have your verified compiler and extend it too zachary tatlock sorin lerner uc san diego
TRANSCRIPT
- Slide 1
- Have Your Verified Compiler And Extend It Too Zachary Tatlock Sorin Lerner UC San Diego
- Slide 2
- Compiler Correctness Building robust compilers is difficult complex interactions resist testing Compiler bugs are contagious invalidate source level guarantees Few users extend their compiler hand optimized, unreadable code
- Slide 3
- Verified Compilers Implement compiler in proof assistant Prove compiler correct interactively CompCert [Leroy], Lambda Tamer [Chlipala] Strong Guarantee Difficult to Extend
- Slide 4
- DSL-based Compilers Domain Specific Language for optimizations DSL opts proven correct automatically Rhodium [POPL 05], PEC [PLDI 09] Easier to Extend Weaker Guarantee
- Slide 5
- Contribution PEC CompCert harder to extend easier to extend stronger guarantee weaker guarantee DSL Execution Engine + Correctness Proof Reduce TCB Add Extensibility PEC XCertCompCert
- Slide 6
- XCert Rewrite Rule PEC Extensible & Correct Compiler Rewrite Locally Correct CompCert C Asm Correct Compiler Main Theorem Proved in Coq : XCert Rules Locally Correct XCert Correct Formal Correctness Proof in Coq Bulk of the development effort [PLDI 09]
- Slide 7
- Extensible & Correct Compiler 1 Rewrite Rule PEC CompCert C Asm 2 XCert Challenges and Evaluation 3 [PLDI 09]
- Slide 8
- Rewrite Rule Find & Replace Match Pattern C x < 10 IxIx Apply Subst while(C ) I += 2 while(C ) I ++ PEC x = 0 while(x < 10) x += 2 return x x = 0 while(x < 10) x ++ return x [PLDI 09]
- Slide 9
- I ++ !C!C C I +=2 !C!C C PEC Checker 1.Convert to CFG 2.Guess Sync Points 3.Check w/ SMT A B PEC SMT Checked A A A B while(C ) I += 2 while(C ) I ++ C I +=2 I ++ C A A [PLDI 09]
- Slide 10
- XCert Module 1.Rule in Coq 2.SMT Checks A B SMT Checked A A A B PEC
- Slide 11
- Extensible & Correct Compiler 1 Rewrite Rule PEC 2 XCert [PLDI 09] Challenges and Evaluation 3
- Slide 12
- XCert Correctness Proof Small Step Execute instruction Step state S to S S S
- Slide 13
- Equivalent Executions Initial Equiv Prove Simulation Diagram CompCert Small Step Library: Sim Diagram Progs Equiv L L R R L ~ R < < L L R L ~ R: R R Final Equiv XCert Correctness Proof
- Slide 14
- XCert Simulation Diagram XCert Module A A A B A B SMT Checked A A A B
- Slide 15
- Extensible & Correct Compiler 1 Rewrite Rule PEC 2 XCert [PLDI 09] Challenges and Evaluation 3
- Slide 16
- Challenges (see paper) XCert Execution Engine CFG pattern matching CFG splicing XCert Correctness Proof Managing case explosion Verified validation [Tristan and Leroy] Preserving non-terminating behaviors
- Slide 17
- Evaluation Engine:1,000 lines of Coq functional code Proof :3,000 lines of Coq proof script Trusted Computing Base (TCB) Compcert:Coq + Coq encoding of C sem XCert adds:SMT+ SMT encoding of C sem
- Slide 18
- Evaluation Extensibility: Support PEC Opts [PLDI 09] No manual proof effort or TCB increase Maintain Compcert end-to-end correctness Sample of Optimizations Run: Loop Invariant Code HoistLoop Peeling Software PipeliningConditional Speculation Loop UnswitchingPartial Redundancy Elim
- Slide 19
- 1 Rewrite Rule PEC 2 XCert [PLDI 09] Extensible & Correct Compiler Thank You!