skip to main content
research-article
Open Access
Artifacts Evaluated & Functional / v1.1

Do you have space for dessert? a verified space cost semantics for CakeML programs

Published:13 November 2020Publication History
Skip Abstract Section

Abstract

Garbage collectors relieve the programmer from manual memory management, but lead to compiler-generated machine code that can behave differently (e.g. out-of-memory errors) from the source code. To ensure that the generated code behaves exactly like the source code, programmers need a way to answer questions of the form: what is a sufficient amount of memory for my program to never reach an out-of-memory error?

This paper develops a cost semantics that can answer such questions for CakeML programs. The work described in this paper is the first to be able to answer such questions with proofs in the context of a language that depends on garbage collection. We demonstrate that positive answers can be used to transfer liveness results proved for the source code to liveness guarantees about the generated machine code. Without guarantees about space usage, only safety results can be transferred from source to machine code.

Our cost semantics is phrased in terms of an abstract intermediate language of the CakeML compiler, but results proved at that level map directly to the space cost of the compiler-generated machine code. All of the work described in this paper has been developed in the HOL4 theorem prover.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

Garbage collectors relieve the programmer from manual memory management, but lead to compiler-generated machine code that can behave differently (e.g. out-of-memory errors) from the source code. To ensure that the generated code behaves exactly like the source code, programmers need a way to answer questions of the form: what is a sufficient amount of memory for my program to never reach an out-of-memory error? This paper develops a cost semantics that can answer such questions for CakeML programs. The work described in this paper is the first to be able to answer such questions with proofs in the context of a language that depends on garbage collection. We demonstrate that positive answers can be used to transfer liveness results proved for the source code to liveness guarantees about the generated machine code.

References

  1. Oskar Abrahamsson and Magnus O. Myreen. 2017. Automatically Introducing Tail Recursion in CakeML. In Trends in Functional Programming-18th International Symposium, TFP 2017, Canterbury, UK, June 19-21, 2017, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 10788 ), Meng Wang and Scott Owens (Eds.). Springer, 118-134. https: //doi.org/10.1007/978-3-319-89719-6_7 Google ScholarGoogle ScholarCross RefCross Ref
  2. Roberto M. Amadio, Nicolas Ayache, Francois Bobot, Jaap P. Boender, Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna, Dominic P. Mulligan, Mauro Piccolo, Randy Pollack, Yann Régis-Gianas, Claudio Sacerdoti Coen, Ian Stark, and Paolo Tranquilli. 2014. Certified Complexity (CerCo). In Foundational and Practical Aspects of Resource Analysis, Ugo Dal Lago and Ricardo Peña (Eds.). Springer International Publishing, Cham, 1-18.Google ScholarGoogle Scholar
  3. Johannes Åman Pohjola, Henrik Rostedt, and Magnus O. Myreen. 2019. Characteristic Formulae for Liveness Properties of Non-terminating CakeML Programs. In Interactive Theorem Proving (ITP). LIPICS.Google ScholarGoogle Scholar
  4. David Aspinall, Lennart Beringer, Martin Hofmann, Hans-Wolfgang Loidl, and Alberto Momigliano. 2007. A program logic for resources. Theoretical Computer Science 389, 3 ( 2007 ), 411-445.Google ScholarGoogle Scholar
  5. Robert Atkey. 2010. Amortised Resource Analysis with Separation Logic. In Programming Languages and Systems, Andrew D. Gordon (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 85-103.Google ScholarGoogle Scholar
  6. Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2014. A Precise and Abstract Memory Model for C Using Symbolic Values. In Programming Languages and Systems, Jacques Garrigue (Ed.). Springer International Publishing, Cham, 449-468.Google ScholarGoogle Scholar
  7. Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2015. A Concrete Memory Model for CompCert. In Interactive Theorem Proving. Springer International Publishing, Cham, 67-83.Google ScholarGoogle Scholar
  8. Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2019. CompCertS: A Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics. Journal of Automated Reasoning 63, 2 ( 01 Aug 2019 ), 369-392.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Quentin Carbonneaux, Jan Hofmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-end Verification of Stack-space Bounds for C Programs. SIGPLAN Not. 49, 6 ( June 2014 ), 270-281.Google ScholarGoogle Scholar
  10. Ezgi Çiçek, Gilles Barthe, Marco Gaboardi, Deepak Garg, and Jan Hofmann. 2017. Relational Cost Analysis. SIGPLAN Not. 52, 1 (Jan. 2017 ), 316-329.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Ezgi Çiçek, Deepak Garg, and Umut Acar. 2015. Refinement Types for Incremental Computational Complexity. In Programming Languages and Systems, Jan Vitek (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 406-431.Google ScholarGoogle Scholar
  12. Karl Crary and Stephnie Weirich. 2000. Resource Bound Certification. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Boston, MA, USA) ( POPL '00). ACM, 184-198.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Armaël Guéneau, Arthur Charguéraud, and François Pottier. 2018. A Fistful of Dollars: Formalizing Asymptotic Complexity Claims via Deductive Program Verification. In ESOP 2018-27th European Symposium on Programming (LNCS-Lecture Notes in Computer Science, Vol. 10801 ). Springer.Google ScholarGoogle ScholarCross RefCross Ref
  14. Martin Adam Thomas Handley, Niki Vazou, and Graham Hutton. 2020. Liquidate Your Assets: Reasoning About Resource Usage in Liquid Haskell. In Principles of Programming Languages (POPL). to appear.Google ScholarGoogle Scholar
  15. Jan Hofmann, Klaus Aehlig, and Martin Hofmann. 2012. Resource Aware ML. In Proceedings of the 24th International Conference on Computer Aided Verification (Berkeley, CA) ( CAV'12). Springer-Verlag, Berlin, Heidelberg, 781-786.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Martin Hofmann and Stefen Jost. 2003. Static Prediction of Heap Space Usage for First-order Functional Programs. In Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '03). ACM, New York, NY, USA, 185-197.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Stefen Jost, Pedro Vasconcelos, Mário Florido, and Kevin Hammond. 2017. Type-Based Cost Analysis for Lazy Functional Languages. Journal of Automated Reasoning 59, 1 ( 01 Jun 2017 ), 87-120.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Communications of the ACM 52, 7 ( 2009 ). https://doi.org/10. 1145/1538788.1538814 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Magnus O. Myreen. 2010. Reusable Verification of a Copying Collector. In Verified Software: Theories, Tools, Experiments (VSTTE) (Lecture Notes in Computer Science, Vol. 6217 ), Gary T. Leavens, Peter W. O'Hearn, and Sriram K. Rajamani (Eds.). Springer. https://doi.org/10.1007/978-3-642-15057-9 Google ScholarGoogle ScholarCross RefCross Ref
  20. Magnus O. Myreen and Gregorio Curello. 2013. Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code. In Certified Programs and Proofs (CPP), Georges Gonthier and Michael Norrish (Eds.). Springer, 66-81.Google ScholarGoogle Scholar
  21. Scott Owens, Magnus O. Myreen, Ramana Kumar, and Yong Kiam Tan. 2016. Functional Big-Step Semantics. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science), Peter Thiemann (Ed.). Springer, 589-615.Google ScholarGoogle Scholar
  22. Scott Owens, Michael Norrish, Ramana Kumar, Magnus O. Myreen, and Yong Kiam Tan. 2017. Verifying Eficient Function Calls in CakeML. Proc. ACM Program. Lang. 1, ICFP, Article 18 ( Sept. 2017 ), 27 pages.Google ScholarGoogle Scholar
  23. Zoe Paraskevopoulou and Andrew W. Appel. 2019. Closure Conversion is Safe for Space. Proc. ACM Program. Lang. 3, ICFP, Article 83 ( July 2019 ), 29 pages.Google ScholarGoogle Scholar
  24. Adam Sandberg Ericsson, Magnus O. Myreen, and Johannes Åman Pohjola. 2019. A Verified Generational Garbage Collector for CakeML. J. Autom. Reasoning 63, 2 ( 2019 ), 463-488. https://doi.org/10.1007/s10817-018-9487-z Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Konrad Slind and Michael Norrish. 2008. A Brief Overview of HOL4. In Theorem Proving in Higher Order Logics (TPHOLs).Google ScholarGoogle Scholar
  26. Yong Kiam Tan, Magnus O. Myreen, Ramana Kumar, Anthony Fox, Scott Owens, and Michael Norrish. 2019. The verified CakeML compiler backend. Journal of Functional Programming 29 ( 2019 ).Google ScholarGoogle Scholar
  27. Pedro B Vasconcelos. 2008. Space Cost Analysis Using Sized Types. Ph.D. Dissertation. University of St. Andrews.Google ScholarGoogle Scholar
  28. Peng Wang, Di Wang, and Adam Chlipala. 2017. TiML: A Functional Language for Practical Complexity Analysis with Invariants. Proc. ACM Program. Lang. 1, OOPSLA, Article 79 (Oct. 2017 ), 26 pages.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Yuting Wang, Pierre Wilke, and Zhong Shao. 2019. An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code. Proc. ACM Program. Lang. 3, POPL, Article 62 ( Jan. 2019 ), 30 pages.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Do you have space for dessert? a verified space cost semantics for CakeML programs

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!