verifying optimizations using smt
play

Verifying Optimizations using SMT Solvers Nuno Lopes technology - PowerPoint PPT Presentation

Nov 29, 2023 •890 likes •1.34k views

technology from seed Verifying Optimizations using SMT Solvers Nuno Lopes technology Why verify optimizations? from seed Catch bugs before they even exist Corner cases are hard to debug Time spent in additional verification step

  1. technology from seed Verifying Optimizations using SMT Solvers Nuno Lopes

  2. technology Why verify optimizations? from seed • Catch bugs before they even exist • Corner cases are hard to debug • Time spent in additional verification step pays off • Technology available today, with more to follow Verifying Optimizations Using SMT Solvers

  3. technology Not a replacement for testing from seed “Beware of bugs in the above code; I have only proved it correct, not tried it” Donald Knuth, 1977 Verifying Optimizations Using SMT Solvers

  4. technology Outline from seed • SAT/SMT Solvers • InstCombine • Assembly • ConstantRange • Future developments Verifying Optimizations Using SMT Solvers

  5. technology Outline from seed • SAT/SMT Solvers • InstCombine • Assembly • ConstantRange • Future developments Verifying Optimizations Using SMT Solvers

  6. technology SAT Solvers from seed • A SAT solver takes a Boolean formula as input: – 𝑏 ∨ 𝑐 ∨ 𝑑 ∧ ¬𝑐 ∨ 𝑑 • And returns: – SAT, if the formula is satisfiable – UNSAT, if the formula is unsatisfiable • If SAT, we also get a model: – 𝑏 = true, 𝑐 = false, 𝑑 = false Verifying Optimizations Using SMT Solvers

  7. technology SMT Solvers from seed • Generalization of SAT solvers • Variables can take other domains: – Booleans – Bit-vectors – Reals (linear / non-linear) – Integers (linear / non-linear) – Arrays – Data types – Floating point – Uninterpreted functions (UFs) – … Verifying Optimizations Using SMT Solvers

  8. technology Available SMT Solvers from seed • Boolector • CVC4 • MathSAT 5 • STP • Z3 (http://rise4fun.com/Z3/) Verifying Optimizations Using SMT Solvers

  9. technology Bit-Vector Theory from seed • Operations between bit-vector variables: – Add/Sub/Mul/Div/Rem – Shift and rotate – Zero/sign extend – Bitwise And/or/neg/not/nand/xor /… – Comparison: ge /le/… – Concat and extract • Includes sign/unsigned variants • Variables of fixed bit width Verifying Optimizations Using SMT Solvers

  10. technology Bit-vector theory: example from seed • Let’s prove that the following are equivalent: – 𝑦 − 1 &𝑦 = 0 – 𝑦&(−𝑦) = 𝑦 • Thinking SMT: – “Both formulas give the same result for all 𝑦 ” – “There isn’t a value for 𝑦 such that the result of the formulas differs” Verifying Optimizations Using SMT Solvers

  11. technology Example in SMT-LIB 2 from seed (declare-fun x () (_ BitVec 32)) (assert (not (= ; x&(x-1) == 0 (= (bvand x (bvsub x #x00000001)) #x00000000) ; x&(-x) == x (= (bvand x (bvneg x)) x)) ))) > unsat (check-sat) http://rise4fun.com/Z3/2YFz Verifying Optimizations Using SMT Solvers

  12. technology Example: really testing for power of 2? from seed (declare-fun x () (_ BitVec 4)) (assert (not (= ; x&(x-1) == 0 (= (bvand x (bvsub x #x1)) #x0) ; x == 1 or x == 2 or x == 4 or x == 8 (or (= x #x1) (= x #x2) (= x #x4) (= x #x8)) ))) > sat (check-sat) > (model (define-fun x () (_ BitVec 4) (get-model) #x0)) http://rise4fun.com/Z3/qGl2 Verifying Optimizations Using SMT Solvers

  13. technology Outline from seed • SAT/SMT Solvers • InstCombine • Assembly • ConstantRange • Future developments Verifying Optimizations Using SMT Solvers

  14. technology InstCombine from seed • Optimizes sequences of instructions • Perfect target for verification with SMT solvers Verifying Optimizations Using SMT Solvers

  15. technology InstCombine Example from seed ; (A ^ -1) & (1 << B) != 0 %neg = xor i32 %A, -1 %shl = shl i32 1, %B %and = and i32 %neg, %shl %cmp = icmp ne i32 %and, 0 ⇒ ; (1 << B) & A == 0 %shl = shl i32 1, %B %and = and i32 %shl, %A %cmp = icmp eq i32 %and, 0 Verifying Optimizations Using SMT Solvers

  16. technology InstCombine Example from seed (declare-fun A () (_ BitVec 32)) (declare-fun B () (_ BitVec 32)) (assert (not (= ; (1 << B) & (A ^ -1) != 0 (not (= (bvand (bvshl #x00000001 B) (bvxor A #xffffffff)) #x00000000)) > sat > (model (define-fun A () (_ BitVec 32) ; (1 << B) & A == 0 #x00000000) (= (bvand (bvshl #x00000001 B) A) #x00000000) (define-fun B () (_ BitVec 32) ))) #x00020007) ) (check-sat) http://rise4fun.com/Z3/OmRP Verifying Optimizations Using SMT Solvers

  17. technology InstCombine Example from seed (declare-fun A () (_ BitVec 32)) (declare-fun B () (_ BitVec 32)) (assert (bvule B #x0000001F)) (assert (not (= ; (1 << B) & (A ^ -1) != 0 (not (= (bvand (bvshl #x00000001 B) (bvxor A #xffffffff)) #x00000000)) ; (1 << B) & A == 0 (= (bvand (bvshl #x00000001 B) A) #x00000000) ))) > unsat (check-sat) http://rise4fun.com/Z3/pj2B Verifying Optimizations Using SMT Solvers

  18. technology Outline from seed • SAT/SMT Solvers • InstCombine • Assembly • ConstantRange • Future developments Verifying Optimizations Using SMT Solvers

  19. technology IR to Assembly from seed • PR16426: poor code for multiple __builtin_*_overflow() // returns x * y + z // 17 instructions on X86 unsigned foo(unsigned x, unsigned y, unsigned z) { unsigned res; if (__builtin_umul_overflow(x, y, &res) | __builtin_uadd_overflow(res, z, &res)) { return 0; } return res; } Verifying Optimizations Using SMT Solvers

  20. technology PR16426: IR from seed define i32 foo(i32 %x, i32 %y, i32 %z) { entry: %0 = call { i32, i1 } @llvm.umul.with.overflow.i32(i32 %x, i32 %y) %1 = extractvalue { i32, i1 } %0, 1 %2 = extractvalue { i32, i1 } %0, 0 %3 = call { i32, i1 } @llvm.uadd.with.overflow.i32(i32 %2, i32 %z) %4 = extractvalue { i32, i1 } %3, 1 %or3 = or i1 %1, %4 br i1 %or3, label %return, label %if.end if.end: %5 = extractvalue { i32, i1 } %3, 0 br label %return return: %retval.0 = phi i32 [ %5, %if.end ], [ 0, %entry ] ret i32 %retval.0 } Verifying Optimizations Using SMT Solvers

  21. technology PR16426: Current X86 Assembly from seed (17 instructions) foo: # BB#0: # %entry pushl %esi movl 8(%esp), %eax mull 12(%esp) pushfl popl %esi addl 16(%esp), %eax setb %dl xorl %ecx, %ecx pushl %esi popfl jo .LBB0_3 # BB#1: # %entry testb %dl, %dl jne .LBB0_3 # BB#2: # %if.end movl %eax, %ecx .LBB0_3: # %return movl %ecx, %eax popl %esi ret Verifying Optimizations Using SMT Solvers

  22. technology PR16426: Proposed X86 Assembly from seed (8 instructions) movl 8(%esp), %eax mull 12(%esp) addl 16(%esp), %eax adcl %edx, %edx jne .LBB0_1 .LBB0_2: # result already in EAX ret .LBB0_1: xorl %eax, %eax jmp .LBB0_2 Verifying Optimizations Using SMT Solvers

  23. technology PR16426: Michael says my proposal from seed has a bug movl 8(%esp), %eax mull 12(%esp) addl 16(%esp), %eax adcl 0, %edx jne .LBB0_1 .LBB0_2: # result already in EAX ret .LBB0_1: xorl %eax, %eax jmp .LBB0_2 Verifying Optimizations Using SMT Solvers

  24. technology PR16426: Asm in SMT from seed ; movl 8(%esp), %eax ; mull 12(%esp) (assert (let ((mul (bvmul ((_ zero_extend 32) x) ((_ zero_extend 32) y)))) (and (= EAX ((_ extract 31 0) mul)) (= EDX ((_ extract 63 32) mul)) ))) Verifying Optimizations Using SMT Solvers

  25. technology PR16426: Asm in SMT from seed ; addl 16(%esp), %eax (assert (and (= EAX2 (bvadd EAX z)) (= CF ((_ extract 32 32) (bvadd ((_ zero_extend 1) EAX) ((_ zero_extend 1) z)))) )) Verifying Optimizations Using SMT Solvers

  26. technology PR16426: Asm in SMT from seed ; adcl %edx, %edx (assert (and (= EDX2 (bvadd EDX EDX ((_ zero_extend 31) CF))) (= ZF (= EDX2 #x00000000)) )) Verifying Optimizations Using SMT Solvers

  27. technology PR16426: Asm in SMT from seed jne .LBB0_1 # Jump if ZF=0 .LBB0_2: ret .LBB0_1: xorl %eax, %eax jmp .LBB0_2 (assert (= asm_result (ite ZF EAX2 #x00000000) )) Verifying Optimizations Using SMT Solvers

  28. technology PR16426: IR in SMT from seed (assert (= llvm_result (let ((overflow (or (bvugt (bvmul ((_ zero_extend 32) x) ((_ zero_extend 32) y)) #x00000000FFFFFFFF) (bvugt (bvadd ((_ zero_extend 4) (bvmul x y)) ((_ zero_extend 4) z)) #x0FFFFFFFF)))) (ite overflow #x00000000 (bvadd (bvmul x y) z))) )) Verifying Optimizations Using SMT Solvers

  29. technology PR16426: Correctness from seed (declare-fun x () (_ BitVec 32)) (declare-fun y () (_ BitVec 32)) (declare-fun z () (_ BitVec 32)) > sat (assert (not (= > (model asm_result (define-fun z () (_ BitVec 32) llvm_result #x15234d22) ))) (define-fun y () (_ BitVec 32) #x84400100) (define-fun x () (_ BitVec 32) (check-sat) #xf7c5ebbe) (get-model) ) http://rise4fun.com/Z3/VIxt Verifying Optimizations Using SMT Solvers

  30. technology Outline from seed • SAT/SMT Solvers • InstCombine • Assembly • ConstantRange • Future developments Verifying Optimizations Using SMT Solvers

  31. technology ConstantRange from seed • Data-structure that represents ranges of integers with overflow semantics (i.e., bit-vectors) – [0,5) – from 0 to 4 – [5,2) – from 5 to INT_MAX or from 0 to 1 • Used by Lazy Value Info (LVI), and Correlated Value Propagation (CVP) • Several bugs in the past (correctness and optimality) Verifying Optimizations Using SMT Solvers

  32. technology ConstantRange::signExtend() from seed • 8 lines of C++ • Is it correct? Verifying Optimizations Using SMT Solvers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Alive2 Verifying existing optimizations Nuno Lopes John Regehr Microsoft Research University

Alive2 Verifying existing optimizations Nuno Lopes John Regehr Microsoft Research University

Alive2 Verifying existing optimizations Nuno Lopes John Regehr Microsoft Research University of Utah Alive Found dozens of bugs in LLVM Avoided many other bugs due to use before commit Verifying peephole optimizations $ alive

863 views • 28 slides
LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown

LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown

LifeJacket: Verifying Precise Floating-Point Optimizations in LLVM Andres Ntzli , Fraser Brown Stanford University How about: float y = x; Nope: if x = -0.0 then y = +0.0 Motivating Example Suppose we want to optimize: float y = +0.0 -

463 views • 35 slides
Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations

Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations

Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations time occurs in loops First, we will identify loops We will study three optimizations Loop-invariant code motion This lecture is

249 views • 5 slides
Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and

Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and

Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and control flow graphs local optimizations global optimizations 1 EECS 665 Compiler Construction Compiler Optimizations Compiler

454 views • 24 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Khem Raj Embedded Linux Conference 2014, San Jose, CA } What is GCC } General Optimizations

Khem Raj Embedded Linux Conference 2014, San Jose, CA } What is GCC } General Optimizations

Khem Raj Embedded Linux Conference 2014, San Jose, CA } What is GCC } General Optimizations } GCC specific Optimizations } Embedded Processor specific Optimizations } Approaches to speed up compile time } Additional tools }

419 views • 29 slides
Density Estimation Optimizations for Global Illumination Rub en Garc a, Carlos Ure na,

Density Estimation Optimizations for Global Illumination Rub en Garc a, Carlos Ure na,

Introduction New optimizations Theoretical study Future Work Conclusion Density Estimation Optimizations for Global Illumination Rub en Garc a, Carlos Ure na, Jorge Revelles, Miguel Lastra, Rosana Montes Thursday, February 2,

383 views • 14 slides
Daydream: Accurately Estimating the Efficacy of Optimizations for DNN Training Hongyu Zhu 1,2 ,

Daydream: Accurately Estimating the Efficacy of Optimizations for DNN Training Hongyu Zhu 1,2 ,

Daydream: Accurately Estimating the Efficacy of Optimizations for DNN Training Hongyu Zhu 1,2 , Amar Phanishayee 3 , Gennady Pekhimenko 1,2 1 2 3 1 Executive Summary Motivation: Benefits of many DNN optimizations are not easy to exploit

449 views • 27 slides
Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers Dining Philosophers Peter Welch and Neil Brown Peter Welch and Neil Brown School of Computing, University of Kent, UK School of Computing,

675 views • 44 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
Compiler Construction Lecture 16: Introduction to optimizations 2020-03-03 Michael Engel

Compiler Construction Lecture 16: Introduction to optimizations 2020-03-03 Michael Engel

Compiler Construction Lecture 16: Introduction to optimizations 2020-03-03 Michael Engel Overview Optimizations Definition, objectives, location in the compiler tool flow Obtaining and applying evaluation criteria Common vs.

537 views • 18 slides
Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving trigonometric functions. We learn to verify and spend time verifying trigonometric identities because the practice we get verifying trigonometric

661 views • 46 slides
Dynamic Optimizations Last time Predication and speculation Today Dynamic compilation

Dynamic Optimizations Last time Predication and speculation Today Dynamic compilation

Dynamic Optimizations Last time Predication and speculation Today Dynamic compilation CS553 Lecture Dynamic Optimizations 2 Motivation Limitations of static analysis Programs can have values and invariants that are known at

375 views • 14 slides
Verifying the SET Protocol: Overview Lawrence C Paulson, Computer Laboratory, University of

Verifying the SET Protocol: Overview Lawrence C Paulson, Computer Laboratory, University of

Verifying the SET Protocol: Overview Lawrence C Paulson, Computer Laboratory, University of Cambridge (Joint with Giampaolo Bella and Fabio Massacci) Plan of Talk The SET Protocol Defining the Formal Models Verifying the

570 views • 24 slides
Analysis and Optimizations Analysis and Optimizations Program Analysis Program Analysis

Analysis and Optimizations Analysis and Optimizations Program Analysis Program Analysis

Analysis and Optimizations Analysis and Optimizations Program Analysis Program Analysis Discovers properties of a program Optimizations Using Program Analysis Use analysis results to transform program Use analysis results

744 views • 17 slides
Satisfiability Marco Chiarandini Department of Mathematics &amp; Computer Science University of

Satisfiability Marco Chiarandini Department of Mathematics &amp; Computer Science University of

DM841 D ISCRETE O PTIMIZATION Part 2 Heuristics Satisfiability Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark SAT Outline 1. SAT Mathematical Programming Constraint Programming

580 views • 24 slides
Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H.

Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H.

Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H. Korhonen* University of Helsinki, Department of Computer Science, and Helsinki Institute for Information Technology HIIT 1.

886 views • 39 slides
SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr 1 Centrum voor Wiskunde en Informatica, Software Engineering, Amsterdam, The Netherlands 2 University of Oldenburg, Department of Computing Science,

773 views • 66 slides
A Faster Algorithm for Propositional Model Counting Parameterized by Incidence Treewidth

A Faster Algorithm for Propositional Model Counting Parameterized by Incidence Treewidth

A Faster Algorithm for Propositional Model Counting Parameterized by Incidence Treewidth Friedrich Slivovsky and Stefan Szeider 1 Propositional Model Counting (#SAT) 2 Propositional Model Counting (#SAT) SAT Does have a satisfying

1.31k views • 102 slides
The SAT 2009 competition results does theory meet practice? Daniel Le Berre Olivier Roussel

The SAT 2009 competition results does theory meet practice? Daniel Le Berre Olivier Roussel

The SAT 2009 competition results does theory meet practice? Daniel Le Berre Olivier Roussel Laurent Simon Andreas Goerdt Ines Lynce Aaron Stump Supported by CRIL, LRI and French ANR UNLOC SAT 2009 conference, Swansea, 3 July 2009 1/65 For

951 views • 68 slides
SAT-Based Planning Sven Koenig, USC Russell and Norvig, 3 rd Edition, Section 10.4.1 These slides

SAT-Based Planning Sven Koenig, USC Russell and Norvig, 3 rd Edition, Section 10.4.1 These slides

12/18/2019 SAT-Based Planning Sven Koenig, USC Russell and Norvig, 3 rd Edition, Section 10.4.1 These slides are new and can contain mistakes and typos. Please report them to Sven (skoenig@usc.edu). 1 SAT-Based Planning Planning problem

239 views • 8 slides
Solving AI Planning Problems with SAT SAT solving Invariants Conclusion References Jussi

Solving AI Planning Problems with SAT SAT solving Invariants Conclusion References Jussi

Planning with SAT Introduction Encodings Solver Calls Solving AI Planning Problems with SAT SAT solving Invariants Conclusion References Jussi Rintanen EPCL, Dresden, November 2013 Reduction of AI Planning to SAT Kautz and Selman 1992

1.49k views • 111 slides
Circuit Languages at the Confluence of Learning and Reasoning Guy Van den Broeck KR2ML Workshop

Circuit Languages at the Confluence of Learning and Reasoning Guy Van den Broeck KR2ML Workshop

Computer Science Circuit Languages at the Confluence of Learning and Reasoning Guy Van den Broeck KR2ML Workshop @ NeurIPS, December 13, 2019 The AI Dilemma Pure Learning Pure Logic The AI Dilemma Pure Learning Pure Logic Slow

528 views • 41 slides

More recommend