Development of energy and performance-efficient embedded software is increasingly relying on application of complex transformations on the critical parts of the source code. Designers applying such nontrivial source code transformations are often faced with the problem of ensuring functional equivalence of the original and transformed programs. Currently they have to rely on incomplete and time-consuming simulation. Formal automatic verification of the transformed program against the original is instead desirable. This calls for equivalence checking tools similar to the ones available for comparing digital circuits. We present such a tool to compare array-intensive programs related through a combination of important global transformations like expression propagations, loop and algebraic transformations. When the transformed program fails to pass the equivalence check, the tool provides specific feedback on the possible locations of errors.
Source code transformations come into play in situations where a designer wants much better optimizations than those a compiler can provide. Such a situation is common for designers of mobile computing and communicating systems. They are required to program complex signal processing algorithms for complex platform architectures and yet meet stringent constraints on the energy consumption and performance of the final implementation. Research has shown that application of source-to-source code transformations on an original implementation of the algorithm can greatly help in meeting such constraints (cf. [3,4,5,13]).
Every stage in an implementation activity brings forth an associated verification problem. Source code transformations are no exception. The problem here is to ensure that the transformed program preserves the functionality of the original program. Designers are at present using simulation of the transformed program to gain confidence in the correctness of the transformed program before forwarding it to the synthesis stage. But simulation is both incomplete and time-consuming. Also, when the transformed program is in error, it is hard to detect the exact cause with simulation. Clearly, formal automatic verification of the transformed program against the original, with support for error diagnostics, is desirable here. A pragmatic approach to this problem is to separate the two concerns, viz., applying transformations and verifying that they preserve the functional equivalence. This implies an ex post facto solution that requires a program equivalence checking tool. Our work addresses this requirement. Since, in general, the program equivalence problem is undecidable, we target the most important transformations applied on a decidable, and yet relevant, class of programs.
Code transformations considered. We are interested in verification of source code transformations that reduce the accesses to the data memory hierarchy. Broadly, there are two kinds of such transformations viz., global loop transformations and global data-flow transformations. Global loop transformations are applied to reorder and restructure the for-loops in the complete program in order to minimize the data transfers between different layers of the hierarchy by improving the temporal and spatial locality of the accessed data. On the other hand, global data-flow transformations are applied either to remove repeated computation or to break bottlenecks caused by data-flow dependencies in the program. They comprise of expression propagations that introduce or eliminate temporary variables that hold intermediate values and global algebraic transformations that take advantage of algebraic properties of the operators in transforming the dataflow. The need for verification support for these transformations is rather high because they invariably involve error prone manipulation of the index expressions of the array variables, especially when applied manually.
We do not distinguish between the transformations as long as they are only from the above categories. The transformed program can be under a combination of the transformations. The equivalence checking is done oblivious of any information about the particular instances of the above transformations that were applied and the order of their application.
An example problem. Suppose that we are given program functions, as in
That is, the functions are input-output equivalent under the applied transformations. We have developed a tool to check such equivalences fully automatically. Because of an erroneous transformation, (d) is not equivalent to (a), (b) and (c). It is helpful if the reason for nonequivalence of the function can be ascertained and debugged. To this end, our tool provides diagnostics when it fails to show an equivalence.
Motivated by pragmatics, we are interested in a fully automatic, push-button style, a posteriori solution. This precludes discussion of the vast research on formal verification of the transformation tool or the library of transformations.
Undecidability of the program equivalence problem enforces that any effort start by defining a decidable class of programs that is of interest. Hence, the problem has been addressed by various researchers for different program classes with different applications in mind. Without enumerating the methods, to the best of our knowledge, none of the methods is able to show equivalence of program functions as in our example, in a scalable way. The problem we address is distinct by its central requirement to represent and maintain the relationships among elements of the array variables in the programs in closed form. Unrolling deeply nested loops with large bounds is clearly infeasible for real-life signal processing programs. To add to this, algebraic transformations will require a prohibitive search for normalization on the unrolled statements. Hence, we restrict our discussion of related work to methods that do not pro
This content is AI-processed based on open access ArXiv data.