towards demonstrably correct compilation of java bytecode
play

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE - PowerPoint PPT Presentation

Oct 06, 2023 •251 likes •827 views

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of Dsseldorf FMCO 2008 Nice Sophia-Antipolis PART 1: BACKGROUND BACKGROUND DeCCo (Demonstrably Correct Compiler) By Susan Stepney, Logica + AWE

  1. (TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of Düsseldorf FMCO 2008 Nice Sophia-Antipolis

  2. PART 1: BACKGROUND

  3. BACKGROUND DeCCo (Demonstrably Correct Compiler) By Susan Stepney, Logica + AWE [1992-2001] From: PASP Pascal-like language To: ASP Custom RISC Processor One major step for Hoare’s Grand Challenge

  4. DECCO: PROCESS Z Specification of PASP Z Specification of ASP (+ ASPAL + XASPAL) Translation Rules in Z: PASP → ASP Proven by hand Translated by hand into Prolog DCGT

  5. DECCO: PROCESS Z Specification of PASP Z Specification of ASP (+ ASPAL + XASPAL) Translation Rules in Z: PASP → ASP Proven by hand Translated by hand into Prolog DCGT

  6. “We believe that the methodology provides us with a high level of confidence in the correctness of the embedded software required to drive high integrity controllers.” Source: Decco Website http://www-users.cs.york.ac.uk/~susan/bib/ss/hic.htm

  7. DRAWBACKS tied to PASP, difficult to get PASP programmers proven by hand + translation by hand translation Z → Prolog only correct under certain assumptions Prolog code was hard to maintain, Prolog performance issues, a few bugs Infrastructure DCGT Z Operators

  8. JASP PROJECT Investigate existing Decco system Move from PASP to Java Bytecode Provide recommendations for future developments Adapt existing Decco System for JavaBC ? Move from Prolog to Haskell ? Investigate other alternatives, ...

  9. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  10. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  11. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  12. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  13. DECCO COMPILER Z Prolog Model DCGT 1-1 translation of Compiler Translation (+PASP & by hand of ASP) Schemas proven correct by hand Prolog Infrastructure Code (Z Operators,...)

  14. THE PROLOG SYSTEM LPA WinProlog: only on Windows, no modules idiosyncratic features were used default mode gives no warnings singleton variables, predicate redefinition, ...

  15. JASP CONCLUSIONS Try to automate more of compiler construction Move from Z to B (or other approaches) Automatic Code generation Formal proofs Tool support

  16. PART 2: A LITTLE BACKGROUND ABOUT B

  17. A quick overview of B

  18. B-Method • Invented by Abrial • Successor of Z • Allows to write high-level specifications & code (B0) • Aimed at tool support

  19. B: Logical Predicates

  20. B: SETS {x,y,... | P} set comprehensions (partial list)

  21. B: Relations (partial list)

  22. B: Functions f(x) function application %(x,y,..).(P|E) lambda abstraction

  23. B Development Process Preliminary design Software Consistency requirement B Abstract Model proof specification Detailed design Refinement proof Functional test Consistency B Concrete Model proof Translation Ada code Manual Semi-automatic Automatic Source: Siemens Transportation Systems

  25. ETHZ Southampton Newcastle Aabo Nokia Bosch Siemens Transportation SAP Space Systems Finland

  26. PART 3: COMPILER CONSTRUCTION WITH B

  27. JASP: FIRST EXPERIMENT Small Subset of Java Bytecode no methods, objects, ... istore, iload, iconst, imul, ... Simple model of the processor Three-Address code of Dragon Book LDI, LDM, STM, MUL, ...

  28. MACHINE JavaBC0 SETS Opcodes IDEA CONSTANTS PrgOpcode,PrgArg1,PrgArg2, Exp,StackLayout,BYTE, MAXVAR,VARS,MAXBYTE, PSIZE VARIABLES PC,Stack,Vars, Finished OPERATIONS (StackSize),(StackTop),(NzVarVal), Model JavaBC as B terminate,ex_nop,ex_goto, ex_return,(ex_ifle),(ex_istore), (ex_iconst),(ex_iload),(ex_imul), (ex_iadd),(ex_iinc),current_opcode Model RISC as B REFINES REFINEMENT JavaBCR1 Refine JavaBC into compiled VARIABLES PC,Finished OPERATIONS version StackSize,StackTop,NzVarVal, ex_istore,ex_iconst,ex_iload, ex_imul,ex_iadd,ex_iinc, ex_ifle opcodes translated into RISC INCLUDES MACHINE RISC CONSTANTS correctness established by NrReg,MSize,RBYTE, MAXRBYTE B refinement VARIABLES R,MEM OPERATIONS LDI,LDM,STM, ADD,MUL,SUBT, ISPOS

  29. EXAMPLE BYTECODE 0: iconst_2 1: istore_1 public class Power { 2: iconst_5 public static void main(String args[]) 3: istore_2 { 4: iload_2 int base = 2; 5: istore_3 int exp = 5; 6: iconst_1 int i = exp; 7: istore 4 int res = 1; 9: iload_3 while (i>0) { 10: ifle 25 i--; 13: iinc 3, -1 res = res*base; 16: iload 4 } 18: iload_1 System.out.println(res); 2 19: imul } 20: istore 4 Operand Local } 22: goto 9 Stack Variables 25: return

  30. HOW TO COMPILE How to compile to RISC with limited memory and registers (2) ? Local variables statically known: ok What about the stack ??

  31. STACK LAYOUT 0: iconst_2 1: istore_1 2: iconst_5 3: istore_2 4: iload_2 Every program point: 5: istore_3 6: iconst_1 same stack layout, 7: istore 4 no matter which path 9: iload_3 10: ifle 25 13: iinc 3, -1 16: iload 4 int 18: iload_1 19: imul int 20: istore 4 Operand 22: goto 9 25: return Stack

  32. HOW TO COMPILE Infer stack layout: int int for every program point: size of stack ... upper bound must exist treat like local variables ! imul no need to maintain a stack pointer !! int ...

  33. INFERRING STACK LAYOUT By abstract interpretation Prolog interpreter for Java BC run it on abstract domain of types {int, ...} [Demo] In Java 6: Stacklayout actually already in class file

  34. TRUSTING STACKLAYOUT INFO Remember: we want formally verified compilation How can we trust the code that computed the stack layout info? We don’t have to ! Build properties of correct stack layout into B formal model Computed stack layout needs to be checked for those properties

  35. Model of Model of Java RISC Bytecode Processor Refines Calls Model of Compiled Java Bytecode

  36. THE B MODEL OF JAVABC PROPERTIES INVARIANT PSIZE : NATURAL1 & PC: 1..PSIZE & PrgOpcode: 1..PSIZE --> Opcodes & Stack: seq(INTEGER) & PrgArg1: 1..PSIZE --> VARS & Vars: VARS +->INTEGER & PrgArg2: 1..PSIZE --> BYTE & Finished: BOOL & ... size(Stack) = StackLayout(PC) StackLayout: 1..PSIZE --> VARS /* for each Program Point: indicate size of stack */ & StackLayout(1) = 0 & /* Initially stack is empty */ ... !pc1.(pc1:1..PSIZE => ((PrgOpcode(pc1)/=goto & PrgOpcode(pc1)/=return) => pc1+1 <= PSIZE )) & !pc2.(pc2:1..PSIZE & PrgOpcode(pc2) = goto => (PrgArg1(pc2):1..PSIZE & StackLayout(PrgArg1(pc2)) = StackLayout(pc2)) ) ...

  37. THE B MODEL OF JAVABC OPERATIONS ex_iload(A1) = PRE PrgOpcode(PC) = iload & A1=PrgArg1(PC) & A1:dom(Vars) THEN AdvancePC || Proven correct: Stack := Stack <- Vars(A1) END; PC remains within program bounds statically computed Stack Layout is always correct if properties satisfied

  38. Quote “Every formal model I have seen, proven or not, which has not been animated contained errors” Christophe Metayer, Systerel (liberal translation from French based on verbal communication)

  39. Quote “Every formal model I have seen, proven or not, which has not been animated contained errors” Christophe Metayer, Systerel (liberal translation from French based on verbal communication)

  40. OUR TOOL Model Checking Languages: B, (LTL, Symmetry) CSP, Z, CSP||B, ... Animation Refinement Checking Used for Industrial Teaching B Applications

  42. Model of Model of Java RISC Bytecode Processor Refines Calls Model of Compiled Java Bytecode

  43. MACHINE RISC CONSTANTS NrReg, /* Number of registers */ MSize, /* Memory Size */ B MODEL RBYTE, MAXRBYTE OF RISC PROPERTIES MAXRBYTE = 31 & /* 127 & */ NrReg:INT & NrReg>1 & MSize:INTEGER & MSize>1 & RBYTE = (-MAXRBYTE-1)..MAXRBYTE & NrReg =2 & MSize = 4*(MAXRBYTE+1)-1 VARIABLES R, /* Register Contents */ MEM /* Memory Contents */ INVARIANT R: 1..NrReg --> INTEGER & MEM: 0..MSize --> INTEGER INITIALISATION R := %x.(x:1..NrReg | 0) || MEM := %y.(y:0..MSize | 0) OPERATIONS LDI(r,imm) = PRE r:1..NrReg & imm:RBYTE THEN R(r) := imm END; LDM(r,mem) = PRE mem:0..MSize & r:1..NrReg THEN R(r) := MEM(mem) END; STM(r,mem) = PRE mem:0..MSize & r:1..NrReg THEN MEM(mem) := R(r) END; ADD(r1,r2,r3) = PRE r1: 1..NrReg & r2: 1..NrReg & r3: 1..NrReg THEN R(r1) := R(r2)+R(r3) END; MUL(r1,r2,r3) = PRE r1: 1..NrReg & r2: 1..NrReg & r3: 1..NrReg THEN R(r1) := R(r2)*R(r3) END; SUBT(r1,r2,r3) = PRE r1: 1..NrReg & r2: 1..NrReg & r3: 1..NrReg THEN R(r1) := R(r2)-R(r3) END; res <-- ISPOS(r) = PRE r:1..NrReg THEN IF R(r)> 0 THEN res := TRUE ELSE res := FALSE END

  44. Model of Model of Java RISC Bytecode Processor Refines Calls Model of Compiled Java Bytecode

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

The Java programming environment Introduction to JVM Based on material produced by Bill Venners 1 2 The Java platform The role of the virtual machime byte code generated by the Java front-end is an intermediate representation (IR)

834 views • 3 slides
Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values, terms, ... Typing and operational semantics JVM Compiler Definition Proof Techniques Compilation and Bytecode Verification

643 views • 18 slides
Compiling Techniques Lecture 10: Introduction to Java ByteCode Christophe Dubach 10 November

Compiling Techniques Lecture 10: Introduction to Java ByteCode Christophe Dubach 10 November

Introduction Java ByteCode Details Compiling Techniques Lecture 10: Introduction to Java ByteCode Christophe Dubach 10 November 2015 Christophe Dubach Compiling Techniques Introduction Java ByteCode Details Coursework: Block and

570 views • 23 slides
A Block-Based Bytecode Format to Simplify and Improve Just-in-Time Compilation Christian Wimmer

A Block-Based Bytecode Format to Simplify and Improve Just-in-Time Compilation Christian Wimmer

A Block-Based Bytecode Format to Simplify and Improve Just-in-Time Compilation Christian Wimmer cwimmer@uci.edu www.christianwimmer.at June 2009 Department of Computer Science University of California, Irvine Method Granularity Software

384 views • 7 slides
Specification language and WP calculus for Java Bytecode. joint work in progress Mariela

Specification language and WP calculus for Java Bytecode. joint work in progress Mariela

Specification language and WP calculus for Java Bytecode. joint work in progress Mariela Pavlova, Lilian Burdy INRIA Sophia-Antipolis spopS p. 1 Motivation Proof Carrying ByteCode Proof obligations. What is the language in which

443 views • 31 slides
Java ByteCode Manuel Oriol June 7th, 2007 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 7th, 2007 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 7th, 2007 Byte Code? The Java language is compiled into an intermediary form called byte code It ensures portability The byte code is a succession of instructions that manipulate a stack Each

928 views • 56 slides
Java ByteCode Manuel Oriol June 8th, 2006 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 8th, 2006 Byte Code? The Java language is compiled into an

Java ByteCode Manuel Oriol June 8th, 2006 Byte Code? The Java language is compiled into an intermediary form called byte code It ensures portability The byte code is a succession of instructions that manipulate a stack Each

723 views • 57 slides
Decompiling Boolean Expressions from Java TM Bytecode Mangala Gowri Nanda (IBM-IRL) and S.

Decompiling Boolean Expressions from Java TM Bytecode Mangala Gowri Nanda (IBM-IRL) and S.

Decompiling Boolean Expressions from JavaTM Bytecode Decompiling Boolean Expressions from Java TM Bytecode Mangala Gowri Nanda (IBM-IRL) and S. Arun-Kumar (IIT Delhi) Decompiling Boolean Expressions from JavaTM Bytecode Introduction The

570 views • 37 slides
On the Challenges in Extracting Metrics from Java Bytecode A/Prof. Jean-Guy Schneider

On the Challenges in Extracting Metrics from Java Bytecode A/Prof. Jean-Guy Schneider

On the Challenges in Extracting Metrics from Java Bytecode A/Prof. Jean-Guy Schneider jschneider@swin.edu.au Where it all began 12.7: 0.6973 .7 12.6: 0.6443 Gini Coefficient of Synthetic Fields .6 12.5: 0.5820 .5 4.7:

385 views • 25 slides
Machine Assisted Reasoning for Multi - Threaded Java Bytecode Mikael Lagerkvist April 2005

Machine Assisted Reasoning for Multi - Threaded Java Bytecode Mikael Lagerkvist April 2005

Background The Semantics of the JVM Examples Conclusion and Further Work Machine Assisted Reasoning for Multi - Threaded Java Bytecode Mikael Lagerkvist April 2005 Mikael Lagerkvist Machine Assisted Reasoning for Java Bytecode Background

420 views • 30 slides
Java Bytecode to Hardware Made Easy with Bluespec SystemVerilog Flavius Gruian Mehmet Ali Arslan

Java Bytecode to Hardware Made Easy with Bluespec SystemVerilog Flavius Gruian Mehmet Ali Arslan

Java Bytecode to Hardware Made Easy with Bluespec SystemVerilog Flavius Gruian Mehmet Ali Arslan Lund University, Sweden {Flavius.Gruian, Mehmet_Ali.Arslan}@cs.lth.se Java Technologies for Real-time and Embedded Systems, 2012 1 / 15 Outline

498 views • 26 slides
Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU,

Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU,

Using CLP Simplifications to Improve Java Bytecode Termination Analysis Fausto SPOTO, Lunjin LU, and Fred MESNARD Dipartimento di Informatica, Universit` a di Verona, Italy Oakland University, U.S.A. IREMIA, universit e de la R eunion,

216 views • 17 slides
1 Java Release History Enhancements in JDK 5 (= Java 1.5) Generics 1995 (1.0) First

1 Java Release History Enhancements in JDK 5 (= Java 1.5) Generics 1995 (1.0) First

CS 242 Outline Java Virtual machine overview Language Overview Loader and initialization History and design goals Linker and verifier Classes and Inheritance Bytecode interpreter Object features Method

180 views • 17 slides
Manipulao de Bytecode Java Mantendo o esprito Hacker no mundo das linguagens de alto nvel

Manipulao de Bytecode Java Mantendo o esprito Hacker no mundo das linguagens de alto nvel

Manipulao de Bytecode Java Mantendo o esprito Hacker no mundo das linguagens de alto nvel Andr Luiz Breves de Oliveira andre.breves@gmail.com class Hello { public static void main(String[] args) { System.out.println(&quot;Hello

217 views • 21 slides
Resumable Java Bytecode Process Mobility for the JVM Jan Pedersen and Brian Kauke Overview The

Resumable Java Bytecode Process Mobility for the JVM Jan Pedersen and Brian Kauke Overview The

Resumable Java Bytecode Process Mobility for the JVM Jan Pedersen and Brian Kauke Overview The ProcessJ language Transparent process mobility Implementing mobility in the Java/JCSP translation Intro to ProcessJ ProcessJ is a new

285 views • 25 slides
True separate compilation of Java classes Davide Ancona, Giovanni Lagorio, Elena Zucca DISI -

True separate compilation of Java classes Davide Ancona, Giovanni Lagorio, Elena Zucca DISI -

True separate compilation of Java classes Davide Ancona, Giovanni Lagorio, Elena Zucca DISI - University of Genova, Italy APPSEM-II Workshop - Nottingham This talk is based on True Separate Compilation of Java Classes [in PPDP02] and

489 views • 14 slides
Summer School Overview Day 0: R bootcamp Day 1: Workflow, Google App Engine Day 2:

Summer School Overview Day 0: R bootcamp Day 1: Workflow, Google App Engine Day 2:

Summer School Overview Day 0: R bootcamp Day 1: Workflow, Google App Engine Day 2: Online Experiments Day 3: Data wrangling, visualization Day 4: Statistics, Probabilistic models Day 5: Experience sampling Packages and

750 views • 55 slides
Hangman Game Simple design exercise similar to what you will do for your CS102 project (and

Hangman Game Simple design exercise similar to what you will do for your CS102 project (and

Hangman Game Simple design exercise similar to what you will do for your CS102 project (and what happens in industry!) Project Stages: Requirements, User Interface (UI), Detailed Design, Implementation, Testing,

179 views • 13 slides
I ODIAS TODAI INSTITUTES FOR ADVANCED STUDY

I ODIAS TODAI INSTITUTES FOR ADVANCED STUDY

I ODIAS TODAI INSTITUTES FOR ADVANCED STUDY Kavli Institute for the

260 views • 22 slides
Data-Intensive Distributed Computing CS 431/631 451/651 (Fall 2019) Part 1: MapReduce Algorithm

Data-Intensive Distributed Computing CS 431/631 451/651 (Fall 2019) Part 1: MapReduce Algorithm

Data-Intensive Distributed Computing CS 431/631 451/651 (Fall 2019) Part 1: MapReduce Algorithm Design (2/4) Ali Abedi These slides are available at https://www.student.cs.uwaterloo.ca/~cs451/ This work is licensed under a Creative Commons

679 views • 50 slides
A MICROKERNEL-BASED OPERATING SYSTEM FOR EXASCALE COMPUTING Amnon Barak Hebrew University

A MICROKERNEL-BASED OPERATING SYSTEM FOR EXASCALE COMPUTING Amnon Barak Hebrew University

The Hebrew University of Jerusalem A MICROKERNEL-BASED OPERATING SYSTEM FOR EXASCALE COMPUTING Amnon Barak Hebrew University Jerusalem (HUJI) Hermann Hrtig TU Dresden, Operating Systems Group (TUDOS) Wolfgang Nagel TU Dresden, Center

1.04k views • 51 slides
Visiting a Neighbor Experience what Jesus experience Between Bethany and Jerusalem The Temple

Visiting a Neighbor Experience what Jesus experience Between Bethany and Jerusalem The Temple

Introduction Visiting a Neighbor Experience what Jesus experience Between Bethany and Jerusalem The Temple Mount The Temple Mount keywordsuggest.org http://www.thebiblejourney.org The Parable 1 The Landowner 2 The Vineyard 3 The Wicked

480 views • 16 slides
This Weeks Sermon Rejoice Nehemiah 12:27-43 Context/Recap They were just in mourning

This Weeks Sermon Rejoice Nehemiah 12:27-43 Context/Recap They were just in mourning

This Weeks Sermon Rejoice Nehemiah 12:27-43 Context/Recap They were just in mourning They were just in mourning They were remembering what God had done for their people over the centuries Nehemiah 12:27-43 27 At the dedication of the

529 views • 32 slides
DO NOT WEEP FOR ME; WEEP FOR YOURSELVES AND FOR YOUR CHILDREN Luke 11:50 Therefore this

DO NOT WEEP FOR ME; WEEP FOR YOURSELVES AND FOR YOUR CHILDREN Luke 11:50 Therefore this

DO NOT WEEP FOR ME; WEEP FOR YOURSELVES AND FOR YOUR CHILDREN Luke 11:50 Therefore this generation will be held responsible for the blood of all the prophets DO NOT WEEP FOR ME; WEEP FOR YOURSELVES AND FOR YOUR CHILDREN Luke 11:50

962 views • 8 slides

More recommend