| author | Christian Urban <christian.urban@kcl.ac.uk> |
| Wed, 02 Dec 2020 16:03:57 +0000 | |
| changeset 814 | 0db5961fe39f |
| parent 744 | a33ce6c8e2c3 |
| child 819 | c9859fa5178f |
| permissions | -rw-r--r-- |
| 701 | 1 |
% !TEX program = xelatex |
| 744 | 2 |
\documentclass[dvipsnames,14pt,t,xelatex,aspectratio=169,xcolor={table}]{beamer}
|
|
309
640e4a05cd9b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
215
diff
changeset
|
3 |
\usepackage{../slides}
|
|
215
828303e8e4af
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
207
diff
changeset
|
4 |
\usepackage{../langs}
|
| 609 | 5 |
\usepackage{../data}
|
|
309
640e4a05cd9b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
215
diff
changeset
|
6 |
\usepackage{../graphics}
|
|
379
fa2589ec0fae
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
7 |
\usepackage{../grammar}
|
|
310
d384fe01d0e8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
8 |
\usepackage{soul}
|
| 610 | 9 |
\usepackage{mathpartir}
|
| 701 | 10 |
\usetikzlibrary{shapes,arrows,shadows}
|
|
310
d384fe01d0e8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
11 |
|
| 609 | 12 |
% beamer stuff |
| 459 | 13 |
\renewcommand{\slidecaption}{CFL 09, King's College London}
|
| 609 | 14 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
15 |
||
|
310
d384fe01d0e8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
16 |
|
|
65
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
17 |
\begin{document}
|
| 609 | 18 |
|
|
65
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
19 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
309
640e4a05cd9b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
215
diff
changeset
|
20 |
\begin{frame}[t]
|
|
65
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
21 |
\frametitle{%
|
|
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
22 |
\begin{tabular}{@ {}c@ {}}
|
|
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
23 |
\\[-3mm] |
| 459 | 24 |
\LARGE Compilers and \\[-2mm] |
| 744 | 25 |
\LARGE Formal Languages\\[3mm] |
|
65
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
26 |
\end{tabular}}
|
|
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
|
|
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
\normalsize |
|
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
29 |
\begin{center}
|
|
ade6af51402c
tuned
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
\begin{tabular}{ll}
|
| 701 | 31 |
Email: & christian.urban at kcl.ac.uk\\ |
| 744 | 32 |
%Office Hours: & Thursdays 12 -- 14\\ |
33 |
%Location: & N7.07 (North Wing, Bush House)\\ |
|
| 701 | 34 |
Slides \& Progs: & KEATS (also homework is there)\\ |
| 538 | 35 |
\end{tabular}
|
36 |
\end{center}
|
|
|
310
d384fe01d0e8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
37 |
|
| 744 | 38 |
\begin{center}
|
39 |
\begin{tikzpicture}
|
|
40 |
\node[drop shadow,fill=white,inner sep=0pt] |
|
41 |
{\footnotesize\rowcolors{1}{capri!10}{white}
|
|
42 |
\begin{tabular}{|p{4.8cm}|p{4.8cm}|}\hline
|
|
43 |
1 Introduction, Languages & 6 While-Language \\ |
|
44 |
2 Regular Expressions, Derivatives & 7 Compilation, JVM \\ |
|
45 |
3 Automata, Regular Languages & 8 Compiling Functional Languages \\ |
|
46 |
4 Lexing, Tokenising & \cellcolor{blue!50} 9 Optimisations \\
|
|
47 |
5 Grammars, Parsing & 10 LLVM \\ \hline |
|
48 |
\end{tabular}%
|
|
49 |
}; |
|
50 |
\end{tikzpicture}
|
|
51 |
\end{center}
|
|
| 609 | 52 |
\end{frame}
|
53 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
54 |
||
| 701 | 55 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
56 |
\begin{frame}[c,fragile]
|
|
| 702 | 57 |
\frametitle{The Fun Language}
|
| 609 | 58 |
|
| 701 | 59 |
\footnotesize |
60 |
\begin{textblock}{13}(0.9,3)
|
|
61 |
\begin{lstlisting}[]numbers=none]
|
|
62 |
def fib(n) = if n == 0 then 0 |
|
63 |
else if n == 1 then 1 |
|
64 |
else fib(n - 1) + fib(n - 2); |
|
| 609 | 65 |
|
| 701 | 66 |
def fact(n) = if n == 0 then 1 else n * fact(n - 1); |
| 609 | 67 |
|
| 701 | 68 |
def ack(m, n) = if m == 0 then n + 1 |
69 |
else if n == 0 then ack(m - 1, 1) |
|
70 |
else ack(m - 1, ack(m, n - 1)); |
|
71 |
||
72 |
def gcd(a, b) = if b == 0 then a else gcd(b, a % b); |
|
73 |
\end{lstlisting}
|
|
74 |
\end{textblock}
|
|
| 609 | 75 |
|
76 |
\end{frame}
|
|
77 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
78 |
||
79 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
80 |
\begin{frame}[c,fragile]
|
|
| 702 | 81 |
\frametitle{Factorial Funct.~on the JVM}
|
| 609 | 82 |
|
| 701 | 83 |
\begin{textblock}{7}(1,1.8)\footnotesize
|
84 |
\begin{minipage}{6cm}
|
|
85 |
\begin{lstlisting}[language=JVMIS,basicstyle=\ttfamily, numbers=none]
|
|
86 |
.method public static facT(II)I |
|
87 |
.limit locals 2 |
|
88 |
.limit stack 6 |
|
89 |
iload 0 |
|
90 |
ldc 0 |
|
91 |
if_icmpne If_else_2 |
|
92 |
iload 1 |
|
93 |
goto If_end_3 |
|
94 |
If_else_2: |
|
95 |
iload 0 |
|
96 |
ldc 1 |
|
97 |
isub |
|
98 |
iload 0 |
|
99 |
iload 1 |
|
100 |
imul |
|
101 |
invokestatic fact/fact/facT(II)I |
|
102 |
If_end_3: |
|
103 |
ireturn |
|
104 |
.end method |
|
105 |
\end{lstlisting}
|
|
106 |
\end{minipage}
|
|
107 |
\end{textblock}
|
|
108 |
||
109 |
\begin{textblock}{7}(6,7)
|
|
110 |
\begin{bubble}[7cm]\small
|
|
111 |
\begin{lstlisting}[language=Lisp,
|
|
112 |
basicstyle=\ttfamily, |
|
113 |
numbers=none, |
|
114 |
xleftmargin=1mm,linebackgroundcolor=\color{cream}]
|
|
115 |
def facT(n, acc) = |
|
116 |
if n == 0 then acc |
|
117 |
else facT(n - 1, n * acc); |
|
118 |
\end{lstlisting}
|
|
119 |
\end{bubble}
|
|
120 |
\end{textblock}
|
|
121 |
||
122 |
\end{frame}
|
|
123 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
124 |
||
125 |
||
126 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
127 |
\begin{frame}[fragile,c]
|
|
128 |
\frametitle{LLVM}
|
|
| 609 | 129 |
|
130 |
\begin{itemize}
|
|
| 701 | 131 |
\item Chris Lattner, Vikram Adve (started in 2000) |
132 |
\item Apple hired Lattner in 2006 |
|
133 |
\item modular architecture, LLVM-IR |
|
134 |
\item \texttt{lli} and \texttt{llc}
|
|
135 |
\end{itemize}
|
|
| 609 | 136 |
|
137 |
\end{frame}
|
|
| 701 | 138 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
139 |
||
140 |
||
141 |
||
142 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
143 |
\tikzstyle{sensor}=[draw, fill=blue!20, text width=3.8em, line width=1mm,
|
|
144 |
text centered, minimum height=2em,drop shadow] |
|
145 |
\tikzstyle{ann} = [above, text width=4em, text centered]
|
|
146 |
\tikzstyle{sc} = [sensor, text width=7em, fill=red!20,
|
|
147 |
minimum height=6em, rounded corners, drop shadow,line width=1mm] |
|
148 |
||
149 |
\begin{frame}[fragile,c]
|
|
150 |
\frametitle{LLVM: Overview}
|
|
151 |
||
152 |
\begin{tikzpicture}
|
|
153 |
% Validation Layer is the same except that there are a set of nodes and links which are added |
|
154 |
||
155 |
\path (0,0) node (IR) [sc] {\textbf{LLVM-IR}\\ Optimisations};
|
|
156 |
\path (IR.west)+(-2.2,1.7) node (sou1) [sensor] {C++};
|
|
157 |
\path (IR.west)+(-2.2,0.5) node (sou2)[sensor] {C};
|
|
158 |
\path (IR.west)+(-2.2,-1.0) node (dots)[ann] {$\vdots$};
|
|
159 |
\path (IR.west)+(-2.2,-1.8) node (sou3)[sensor] {Haskell};
|
|
160 |
||
161 |
\path [draw,->,line width=1mm] (sou1.east) -- node [above] {} (IR.160);
|
|
162 |
\path [draw,->,line width=1mm] (sou2.east) -- node [above] {} (IR.180);
|
|
163 |
\path [draw,->,line width=1mm] (sou3.east) -- node [above] {} (IR.200);
|
|
164 |
||
165 |
\path (IR.east)+(2.2,2.0) node (tar1)[sensor] {x86};
|
|
166 |
\path (IR.east)+(2.2,0.8) node (tar2)[sensor] {ARM};
|
|
167 |
\path (IR.east)+(2.2,-0.4) node (tar3)[sensor] {MIPS};
|
|
168 |
\path (IR.east)+(2.2,-1.6) node (tar4)[sensor] {RISC};
|
|
169 |
\path (IR.east)+(2.2,-2.8) node (tar5)[sensor] {Power PC};
|
|
170 |
\path (IR.east)+(2.2,-4.2) node (dots2)[ann] {$\vdots$};
|
|
171 |
||
172 |
\path [draw,<-,line width=1mm] (tar1.west) -- node [above] {} (IR.10);
|
|
173 |
\path [draw,<-,line width=1mm] (tar2.west) -- node [above] {} (IR.5);
|
|
174 |
\path [draw,<-,line width=1mm] (tar3.west) -- node [above] {} (IR.0);
|
|
175 |
\path [draw,<-,line width=1mm] (tar4.west) -- node [above] {} (IR.-5);
|
|
176 |
\path [draw,<-,line width=1mm] (tar5.west) -- node [above] {} (IR.-10);
|
|
177 |
||
178 |
\end{tikzpicture}
|
|
179 |
\end{frame}
|
|
180 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
181 |
||
| 609 | 182 |
|
183 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 701 | 184 |
\begin{frame}[fragile,t]
|
185 |
\frametitle{LLVM-IR}
|
|
186 |
\small |
|
187 |
||
188 |
\begin{textblock}{7.7}(8,11.4)
|
|
189 |
\begin{bubble}[5cm]\small
|
|
190 |
\begin{lstlisting}[language=Lisp,
|
|
191 |
numbers=none, |
|
192 |
xleftmargin=1mm,linebackgroundcolor=\color{cream}]
|
|
193 |
def fact(n) = |
|
194 |
if n == 0 then 1 |
|
195 |
else n * fact(n - 1) |
|
196 |
\end{lstlisting}
|
|
197 |
\end{bubble}
|
|
198 |
\end{textblock}
|
|
|
310
d384fe01d0e8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
199 |
|
| 701 | 200 |
\begin{lstlisting}[language=LLVM,xleftmargin=-7mm]
|
201 |
define i32 @fact (i32 %n) {
|
|
202 |
%tmp_19 = icmp eq i32 %n, 0 |
|
203 |
br i1 %tmp_19, label %if_br_23, label %else_br_24 |
|
204 |
||
205 |
if_br_23: |
|
206 |
ret i32 1 |
|
207 |
||
208 |
else_br_24: |
|
209 |
%tmp_21 = sub i32 %n, 1 |
|
210 |
%tmp_22 = call i32 @fact (i32 %tmp_21) |
|
211 |
%tmp_20 = mul i32 %n, %tmp_22 |
|
212 |
ret i32 %tmp_20 |
|
213 |
} |
|
214 |
\end{lstlisting}
|
|
| 609 | 215 |
|
216 |
\end{frame}
|
|
| 701 | 217 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
218 |
||
219 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
220 |
\begin{frame}[fragile,c]
|
|
221 |
\frametitle{LLVM Types}
|
|
222 |
||
223 |
\tt |
|
224 |
\begin{center}
|
|
225 |
\begin{tabular}{ll}
|
|
226 |
boolean & i1 \\ |
|
227 |
byte & i8 \\ |
|
228 |
short & i16\\ |
|
229 |
char & i16\\ |
|
230 |
integer & i32\\ |
|
231 |
long & i64\\ |
|
232 |
float & float\\ |
|
233 |
double & double\\ |
|
234 |
*\_ & pointer to \\ |
|
235 |
**\_ & pointer to a pointer to\\ |
|
236 |
\mbox{}[\_] & arrays of\\
|
|
237 |
\end{tabular}
|
|
238 |
\end{center}
|
|
239 |
||
240 |
\end{frame}
|
|
241 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
242 |
||
243 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
244 |
\begin{frame}[fragile,c]
|
|
| 702 | 245 |
\frametitle{LLVM-IR Instructions}
|
| 701 | 246 |
\small |
247 |
||
| 702 | 248 |
\begin{lstlisting}[language=LLVM,xleftmargin=0mm]
|
| 701 | 249 |
br i1 %var, label %if_br, label %else_br |
250 |
||
251 |
icmp eq i32 %x, %y ; for equal |
|
252 |
icmp sle i32 %x, %y ; signed less or equal |
|
253 |
icmp slt i32 %x, %y ; signed less than |
|
254 |
icmp ult i32 %x, %y ; unsigned less than |
|
255 |
||
256 |
%var = call i32 @foo(...args...) |
|
257 |
\end{lstlisting}
|
|
258 |
||
259 |
\end{frame}
|
|
260 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
261 |
||
262 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
263 |
\begin{frame}[fragile,c]
|
|
264 |
\frametitle{SSA Format}
|
|
265 |
||
266 |
\bl{$(1 + a) + (3 + (b * 5))$}\bigskip\bigskip
|
|
267 |
||
268 |
\begin{lstlisting}[language=LLVM]
|
|
| 702 | 269 |
tmp0 = add 1 a |
270 |
tmp1 = mul b 5 |
|
271 |
tmp2 = add 3 tmp1 |
|
272 |
tmp3 = add tmp0 tmp2 |
|
273 |
\end{lstlisting}\bigskip\bigskip
|
|
274 |
||
275 |
\hfill Static Single Assignment |
|
| 701 | 276 |
|
277 |
\end{frame}
|
|
278 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 609 | 279 |
|
280 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 701 | 281 |
\begin{frame}[fragile,c]
|
282 |
\frametitle{Abstract Syntax Trees}
|
|
283 |
\footnotesize |
|
284 |
||
285 |
\begin{lstlisting}[language=Scala,numbers=none,xleftmargin=-3mm]
|
|
286 |
// Fun language (expressions) |
|
287 |
abstract class Exp |
|
288 |
abstract class BExp |
|
289 |
||
290 |
case class Call(name: String, args: List[Exp]) extends Exp |
|
291 |
case class If(a: BExp, e1: Exp, e2: Exp) extends Exp |
|
292 |
case class Write(e: Exp) extends Exp |
|
293 |
case class Var(s: String) extends Exp |
|
294 |
case class Num(i: Int) extends Exp |
|
295 |
case class Aop(o: String, a1: Exp, a2: Exp) extends Exp |
|
296 |
case class Sequence(e1: Exp, e2: Exp) extends Exp |
|
297 |
case class Bop(o: String, a1: Exp, a2: Exp) extends BExp |
|
298 |
\end{lstlisting}
|
|
| 609 | 299 |
|
| 701 | 300 |
\end{frame}
|
301 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
302 |
||
303 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
304 |
\begin{frame}[fragile,c]
|
|
305 |
\frametitle{K-(Intermediate)Language}
|
|
306 |
\footnotesize |
|
| 609 | 307 |
|
| 701 | 308 |
\begin{lstlisting}[language=Scala,numbers=none,xleftmargin=-3mm]
|
309 |
abstract class KExp |
|
310 |
abstract class KVal |
|
311 |
||
| 702 | 312 |
// K-Values |
| 701 | 313 |
case class KVar(s: String) extends KVal |
314 |
case class KNum(i: Int) extends KVal |
|
315 |
case class Kop(o: String, v1: KVal, v2: KVal) extends KVal |
|
316 |
case class KCall(o: String, vrs: List[KVal]) extends KVal |
|
317 |
case class KWrite(v: KVal) extends KVal |
|
318 |
||
| 702 | 319 |
// K-Expressions |
| 701 | 320 |
case class KIf(x1: String, e1: KExp, e2: KExp) extends KExp |
321 |
case class KLet(x: String, v: KVal, e: KExp) extends KExp |
|
322 |
case class KReturn(v: KVal) extends KExp |
|
| 609 | 323 |
\end{lstlisting}
|
324 |
||
| 701 | 325 |
\end{frame}
|
326 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
327 |
||
328 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
329 |
\begin{frame}[fragile,c]
|
|
330 |
\frametitle{CPS-Translation}
|
|
331 |
\small |
|
332 |
||
333 |
\begin{lstlisting}[language=Scala,numbers=none]
|
|
334 |
def CPS(e: Exp)(k: KVal => KExp) : KExp = |
|
335 |
e match { ... }
|
|
336 |
\end{lstlisting}
|
|
337 |
\bigskip\bigskip |
|
338 |
||
| 702 | 339 |
the continuation \texttt{k} can be thought of:\medskip
|
340 |
||
| 701 | 341 |
\small |
342 |
\begin{lstlisting}[language=LLVMIR,numbers=none,xleftmargin=30mm,escapeinside={(*@}{@*)}]
|
|
343 |
let tmp0 = add 1 a in |
|
344 |
let tmp1 = mul (*@$\Box$@*) 5 in |
|
345 |
let tmp2 = add 3 tmp1 in |
|
346 |
let tmp3 = add tmp0 tmp2 in |
|
347 |
KReturn tmp3 |
|
348 |
\end{lstlisting}
|
|
| 609 | 349 |
|
350 |
\end{frame}
|
|
| 701 | 351 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
352 |
||
353 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
354 |
\begin{frame}[fragile,c]
|
|
355 |
\frametitle{CPS-Translation}
|
|
356 |
\small |
|
357 |
||
358 |
\begin{lstlisting}[language=Scala,numbers=none]
|
|
359 |
def CPS(e: Exp)(k: KVal => KExp) : KExp = |
|
360 |
e match {
|
|
361 |
case Var(s) => k(KVar(s)) |
|
362 |
case Num(i) => k(KNum(i)) |
|
363 |
... |
|
364 |
} |
|
365 |
\end{lstlisting}
|
|
366 |
\bigskip\bigskip |
|
367 |
||
368 |
\small |
|
369 |
\begin{lstlisting}[language=LLVMIR,numbers=none,xleftmargin=30mm,escapeinside={(*@}{@*)}]
|
|
370 |
let tmp0 = add 1 a in |
|
371 |
let tmp1 = mul (*@$\Box$@*) 5 in |
|
372 |
let tmp2 = add 3 tmp1 in |
|
373 |
let tmp3 = add tmp0 tmp2 in |
|
374 |
KReturn tmp3 |
|
375 |
\end{lstlisting}
|
|
376 |
||
377 |
\end{frame}
|
|
378 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 609 | 379 |
|
380 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 701 | 381 |
\begin{frame}[fragile,c]
|
382 |
\frametitle{CPS-Translation}
|
|
383 |
\small |
|
| 609 | 384 |
|
| 701 | 385 |
\begin{lstlisting}[language=Scala,numbers=none,xleftmargin=-5mm]
|
386 |
def CPS(e: Exp)(k: KVal => KExp) : KExp = e match {
|
|
387 |
case Aop(o, e1, e2) => {
|
|
388 |
val z = Fresh("tmp")
|
|
389 |
CPS(e1)(y1 => |
|
390 |
CPS(e2)(y2 => |
|
391 |
KLet(z, Kop(o, y1, y2), k(KVar(z))))) |
|
392 |
} ... |
|
393 |
} |
|
| 609 | 394 |
\end{lstlisting}
|
| 702 | 395 |
\mbox{}\\[-8mm]%
|
396 |
% |
|
| 701 | 397 |
\begin{lstlisting}[language=LLVMIR,numbers=none,xleftmargin=30mm,escapeinside={(*@}{@*)}]
|
398 |
... |
|
399 |
let z = op (*@$\Box_{y_1}$@*) (*@$\Box_{y_2}$@*)
|
|
400 |
let tmp0 = add 1 a in |
|
| 702 | 401 |
let tmp1 = mul (*@$\Box\!\!\!\!\raisebox{0.6mm}{\alert{\texttt{z}}}$@*) 5 in
|
| 701 | 402 |
let tmp2 = add 3 tmp1 in |
403 |
let tmp3 = add tmp0 tmp2 in |
|
404 |
KReturn tmp3 |
|
405 |
\end{lstlisting}
|
|
| 609 | 406 |
|
407 |
\end{frame}
|
|
| 701 | 408 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 609 | 409 |
|
410 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 701 | 411 |
\begin{frame}[fragile,c]
|
412 |
\frametitle{CPS-Translation}
|
|
413 |
\small |
|
| 609 | 414 |
|
| 701 | 415 |
\begin{lstlisting}[language=Scala,numbers=none]
|
416 |
def CPS(e: Exp)(k: KVal => KExp) : KExp = |
|
417 |
e match {
|
|
418 |
case Sequence(e1, e2) => |
|
419 |
CPS(e1)(_ => CPS(e2)(y2 => k(y2))) |
|
420 |
... |
|
421 |
} |
|
422 |
\end{lstlisting}
|
|
| 702 | 423 |
\bigskip |
| 701 | 424 |
|
425 |
\small |
|
426 |
\begin{lstlisting}[language=LLVMIR,numbers=none,xleftmargin=30mm,escapeinside={(*@}{@*)}]
|
|
427 |
let tmp0 = add 1 a in |
|
428 |
let tmp1 = mul (*@$\Box$@*) 5 in |
|
429 |
let tmp2 = add 3 tmp1 in |
|
430 |
let tmp3 = add tmp0 tmp2 in |
|
431 |
KReturn tmp3 |
|
432 |
\end{lstlisting}
|
|
| 609 | 433 |
|
434 |
\end{frame}
|
|
| 701 | 435 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
310
d384fe01d0e8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
436 |
|
| 610 | 437 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 701 | 438 |
\begin{frame}[fragile,c]
|
439 |
\frametitle{CPS-Translation}
|
|
440 |
\small |
|
441 |
||
442 |
\begin{lstlisting}[language=Scala,numbers=none,xleftmargin=-3mm]
|
|
443 |
def CPS(e: Exp)(k: KVal => KExp) : KExp = |
|
444 |
e match {
|
|
445 |
... |
|
446 |
case If(Bop(o, b1, b2), e1, e2) => {
|
|
447 |
val z = Fresh("tmp")
|
|
448 |
CPS(b1)(y1 => |
|
449 |
CPS(b2)(y2 => |
|
450 |
KLet(z, Kop(o, y1, y2), |
|
451 |
KIf(z, CPS(e1)(k), CPS(e2)(k))))) |
|
452 |
} |
|
453 |
... |
|
454 |
} |
|
455 |
\end{lstlisting}
|
|
456 |
||
457 |
\end{frame}
|
|
458 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
459 |
||
| 702 | 460 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
461 |
\begin{frame}[c,fragile]
|
|
462 |
\frametitle{The Basic Language, 1980+}
|
|
463 |
||
464 |
\begin{lstlisting}[language={[Visual]Basic},numbers=none]
|
|
465 |
5 LET S = 0 |
|
466 |
10 INPUT V |
|
467 |
20 PRINT "Input number" |
|
468 |
30 IF N = 0 THEN GOTO 99 |
|
469 |
40 FOR I = 1 TO N |
|
470 |
45 LET S = S + V(I) |
|
471 |
50 NEXT I |
|
472 |
60 PRINT S/N |
|
473 |
70 GOTO 5 |
|
474 |
99 END |
|
475 |
\end{lstlisting}
|
|
476 |
||
477 |
\hfill ``Spaghetti Code'' |
|
478 |
\end{frame}
|
|
479 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
480 |
||
481 |
||
482 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
483 |
\begin{frame}[c,fragile]
|
|
484 |
\frametitle{Target Specific ASM}
|
|
485 |
||
486 |
\begin{lstlisting}[language={},numbers=none]
|
|
487 |
llc -march=x86-64 fact.ll |
|
488 |
llc -march=arm fact.ll |
|
489 |
||
490 |
||
491 |
Intel: xorl %eax, %eax |
|
492 |
ARM: mov pc, lr |
|
493 |
\end{lstlisting}
|
|
494 |
||
495 |
\end{frame}
|
|
496 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 701 | 497 |
|
498 |
||
499 |
||
500 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 610 | 501 |
\begin{frame}[c]
|
502 |
||
503 |
\large\bf |
|
| 701 | 504 |
Using a compiler, \\ |
505 |
how can you mount the\\ |
|
506 |
perfect attack against a system? |
|
| 610 | 507 |
|
| 701 | 508 |
\end{frame}
|
| 610 | 509 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
510 |
||
511 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
512 |
\mode<presentation>{
|
|
513 |
\begin{frame}[c]
|
|
514 |
||
515 |
{\large\bf
|
|
516 |
What is a \alert{perfect} attack?}\bigskip
|
|
517 |
||
518 |
\begin{enumerate}
|
|
519 |
\item you can potentially completely take over a target system |
|
520 |
\item your attack is (nearly) undetectable |
|
521 |
\item the victim has (almost) no chance to recover |
|
522 |
\end{enumerate}
|
|
523 |
||
524 |
\end{frame}}
|
|
525 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
526 |
||
527 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
528 |
\mode<presentation>{
|
|
529 |
\begin{frame}[c]
|
|
530 |
||
531 |
||
532 |
\begin{center}
|
|
533 |
\begin{tikzpicture}[scale=1]
|
|
534 |
||
535 |
\onslide<1->{
|
|
536 |
\node (A) at (0,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=17mm] {};
|
|
537 |
\node [below right] at (A.north west) {\footnotesize\begin{tabular}{@{}l@{}}
|
|
538 |
\only<1,2>{clean}\only<3->{\alert{hacked}}\\compiler\end{tabular}};}
|
|
539 |
||
540 |
||
541 |
\onslide<2->{
|
|
542 |
\node (B) at (-2,2) [draw=black, rectangle, very thick, minimum height=10mm, minimum width=12mm] {};
|
|
543 |
\node [below right] at (B.north west) {\footnotesize\begin{tabular}{@{}l@{}}login\\(src)\end{tabular}};
|
|
544 |
||
545 |
\node (C) at (2,2) [draw=black, rectangle, very thick, minimum height=10mm, minimum width=12mm] {};
|
|
546 |
\node [below right] at (C.north west) {\footnotesize\begin{tabular}{@{}l@{}}login\\(bin)\end{tabular}};
|
|
547 |
||
548 |
\draw[->, line width=2mm] (B) -- (C); |
|
549 |
} |
|
550 |
||
551 |
\onslide<3->{\node [above left=-1.5mm] at (C.south east) {\footnotesize \alert{$\blacksquare$}};}
|
|
552 |
||
553 |
\end{tikzpicture}
|
|
554 |
\end{center}
|
|
555 |
||
556 |
\end{frame}}
|
|
557 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
558 |
||
559 |
||
560 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
561 |
\mode<presentation>{
|
|
562 |
\begin{frame}[c]
|
|
563 |
||
564 |
\begin{center}
|
|
565 |
\begin{tikzpicture}[scale=1]
|
|
566 |
||
567 |
\onslide<1->{
|
|
568 |
\node (A) at (0,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
569 |
\node [below right] at (A.north west) {\small V0.01};
|
|
570 |
\node [below right] (A1) at (A.south west) {\small Scala};
|
|
571 |
\node [below right] (A1) at (A1.south west) {\small\textcolor{gray}{host language}};
|
|
572 |
\node [above right] at (A.north west) {my compiler (src)};}
|
|
573 |
||
574 |
\onslide<2->{
|
|
575 |
\node (B) at (1.8,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
576 |
\node [below right] at (B.north west) {\small V0.02};
|
|
577 |
\node [below right] at (B.south west) {\small Scala};
|
|
578 |
\node at (3,0) {\ldots};
|
|
579 |
||
580 |
\node (C) at (5,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
581 |
\node [below right] at (C.north west) {\small V1.00};
|
|
582 |
\node [below right] at (C.south west) {\small Scala};}
|
|
583 |
||
584 |
\onslide<3->{
|
|
585 |
\node (D) at (6.8,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
586 |
\node [below right] at (D.north west) {\small V1.00};
|
|
587 |
||
588 |
\node (E) at (6.8,2) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
589 |
\node [below right] at (E.north west) {\small V1.01};}
|
|
590 |
||
591 |
\onslide<4->{
|
|
592 |
\node (F) at (8.6,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
593 |
\node [below right] at (F.north west) {\small V1.01};
|
|
594 |
||
595 |
\node (G) at (8.6,2) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
|
|
596 |
\node [below right] at (G.north west) {\small V1.02};
|
|
597 |
\node at (9.8,0) {\ldots};
|
|
598 |
\node at (9.8,2) {\ldots};
|
|
599 |
\node at (8,-2) {\textcolor{gray}{\begin{tabular}{@{}l@{}}no host language\\needed\end{tabular}}};
|
|
600 |
} |
|
601 |
||
602 |
\end{tikzpicture}
|
|
603 |
\end{center}
|
|
604 |
||
605 |
\end{frame}}
|
|
606 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
607 |
||
608 |
||
609 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
610 |
\mode<presentation>{
|
|
611 |
\begin{frame}<1-3>
|
|
612 |
\frametitle{\LARGE\begin{tabular}{c}Hacking Compilers
|
|
613 |
\end{tabular}}
|
|
614 |
||
615 |
%Why is it so paramount to have a small trusted code base (TCB)? |
|
616 |
\bigskip\bigskip |
|
617 |
||
618 |
\begin{columns}
|
|
619 |
\begin{column}{2.7cm}
|
|
620 |
\begin{minipage}{2.5cm}%
|
|
621 |
\begin{tabular}{c@ {}}
|
|
622 |
\includegraphics[scale=0.2]{../pics/ken-thompson.jpg}\\[-1.8mm]
|
|
623 |
\footnotesize Ken Thompson\\[-1.8mm] |
|
624 |
\footnotesize Turing Award, 1983\\ |
|
625 |
\end{tabular}
|
|
626 |
\end{minipage}
|
|
627 |
\end{column}
|
|
628 |
\begin{column}{9cm}
|
|
629 |
\begin{tabular}{l@ {\hspace{1mm}}p{8cm}}
|
|
630 |
||
631 |
& Ken Thompson showed how to hide a Trojan Horse in a |
|
632 |
compiler \textcolor{red}{without} leaving any traces in the source code.\\[2mm]
|
|
633 |
||
634 |
& No amount of source level verification will protect |
|
635 |
you from such Thompson-hacks.\\[2mm] |
|
636 |
||
637 |
\end{tabular}
|
|
638 |
\end{column}
|
|
639 |
\end{columns}
|
|
640 |
||
641 |
\only<2>{
|
|
642 |
\begin{textblock}{6}(4,2)
|
|
643 |
\begin{tikzpicture}
|
|
644 |
\draw (0,0) node[inner sep=3mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
|
645 |
{\normalsize
|
|
646 |
\begin{minipage}{8cm}
|
|
647 |
\begin{quote}
|
|
648 |
\includegraphics[scale=0.05]{../pics/evil.png}
|
|
649 |
\begin{enumerate}
|
|
650 |
\item[1)] Assume you ship the compiler as binary and also with sources. |
|
651 |
\item[2)] Make the compiler aware when it compiles itself. |
|
652 |
\item[3)] Add the Trojan horse. |
|
653 |
\item[4)] Compile. |
|
654 |
\item[5)] Delete Trojan horse from the sources of the compiler. |
|
655 |
\item[6)] Go on holiday for the rest of your life. ;o)\\[-7mm]\mbox{}
|
|
656 |
\end{enumerate}
|
|
657 |
\end{quote}
|
|
658 |
\end{minipage}};
|
|
659 |
\end{tikzpicture}
|
|
660 |
\end{textblock}}
|
|
661 |
||
662 |
\end{frame}}
|
|
663 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
664 |
||
| 701 | 665 |
|
666 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
667 |
\begin{frame}[c]
|
|
668 |
\frametitle{Dijkstra on Testing}
|
|
669 |
||
670 |
\begin{bubble}[10cm]
|
|
671 |
``Program testing can be a very effective way to show the |
|
672 |
presence of bugs, but it is hopelessly inadequate for showing |
|
673 |
their absence.'' |
|
674 |
\end{bubble}\bigskip
|
|
675 |
||
676 |
\small |
|
677 |
What is good about compilers: the either seem to work, |
|
678 |
or go horribly wrong (most of the time). |
|
679 |
||
680 |
\end{frame}
|
|
681 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
682 |
||
683 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
684 |
\begin{frame}[c]
|
|
685 |
\frametitle{\Large Proving Programs to be Correct}
|
|
686 |
||
687 |
\begin{bubble}[10cm]
|
|
688 |
\small |
|
689 |
{\bf Theorem:} There are infinitely many prime
|
|
690 |
numbers.\medskip\\ |
|
691 |
||
692 |
{\bf Proof} \ldots\\
|
|
693 |
\end{bubble}\bigskip
|
|
694 |
||
695 |
||
696 |
similarly\bigskip |
|
697 |
||
698 |
\begin{bubble}[10cm]
|
|
699 |
\small |
|
700 |
{\bf Theorem:} The program is doing what
|
|
701 |
it is supposed to be doing.\medskip |
|
702 |
||
703 |
{\bf Long, long proof} \ldots\\
|
|
704 |
\end{bubble}\bigskip\medskip
|
|
705 |
||
706 |
\small This can be a gigantic proof. The only hope is to have |
|
707 |
help from the computer. `Program' is here to be understood to be |
|
708 |
quite general (compiler, OS, \ldots). |
|
709 |
||
710 |
\end{frame}
|
|
711 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
712 |
||
713 |
||
714 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
715 |
||
716 |
\begin{frame}[c]
|
|
717 |
\frametitle{Can This Be Done?}
|
|
718 |
||
719 |
\begin{itemize}
|
|
720 |
\item in 2008, verification of a small C-compiler |
|
721 |
\begin{itemize}
|
|
722 |
\item ``if my input program has a certain behaviour, then the compiled machine code has the same behaviour'' |
|
723 |
\item is as good as \texttt{gcc -O1}, but much, much less buggy
|
|
724 |
\end{itemize}
|
|
725 |
\end{itemize}
|
|
726 |
||
727 |
\begin{center}
|
|
728 |
\includegraphics[scale=0.12]{../pics/compcert.png}
|
|
729 |
\end{center}
|
|
730 |
||
731 |
\end{frame}
|
|
732 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
733 |
||
734 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
735 |
\begin{frame}[t]
|
|
736 |
\frametitle{Fuzzy Testing C-Compilers}
|
|
737 |
||
738 |
\begin{itemize}
|
|
739 |
\item tested GCC, LLVM and others by randomly generating |
|
740 |
C-programs |
|
741 |
\item found more than 300 bugs in GCC and also |
|
742 |
many in LLVM (some of them highest-level critical)\bigskip |
|
743 |
\item about CompCert: |
|
744 |
||
745 |
\begin{bubble}[10.7cm]\small ``The striking thing about our CompCert
|
|
746 |
results is that the middle-end bugs we found in all other |
|
747 |
compilers are absent. As of early 2011, the under-development |
|
748 |
version of CompCert is the only compiler we have tested for |
|
749 |
which Csmith cannot find wrong-code errors. This is not for |
|
750 |
lack of trying: we have devoted about six CPU-years to the |
|
751 |
task.'' |
|
752 |
\end{bubble}
|
|
753 |
\end{itemize}
|
|
754 |
||
755 |
\end{frame}
|
|
756 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
757 |
||
758 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
759 |
||
760 |
\begin{frame}[c]
|
|
761 |
\frametitle{Next Week}
|
|
762 |
||
763 |
\begin{itemize}
|
|
764 |
\item Revision Lecture\medskip |
|
765 |
\item How many strings are in $\bl{L(a^*)}$?\pause\medskip
|
|
766 |
\item How many strings are in $\bl{L((a + b)^*)}$?\\ Are there more than
|
|
767 |
in $\bl{L(a^*)}$?
|
|
768 |
\end{itemize}
|
|
769 |
||
770 |
||
771 |
||
772 |
\end{frame}
|
|
773 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
774 |
||
775 |
||
776 |
||
777 |
\end{document}
|
|
778 |
||
779 |
%%% Local Variables: |
|
780 |
%%% mode: latex |
|
781 |
%%% TeX-master: t |
|
782 |
%%% End: |
|
783 |
||
784 |
||
785 |
||
786 |
||
787 |
||
| 610 | 788 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
789 |
\begin{frame}[c]
|
|
790 |
||
791 |
\begin{center}
|
|
792 |
\includegraphics[scale=0.6]{../pics/bridge-limits.png}
|
|
793 |
\end{center}
|
|
794 |
||
795 |
\end{frame}
|
|
796 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
797 |
||
798 |
||
799 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
800 |
\begin{frame}[c]
|
|
801 |
\frametitle{Compilers \& Boeings 777}
|
|
802 |
||
803 |
First flight in 1994. They want to achieve triple redundancy in hardware |
|
804 |
faults.\bigskip |
|
805 |
||
806 |
They compile 1 Ada program to\medskip |
|
807 |
||
808 |
\begin{itemize}
|
|
809 |
\item Intel 80486 |
|
810 |
\item Motorola 68040 (old Macintosh's) |
|
811 |
\item AMD 29050 (RISC chips used often in laser printers) |
|
812 |
\end{itemize}\medskip
|
|
813 |
||
814 |
using 3 independent compilers.\bigskip\pause |
|
815 |
||
816 |
\small Airbus uses C and static analysers. Recently started using CompCert. |
|
817 |
||
818 |
\end{frame}
|
|
819 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
820 |
||
821 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
822 |
\begin{frame}[c]
|
|
823 |
\frametitle{Goal}
|
|
824 |
||
825 |
Remember the Bridges example? |
|
826 |
||
827 |
\begin{itemize}
|
|
828 |
\item Can we look at our programs and somehow ensure |
|
829 |
they are bug free/correct?\pause\bigskip |
|
830 |
||
831 |
\item Very hard: Anything interesting about programs is equivalent |
|
832 |
to the Halting Problem, which is undecidable.\pause\bigskip |
|
833 |
||
834 |
\item \alert{Solution:} We avoid this ``minor'' obstacle by
|
|
835 |
being as close as possible of deciding the halting |
|
836 |
problem, without actually deciding the halting problem. |
|
837 |
\small$\quad\Rightarrow$ yes, no, don't know (static analysis) |
|
838 |
\end{itemize}
|
|
839 |
||
840 |
\end{frame}
|
|
841 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
842 |
||
843 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
844 |
\begin{frame}[c]
|
|
845 |
\frametitle{What is Static Analysis?}
|
|
846 |
||
847 |
\begin{center}
|
|
848 |
\includegraphics[scale=0.4]{../pics/state.png}
|
|
849 |
\end{center}
|
|
850 |
||
851 |
\begin{itemize}
|
|
852 |
\item depending on some initial input, a program |
|
853 |
(behaviour) will ``develop'' over time. |
|
854 |
\end{itemize}
|
|
855 |
||
856 |
\end{frame}
|
|
857 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
858 |
||
859 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
860 |
\begin{frame}[c]
|
|
861 |
\frametitle{What is Static Analysis?}
|
|
862 |
||
863 |
\begin{center}
|
|
864 |
\includegraphics[scale=0.4]{../pics/state2.png}
|
|
865 |
\end{center}
|
|
866 |
||
867 |
\end{frame}
|
|
868 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
869 |
||
870 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
871 |
\begin{frame}[c]
|
|
872 |
\frametitle{What is Static Analysis?}
|
|
873 |
||
874 |
\begin{center}
|
|
875 |
\includegraphics[scale=0.4]{../pics/state3.jpg}
|
|
876 |
\end{center}
|
|
877 |
||
878 |
\end{frame}
|
|
879 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
880 |
||
881 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
882 |
\begin{frame}[c]
|
|
883 |
\frametitle{What is Static Analysis?}
|
|
884 |
||
885 |
\begin{center}
|
|
886 |
\includegraphics[scale=0.4]{../pics/state4.jpg}
|
|
887 |
\end{center}
|
|
888 |
||
889 |
\begin{itemize}
|
|
890 |
\item to be avoided |
|
891 |
\end{itemize}
|
|
892 |
||
893 |
\end{frame}
|
|
894 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
895 |
||
896 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
897 |
\begin{frame}[c]
|
|
898 |
\frametitle{What is Static Analysis?}
|
|
899 |
||
900 |
\begin{center}
|
|
901 |
\includegraphics[scale=0.4]{../pics/state5.png}
|
|
902 |
\end{center}
|
|
903 |
||
904 |
\begin{itemize}
|
|
905 |
\item this needs more work |
|
906 |
\end{itemize}
|
|
907 |
||
908 |
\end{frame}
|
|
909 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
910 |
||
911 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
912 |
\begin{frame}[c]
|
|
913 |
\frametitle{What is Static Analysis?}
|
|
914 |
||
915 |
\begin{center}
|
|
916 |
\includegraphics[scale=0.4]{../pics/state6.png}
|
|
917 |
\end{center}
|
|
918 |
||
919 |
\end{frame}
|
|
920 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
921 |
||
922 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
923 |
\begin{frame}[c,fragile]
|
|
924 |
\frametitle{\Large\begin{tabular}{c}Concrete Example:\\[-1mm]
|
|
925 |
Are Vars Definitely Initialised?\end{tabular}}
|
|
926 |
||
927 |
Assuming \texttt{x} is initialised, what about \texttt{y}?\bigskip
|
|
928 |
||
929 |
Prog.~1:\\ |
|
930 |
\begin{lstlisting}[numbers=none,
|
|
931 |
basicstyle=\ttfamily, |
|
932 |
language=While,xleftmargin=3mm] |
|
933 |
if x < 1 then y := x else y := x + 1; |
|
934 |
y := y + 1 |
|
935 |
\end{lstlisting}\medskip
|
|
936 |
||
937 |
Prog.~2:\\ |
|
938 |
\begin{lstlisting}[numbers=none,
|
|
939 |
basicstyle=\ttfamily, |
|
940 |
language=While,xleftmargin=3mm] |
|
941 |
if x < x then y := y + 1 else y := x; |
|
942 |
y := y + 1 |
|
943 |
\end{lstlisting}
|
|
944 |
||
945 |
\end{frame}
|
|
946 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
947 |
||
948 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
949 |
\begin{frame}[c,fragile]
|
|
950 |
\frametitle{\Large\begin{tabular}{c}Concrete Example:\\[-1mm]
|
|
951 |
Are Vars Definitely Initialised?\end{tabular}}
|
|
952 |
||
953 |
What should the rules be for deciding when a |
|
954 |
variable is initialised?\bigskip\pause |
|
955 |
||
956 |
\begin{itemize}
|
|
957 |
\item variable \texttt{x} is definitely initialized after
|
|
958 |
\texttt{skip}\\
|
|
959 |
iff \texttt{x} is definitely initialized before \texttt{skip}.
|
|
960 |
\end{itemize}
|
|
961 |
||
962 |
\end{frame}
|
|
963 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
964 |
||
965 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
966 |
\begin{frame}[c,fragile]
|
|
967 |
% \frametitle{\Large\begin{tabular}{c}Concrete Example:\\[-1mm]
|
|
968 |
% Are Vars Definitely Initialised?\end{tabular}}
|
|
969 |
||
970 |
$\bl{A}$ is the set of definitely defined variables:
|
|
971 |
||
972 |
\begin{center}
|
|
973 |
\begin{tabular}{c}
|
|
| 612 | 974 |
\bl{\infer{\mbox{}}{A\triangleright\texttt{skip}\triangleright{}A}}\qquad
|
975 |
\bl{\infer{vars(a) \subseteq A}{A\triangleright
|
|
976 |
(\texttt{x\,:=\,a})\triangleright\{x\}\cup A}}
|
|
| 610 | 977 |
\medskip\\\pause |
978 |
||
| 612 | 979 |
\bl{\infer{A_1\triangleright{}s_1\triangleright{}A_2
|
980 |
\quad A_2\triangleright{}s_2\triangleright{}A_3}
|
|
981 |
{A_1\triangleright{}(s_1 ; s_2)\triangleright{}A_3}}
|
|
| 610 | 982 |
\medskip\\\pause |
983 |
||
| 612 | 984 |
\bl{\infer{vars(b)\subseteq A\quad A\triangleright{}s_1\triangleright{}A_1
|
985 |
\quad A\triangleright{}s_2\triangleright{}A_2}
|
|
986 |
{A\triangleright(\texttt{if}\;b\;\texttt{then}\;s_1\;\texttt{else}\;s_2)\triangleright{}A_1\cap A_2}}
|
|
| 610 | 987 |
\medskip\\\pause |
988 |
||
| 612 | 989 |
\bl{\infer{vars(b)\subseteq A\quad A\triangleright{}s\triangleright{}A'}
|
990 |
{A\triangleright(\texttt{while}\;b\;\texttt{do}\;s)\triangleright{}A}}\pause
|
|
| 610 | 991 |
\end{tabular}
|
992 |
\end{center}
|
|
993 |
||
994 |
\hfill we start with $\bl{A = \{\}}$
|
|
995 |
\end{frame}
|
|
996 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
997 |