 6

slide-8
SLIDE 8

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

How Do We Achieve This?

1 trees ⇒ structured graphs (trees + explicit let bindings) 2 The VM is a fold, i.e.

exec = fold execAlg

3 On graphs, the VM is defined as a fold with the same algebra:

execG = foldG execAlg

4 By parametricity, we obtain:

execG = exec ◦ unravel

5 By simple equational reasoning we show

comp = unravel ◦ compG

6 Hence: exec ◦ comp = execG ◦ compG

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 7

slide-9
SLIDE 9

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Explicit Representation of Tree Types

Tree Type: fixed point of a functor

data Tree f = In (f (Tree f ))

Code data type

data CodeF a = PUSHF Int a | ADDF a | HALT F | MARK F a a | UNMARK F a | THROW F ⇒ Code ≃ Tree CodeF

Smart Constructors

PUSHT :: Int → Tree CodeF → Tree CodeF PUSHT n c = In (PUSHF n c) . . .

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 8

slide-10
SLIDE 10

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Compiler with Explicit Tree Type

compA :: Expr → Tree CodeF → Tree CodeF compA (Val n) c = PUSHT n ⊲ c compA (Add x y) c = compA x ⊲ compA y ⊲ ADDT ⊲ c compA Throw c = THROW T compA (Catch x h) c = MARK T (compA h ⊲ c) ⊲ compA x ⊲ UNMARK T ⊲ c comp :: Expr → Tree Code comp e = compA e ⊲ HALT T

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 9

slide-11
SLIDE 11

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Structured Graphs (Oliveira & Cook, 2012)

Definition

data Graph′ f v = GIn (f (Graph′ f v)) | Let (Graph′ f v) (v → Graph′ f v) | Var v newtype Graph f = MkGraph (∀ v . Graph′ f v) compA

G :: Expr → Graph′ CodeF v → Graph′ CodeF v

compA

G (Val n)

c = PUSHG n ⊲ c compA

G (Add x y)

c = compA

G x ⊲ compA G y ⊲ ADDG ⊲ c

compA

G Throw

c = THROW G compA

G (Catch x h) c = Let c (λc′ → MARK G (compA G h ⊲ Var c′)

⊲ compA

G x ⊲ UNMARK G ⊲ Var c′)

compG :: Expr → Graph Code compG e = MkGraph (compA

G e ⊲ HALT G)

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 10

slide-12
SLIDE 12

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Example

comp (Add (Catch (Val 1) (Val 2)) (Val 3)) MARK T (PUSHT 2 ⊲ PUSHT 3 ⊲ ADDT ⊲ HALT T) ⊲ PUSHT 1 ⊲ UNMARK T ⊲ PUSHT 3 ⊲ ADDT ⊲ HALT T compG (Add (Catch (Val 1) (Val 2)) (Val 3)) MkGraph (Let (PUSHG 3 ⊲ ADDG ⊲ HALT G) (λv → MARK G (PUSHG 2 ⊲ Var v) ⊲ PUSHG 1 ⊲ UNMARK G ⊲ Var v))

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 11

slide-13
SLIDE 13

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Virtual Machine as a Fold

Fold over Trees

fold :: Functor f ⇒ (f r → r) → Tree f → r fold alg (In t) = alg (fmap (fold alg) t)

Virtual Machine as a Fold

execG :: Graph Code → Stack → Stack execG = foldG execAlg

Folds on Graphs

foldG :: Functor f ⇒ (f r → r) → Graph f → r foldG alg (Graph g) = fold′

G g where

fold′

G (GIn t)

= alg (fmap fold′

G t)

fold′

G (Let e f ) = fold′ G (f (fold′ G e))

fold′

G (Var x)

= x

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 12

slide-14
SLIDE 14

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Correctness Argument for compG

Since, we know that comp is correct, it suffices to show that execG ◦ compG = exec ◦ comp

Proof.

execG ◦ compG

(1)

= exec ◦ unravel ◦ compG

(2)

= exec ◦ comp

Theorem

foldG alg = fold alg ◦ unravel (1)

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 13

slide-15
SLIDE 15

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Proof of (2)

Lemma

unravel (compG e) = comp e

Proof.

By induction on e. The interesting part: unravel (Let c (λc′ → MARK G (compA

G h ⊲ Var c′)

⊲ compA

G x ⊲ UNMARK G ⊲ Var c′))

= MARK T (compA h ⊲ unravel c) ⊲ compA x ⊲ UNMARK T ⊲ unravel c

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 14

slide-16
SLIDE 16

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Summary

Our Approach

  • Replace tree type with graph type
  • Relate semantics of graph-based compiler via unravelling
  • Exploit parametricity to drastically simplify proof

Motivation: Derive Compiler from Specification

  • Compilers can be derived by formal calculation
  • The result is often unsatisfactory (e.g. code duplication)
  • Goal: improve compilers by simple equational reasoning

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 15

slide-17
SLIDE 17

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Open Questions / Future Work

Beyond folds

  • What if the virtual machine is not a fold?
  • This seems impossible with HOAS-style graphs
  • Ad hoc reasoning for “Names for free”-style graphs possible

Cyclic graphs

  • Our method is restricted to acyclic graphs.
  • Cyclic graphs require different reasoning principle.

(fixed-point induction?)

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 16

slide-18
SLIDE 18

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Faculty of Science

Proving Correctness of Compilers Using Structured Graphs

Patrick Bahr

University of Copenhagen, Department of Computer Science paba@di.ku.dk

Symposium on Functional and Logic Programming, Kanazawa, Japan; 6th June, 2014 Slide 17

slide-19
SLIDE 19

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Bonus Slides

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 18

slide-20
SLIDE 20

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Example

comp (Add (Val 2) (Val 3)) PUSH 2 ⊲ PUSH 3 ⊲ ADD ⊲ HALT comp (Catch (Val 2) (Val 3)) MARK (PUSH 3 ⊲ HALT) ⊲ PUSH 2 ⊲ UNMARK ⊲ HALT comp (Catch Throw (Val 3)) MARK (PUSH 3 ⊲ HALT) ⊲ THROW

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 19

slide-21
SLIDE 21

u n i v e r s i t y o f c o p e n h a g e n d e p a r t m e n t o f c o m p u t e r s c i e n c e

Short Cut Fusion for Graphs

Theorem (Short Cut Fusion Law)

b alg = fold alg (b In) for all b :: ∀ c . (f c → c) → c

  • For any g :: Graph f , instantiate b = λa → foldG a g:

(λa → foldG a g) alg = fold alg ((λa → foldG a g) In)

  • After beta reduction:

foldG alg g = fold alg (foldG In g)

  • By definition of unravel:

foldG alg g = fold alg (unravel g)

Patrick Bahr — Proving Correctness of Compilers Using Structured Graphs — FLOPS ’14, 6th June, 2014 Slide 20