Creating Formally Verified Components for Layered Assurance with an LLVM-to-ACL2 Translator
|
|
- Timothy Little
- 6 years ago
- Views:
Transcription
1 Creating Formally Verified Components for Layered Assurance with an LLVM-to-ACL2 Translator Jennifer Davis, David Hardin, Jedidiah McClurg December 2013
2 Introduction Research objectives: Reduce need to trust compiler optimizations by reasoning about post-optimization intermediate representations Reason about small fragments of code written in assembly language We wish to create a library of formally verified software component models for layered assurance. In our current work, the components are in LLVM intermediate form. We wish to translate them to a theorem proving language, such as ACL2. We built an LLVM-to-ACL2 translator 2
3 Motivating Work Jianzhou Zhao (U Penn) et al. produced several different formalizations of operational semantics for LLVM in Coq. (2012) Intention to produce a verified LLVM compiler Magnus Myreen s (Cambridge) decompilation into logic work (2009) Imperative machine code (PPC, x86, ARM) -> HOL4 Extracts functional behavior of imperative code Assures decompilation process is sound Andrew Appel (Princeton) observed that SSA is functional programming (1998) This inspired us to build a translator from LLVM to ACL2 3
4 LLVM LLVM is the intermediate form for many common compilers, including clang. LLVM code generation targets exist for a wide variety of machines LLVM is a register-based intermediate in Static Single Assignment (SSA) form (each variable is assigned exactly once). An LLVM program consists of a list of entities. There are eight types including: function declarations function definitions Our software component models are created from code that has been compiled into the LLVM intermediate form 4
5 ACL2 A Computational Logic for Applicative Common Lisp (ACL2) Highly automated theorem proving system Functional language with admission criteria Executable subset of language Rich set of legal identifiers (@foo, Side-effect free subset of Lisp, so it inherits Lisp peculiarities Function definition: (defun funname (parm1 parm2 parm3) (<body>)) Function invocation: (funname x y z) let binds variables to values within a function body Multiway conditionals use the cond form Lists are the fundamental data structure ACL2 supports integers and rationals Lisp predicate names are traditionally given a suffix of p 5
6 LLVM-to-ACL2 Translation Toolchain theorem prover 6
7 Example C Source long sumarr(unsigned int n, long sum, long *array) { unsigned int j = 0; for (j = 0; j < n; j++) { sum += array[j]; } return sum; } We can produce LLVM from C source as follows: clang O4 S emit-llvm sumarr.c 7
8 Example LLVM C Source: long sumarr(unsigned int n, long sum, long *array) { unsigned int j = 0; for (j = 0; j < n; j++) { sum += array[j];} return sum;} define %n, i64 %sum, i64* nocapture %array) nounwind uwtable readonly { %1 = icmp eq i32 %n, 0 br i1 %1, label %._crit_edge, label %.lr.ph j sum.lr.ph: ; preds = %.lr.ph, %0 %indvars.iv = phi i64 [ %indvars.iv.next, %.lr.ph ], [ 0, %0 ] %.06 = phi i64 [ %4, %.lr.ph ], [ %sum, %0 ] %2 = getelementptr inbounds i64* %array, i64 %indvars.iv %3 = load i64* %2, align 8,!tbaa!0 %4 = add nsw i64 %3, %.06 %indvars.iv.next = add i64 %indvars.iv, 1 %lftr.wideiv = trunc i64 %indvars.iv.next to i32 %exitcond = icmp eq i32 %lftr.wideiv, %n br i1 %exitcond, label %._crit_edge, label %.lr.ph._crit_edge: ; preds = %.lr.ph, %0 %.0.lcssa = phi i64 [ %sum, %0 ], [ %4, %.lr.ph ] ret i64 %.0.lcssa } 8
9 Translation Snippet Each block within an LLVM function contains a list of instructions in SSA form with type information. Hence we can readily convert a list of instructions into an appropriate let construct. %2 = getelementptr inbounds i64* %array, i64 %indvars.iv %3 = load i64* %2, align 8,!tbaa!0 %4 = add nsw i64 %3, %.06 (let ((%2 (getelementptr %array %indvars.iv 8))) (let ((%3 (load-i64l %2 st))) (let ((%4 (ifix (+ %3 %.06))))...))) 9
10 Main Translator Algorithm Translator Get Function Names Remove Aliases Promote Blocks to Functions Translate to ACL2 LLVM AST ACL2 Code 10
11 Remove Aliases Aliases allow new names to be used for globals and = global i32 = = alias We eliminate these 11
12 Main Translator Algorithm Translator Get Function Names Remove Aliases Promote Blocks to Functions Translate to ACL2 LLVM AST ACL2 Code 12
13 Promote Blocks to Functions As we have seen, LLVM functions often contain inner blocks and branch instructions Each of these blocks is pulled out as a new function. For each block, the phi instructions denote variables that become parameters for that new function. %.06 = phi i64 [ %4, %.lr.ph ], [ %sum, %0 ] The phi instructions also tell us the parameter values that must be used at the new function s call site(s) 13
14 Dealing with Order of Declarations ACL2 requires functions and constants to be defined before they are used We do a topological sort on each of the call/dependency graphs 14
15 Main Translator Algorithm Translator Get Function Names Remove Aliases Promote Blocks to Functions Translate to ACL2 LLVM AST ACL2 Code 15
16 Translate to ACL2 Function declaration ACL2 function stub Function definition with instruction list ACL2 defun construct with a nested let-bound expression Memory ACL2 single-threaded object (stobj) for efficient execution Floating-point number corresponding rational number (+ 1 (/2 10) (/3 100) (/4 1000)) 16
17 Example ACL2.lr.ph: ; preds = %.lr.ph, %0 %indvars.iv = phi i64 [ %indvars.iv.next, %.lr.ph ], [ 0, %0 ] %.06 = phi i64 [ %4, %.lr.ph ], [ %sum, %0 ] %2 = getelementptr inbounds i64* %array, i64 %indvars.iv %3 = load i64* %2, align 8,!tbaa!0 %4 = add nsw i64 %3, %.06 %indvars.iv.next = add i64 %indvars.iv, 1 %lftr.wideiv = trunc i64 %indvars.iv.next to i32 %exitcond = icmp eq i32 %lftr.wideiv, %n br i1 %exitcond, label %._crit_edge, label %.lr.ph (%.06 %indvars.iv %n %array st) (declare (xargs :stobjs st :guard (and (integerp %.06) (natp %indvars.iv) (natp %n) (natp %array)))) (let ((%2 (getelementptr %array %indvars.iv 8))) (let ((%3 (load-i64l %2 st))) (let ((%4 (ifix (+ %3 %.06)))) (let ((%indvars.iv.next (nfix (+ %indvars.iv 1)))) (let ((%exitcond (if (= %indvars.iv.next %n) 1 0))) (if (= %exitcond 1) %4 (@sumarr_%.lr.ph %4 %indvars.iv.next %n %array st)))))))) 17
18 Example ACL2 (%.06 %indvars.iv %n %array st) (declare (xargs :measure (nfix (- (nfix %n) (nfix %indvars.iv))) :stobjs st :guard (and (integerp %.06) (natp %indvars.iv) (natp %n) (natp %array) (< %indvars.iv %n)))) (if (not (and (mbt (integerp %.06)) (mbt (natp %indvars.iv)) (mbt (natp %n)) (mbt (natp %array)) (mbt (< %indvars.iv %n)))) %.06 (let ((%2 (getelementptr %array %indvars.iv 8))) (let ((%3 (load-i64l %2 st))) (let ((%4 (ifix (+ %3 %.06)))) (let ((%indvars.iv.next (nfix (+ %indvars.iv 1)))) (let ((%exitcond (if (= %indvars.iv.next %n) 1 0))) (if (= %exitcond 1) %4 (@sumarr_%.lr.ph %4 %indvars.iv.next %n %array st))))))))) 18
19 Tail Recursion Note that the translated function for the LLVM loop becomes a tail-recursive function (uses an accumulator) in ACL2. Tail-recursive functions are nice for execution, since an arbitrary number of recursive tail calls can be made without exhausting the stack. However, tail-recursive functions are not convenient for reasoning because they pollute the induction scheme. We can generate non-tail-recursive functions operating over simple lists from tail-recursive, stobj-based functions. This technique is called Hardin s Bridge*. *in memory of Scott Hardin, a civil engineer who designed several physical bridges, and a man who valued rigor. He was the father of one of the authors. 19
20 Hardin's Bridge defiteration Form: Tail recursive with mutable state (x-tail k res st) defiteration for(k=0; k< *SZ*; k++) { res = op(d[k], res); } Form: Imperative and operating over an array Form: Non-tail-recursive with mutable state (x-iter j res st) (defun x (res d) (if (endp d) res (op (car d) (x res (cdr d)))) Form: Non-tail-recursive and operating over a list 3 20
21 Applying Hardin s Bridge We use the bridge technique to prove is equal to the following non-tail-recursive function: (defun sumlist64 (res lst) (declare (xargs :measure (len lst))) (cond ((not (true-listp lst)) (ifix res)) ((endp lst) (ifix res)) (t (+ (ifix (load-i64ll (take 8 lst))) (sumlist64 res (nthcdr 8 lst)))))) Proving properties can then be accomplished by proving them instead about sumlist64, a nontail-recursive function better suited for theorem proving 21
22 Current State of the Translator We use the def::ung macro to automatically define the domain of recursive functions. This allows recursive functions to be admitted in ACL2 without manually adding measures. We added support for modular arithmetic (e.g., fixed width addition). We have rerun the sumarr example with the current translator. No editing of the translated code was needed. Recursive function admitted automatically via def::ung Fixed width addition is preserved in the non-tail-recursive spec. 22
23 Limitations of the Translator Exceptions Indirect call instructions 23
24 Future Work Stack analysis and data structure analysis LLVM DataLayout directives (global endianness, alignment/padding specification) LLVM intrinsic functions (there are a large number of these). Variable-length argument lists Attempt to eliminate cycles in the call graph by code rewrites when possible (rather than just blindly emitting mutualrecursion). 24
25 Conclusion Built an LLVM-to-ACL2 translator Produced an executable ACL2 specification Tail recursion Efficient execution with in-place updates via ACL2 s stobj mechanism Demonstrated that the translation produces working ACL2 code for a recursive example program Presented technique for reasoning about tail-recursive ACL2 functions that execute in-place Utilizes formally proven Hardin s bridge to non-tail-recursive versions operating on lists Tested examples with global variables, pointers, and string constants. 25
Development of a Translator from LLVM to ACL2
Development of a Translator from LLVM to ACL2 David Hardin, Jennifer Davis, David Greve, and Jedidiah McClurg July 2014 Introduction Research objectives: Reason about machine code generated from high-level
More informationCreating Formally Verified Components for Layered Assurance with an LLVM to ACL2 Translator
Creating Formally Verified Components for Layered Assurance with an LLVM to ACL2 Translator David S. Hardin Advanced Technology Center Rockwell Collins Cedar Rapids, IA, USA dshardin@rockwellcollins.com
More informationReasoning About LLVM Code Using Codewalker
Reasoning About LLVM Code Using Codewalker David Hardin Advanced Technology Center david.hardin@rockwellcollins.com Copyright 2015 Rockwell Collins. All rights reserved. Objectives Reason about machine
More informationVisualizing code structure in LLVM
Institute of Computational Science Visualizing code structure in LLVM Dmitry Mikushin dmitry.mikushin@usi.ch. December 5, 2013 Dmitry Mikushin Visualizing code structure in LLVM December 5, 2013 1 / 14
More informationEfficient, Formally Verifiable Data Structures using ACL2 Single-Threaded Objects for High-Assurance Systems
Efficient, Formally Verifiable Data Structures using ACL2 Single-Threaded Objects for High-Assurance Systems David Hardin Rockwell Collins Samuel Hardin Iowa State University Introduction Bounded versions
More information15-411: LLVM. Jan Hoffmann. Substantial portions courtesy of Deby Katz
15-411: LLVM Jan Hoffmann Substantial portions courtesy of Deby Katz and Gennady Pekhimenko, Olatunji Ruwase,Chris Lattner, Vikram Adve, and David Koes Carnegie What is LLVM? A collection of modular and
More informationInduction Schemes. Math Foundations of Computer Science
Induction Schemes Math Foundations of Computer Science Topics Induction Example Induction scheme over the naturals Termination Reduction to equational reasoning ACL2 proof General Induction Schemes Induction
More informationIntroduction to ACL2. CS 680 Formal Methods for Computer Verification. Jeremy Johnson Drexel University
Introduction to ACL2 CS 680 Formal Methods for Computer Verification Jeremy Johnson Drexel University ACL2 www.cs.utexas.edu/~moore/acl2 ACL2 is a programming language, logic, and theorem prover/checker
More informationLLVM and IR Construction
LLVM and IR Construction Fabian Ritter based on slides by Christoph Mallon and Johannes Doerfert http://compilers.cs.uni-saarland.de Compiler Design Lab Saarland University 1 Project Progress source code
More informationCompiler Construction: LLVMlite
Compiler Construction: LLVMlite Direct compilation Expressions X86lite Input Output Compile directly from expression language to x86 Syntax-directed compilation scheme Special cases can improve generated
More informationReasoning About Programs Panagiotis Manolios
Reasoning About Programs Panagiotis Manolios Northeastern University February 26, 2017 Version: 100 Copyright c 2017 by Panagiotis Manolios All rights reserved. We hereby grant permission for this publication
More informationA Mechanically Checked Proof of the Correctness of the Boyer-Moore Fast String Searching Algorithm
A Mechanically Checked Proof of the Correctness of the Boyer-Moore Fast String Searching Algorithm J Strother MOORE a,1 and Matt MARTINEZ a a Department of Computer Sciences, University of Texas at Austin,
More informationLecture 2 Overview of the LLVM Compiler
Lecture 2 Overview of the LLVM Compiler Abhilasha Jain Thanks to: VikramAdve, Jonathan Burket, DebyKatz, David Koes, Chris Lattner, Gennady Pekhimenko, and Olatunji Ruwase, for their slides The LLVM Compiler
More informationParameterized Congruences in ACL2
Parameterized Congruences in ACL2 David Greve Rockwell Collins Advanced Technology Center Cedar Rapids, IA dagreve@rockwellcollins.com ABSTRACT Support for congruence-based rewriting is built into ACL2.
More informationLecture 3 Overview of the LLVM Compiler
Lecture 3 Overview of the LLVM Compiler Jonathan Burket Special thanks to Deby Katz, Gennady Pekhimenko, Olatunji Ruwase, Chris Lattner, Vikram Adve, and David Koes for their slides The LLVM Compiler Infrastructure
More informationLecture 3 Overview of the LLVM Compiler
LLVM Compiler System Lecture 3 Overview of the LLVM Compiler The LLVM Compiler Infrastructure - Provides reusable components for building compilers - Reduce the time/cost to build a new compiler - Build
More informationReasoning About Programs Panagiotis Manolios
Reasoning About Programs Panagiotis Manolios Northeastern University March 22, 2012 Version: 58 Copyright c 2012 by Panagiotis Manolios All rights reserved. We hereby grant permission for this publication
More informationEfficient execution in an automated reasoning environment
JFP 18 (1): 15 46, 2008. c 2007 Cambridge University Press doi:10.1017/s0956796807006338 First published online 23 April 2007 Printed in the United Kingdom 15 Efficient execution in an automated reasoning
More informationSymbolic Programming. Dr. Zoran Duric () Symbolic Programming 1/ 89 August 28, / 89
Symbolic Programming Symbols: +, -, 1, 2 etc. Symbolic expressions: (+ 1 2), (+ (* 3 4) 2) Symbolic programs are programs that manipulate symbolic expressions. Symbolic manipulation: you do it all the
More information4/1/15 LLVM AND SSA. Low-Level Virtual Machine (LLVM) LLVM Compiler Infrastructure. LL: A Subset of LLVM. Basic Blocks
4//5 Low-Level Virtual Machine (LLVM) LLVM AND SSA Slides adapted from those prepared by Steve Zdancewic at Penn Open-Source Compiler Infrastructure see llvm.org for full documntation Created by Chris
More informationVerifying Centaur s Floating Point Adder
Verifying Centaur s Floating Point Adder Sol Swords sswords@cs.utexas.edu April 23, 2008 Sol Swords () Verifying Centaur s Floating Point Adder April 23, 2008 1 / 21 Problem Given: Verilog RTL for the
More informationTranslation Validation for a Verified OS Kernel
To appear in PLDI 13 Translation Validation for a Verified OS Kernel Thomas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 1 NICTA, Australia 2 University of Cambridge, UK L4.verified sel4 = a formally verified
More informationCIS 341 Final Examination 4 May 2017
CIS 341 Final Examination 4 May 2017 1 /14 2 /15 3 /12 4 /14 5 /34 6 /21 7 /10 Total /120 Do not begin the exam until you are told to do so. You have 120 minutes to complete the exam. There are 14 pages
More informationBaggy bounds with LLVM
Baggy bounds with LLVM Anton Anastasov Chirantan Ekbote Travis Hance 6.858 Project Final Report 1 Introduction Buffer overflows are a well-known security problem; a simple buffer-overflow bug can often
More informationDirections in ISA Specification. Anthony Fox. Computer Laboratory, University of Cambridge, UK
Directions in ISA Specification Anthony Fox Computer Laboratory, University of Cambridge, UK Abstract. This rough diamond presents a new domain-specific language (DSL) for producing detailed models of
More informationFunctional programming with Common Lisp
Functional programming with Common Lisp Dr. C. Constantinides Department of Computer Science and Software Engineering Concordia University Montreal, Canada August 11, 2016 1 / 81 Expressions and functions
More informationA Machine-Checked Safety Proof for a CISC-Compatible SFI Technique
A Machine-Checked Safety Proof for a CISC-Compatible SFI Technique Stephen McCamant Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory Cambridge, MA 02139 smcc@csail.mit.edu
More informationCSCC24 Functional Programming Scheme Part 2
CSCC24 Functional Programming Scheme Part 2 Carolyn MacLeod 1 winter 2012 1 Based on slides from Anya Tafliovich, and with many thanks to Gerald Penn and Prabhakar Ragde. 1 The Spirit of Lisp-like Languages
More informationCOP4020 Programming Languages. Functional Programming Prof. Robert van Engelen
COP4020 Programming Languages Functional Programming Prof. Robert van Engelen Overview What is functional programming? Historical origins of functional programming Functional programming today Concepts
More informationA Brief Introduction to Using LLVM. Nick Sumner
A Brief Introduction to Using LLVM Nick Sumner What is LLVM? A compiler? (clang) What is LLVM? A compiler? (clang) A set of formats, libraries, and tools. What is LLVM? A compiler? (clang) A set of formats,
More informationTargeting LLVM IR. LLVM IR, code emission, assignment 4
Targeting LLVM IR LLVM IR, code emission, assignment 4 LLVM Overview Common set of tools & optimizations for compiling many languages to many architectures (x86, ARM, PPC, ASM.js). Integrates AOT & JIT
More informationSingle-source SYCL C++ on Xilinx FPGA. Xilinx Research Labs Khronos 2017/11/12 19
Single-source SYCL C++ on Xilinx FPGA Xilinx Research Labs Khronos booth @SC17 2017/11/12 19 Khronos standards for heterogeneous systems 3D for the Web - Real-time apps and games in-browser - Efficiently
More informationCSE 413 Languages & Implementation. Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341)
CSE 413 Languages & Implementation Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341) 1 Goals Representing programs as data Racket structs as a better way to represent
More informationPractical Formal Verification of Domain-Specific Language Applications
Practical Formal Verification of Domain-Specific Language Applications Greg Eakman 1, Howard Reubenstein 1, Tom Hawkins 1, Mitesh Jain 2, and Panagiotis Manolios 2 1 BAE Systems, Burlington MA 01803, USA
More informationCS 61A Interpreters, Tail Calls, Macros, Streams, Iterators. Spring 2019 Guerrilla Section 5: April 20, Interpreters.
CS 61A Spring 2019 Guerrilla Section 5: April 20, 2019 1 Interpreters 1.1 Determine the number of calls to scheme eval and the number of calls to scheme apply for the following expressions. > (+ 1 2) 3
More informationFrom Bigints to Native Code
From Bigints to Native Code with and (well, ostensibly, anyway) Jared Davis ACL2 Seminar, 2016-03-29 github.com/jaredcdavis/acl2/ nativearith branch Initial motivation Hardware Design VL, SV (& a (* b
More informationModeling Algorithms in SystemC and ACL2. John O Leary, David Russinoff Intel Corporation
Modeling Algorithms in SystemC and ACL2 John O Leary, David Russinoff Intel Corporation Algorithm Design Architects Designers? RTL DC PrimeTime Forte Jasper Gold t t+6 t+9 A recent experience A design
More informationTurning proof assistants into programming assistants
Turning proof assistants into programming assistants ST Winter Meeting, 3 Feb 2015 Magnus Myréen Why? Why combine proof- and programming assistants? Why proofs? Testing cannot show absence of bugs. Some
More informationMechanized Operational Semantics
Mechanized Operational Semantics J Strother Moore Department of Computer Sciences University of Texas at Austin Marktoberdorf Summer School 2008 (Lecture 2: An Operational Semantics) 1 M1 An M1 state consists
More informationProgress Report: Term Dags Using Stobjs
Progress Report: Term Dags Using Stobjs J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F.-J. Martín-Mateos http://www.cs.us.es/{~jruiz, ~jalonso, ~mjoseh, ~fmartin} Departamento de Ciencias de la Computación
More informationOutline. What is semantics? Denotational semantics. Semantics of naming. What is semantics? 2 / 21
Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What is semantics? 2 / 21 What is the meaning of a program? Recall: aspects of a language syntax: the structure of
More informationIntermediate Representations & Symbol Tables
Intermediate Representations & Symbol Tables Copyright 2014, Pedro C. Diniz, all rights reserved. Students enrolled in the Compilers class at the University of Southern California have explicit permission
More information11/6/17. Functional programming. FP Foundations, Scheme (2) LISP Data Types. LISP Data Types. LISP Data Types. Scheme. LISP: John McCarthy 1958 MIT
Functional programming FP Foundations, Scheme (2 In Text: Chapter 15 LISP: John McCarthy 1958 MIT List Processing => Symbolic Manipulation First functional programming language Every version after the
More informationACL2 Challenge Problem: Formalizing BitCryptol April 20th, John Matthews Galois Connections
ACL2 Challenge Problem: Formalizing BitCryptol April 20th, 2005 John Matthews Galois Connections matthews@galois.com Roadmap SHADE verifying compiler Deeply embedding Cryptol semantics in ACL2 Challenge
More informationIntroduction to LLVM compiler framework
Introduction to LLVM compiler framework Michele Scandale Politecnico di Milano April 8, 2015 This material is strongly based on Ettore Speziale s material for the previous year course. Michele Scandale
More informationFunctional Programming Languages (FPL)
Functional Programming Languages (FPL) 1. Definitions... 2 2. Applications... 2 3. Examples... 3 4. FPL Characteristics:... 3 5. Lambda calculus (LC)... 4 6. Functions in FPLs... 7 7. Modern functional
More informationA Tool for Simplifying ACL2 Definitions
1/27 A Tool for Simplifying ACL2 Definitions Matt Kaufmann The University of Texas at Austin May 3, 2016 2/27 INTRODUCTION (1) In this talk we present a tool for simplifying ACL2 definitions. Used in Kestrel
More informationINF4820: Algorithms for Artificial Intelligence and Natural Language Processing. Common Lisp Fundamentals
INF4820: Algorithms for Artificial Intelligence and Natural Language Processing Common Lisp Fundamentals Stephan Oepen & Murhaf Fares Language Technology Group (LTG) August 30, 2017 Last Week: What is
More informationA Verifying Core for a Cryptographic Language Compiler
A Verifying Core for a Cryptographic Language Compiler Lee Pike 1 Mark Shields 2 John Matthews Galois Connections November 21, 2006 1 Presenting. 2 Presently at Microsoft. Thanks Rockwell Collins Advanced
More informationECE 5775 (Fall 17) High-Level Digital Design Automation. Static Single Assignment
ECE 5775 (Fall 17) High-Level Digital Design Automation Static Single Assignment Announcements HW 1 released (due Friday) Student-led discussions on Tuesday 9/26 Sign up on Piazza: 3 students / group Meet
More informationFunctional Programming. Big Picture. Design of Programming Languages
Functional Programming Big Picture What we ve learned so far: Imperative Programming Languages Variables, binding, scoping, reference environment, etc What s next: Functional Programming Languages Semantics
More informationA Robust Machine Code Proof Framework for Highly Secure Applications
A Robust Machine Code Proof Framework for Highly Secure Applications David Hardin Rockwell Collins Eric Smith Stanford University Bill Young University of Texas at Austin SLIDE 1 Overview Rockwell Collins
More informationA Framework for Automatic OpenMP Code Generation
1/31 A Framework for Automatic OpenMP Code Generation Raghesh A (CS09M032) Guide: Dr. Shankar Balachandran May 2nd, 2011 Outline 2/31 The Framework An Example Necessary Background Polyhedral Model SCoP
More informationAn example of optimization in LLVM. Compiler construction Step 1: Naive translation to LLVM. Step 2: Translating to SSA form (opt -mem2reg)
Compiler construction 2014 An example of optimization in LLVM Lecture 8 More on code optimization SSA form Constant propagation Common subexpression elimination Loop optimizations int f () { int i, j,
More informationLECTURE 16. Functional Programming
LECTURE 16 Functional Programming WHAT IS FUNCTIONAL PROGRAMMING? Functional programming defines the outputs of a program as a mathematical function of the inputs. Functional programming is a declarative
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationDynamic Dispatch and Duck Typing. L25: Modern Compiler Design
Dynamic Dispatch and Duck Typing L25: Modern Compiler Design Late Binding Static dispatch (e.g. C function calls) are jumps to specific addresses Object-oriented languages decouple method name from method
More informationThe Low-Level Bounded Model Checker LLBMC
The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Carsten Sinz Stephan Falke Florian Merz October 7, 2010 VERIFICATION MEETS ALGORITHM ENGINEERING KIT University of the State of
More informationProof-Pattern Recognition and Lemma Discovery in ACL2
Proof-Pattern Recognition and Lemma Discovery in ACL2 Jónathan Heras (joint work with K. Komendantskaya, M. Johansson and E. Maclean) University of Dundee http://staff.computing.dundee.ac.uk/jheras/acl2ml/
More informationCSCI-GA Scripting Languages
CSCI-GA.3033.003 Scripting Languages 12/02/2013 OCaml 1 Acknowledgement The material on these slides is based on notes provided by Dexter Kozen. 2 About OCaml A functional programming language All computation
More informationType Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.
Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationCSC 533: Programming Languages. Spring 2015
CSC 533: Programming Languages Spring 2015 Functional programming LISP & Scheme S-expressions: atoms, lists functional expressions, evaluation, define primitive functions: arithmetic, predicate, symbolic,
More informationRecursion & Iteration
Recursion & Iteration York University Department of Computer Science and Engineering 1 Overview Recursion Examples Iteration Examples Iteration vs. Recursion Example [ref.: Chap 5,6 Wilensky] 2 Recursion
More informationOutline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference
Type Checking Outline General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationDEVIRTUALIZATION IN LLVM
DEVIRTUALIZATION IN LLVM Piotr Padlewski piotr.padlewski@gmail.com University of Warsaw IIIT @PiotrPadlewski CURRENT DEVIRTUALIZATION IN THE FRONTEND struct A { ; virtual void foo(); void f() { A a; a.foo();
More informationRefinement and Theorem Proving
Refinement and Theorem Proving Panagiotis Manolios College of Computing Georgia Institute of Technology Atlanta, GA, 30318 manolios@cc.gatech.edu 1 Introduction In this chapter, we describe the ACL2 theorem
More informationDenotational Semantics. Domain Theory
Denotational Semantics and Domain Theory 1 / 51 Outline Denotational Semantics Basic Domain Theory Introduction and history Primitive and lifted domains Sum and product domains Function domains Meaning
More informationCSE 413 Midterm, May 6, 2011 Sample Solution Page 1 of 8
Question 1. (12 points) For each of the following, what value is printed? (Assume that each group of statements is executed independently in a newly reset Scheme environment.) (a) (define x 1) (define
More informationSummer 2017 Discussion 10: July 25, Introduction. 2 Primitives and Define
CS 6A Scheme Summer 207 Discussion 0: July 25, 207 Introduction In the next part of the course, we will be working with the Scheme programming language. In addition to learning how to write Scheme programs,
More informationScheme as implemented by Racket
Scheme as implemented by Racket (Simple view:) Racket is a version of Scheme. (Full view:) Racket is a platform for implementing and using many languages, and Scheme is one of those that come out of the
More informationCS 314 Principles of Programming Languages
CS 314 Principles of Programming Languages Lecture 15: Review and Functional Programming Zheng (Eddy) Zhang Rutgers University March 19, 2018 Class Information Midterm exam forum open in Sakai. HW4 and
More informationThe Specification, Verification, and Implementation of a High-Assurance Data Structure: An ACL2 Approach
2013 46th Hawaii International Conference on System Sciences The Specification, Verification, and Implementation of a High-Assurance Data Structure: An ACL2 Approach David S. Hardin Trusted Systems Group
More informationReasoning About Programs Panagiotis Manolios
Reasoning About Programs Panagiotis Manolios Northeastern University March 1, 2017 Version: 101 Copyright c 2017 by Panagiotis Manolios All rights reserved. We hereby grant permission for this publication
More informationSemantic Analysis. CSE 307 Principles of Programming Languages Stony Brook University
Semantic Analysis CSE 307 Principles of Programming Languages Stony Brook University http://www.cs.stonybrook.edu/~cse307 1 Role of Semantic Analysis Syntax vs. Semantics: syntax concerns the form of a
More informationModern Programming Languages. Lecture LISP Programming Language An Introduction
Modern Programming Languages Lecture 18-21 LISP Programming Language An Introduction 72 Functional Programming Paradigm and LISP Functional programming is a style of programming that emphasizes the evaluation
More informationFunctional Languages. Hwansoo Han
Functional Languages Hwansoo Han Historical Origins Imperative and functional models Alan Turing, Alonzo Church, Stephen Kleene, Emil Post, etc. ~1930s Different formalizations of the notion of an algorithm
More informationCSc 520 Principles of Programming Languages
CSc 520 Principles of Programming Languages 32: Procedures Inlining Christian Collberg collberg@cs.arizona.edu Department of Computer Science University of Arizona Copyright c 2005 Christian Collberg [1]
More informationHomework #3: CMPT-379
Only submit answers for questions marked with. Homework #3: CMPT-379 Download the files for this homework: wget http://www.cs.sfu.ca/ msiahban/personal/teaching/cmpt-379-spring-2016/hw3.tgz Put your solution
More informationCS 415 Midterm Exam Spring 2002
CS 415 Midterm Exam Spring 2002 Name KEY Email Address Student ID # Pledge: This exam is closed note, closed book. Good Luck! Score Fortran Algol 60 Compilation Names, Bindings, Scope Functional Programming
More informationCommon LISP-Introduction
Common LISP-Introduction 1. The primary data structure in LISP is called the s-expression (symbolic expression). There are two basic types of s-expressions: atoms and lists. 2. The LISP language is normally
More informationFUNKCIONÁLNÍ A LOGICKÉ PROGRAMOVÁNÍ 3. LISP: ZÁKLADNÍ FUNKCE, POUŽÍVÁNÍ REKURZE,
FUNKCIONÁLNÍ A LOGICKÉ PROGRAMOVÁNÍ 3. LISP: ZÁKLADNÍ FUNKCE, POUŽÍVÁNÍ REKURZE, 2011 Jan Janoušek MI-FLP Evropský sociální fond Praha & EU: Investujeme do vaší budoucnosti Comments in Lisp ; comments
More informationAdvanced C Programming
Advanced C Programming Compilers Sebastian Hack hack@cs.uni-sb.de Christoph Weidenbach weidenbach@mpi-inf.mpg.de 20.01.2009 saarland university computer science 1 Contents Overview Optimizations Program
More informationApplied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code. Anthony Fox University of Cambridge, Computer Laboratory
Applied Theorem Proving: Modelling Instruction Sets and Decompiling Machine Code Anthony Fox University of Cambridge, Computer Laboratory Overview This talk will mainly focus on 1. Specifying instruction
More informationCS 480. Lisp J. Kosecka George Mason University. Lisp Slides
CS 480 Lisp J. Kosecka George Mason University Lisp Slides Symbolic Programming Symbols: +, -, 1, 2 etc. Symbolic expressions: (+ 1 2), (+ (* 3 4) 2) Symbolic programs are programs that manipulate symbolic
More informationECE1387 Exercise 3: Using the LegUp High-level Synthesis Framework
ECE1387 Exercise 3: Using the LegUp High-level Synthesis Framework 1 Introduction and Motivation This lab will give you an overview of how to use the LegUp high-level synthesis framework. In LegUp, you
More information5. Semantic Analysis. Mircea Lungu Oscar Nierstrasz
5. Semantic Analysis Mircea Lungu Oscar Nierstrasz Thanks to Jens Palsberg and Tony Hosking for their kind permission to reuse and adapt the CS132 and CS502 lecture notes. http://www.cs.ucla.edu/~palsberg/
More informationAn Industrially Useful Prover
An Industrially Useful Prover J Strother Moore Department of Computer Science University of Texas at Austin July, 2017 1 Recap Yesterday s Talk: ACL2 is used routinely in the microprocessor industry to
More informationUMBC CMSC 331 Final Exam
UMBC CMSC 331 Final Exam Name: UMBC Username: You have two hours to complete this closed book exam. We reserve the right to assign partial credit, and to deduct points for answers that are needlessly wordy
More informationIntroduction to LLVM compiler framework
Introduction to LLVM compiler framework Stefano Cherubin Politecnico di Milano 12-04-2017 This material is strongly based on material produced by Michele Scandale and Ettore Speziale for the course `Code
More informationLecture08: Scope and Lexical Address
Lecture08: Scope and Lexical Address Free and Bound Variables (EOPL 1.3.1) Given an expression E, does a particular variable reference x appear free or bound in that expression? Definition: A variable
More informationPierce Ch. 3, 8, 11, 15. Type Systems
Pierce Ch. 3, 8, 11, 15 Type Systems Goals Define the simple language of expressions A small subset of Lisp, with minor modifications Define the type system of this language Mathematical definition using
More informationCSCI 3155: Principles of Programming Languages Exam preparation #1 2007
CSCI 3155: Principles of Programming Languages Exam preparation #1 2007 Exercise 1. Consider the if-then-else construct of Pascal, as in the following example: IF 1 = 2 THEN PRINT X ELSE PRINT Y (a) Assume
More informationDEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year & Semester : I Year / II Semester Section : CSE - I Subject Code : CS7203 Subject Name : PRINCIPLES OF PROGRAMMING LANGUAGES Degree & Branch : M.E C.S.E.
More informationFinite Set Theory. based on Fully Ordered Lists. Jared Davis UT Austin. ACL2 Workshop 2004
Finite Set Theory based on Fully Ordered Lists Jared Davis UT Austin ACL2 Workshop 2004 Motivation (1/2) Unique representation for each set No mutual recursion needed for membership, subset, and set equality
More informationBackground. From my PhD (2009): Verified Lisp interpreter in ARM, x86 and PowerPC machine code
Certification of high-level and low-level programs, IHP, Paris, 2014 CakeML A verified implementation of ML Ramana Kumar Magnus Myreen Michael Norrish Scott Owens Background From my PhD (2009): Verified
More informationCONCEPTS OF PROGRAMMING LANGUAGES Solutions for Mid-Term Examination
COMPUTER SCIENCE 320 CONCEPTS OF PROGRAMMING LANGUAGES Solutions for Mid-Term Examination FRIDAY, MARCH 3, 2006 Problem 1. [25 pts.] A special form is an expression that is not evaluated according to the
More informationFunctional Programming. Pure Functional Programming
Functional Programming Pure Functional Programming Computation is largely performed by applying functions to values. The value of an expression depends only on the values of its sub-expressions (if any).
More informationLecture Notes on Loop Optimizations
Lecture Notes on Loop Optimizations 15-411: Compiler Design Frank Pfenning Lecture 17 October 22, 2013 1 Introduction Optimizing loops is particularly important in compilation, since loops (and in particular
More informationFunctions, Conditionals & Predicates
Functions, Conditionals & Predicates York University Department of Computer Science and Engineering 1 Overview Functions as lambda terms Defining functions Variables (bound vs. free, local vs. global)
More information6.001 Notes: Section 8.1
6.001 Notes: Section 8.1 Slide 8.1.1 In this lecture we are going to introduce a new data type, specifically to deal with symbols. This may sound a bit odd, but if you step back, you may realize that everything
More information