|
| 1 | +--- |
| 2 | +# All detailed paper info is in _data/publication.yml |
| 3 | +layout: paper |
| 4 | +parent: Publications |
| 5 | +title: "POPL'23 Research Paper" |
| 6 | +categories: new publication |
| 7 | +date: 2023-01-01 |
| 8 | +nav_order: 2023-01-01 |
| 9 | +--- |
| 10 | + |
| 11 | + |
| 12 | +## Summary |
| 13 | + |
| 14 | +Conversion to Static Single Assignment (SSA) form is usually viewed as |
| 15 | +a syntactic transformation algorithm that gives unique names to |
| 16 | +program variables, and reconciles these names using "phi" functions |
| 17 | +based on a notion of domination. We instead propose a semantic |
| 18 | +approach, where SSA translation is performed using a simple dataflow |
| 19 | +analysis. Based on a new technique to use cyclic terms in abstract |
| 20 | +domains, we propose a Symbolic Expression abstract domain that |
| 21 | +performs a Global Value Numbering analysis, upon which we build our |
| 22 | +SSA translation. This implies a shift in perspective, as global value |
| 23 | +numbering becomes a prerequisite of SSA translation, instead of |
| 24 | +depending on SSA. |
| 25 | + |
| 26 | +One application to performing SSA Translation by Abstract |
| 27 | +Interpretation is that SSA optimisations passes can be implemented as |
| 28 | +a combination of abstract domains, allowing to perform several |
| 29 | +optimizations simultaneously to solve the usual phase ordering problem |
| 30 | +and avoiding tedious maintainance of SSA invariants. |
| 31 | + |
| 32 | +Our main motivation for this research is the design of Codex, an |
| 33 | +analyser for machine code which uses SSA as its main intermediate |
| 34 | +representation. Machine code is too low-level to allow SSA translation |
| 35 | +without a prior semantic analysis, while SSA is an intermediate |
| 36 | +representation that makes static analysis easier than direct analysis |
| 37 | +of machine code. Viewing SSA translation as a semantic analysis solves |
| 38 | +this chicken-and-egg problem, allowing to simultaneously decompile |
| 39 | +machine code to SSA and use the SSA representation to perform the |
| 40 | +other semantic analyses (value analysis, memory analysis, and |
| 41 | +control-flow analysis). Our [RTAS 2021 |
| 42 | +paper](/papers/2021-rtas-no-crash-no-exploit.html) illustrate the use |
| 43 | +of such an analysis, combined with a novel type system for machine |
| 44 | +code where type checking is also done by abstract interpretation, on |
| 45 | +an embedded OS kernel where we prove security properties directly from |
| 46 | +its executable. |
| 47 | + |
| 48 | +## Further information |
| 49 | + |
| 50 | +- Read the **paper**: either [published version](https://doi.acm.org?doi=3656392) or the [version with appendices](/assets/publications/pdfs/2023-popl-ssa-translation-is-an-abstract-interpretation-with-appendices.pdf) |
| 51 | +- Look at the [slides](/assets/publications/slides/2023-popl-ssa-translation-is-an-abstract-interpretation-slides.pdf) or watch the [video of the talk](https://www.youtube.com/watch?v=wkIfcN3Ipd4) |
| 52 | +- Download the [software artifact](https://zenodo.org/records/10895582) which can be used as a reference implementation of our technique. |
| 53 | + |
0 commit comments