Proof%20Carrying%20Code%20and%20Proof%20Preserving%20Program%20Transformations - PowerPoint PPT Presentation

About This Presentation
Title:

Proof%20Carrying%20Code%20and%20Proof%20Preserving%20Program%20Transformations

Description:

Proof Carrying Code and Proof Preserving Program Transformations ... Before running a program, the code ... Optimization preserves Hoare triple derivability ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 22
Provided by: ando4
Category:

less

Transcript and Presenter's Notes

Title: Proof%20Carrying%20Code%20and%20Proof%20Preserving%20Program%20Transformations


1
Proof Carrying Code and Proof Preserving Program
Transformations
  • Ando Saabas, Institute of Cybernetics
  • CDC Seminar, 21.01.2008

2
Proof Carrying Code
  • Proof-Carrying Code is based on the idea that the
    code producer should provide some evidence that
    the program she distributes is safe and/or
    functionally correct.
  • The program is thus shipped with a certificate
    that attests that it has the desired properties.
  • Before running a program, the code user could
    then check this certificate

3
PCC vs Digital Signatures
  • A digital signature identifies the origin of the
    program
  • It has no direct connection with program
    semantics
  • A digital signature is a syntactic checksum
  • A proof is a semantic checksum

4
Where would proofs come from?
  • For basic safety properties, they can be inferred
    automatically
  • For more complex safety and/or functional
    correctness properties, the code producer would
    use some verification environment to prove the
    source program correct
  • But programs are distributed in compiled form

5
PCC framework
Code producer
Code user
Source program
Specification
Runtime environent
Yes
Compiled program
Program verification environment
Compiler Proof compiler
?
Proof checker
Proof of the compiled program
No
Program proof
6
Proof compilation
  • For non-optimizing compilers it is easy proof
    compilation is (almost) identity
  • Not so if optimizations take place

7
Dead code elimination
Precondition
while i lt n s s c p p c i
while i lt n s s c skip i
Invariant
Postcondition
8
Constant propagation
Precondition
c 5 while i lt n s s c p p c
i
c 5 while i lt n s s 5 p p 5
i
Invariant
Postcondition
9
Proof compilation
  • For non-optimizing compilers it is easy proof
    compilation is (almost) identity
  • Not so if optimizations take place
  • Many different optimizations, each have their own
    particular effect on the proof
  • Need a systematic approach for dealing with this

10
Enter type systems
  • Optimizations are mostly based on dataflow
    analyses
  • Dataflow analyses can be described as type
    systems
  • Type systems can have an optimization component
  • Idea types can guide the transformation of the
    proofs

11
Proof transformation
Source program
Compiler ?
?
Program proof
12
Liveness and dead code elimination
  • A variable is said to be live at the exit from a
    program point, if there exists a path from that
    program point to a use of the variable, that does
    not redefine the variable.
  • Live variable analysis determines, for each
    program point which variables may be live at that
    point
  • Used in dead code elimination

13
Live variable analysis
  • The types and subtyping relation of the type
    system correspond to the poset of the analysis
  • The intuitive meaning of a program typing
  • is that, given a set of variables d which are
    live at the end of the program s, the variables
    in the pretype d may be live at the beginning of
    the program.

14
Type system for liveness analysis
15
Optimizations via type systems
  • Program optimizations can be explained via an
    extended version of the type system.
  • Apart from assigning types to statements, it also
    defines the corresponding optimized forms.
  • A typing judgement has the form
  • where is the s optimized form of s.

16
Type system for dead code elimination
17
Soundness of dead code elimination
  • The typesystematic formulation of dead code
    elimination leads to a simple correctness proof
  • At corresponding program points, the states of
    the original and optimized program agree on all
    variables which are live
  • This can be shown by induction on the typing
    derivation

18
Proof optimization
  • Optimization preserves Hoare triple derivability
  • (Pd is obtained from P by quantifying out all
    program variables not in d).
  • The constructive proof gives us proof
    optimization transformation of Hoare triples
    alongside with programs.

19
Scalability
  • Applied for partial redundancy elimination
  • performs common subexpression elimination and
    code motion at the same time
  • changes the structure of the code
  • requires 4 dataflow analyses
  • Can applied for resource usage proofs

20
Scalability
  • Can be used for optimization which require
    bidirectional analyses.
  • Can be applied to CFG based program and analysis
    descriptions
  • Java bytecode analyses
  • dead store elimination
  • load pop pair elimination
  • store load pair elimination etc

21
Conclusions
  • We have shown the benefits of the typesystematic
    approach to dataflow analyses
  • leads to simple soundness proofs
  • is a viable option for proof transformation and
    can be applied to a very wide array of
    optimizations
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Proof%20Carrying%20Code%20and%20Proof%20Preserving%20Program%20Transformations" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!