Equailty Saturation for Translation Validation
Xingyu Xie
References
- (POPL'09) Ross Tate, Michael Stepp, Zachary Tatlock, and Sorin Lerner. Equality Saturation: A New Approach to Optimization.
- (CAV'11) Michael Stepp, Ross Tate, and Sorin Lerner. Equality-based translation validator for LLVM. (tool)
Approach
- CFG ⇒ PEG (Program Expression Graph)
- saturation: PEG ⇒ E-PEG
- check: PEG ∈ E-PEG
Program Experssion Graph
operator node & dataflow edge
referentially transparent: value of an expression depends only on its constituent expressions, no side effect
complete: any source program could be represented as PEG
Loop in PEG
- θ(init, v): the sequence of values that the variable takes throughout the loop.
- φ(cond, t, f): gated SSA
- eval(seq, n): the n-th element of the sequence
- pass(cond): the index of the first true element in the sequence
≥
Validation Algorithm
function validate(cfg1, cfg2: CFG): CFG
let peg1 = ConvertToPEG(cfg1)
let peg2 = ConvertToPEG(cfg2)
// A is the set of axioms
let epeg = Saturate(peg1, A)
return isInstantiation(peg2, epeg)E-PEG
E-PEG is PEG with a set of equalities over nodes of PEG.
Ax1
Ax2
Ax3
Ax2
Ax3
Ax1
Ax1
Saturation
saturation: repeatedly apply axioms to infer new equalities, until no axiom could be applied or given bounds are reached.
Formalization
- Saturation
Saturation
Axiom application:
Partial order (subset):
Axiom a is monotonic:
Normal form
Generally, there maybe not a normal form such as
- axiom A = (A + 1) - 1
- the inlining axiom applied to a recursive function
When the normal form doesn't exist, saturation may not terminate. Thus, we bound the number of times of same application.
My thought: there must be a normal sequence , where , s.t.
We define ir2 to be a normal form of ir1 if:
ir_1 \xrightarrow{*} ir_2 \land \neg (\exists ir_3 \exists a . ir_2 \xrightarrow{a} ir_3)
\{ ir_n \}
ir_{n - 1} \to ir_n
\forall g \exists n \ge 1 , g \xrightarrow{*} ir_n
deck
By Xingyu Xie
