#### DMCA

## Weakest precondition synthesis for compiler optimizations (2014)

Venue: | In Proc. of the 15th International Conference on Verification, Model Checking, and Abstract Interpretation |

Citations: | 4 - 3 self |

### Citations

1154 |
Advanced Compiler Design and Implementation
- Muchnick
- 1997
(Show Context)
Citation Context ...ength reduction 1 2 1.14s 1.41s Loop tiling 1 1 0.07s 4.60s Loop unrolling 2 4 0.13s 0.50s Loop unswitching 2 2 0.15s 0.77s Software pipelining 1 2 0.13s 0.58s Table 2. List of compiler optimizations =-=[1, 28]-=-, the number of counterexamples processed, the number of models obtained for preconditions, the time taken by the precondition generation algorithm, and the overall time taken by the tool (including t... |

830 | Z3: An efficient SMT solver
- Moura, Bjørner
- 2008
(Show Context)
Citation Context ...luation We implemented a prototype named PSyCO2, which stands for Precondition Synthesizer for Compiler Optimizations. PSyCO is implemented in Python (in about 1,400 lines of code), and uses Z3 4.3.2 =-=[10]-=- for constraint solving. In principle, PSyCO can be used with any compiler optimization verification tool that can produce counterexamples. However, we chose to implement a simple bounded model checke... |

525 | Guarded commands, nondeterminacy and formal derivation of programs
- Dijkstra
- 1975
(Show Context)
Citation Context ...orrectness. We briefly describe both topics here. 6.1 Precondition Synthesis The concepts of weakest preconditions (WPs) and weakest liberal preconditions (WLPs) have long been introduced by Dijkstra =-=[11]-=-. Since then, several algorithms have been published to accomplish their automatic generation. There are several competing approaches for WLP synthesis. These include, for example, precondition templa... |

213 | Translation Validation for an Optimizing Compiler
- Necula
- 2000
(Show Context)
Citation Context ...nd Rhodium [23]) is also a verifier, but uses bisimulation relation synthesis as the underlying technique. Both CORK and PEC require a precondition to be given as input. Translation validation (e.g., =-=[13,30,31,34,38,40,42]-=-) is a technique for establishing the correctness of compiler optimizations after the optimization was run by checking the original and optimized programs for equivalence. Namjoshi and Zuck [29] propo... |

181 | Translation validation
- Pnueli, Siegel, et al.
- 1384
(Show Context)
Citation Context ...nd Rhodium [23]) is also a verifier, but uses bisimulation relation synthesis as the underlying technique. Both CORK and PEC require a precondition to be given as input. Translation validation (e.g., =-=[13,30,31,34,38,40,42]-=-) is a technique for establishing the correctness of compiler optimizations after the optimization was run by checking the original and optimized programs for equivalence. Namjoshi and Zuck [29] propo... |

178 | Formal verification of a realistic compiler
- Leroy
- 2009
(Show Context)
Citation Context ...en proposed to improve the correctness of compilers, including manual and computer-assisted proofs, automatic verification, and automatic generation of correct optimizations by construction. CompCert =-=[24]-=- is a compiler that aims to provide end-to-end correctness guarantees (from a program’s source code down to the resulting binary). CompCert was written from scratch with verification in mind, and its ... |

140 | Compositional shape analysis by means of bi-abduction
- Calcagno, Distefano, et al.
- 2011
(Show Context)
Citation Context ...ple-driven algorithm for precondition synthesis (not necessarily weakest) to guarantee program termination, and Bozga et al. [5] propose an algorithm based on abstract interpretation. Calcagno et al. =-=[7]-=- present an algorithm for WLP synthesis based on separation logic. Gulwani et al. [14] present an algorithm to synthesize loop-free programs that implement a given specification. While the goal of the... |

122 | QuickXplain: Preferred explanations and relaxations for overconstrained problems
- Junker
(Show Context)
Citation Context ...teral l ∈ ζ is necessary for the formula to be unsatisfiable. If so, l is added to the result set Ψ . We employ a linear search, as opposed to potentially better search strategies such as QuickXplain =-=[19]-=- or Progression [26], since linear search proved to perform well in our benchmarks. In our implementation, ζ is a list and we perform a linear search from the beginning to the end of the list. This st... |

107 | Simple relational correctness proofs for static analyses and program transformations,”
- Benton
- 2004
(Show Context)
Citation Context ...ve mutual termination using uninterpreted function symbols to abstract recursive function calls. The technique is later extended with the introduction of mutual summaries [17]. Relational Hoare logic =-=[4]-=- is an extension to Hoare logic to prove equivalence of programs. Barthe et al. [3] extend this work to support non-structurally equivalent programs. Superoptimization (e.g., [2, 6, 18, 35]) is a tech... |

83 | Automatically proving the correctness of compiler optimizations.
- Lerner, Millstein, et al.
- 2003
(Show Context)
Citation Context ...rk that enables the development and verification of compiler optimizations for LLVM. CORK [25] is a compiler optimization verifier based on recurrence computation. PEC [20, 37] (a successor of Cobalt =-=[22]-=- and Rhodium [23]) is also a verifier, but uses bisimulation relation synthesis as the underlying technique. Both CORK and PEC require a precondition to be given as input. Translation validation (e.g.... |

79 | Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules. In:
- Lerner, Millstein, et al.
- 2005
(Show Context)
Citation Context ...he development and verification of compiler optimizations for LLVM. CORK [25] is a compiler optimization verifier based on recurrence computation. PEC [20, 37] (a successor of Cobalt [22] and Rhodium =-=[23]-=-) is also a verifier, but uses bisimulation relation synthesis as the underlying technique. Both CORK and PEC require a precondition to be given as input. Translation validation (e.g., [13,30,31,34,38... |

70 | Finding and understanding bugs in c compilers.
- Yang, Chen, et al.
- 2011
(Show Context)
Citation Context ...re complex optimizations. However, neither the specification nor the implementation of these optimizations is usually proved correct. In fact, a recent study found bugs in all the most used compilers =-=[39]-=-. These bugs range from mere crashes to subtle wrong-code emission. Ensuring that compilers are correct is of extreme importance. All the programs we produce, in one way or another, are processed by c... |

62 | Efficient weakest preconditions
- Leino
- 2003
(Show Context)
Citation Context ...le techniques to achieve better performance. Our unsat core minimization algorithm, that biases the result towards certain literals, is similar to the one presented by Seghir and Kroening [33]. Leino =-=[21]-=- describes a compact encoding for verification conditions generated from the weakest precondition calculus. Cook et al. [8] propose a counterexample-driven algorithm for precondition synthesis (not ne... |

59 | Synthesis of loop-free programs
- Gulwani, Jha, et al.
- 2011
(Show Context)
Citation Context ...e program termination, and Bozga et al. [5] propose an algorithm based on abstract interpretation. Calcagno et al. [7] present an algorithm for WLP synthesis based on separation logic. Gulwani et al. =-=[14]-=- present an algorithm to synthesize loop-free programs that implement a given specification. While the goal of the algorithm is not to synthesize preconditions, there is a similarity in the encoding o... |

34 | Automatic generation of peephole superoptimizers.
- Bansal, Aiken
- 2006
(Show Context)
Citation Context ...elational Hoare logic [4] is an extension to Hoare logic to prove equivalence of programs. Barthe et al. [3] extend this work to support non-structurally equivalent programs. Superoptimization (e.g., =-=[2, 6, 18, 35]-=-) is a technique to do code optimization given a set of theorems that establish equalities between code sequences and then searching for a better equivalent program. Tate et al. [36] propose an algori... |

33 | Equality saturation: a new approach to optimization.
- Tate, Stepp, et al.
- 2009
(Show Context)
Citation Context ...elational Hoare logic [4] is an extension to Hoare logic to prove equivalence of programs. Barthe et al. [3] extend this work to support non-structurally equivalent programs. Superoptimization (e.g., =-=[2, 6, 18, 35]-=-) is a technique to do code optimization given a set of theorems that establish equalities between code sequences and then searching for a better equivalent program. Tate et al. [36] propose an algori... |

25 | Evaluating value-graph translation validation for LLVM.
- Tristan, Govereau, et al.
- 2011
(Show Context)
Citation Context ...nd Rhodium [23]) is also a verifier, but uses bisimulation relation synthesis as the underlying technique. Both CORK and PEC require a precondition to be given as input. Translation validation (e.g., =-=[13,30,31,34,38,40,42]-=-) is a technique for establishing the correctness of compiler optimizations after the optimization was run by checking the original and optimized programs for equivalence. Namjoshi and Zuck [29] propo... |

23 | Constraint-based invariant inference over predicate abstraction. In
- Gulwani, Srivastava, et al.
- 2009
(Show Context)
Citation Context ...ave been published to accomplish their automatic generation. There are several competing approaches for WLP synthesis. These include, for example, precondition templates and constraint solving (e.g., =-=[15]-=-), quantifier elimination (e.g., [27]), abstract interpretation (e.g., [9]), and CEGAR, predicate abstraction, and interpolation for predicate generation (e.g., [33]). Some algorithms combine multiple... |

23 | Proving optimizations correct using parameterized program equivalence
- Kundu, Tatlock, et al.
- 2009
(Show Context)
Citation Context ...dition synthesis algorithm, named PSyCO, is counterexample-guided. The algorithm relies on a verification tool as a black box that can prove the correctness of optimizations (such as CORK [25] or PEC =-=[20]-=-) or return a counterexample otherwise. 4.1 PSyCO The pseudo-code for the PSyCO algorithm is shown in Figure 3. The algorithm takes as input a transformation function τ and returns the corresponding w... |

22 | Relational verification using product programs.
- Barthe, Crespo, et al.
- 2011
(Show Context)
Citation Context ...nction calls. The technique is later extended with the introduction of mutual summaries [17]. Relational Hoare logic [4] is an extension to Hoare logic to prove equivalence of programs. Barthe et al. =-=[3]-=- extend this work to support non-structurally equivalent programs. Superoptimization (e.g., [2, 6, 18, 35]) is a technique to do code optimization given a set of theorems that establish equalities bet... |

22 | Proving conditional termination
- Cook, Gulwani, et al.
- 2008
(Show Context)
Citation Context ... produce weakest liberal preconditions. To produce weakest preconditions, the algorithm has to be extended so that it can handle counterexamples for relative termination mismatches (based upon, e.g., =-=[5, 8, 17]-=-). The proposed specification language does not include instructions to access heap locations or arrays. This means that the current algorithm does not handle optimizations that perform explicit trans... |

19 |
Into the loops: Practical issues in translation validation for optimizing compilers
- Goldberg, Zuck, et al.
- 2005
(Show Context)
Citation Context |

16 | CoVaC: Compiler validation by program analysis of the cross-product.
- Zaks, Pnueli
- 2008
(Show Context)
Citation Context |

15 | Deciding conditional termination
- Bozga, Iosif, et al.
- 2012
(Show Context)
Citation Context ... produce weakest liberal preconditions. To produce weakest preconditions, the algorithm has to be extended so that it can handle counterexamples for relative termination mismatches (based upon, e.g., =-=[5, 8, 17]-=-). The proposed specification language does not include instructions to access heap locations or arrays. This means that the current algorithm does not handle optimizations that perform explicit trans... |

15 |
TOAST: Applying answer set programming to superoptimisation
- Brain, Crick, et al.
- 2006
(Show Context)
Citation Context ...elational Hoare logic [4] is an extension to Hoare logic to prove equivalence of programs. Barthe et al. [3] extend this work to support non-structurally equivalent programs. Superoptimization (e.g., =-=[2, 6, 18, 35]-=-) is a technique to do code optimization given a set of theorems that establish equalities between code sequences and then searching for a better equivalent program. Tate et al. [36] propose an algori... |

15 | Sufficient preconditions for modular assertion checking.
- Moy
- 2008
(Show Context)
Citation Context ...r automatic generation. There are several competing approaches for WLP synthesis. These include, for example, precondition templates and constraint solving (e.g., [15]), quantifier elimination (e.g., =-=[27]-=-), abstract interpretation (e.g., [9]), and CEGAR, predicate abstraction, and interpolation for predicate generation (e.g., [33]). Some algorithms combine multiple techniques to achieve better perform... |

14 | Generating compiler optimizations from proofs.
- Tate, Stepp, et al.
- 2010
(Show Context)
Citation Context ... (e.g., [2, 6, 18, 35]) is a technique to do code optimization given a set of theorems that establish equalities between code sequences and then searching for a better equivalent program. Tate et al. =-=[36]-=- propose an algorithm to extrapolate compiler optimizations directly from concrete examples. Scherpelz et al. [32] propose an algorithm to automatically synthesize flow functions from compiler optimiz... |

14 |
Translation and run-time validation of loop transformations
- Zuck, Pnueli, et al.
- 2005
(Show Context)
Citation Context |

13 |
Denali: A practical algorithm for generating optimal code
- Joshi, Nelson, et al.
(Show Context)
Citation Context |

11 |
Inference rules for proving the equivalence of recursive procedures
- Godlin, Strichman
(Show Context)
Citation Context ...therwise could fail to derive those invariants automatically. Guo and Palsberg [16] present a bisimulation-based technique to reason about the correctness of trace optimizations. Godlin and Strichman =-=[12]-=- propose a set of proof rules to prove equivalence of programs and to prove mutual termination using uninterpreted function symbols to abstract recursive function calls. The technique is later extende... |

11 | The essence of compiling with traces.
- Guo, Palsberg
- 2011
(Show Context)
Citation Context ...g transformation functions so that they generate auxilarly invariants to help the translation validation process, which otherwise could fail to derive those invariants automatically. Guo and Palsberg =-=[16]-=- present a bisimulation-based technique to reason about the correctness of trace optimizations. Godlin and Strichman [12] propose a set of proof rules to prove equivalence of programs and to prove mut... |

11 | A.: Minimal sets over monotone predicates in Boolean formulae
- Marques-Silva, Janota, et al.
- 2013
(Show Context)
Citation Context ...sary for the formula to be unsatisfiable. If so, l is added to the result set Ψ . We employ a linear search, as opposed to potentially better search strategies such as QuickXplain [19] or Progression =-=[26]-=-, since linear search proved to perform well in our benchmarks. In our implementation, ζ is a list and we perform a linear search from the beginning to the end of the list. This strategy enables us to... |

11 | Automatic inference of optimizer flow functions from semantics meanings
- Scherpelz, Lerner, et al.
- 2007
(Show Context)
Citation Context ...etween code sequences and then searching for a better equivalent program. Tate et al. [36] propose an algorithm to extrapolate compiler optimizations directly from concrete examples. Scherpelz et al. =-=[32]-=- propose an algorithm to automatically synthesize flow functions from compiler optimizations’ preconditions. 7 Conclusion In this paper we presented, to the best of our knowledge, the first algorithm ... |

11 | Equality-based translation validator for LLVM
- Stepp, Tate, et al.
- 2011
(Show Context)
Citation Context |

11 | Bringing extensibility to verified compilers
- Tatlock, Lerner
- 2010
(Show Context)
Citation Context ...llvm [41] is a Coq-based framework that enables the development and verification of compiler optimizations for LLVM. CORK [25] is a compiler optimization verifier based on recurrence computation. PEC =-=[20, 37]-=- (a successor of Cobalt [22] and Rhodium [23]) is also a verifier, but uses bisimulation relation synthesis as the underlying technique. Both CORK and PEC require a precondition to be given as input. ... |

10 | Automatic inference of necessary preconditions.
- Cousot, Cousot, et al.
- 2013
(Show Context)
Citation Context ...ral competing approaches for WLP synthesis. These include, for example, precondition templates and constraint solving (e.g., [15]), quantifier elimination (e.g., [27]), abstract interpretation (e.g., =-=[9]-=-), and CEGAR, predicate abstraction, and interpolation for predicate generation (e.g., [33]). Some algorithms combine multiple techniques to achieve better performance. Our unsat core minimization alg... |

10 | Formal verification of SSA-based optimizations for LLVM
- Zhao, Nagarakatte, et al.
- 2013
(Show Context)
Citation Context ...end correctness guarantees (from a program’s source code down to the resulting binary). CompCert was written from scratch with verification in mind, and its correctness proofs are done in Coq. Vellvm =-=[41]-=- is a Coq-based framework that enables the development and verification of compiler optimizations for LLVM. CORK [25] is a compiler optimization verifier based on recurrence computation. PEC [20, 37] ... |

5 | Towards modularly comparing programs using automated theorem provers,”
- Hawblitzel, Kawaguchi, et al.
- 2013
(Show Context)
Citation Context ... produce weakest liberal preconditions. To produce weakest preconditions, the algorithm has to be extended so that it can handle counterexamples for relative termination mismatches (based upon, e.g., =-=[5, 8, 17]-=-). The proposed specification language does not include instructions to access heap locations or arrays. This means that the current algorithm does not handle optimizations that perform explicit trans... |

3 | Automatic equivalence checking of UF+IA programs
- Lopes, Monteiro
- 2013
(Show Context)
Citation Context ...m Our precondition synthesis algorithm, named PSyCO, is counterexample-guided. The algorithm relies on a verification tool as a black box that can prove the correctness of optimizations (such as CORK =-=[25]-=- or PEC [20]) or return a counterexample otherwise. 4.1 PSyCO The pseudo-code for the PSyCO algorithm is shown in Figure 3. The algorithm takes as input a transformation function τ and returns the cor... |

3 |
Witnessing program transformations
- Namjoshi, Zuck
(Show Context)
Citation Context ...,38,40,42]) is a technique for establishing the correctness of compiler optimizations after the optimization was run by checking the original and optimized programs for equivalence. Namjoshi and Zuck =-=[29]-=- propose augmenting transformation functions so that they generate auxilarly invariants to help the translation validation process, which otherwise could fail to derive those invariants automatically.... |

2 | Counterexample-guided precondition inference
- Seghir, Kroening
- 2013
(Show Context)
Citation Context ...on requires the number of iterations of the source loop to be even1. Synthesizing such preconditions could be done by, for example, adapting the counterexample-driven algorithm of Seghir and Kroening =-=[33]-=-. 5 Evaluation We implemented a prototype named PSyCO2, which stands for Precondition Synthesizer for Compiler Optimizations. PSyCO is implemented in Python (in about 1,400 lines of code), and uses Z3... |