A simple, verified validator for software pipelining

TristanJean-Baptiste,; LeroyXavier,

doi:10.1145/1707801.1706311

Cited by 14 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, we prove the soundness of a number of re-writes, such as the communting equation, duplication elimination, pure lambda-hoist, etc. We also prove the soundness of the Masking rule and discuss the loop-unrolling example in [31].…”

Section: A Online Appendixmentioning

confidence: 97%

“…To give an impression of the formulation of these validations we state the corresponding proposition for "dead computation" which is particularly interesting in that it contains a termination precondition. The proof, and details of the other equations are in the appendix, which also contains a validation of loop unrolling optimisation described by Tristan and Leroy [31].…”

Section: Heap Persmentioning

confidence: 99%

“…As described in [31] implementing and proving the correctness of loop unrolling techniques is hard as one needs to demonstrate that the program resulting from loop unrolling that can be executed in parallel is equivalent to the original sequential program. We briefly illustrate the power of our system with regions and effects by one of the running examples in [31]. Consider a loop program whose body is depicted in Figure 6.…”

Section: Prologmentioning

confidence: 99%

See 2 more Smart Citations

Abstract effects and proof-relevant logical relations

2014

View full text Add to dashboard Cite

We introduce a novel variant of logical relations that maps types not merely to partial equivalence relations on values, as is commonly done, but rather to a proof-relevant generalisation thereof, namely setoids. The objects of a setoid establish that values inhabit semantic types, whilst its morphisms are understood as proofs of semantic equivalence. The transition to proof-relevance solves two well-known problems caused by the use of existential quantification over future worlds in traditional Kripke logical relations: failure of admissibility, and spurious functional dependencies. We illustrate the novel format with two applications: a direct-style validation of Pitts and Stark's equivalences for "new" and a denotational semantics for a region-based effect system that supports type abstraction in the sense that only externally visible effects need to be tracked; non-observable internal modifications, such as the reorganisation of a search tree or lazy initialisation, can count as 'pure' or 'read only'. This 'fictional purity' allows clients of a module soundly to validate more effect-based program equivalences than would be possible with traditional effect systems. Syntax and SemanticsWe will interpret effect-refined types over a somewhat generic, untyped denotational model for stateful computations in the category of predomains (ω-cpos). We also introduce a meta-language [24], providing concrete syntax for functions in the model. We omit the standard details of interpreting CBV programming languages via such a metalanguage, or proofs of adequacy, relating the operationally induced observational (in)equivalence to (in)equality in the model. Denotational model We assume predomains V and H modelling values and heaps, respectively. As much of the metatheory does not rely on the finer details of how these predomains are defined, we axiomatise the properties we use. Firstly, we assume the existence of a set of (concrete) locations L and for each h ∈ H a finite set dom(h) ⊆ L. We also assume a constant ∅ ∈ H, the empty heap.where l ∈ L and h ′ ∈ H. These three operations are continuous, in particular, h ≤ h ′ ⇒ dom(h) ⊆ dom(h ′ ) and the following axioms hold:then dom(h ′ ) = dom(h)∪{l} and l dom(h) and h ′ (l) = v. Given V this abstract datatype can be implemented in a number of ways, e.g., as finite maps. We define the domain of computations C to be partial continuous functions from H to H × V, the bottom element being the everywhere undefined function.We assume that V embeds tuples of values, i.e., if v 1 , . . . , v n ∈ V then (v 1 , . . . , v n ) ∈ V and it is possible to tell whether a value is of that form and in this case to retrieve the components. We also assume that V embeds continuous functions f : V → C, i.e., if f is such a function then fun( f ) ∈ V and, finally, locations are also values, i.e. if l ∈ L then loc(l) ∈ V and one can tell whether a value is a location or a function. A canonical example of such a V is the least solution to the predomain equation with C = H ⇁ H×V and V ≃ int(Z) + fun(V → C...

show abstract

Section: A Online Appendixmentioning

confidence: 97%

Section: Heap Persmentioning

confidence: 99%

Section: Prologmentioning

confidence: 99%

See 1 more Smart Citation

Abstract effects and proof-relevant logical relations

2014

View full text Add to dashboard Cite

show abstract

“…Loop Parallelization: Our next example is inspired by a loop unrolling optimization [26]. Assume given a linked list of integers head n 0 n 1 n j null n −1 n −k head n j+1 null Figure 1.…”

Section: Introductionmentioning

confidence: 99%

Effect-dependent transformations for concurrent programs

Benton

Hofmann

Nigam

2018

Science of Computer Programming

View full text Add to dashboard Cite

We describe a denotational semantics for an abstract effect system for a higher-order, shared-variable concurrent programming language. We prove the soundness of a number of general effectbased program equivalences, including a parallelization equation that specifies sufficient conditions for replacing sequential composition with parallel composition. Effect annotations are relative to abstract locations specified by contracts rather than physical footprints allowing us in particular to show the soundness of some transformations involving fine-grained concurrent data structures, such as Michael-Scott queues, that allow concurrent access to different parts of mutable data structures.Our semantics is based on refining a trace-based semantics for first-order programs due to Brookes. By moving from concrete to abstract locations, and adding type refinements that capture the possible side-effects of both expressions and their concurrent environments, we are able to validate many equivalences that do not hold in an unrefined model. The meanings of types are expressed using a game-based logical relation over sets of traces. Two programs e 1 and e 2 are logically related if one is able to solve a two-player game: for any trace with result value v 1 in the semantics of e 1 (challenge) that the player presents, the opponent can present an (response) equivalent trace in the semantics of e 2 with a logically related result value v 2 .

show abstract

“…Projects like CompCert [9,[16][17][18] are tackling the problem of compiler bugs by mechanically verifying the correctness of compilers. Indeed, although the aforementioned study uncovered many bugs in other compilers, the only bugs found in CompCert were in those parts of the compiler not (yet) formally verified.…”

Section: Introductionmentioning

confidence: 99%

Formal verification of SSA-based optimizations for LLVM

Zhao

Nagarakatte

Martin

et al. 2013

Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Modern compilers, such as LLVM and GCC, use a static single assignment (SSA) intermediate representation (IR) to simplify and enable many advanced optimizations. However, formally verifying the correctness of SSA-based optimizations is challenging because SSA properties depend on a function's entire control-flow graph.This paper addresses this challenge by developing a proof technique for proving SSA-based program invariants and compiler optimizations. We use this technique in the Coq proof assistant to create mechanized correctness proofs of several "micro" transformations that form the building blocks for larger SSA optimizations. To demonstrate the utility of this approach, we formally verify a variant of LLVM's mem2reg transformation in Vellvm, a Coq-based formal semantics of the LLVM IR. The extracted implementation generates code with performance comparable to that of LLVM's unverified implementation.

show abstract

A simple, verified validator for software pipelining

Cited by 14 publications

References 28 publications

Abstract effects and proof-relevant logical relations

Abstract effects and proof-relevant logical relations

Effect-dependent transformations for concurrent programs

Formal verification of SSA-based optimizations for LLVM

Contact Info

Product

Resources

About