Automatically proving the correctness of compiler optimizations

We describe a technique for automatically proving compiler optimizations sound, meaning that their transformations are always semantics-preserving. We first present a domain-specific language, called Cobalt, for implementing optimizations as guarded rewrite rules. Cobalt optimizations operate over a C-like intermediate representation including unstructured control flow, pointers to local variables and dynamically allocated memory, and recursive procedures. Then we describe a technique for automatically proving the soundness of Cobalt optimizations. Our technique requires an automatic theorem prover to discharge a small set of simple, optimization-specific proof obligations for each optimization. We have written a variety of forward and backward intraprocedural dataflow optimizations in Cobalt, including constant propagation and folding, branch folding, full and partial redundancy elimination, full and partial dead assignment elimination, and simple forms of points-to analysis. We implemented our soundness-checking strategy using the Simplify automatic theorem prover, and we have used this implementation to automatically prove our optimizations correct. Our checker found many subtle bugs during the course of developing our optimizations. We also implemented an execution engine for Cobalt optimizations as part of the Whirlwind compiler infrastructure.

[1]  Saharon Shelah,et al.  On the temporal analysis of fairness , 1980, POPL '80.

[2]  George C. Necula,et al.  Proof Generation in the Touchstone Theorem Prover , 2000, CADE.

[3]  M. Rinard Credible Compilation , 1999 .

[4]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[5]  David A. Schmidt,et al.  Program Analysis as Model Checking of Abstract Interpretations , 1998, SAS.

[6]  Robert S. Boyer,et al.  The Boyer-Moore theorem prover and its interactive enhancement , 1995 .

[7]  Eric Van Wyk,et al.  Proving correctness of compiler optimizations by temporal logic , 2002, POPL '02.

[8]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[9]  LernerSorin,et al.  Automatically proving the correctness of compiler optimizations , 2003 .

[10]  F. Lockwood Morris,et al.  Advice on structuring compilers and proving them correct , 1973, POPL.

[11]  Peter Lee,et al.  TIL: a type-directed, optimizing compiler for ML , 2004, SIGP.

[12]  Patrick Cousot,et al.  Systematic design of program transformation frameworks by abstract interpretation , 2002, POPL '02.

[13]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[14]  Bernhard Steffen Data flow analysis as model checking , 1990 .

[15]  Bernhard Steffen,et al.  Optimal code motion: theory and practice , 1994, TOPL.

[16]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[17]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[18]  Mitchell Wand,et al.  The VLISP verified PreScheme compiler , 1995, LISP Symb. Comput..

[19]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[20]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[21]  Mitchell Wand,et al.  VLISP: A verified implementation of Scheme , 1995, LISP Symb. Comput..

[22]  Sorin Lerner,et al.  Composing dataflow analyses and transformations , 2002, POPL '02.

[23]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[24]  Bernhard Steffen,et al.  Generating Data Flow Analysis Algorithms from Modal Specifications , 1993, Sci. Comput. Program..

[25]  Etienne Morel,et al.  Global optimization by suppression of partial redundancies , 1979, CACM.

[26]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[27]  William D. Young,et al.  A mechanically verified code generator , 1989, Journal of Automated Reasoning.

[28]  John McCarthy,et al.  Correctness of a compiler for arithmetic expressions , 1966 .

[29]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[30]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[31]  David Grove,et al.  Vortex: an optimizing compiler for object-oriented languages , 1996, OOPSLA '96.