Indexed Labels for Loop Iteration Dependent Costs

We present an extension to the labelling approach, a technique for lifting resource consumption information from compiled to source code. This approach, which is at the core of the annotating compiler from a large fragment of C to 8051 assembly of the CerCo project, looses preciseness when differences arise as to the cost of the same portion of code, whether due to code transformation such as loop optimisations or advanced architecture features (e.g. cache). We propose to address this weakness by formally indexing cost labels with the iterations of the containing loops they occur in. These indexes can be transformed during the compilation, and when lifted back to source code they produce dependent costs. The proposed changes have been implemented in CerCo's untrusted prototype compiler from a large fragment of C to 8051 assembly.Comment: In Proceedings QAPL 2013, arXiv:1306.241

Certifying cost annotations in compilers

We discuss the problem of building a compiler which can lift in a provably correct way pieces of information on the execution cost of the object code to cost annotations on the source code. To this end, we need a clear and flexible picture of: (i) the meaning of cost annotations, (ii) the method to prove them sound and precise, and (iii) the way such proofs can be composed. We propose a so-called labelling approach to these three questions. As a first step, we examine its application to a toy compiler. This formal study suggests that the labelling approach has good compositionality and scalability properties. In order to provide further evidence for this claim, we report our successful experience in implementing and testing the labelling approach on top of a prototype compiler written in OCAML for (a large fragment of) the C language

On the correctness of a branch displacement algorithm

The branch displacement problem is a well-known problem in assembler design. It revolves around the feature, present in several processor families, of having different instructions, of different sizes, for jumps of different displacements. The problem, which is provably NP-hard, is then to select the instructions such that one ends up with the smallest possible program. During our research with the CerCo project on formally verifying a C compiler, we have implemented and proven correct an algorithm for this problem. In this paper, we discuss the problem, possible solutions, our specific solutions and the proofs

On the correctness of a branch displacement algorithm

The branch displacement problem is a well-known problem in assembler design. It revolves around the feature, present in several processor families, of having different instructions, of different sizes, for jumps of different displacements. The problem, which is provably NP-hard, is then to select the instructions such that one ends up with the smallest possible program. During our research with the CerCo project on formally verifying a C compiler, we have implemented and proven correct an algorithm for this problem. In this paper, we discuss the problem, possible solutions, our specific solutions and the proofs

A Formally Verified WCET Estimation Tool

The application of formal methods in the development of safety-critical embedded software is recommended in order to provide strong guarantees about the absence of software errors. In this context, WCET estimation tools constitute an important element to be formally verified. We present a formally verified WCET estimation tool, integrated to the formally verified CompCert C compiler. Our tool comes with a machine-checked proof which ensures that its WCET estimates are safe. Our tool operates over C programs and is composed of two main parts, a loop bound estimation and an Implicit Path Enumeration Technique (IPET)-based WCET calculation method. We evaluated the precision of the WCET estimates on a reference benchmark and obtained results which are competitive with state-of-the-art WCET estimation techniques

Do you have space for dessert? a verified space cost semantics for CakeML programs

Garbage collectors relieve the programmer from manual memory management, but lead to compiler-generated machine code that can behave differently (e.g. out-of-memory errors) from the source code. To ensure that the generated code behaves exactly like the source code, programmers need a way to answer questions of the form: what is a sufficient amount of memory for my program to never reach an out-of-memory error? This paper develops a cost semantics that can answer such questions for CakeML programs. The work described in this paper is the first to be able to answer such questions with proofs in the context of a language that depends on garbage collection. We demonstrate that positive answers can be used to transfer liveness results proved for the source code to liveness guarantees about the generated machine code. Without guarantees about space usage, only safety results can be transferred from source to machine code. Our cost semantics is phrased in terms of an abstract intermediate language of the CakeML compiler, but results proved at that level map directly to the space cost of the compiler-generated machine code. All of the work described in this paper has been developed in the HOL4 theorem prover

Certifying and reasoning on cost annotations in C programs

International audienceWe present a so-called labelling method to enrich a compiler in order to turn it into a ''cost annotating compiler'', that is, a compiler which can {\em lift} pieces of information on the execution cost of the object code as cost annotations on the source code. These cost annotations characterize the execution costs of code fragments of constant complexity. The first contribution of this paper is a proof methodology that extends standard simulation proofs of compiler correctness to ensure that the cost annotations on the source code are sound and precise with respect to an execution cost model of the object code. As a second contribution, we demonstrate that our label-based instrumentation is scalable because it consists in a modular extension of the compilation chain. To that end, we report our successful experience in implementing and testing the labelling approach on top of a prototype compiler written in \ocaml for (a large fragment of) the {\sc C} language. As a third and last contribution, we provide evidence for the usability of the generated cost annotations as a mean to reason on the concrete complexity of programs written in {\sc C}. For this purpose, we present a {\sc Frama-C} plugin that uses our cost annotating compiler to automatically infer trustworthy logic assertions about the concrete worst case execution cost of programs written in a fragment of the {\sc C} language. These logic assertions are synthetic in the sense that they characterize the cost of executing the entire program, not only constant-time fragments. (These bounds may depend on the size of the input data.) We report our experimentations on some {\sc C} programs, especially programs generated by a compiler for the synchronous programming language {\sc Lustre} used in critical embedded software

Potencial de conversión de explotaciones ganaderas convencionales a sistemas de producción orgánicos en el estado de Tabasco

The main objective of the present study was to assess the conversion potential of conventional cattle farms to organic production systems. Research began by evaluating data in the Tabasco Livestock Farms Inventory 2000 (1,718 records), which provided basic and general information about the state of affairs of livestock in the aforesaid state, and permitted having an in-depth look at the production systems from an organic viewpoint. Subsequently, an Index of Compliance with Organic Standards (ICOS) was generated, which identifies the conversion potential of ranches from conventional to organic production systems. Producers with an ICOS close to 1 would only need to introduce a few changes in their management practices in order to carry out this conversion. In Tabasco, large-scale cattle farms (152 ha and 175 head, on average) have more possibilities to switch to organic production, than small-scale units (20 ha and 35 head, on average). Some 7.1 % of producers have the necessary potential to carry out this adaptation in a period of time no greater than two years, moreover, it can also be concluded that 76 % of producers, upon implementing some modifications in their production units, could achieve the same in a period no greater than four years, the rest of the cattle farms would need a period greater than four years to undertake major modifications in their management practices in order to make the changeover to an organic production system.El objetivo fundamental fue analizar el potencial de conversión de explotaciones ganaderas convencionales a sistemas de producción orgánicos, a partir de la base de datos del Inventario Ganadero Tabasco 2000 (1,718 registros), el cual proporciona datos básicos y generales sobre la situación de la ganaderí­a bovina en dicho Estado, y permite tener un acercamiento a los sistemas de producción desde la perspectiva orgánica. Se generó el índice de Cumplimiento de la Normatividad Orgánica (ICNO), que identifica el potencial de conversión de ranchos con sistemas de producción convencionales a ranchos bajo la normatividad orgánica. Las unidades de producción con un valor del ICNO cercano a 1 necesitan realizar pocas modificaciones a su sistema de manejo para su conversión. Los grandes ganaderos tabasqueÅ„,,os (152 ha y 175 cabezas, en promedio) presentan mayores posibilidades de convertir sus unidades de producción a un sistema orgánico, en comparación con los pequeÅ„,,os (20 ha y 35 cabezas, en promedio). Se estima que el 7.1 % de los productores tienen el potencial para llevar a cabo la conversión en un lapso no mayor de dos aÅ„,,os, y es posible que el 76 % de los productores, instrumentando algunas modificaciones en sus unidades de producción, pueden lograrla en un periodo no mayor de cuatro aÅ„,,os, el resto de los ganaderos necesitarí­an un plazo superior a cuatro aÅ„,,os y realizar modificaciones fuertes en las prácticas de manejo, para integrarse a un sistema de producción orgánico

Certifying and reasoning about cost annotations of functional programs

We present a so-called labelling method to insert cost annotations in a higher-order functional program, to certify their correctness with respect to a standard compilation chain to assembly code including safe memory management, and to reason on them in a higher-order Hoare logic.Comment: Higher-Order and Symbolic Computation (2013