## Using verified data-flow analysis-based optimizations in attribute grammars (2006)

Venue: | In Proc. Intl. Workshop on Compiler Optimization Meets Compiler Verification (COCV |

Citations: | 2 - 2 self |

### BibTeX

@INPROCEEDINGS{Wyk06usingverified,

author = {Eric Van Wyk and Lijesh Krishnan},

title = {Using verified data-flow analysis-based optimizations in attribute grammars},

booktitle = {In Proc. Intl. Workshop on Compiler Optimization Meets Compiler Verification (COCV},

year = {2006}

}

### OpenURL

### Abstract

Building verified compilers is difficult, especially when complex analyses such as type checking or data-flow analysis must be performed. Both the type checking and program optimization communities have developed methods for proving the correctness of these processes and developed tools for using, respectively, verified type systems and verified optimizations. However, it is difficult to use both of these analyses in a single declarative framework since these processes work on different program representations: type checking on abstract syntax trees and data-flow analysis-based optimization on control flow or program dependency graphs. We present an attribute grammar specification language that has been extended with constructs for specifying attribute-labelled control flow graphs and both CTL and LTL-FV formulas that specify data-flow analyses. These formulas are modelchecked on these graphs to perform the specified analyses. Thus, verified type rules and verified data-flow analyses (verified either by hand or with automated proof tools) can both be transcribed into a single declarative framework based on attribute grammars to build a high-confidence language implementations. Also, the attribute grammar specification language is extensible so that it is relatively straight-forward to add new constructs for different temporal logics so that alternative logics and model checkers can be used to specify data-flow analyses in this framework. Key words: compiler optimization, optimization verification, data flow analysis, attribute grammars 1

### Citations

707 | Types and Programming Languages - Pierce - 2002 |

448 |
Semantics of context-free languages
- Knuth
- 1968
(Show Context)
Citation Context ...of type-checking, type rules used to prove the soundness (safety) of a type system follow the structure of the program’s abstract syntax. Thus they can easily be transcribed into an attribute grammar =-=[10]-=- based implementation, thereby providing us with a high-degree of confidence that the implementation is correct. Consider the type rule for function abstraction in the simply-typed lambda calculus (ta... |

277 |
Flow Analysis of Computer Programs
- Hecht
- 1977
(Show Context)
Citation Context ...ables to logics like CTL and LTL allows us to perform analyses such as constant propagation, for which bit vector algorithms are too restrictive and which require more general monotone DFA frameworks =-=[9]-=-. To perform constant propagation new attributes specifying constant assignments must be defined in addition to the def and uses attributes used above to label the CFG. Many classic data flow problems... |

170 | NuSMV: A New Symbolic Model Verifier
- CIMATTI, CLARKE, et al.
- 1999
(Show Context)
Citation Context ...d Silver (see Sec. 2), that include constructs for building labelled control flow graphs and for model checking these graphs with both CTL and LTL-FV temporal logic formulas using, respectively NuSMV =-=[4]-=- and a hand-built LTL-FV model checker that supports free variables (Sec. 3). Thus, in one declarative formalism both syntax-tree-based and control flow graph-based analyses can be declaratively speci... |

86 |
Data flow analysis is model checking of abstract interpretations
- Schmidt
- 1998
(Show Context)
Citation Context ...ng temporal logic to specify data-flow properties and using a model checker to perform the data-flow analysis specified by a particular temporal logic formula. Several have followed his lead. Schmidt =-=[18]-=-, for example, showed that DFA is just model checking abstract interpretations of programs. One problem with this approach is that commonly used temporal logics are propositional, making 10sVan Wyk an... |

68 | Automatically proving the correctness of compiler optimizations
- Lerner, Millstein, et al.
- 2003
(Show Context)
Citation Context ...ique for proving the correctness of such transformations when they are specified as rewrite rules with side conditions written in CTL-FV [13,7,14]. This formed the basis of the work by Lerner, et al. =-=[15]-=-. They restricted the side-condition specification language to a small but commonly used subset so that the proofs of correctness could be automated. Others have also developed techniques for proving ... |

67 | Rewritable reference attributed grammars
- Ekman, Hedin
- 2004
(Show Context)
Citation Context ...s [11]). Some well-defined circular attribute definitions can be evaluated by computing fixpoints over the set of attribute values. Examples of such systems include MUG2 [8] and the more recent CRAGs =-=[17]-=- and APS [3] systems. Here data-flow analyses are implemented as circular attributes: the fixpoint computation over attribute values corresponds to the fixpoints computed in model checking temporal lo... |

54 | A temporal logic of nested calls and returns
- Alur, Etessami, et al.
(Show Context)
Citation Context ...d here, but we are planning to build further extensions to Silver that perform this type of analysis. There are logics and model-checkers that can be use to perform interprocedural DFA – one is CaReT =-=[1]-=-, a logic that can encode procedure calls and returns. This Silver extension will also need to add constructs to Silver for building nodes and edges in the control flow graph that indicate calls to fu... |

53 | Proving correctness of compiler optimizations by temporal logic
- Lacey, Jones, et al.
- 2002
(Show Context)
Citation Context ...sfied if on all successors of s, there does not exist a path to a use of the variable v. That is, v is not used in a future computation. We 3 verified the correctness of this rule in an earlier paper =-=[13]-=- (note that we assume expressions have no side effects). We might like to use this verified optimization in an attribute grammar to flag certain assignments as dead. To do so we would like to write a ... |

51 |
Data flow analysis as model checking
- Steffen
- 1991
(Show Context)
Citation Context ...in a highly modular and extensible manner. 5 Related Work, Future Work and Discussion 5.1 Related Work 5.1.1 DFA via Model Checking, and comparison to traditional approaches Steffen’s pioneering work =-=[20]-=- first proposed the idea of using temporal logic to specify data-flow properties and using a model checker to perform the data-flow analysis specified by a particular temporal logic formula. Several h... |

42 |
Incremental evaluation of attribute grammars with application to syntax-directed editors
- Demers, Reps, et al.
- 1981
(Show Context)
Citation Context ...ere are several avenues to pursue more efficient implementations – one is to perform an optimization in place by changing, for example, the assignment to a skip, and updating attributes incrementally =-=[5]-=- and only when the change affects the results of other analyses as suggested in [8]. 5.3 Discussion, motivation of extensible languages We built these data flow analysis extensions to Silver because i... |

39 | Forwarding in attribute grammars for modular language design
- Wyk, Moor, et al.
- 2002
(Show Context)
Citation Context ...ilver. (A good test for Silver was to write a compiler for it in itself.) The declarative, modular, and extensible nature of attribute grammars is the key to implementing the DFA extensions to Silver =-=[22]-=-. To add new language constructs to Silver, one adds new productions that define their concrete and abstract syntax and attribute definitions for the attributes that label the nonterminals in the abst... |

35 | Imperative program transformation by rewriting
- Lacey, Moor
- 2001
(Show Context)
Citation Context ... model checking. In this case, the temporal logic is LTL-FV [11], a version of LTL extended with free variables. The free variables are similar to the free variables added to CTL by Lacey and de Moor =-=[12]-=- and used in our proofs of optimization correctness [13,14]. Instead of returning the set of states that satisfy a model, the model checkers for these logics return a set of nodes and substitutions fo... |

26 |
Automatic generation of fixed-point-finding evaluators for circular, but well-defined, attribute grammars
- Farrow
- 1986
(Show Context)
Citation Context ...w analyses. It is implemented in Pascal and to add new analysis one must extend the system by writing Pascal code to perform the desired DFA. The second category includes systems that use what Farrow =-=[6]-=- calls “ad-hoc” circular attribute definitions [2]. While these are not allowed in traditional AG systems [10], some well-defined circular attribute definitions can be evaluated by computing fixpoints... |

21 | VOC: A methodology for the translation validation of optimizing compilers
- Zuck, Pnueli, et al.
(Show Context)
Citation Context ... e.g. [19]. 11sVan Wyk and Krishnan Promising approaches based on translation validation that verify that the semantics of the optimized program match those of the original un-optimized program, e.g. =-=[24]-=-, have also been explored. These approaches do not verify the translator or optimizer but instead verify its results. 5.1.3 Attribute Grammars and Data Flow Analysis We are not the first to investigat... |

18 |
Higher-order attribute grammars
- Vogt, Swierstra, et al.
- 1989
(Show Context)
Citation Context ...ysis-based optimizations, we show how (immediate) dead code analysis on theassign production is used to determine if the assignment should be changed to a skip statement. The synthesized higher-order =-=[23]-=- attributes opt stmt and opt stmts are used to construct the optimized program. In the root production, the value of the opt stmts attribute (on s::Stmts) is the tree representing the optimized progra... |

17 | Descriptional Composition of Compiler Components
- Boyland
- 1996
(Show Context)
Citation Context ...s under which such computations are guaranteed to terminate. Systems based on such techniques form the third category. Examples of such systems include MUG2 [8] and the more recent CRAGs [16] and APS =-=[3]-=- systems. These systems do not enforce Farrow’s termination conditions, but rely on the person writing the AG specification to follow them. Thus one may accidentally write non-terminating data-flow an... |

13 |
A Truly Generative Semantics-Directed Compiler Generator
- Ganzinger, Giegerich, et al.
- 1982
(Show Context)
Citation Context ...s for circular attributes and the conditions under which such computations are guaranteed to terminate. Systems based on such techniques form the third category. Examples of such systems include MUG2 =-=[8]-=- and the more recent CRAGs [16] and APS [3] systems. These systems do not enforce Farrow’s termination conditions, but rely on the person writing the AG specification to follow them. Thus one may acci... |

12 |
The method of attributes for data flow analysis
- Babich, Jazayeri
- 1978
(Show Context)
Citation Context ... new analysis one must extend the system by writing Pascal code to perform the desired DFA. The second category includes systems that use what Farrow [6] calls “ad-hoc” circular attribute definitions =-=[2]-=-. While these are not allowed in traditional AG systems [10], some well-defined circular attribute definitions can be evaluated by computing fixpoints over the set of attribute values. Here data-flow ... |

10 | G.: Circular Reference Attributed Grammars - Their Evaluation and Applications
- Magnusson, Hedin
- 2007
(Show Context)
Citation Context ...the conditions under which such computations are guaranteed to terminate. Systems based on such techniques form the third category. Examples of such systems include MUG2 [8] and the more recent CRAGs =-=[16]-=- and APS [3] systems. These systems do not enforce Farrow’s termination conditions, but rely on the person writing the AG specification to follow them. Thus one may accidentally write non-terminating ... |

8 | Correctness of classical compiler optimizations using CTL
- Frederiksen
- 2002
(Show Context)
Citation Context ...tness of optimizing program transformations. We devised a technique for proving the correctness of such transformations when they are specified as rewrite rules with side conditions written in CTL-FV =-=[13,7,14]-=-. This formed the basis of the work by Lerner, et al. [15]. They restricted the side-condition specification language to a small but commonly used subset so that the proofs of correctness could be aut... |

8 | Compiler optimization correctness by temporal logic
- Lacey, Jones, et al.
- 2004
(Show Context)
Citation Context ...-FV [11], a version of LTL extended with free variables. The free variables are similar to the free variables added to CTL by Lacey and de Moor [12] and used in our proofs of optimization correctness =-=[13,14]-=-. Instead of returning the set of states that satisfy a model, the model checkers for these logics return a set of nodes and substitutions for the free variables that satisfy the formula. For the exam... |

5 | An automatic verification technique for loop and data reuse transformations based on geometric modeling of programs
- Shashidhar, Bruynooghe, et al.
- 2003
(Show Context)
Citation Context ... to a small but commonly used subset so that the proofs of correctness could be automated. Others have also developed techniques for proving the correctness of DFA-based program transformations, e.g. =-=[19]-=-. 11sVan Wyk and Krishnan Promising approaches based on translation validation that verify that the semantics of the optimized program match those of the original un-optimized program, e.g. [24], have... |

2 |
NUSMV: A new symbolic model verifier,” in Computer Aided Verification
- Cimatti, Clarke, et al.
- 1999
(Show Context)
Citation Context ...d Silver (see Sec. 2), that include constructs for building labelled control flow graphs and for model checking these graphs with both CTL and LTL-FV temporal logic formulas using, respectively NuSMV =-=[4]-=- and a hand-built LTL-FV model checker that supports free variables (Sec. 3). Thus, in one declarative formalism both syntax-tree-based and control flow graph-based analyses can be declaratively speci... |

1 |
LTL-FV: A Temporal Logic for Specifying Data-Flow Analyses
- Krishnan
- 2005
(Show Context)
Citation Context ...an Wyk and Krishnan 3.3 Checking LTL-FV properties on the CFG In this section, we present a second extension to Silver that performs DFA via model checking. In this case, the temporal logic is LTL-FV =-=[11]-=-, a version of LTL extended with free variables. The free variables are similar to the free variables added to CTL by Lacey and de Moor [12] and used in our proofs of optimization correctness [13,14].... |

1 |
A research environment for incremental data flow analysis
- Tan, Lemone
- 1985
(Show Context)
Citation Context ...specific dataflow analyses hand-implemented as part of the AG system. New analysis can be added only by coding the analysis in the implementation language of the AG. One such system by Tan and Lemone =-=[21]-=- can compute the livevariables and available expressions data flow analyses. It is implemented in Pascal and to add new analysis one must extend the system by writing Pascal code to perform the desire... |